urlscan.io logo urlscan.io
SecurityTrails logo

crushus-s3.curd.io Open in urlscan Pro
107.173.102.248  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://crushus-s3.curd.io/facebook.com/1324786344/
Effective URL: https://crushus-s3.curd.io/facebook.com/1324786344/
Submission: On June 14 via automatic, source phishtank
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 9 domains to perform 27 HTTP transactions. The main IP is 107.173.102.248, located in Los Angeles, United States and belongs to AS-COLOCROSSING - ColoCrossing, US. The main domain is crushus-s3.curd.io.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 25th 2019. Valid for: 3 months.
This is the only time crushus-s3.curd.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 8 107.173.102.248 36352 (AS-COLOCR...)
1 198.134.112.243 27257 (WEBAIR-IN...)
1 198.134.112.242 27257 (WEBAIR-IN...)
1 213.196.2.2 7979 (SERVERS)
1 213.196.2.1 7979 (SERVERS)
2 213.196.5.3 7979 (SERVERS)
12 2a03:2880:f01... 32934 (FACEBOOK)
1 2 2a03:2880:f11... 32934 (FACEBOOK)
27 9
8    107.173.102.248 (Los Angeles, United States)

ASN36352 (AS-COLOCROSSING - ColoCrossing, US)
PTR: 107-173-102-248-host.colocrossing.com
crushus-s3.curd.io
1    198.134.112.243 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET - Webair Internet Development Company Inc., US)
s20dh7e9dh.com
1    198.134.112.242 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET - Webair Internet Development Company Inc., US)
www.modulepush.com
1    213.196.2.2 (Netherlands)

ASN7979 (SERVERS - Servers.com, Inc., US)
www.bnserving.com
1    213.196.2.1 (Netherlands)

ASN7979 (SERVERS - Servers.com, Inc., US)
r.remarketingpixel.com
2    213.196.5.3 (Netherlands)

ASN7979 (SERVERS - Servers.com, Inc., US)
www.urldelivery.com
12    2a03:2880:f01c:216:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
static.xx.fbcdn.net
2    2a03:2880:f11c:8084:face:b00c:0:14c9 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
pixel.facebook.com
Domain Requested by
12 static.xx.fbcdn.net crushus-s3.curd.io
static.xx.fbcdn.net
8 crushus-s3.curd.io 1 redirects crushus-s3.curd.io
static.xx.fbcdn.net
2 pixel.facebook.com 1 redirects
2 www.urldelivery.com www.bnserving.com
1 r.remarketingpixel.com www.bnserving.com
1 www.bnserving.com crushus-s3.curd.io
1 www.modulepush.com crushus-s3.curd.io
1 s20dh7e9dh.com crushus-s3.curd.io
0 coinhive.com Failed crushus-s3.curd.io
27 9

This site contains no links.

Subject Issuer Validity Valid
*.curd.io
Let's Encrypt Authority X3		 2019-05-25 -
2019-08-23		 3 months crt.sh
s20dh7e9dh.com
Let's Encrypt Authority X3		 2019-04-29 -
2019-07-28		 3 months crt.sh
modulepush.com
Let's Encrypt Authority X3		 2019-06-13 -
2019-09-11		 3 months crt.sh
bnserving.com
Let's Encrypt Authority X3		 2019-06-03 -
2019-09-01		 3 months crt.sh
r.remarketingpixel.com
Let's Encrypt Authority X3		 2019-05-05 -
2019-08-03		 3 months crt.sh
urldelivery.com
Let's Encrypt Authority X3		 2019-06-13 -
2019-09-11		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2019-04-22 -
2019-07-21		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://crushus-s3.curd.io/facebook.com/1324786344/
Frame ID: DA9D85469C1B62C0140D89AE72EA169F
Requests: 28 HTTP requests in this frame

Frame: https://www.urldelivery.com/watch.456897017043?key=0431f3ed3379adc2b1427adeeae7b242&kw=%5B%5D&refer=https%3A%2F%2Fcrushus-s3.curd.io%2Ffacebook.com%2F1324786344%2F&tz=0&dev=r&res=4.23&uuid=081ccae6-3b92-4834-8bb0-24f8d33895d2%3A1%3A1
Frame ID: A51E1660FF12ABD8FCA764E556C629EC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://crushus-s3.curd.io/facebook.com/1324786344/ HTTP 301
    https://crushus-s3.curd.io/facebook.com/1324786344/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

27
Requests

96 %
HTTPS

25 %
IPv6

9
Domains

9
Subdomains

9
IPs

3
Countries

600 kB
Transfer

1118 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://crushus-s3.curd.io/facebook.com/1324786344/ HTTP 301
    https://crushus-s3.curd.io/facebook.com/1324786344/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27
  • https://pixel.facebook.com/si/kappa/?Ko=a&__a=1&__be=1&__dyn=7xe6Fo4OQ1PyUhxOnFwn84a2i5U4e0yoW3q327E2vwXx61rwf24o29wmU1upE4W0OE2WxO2u0Io5u1Aw60KdwnU1oU881FU&__pc=PHASED%3ADEFAULT&__req=2&__rev=1000829096&__s=%3A2g6j68%3Azgxjb1&__user=0&asyncSignal=2504&dpr=1&jazoest=2668&lsd=AVq0dEaZ HTTP 302
  • https://pixel.facebook.com/si/kappa/async/?Ka=AbG93VxJMgbXF7qj&Kt=1560477723174&Ko=a&__a=1&__be=1&__dyn=7xe6Fo4OQ1PyUhxOnFwn84a2i5U4e0yoW3q327E2vwXx61rwf24o29wmU1upE4W0OE2WxO2u0Io5u1Aw60KdwnU1oU881FU&__pc=PHASED%3ADEFAULT&__req=2&__rev=1000829096&__s=%3A2g6j68%3Azgxjb1&__user=0&asyncSignal=2504&dpr=1&jazoest=2668&lsd=AVq0dEaZ

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
crushus-s3.curd.io/facebook.com/1324786344/
Redirect Chain
  • http://crushus-s3.curd.io/facebook.com/1324786344/
  • https://crushus-s3.curd.io/facebook.com/1324786344/
78 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.curd.io/facebook.com/1324786344/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
107.173.102.248 Los Angeles, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
107-173-102-248-host.colocrossing.com
Software
nginx/1.10.3 /
Resource Hash
b3a9b91de6aa52d13160a33d10ddb6c8290acf6644987f60950e1dc0f7523fa0
Security Headers
Name Value
Strict-Transport-Security max-age=60; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Host
crushus-s3.curd.io
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx/1.10.3
Date
Fri, 14 Jun 2019 02:01:46 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
x-xss-protection
1; mode=block
strict-transport-security
max-age=60; includeSubDomains
x-content-type-options
nosniff
X-Frame-Options
DENY
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control
max-age=315360000
X-Proxy-Cache
HIT
Content-Encoding
gzip

Redirect headers

Server
nginx/1.10.3
Date
Fri, 14 Jun 2019 02:01:45 GMT
Content-Type
text/html
Content-Length
185
Connection
keep-alive
Location
https://crushus-s3.curd.io/facebook.com/1324786344/
2497b33a9b4d65137a8950d2b41c267c.js
s20dh7e9dh.com/24/97/b3/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://s20dh7e9dh.com/24/97/b3/2497b33a9b4d65137a8950d2b41c267c.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.134.112.243 Garden City, United States, ASN27257 (WEBAIR-INTERNET - Webair Internet Development Company Inc., US),
Reverse DNS
Software
nginx/1.15.1 /
Resource Hash

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 14 Jun 2019 02:01:45 GMT
Server
nginx/1.15.1
Connection
keep-alive
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length
0
Content-Type
application/javascript
coinhive.min.js
coinhive.com/lib/ 		0
0
lpmMTaBbFzj.css
crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/ 		41 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/lpmMTaBbFzj.css
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
107.173.102.248 Los Angeles, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
107-173-102-248-host.colocrossing.com
Software
nginx/1.10.3 /
Resource Hash
8f483d8dee99bf74e06dce9d7bc4721a04d999477c16714e7e1a4d532bd40717
Security Headers
Name Value
Strict-Transport-Security max-age=60; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 14 Jun 2019 02:01:46 GMT
strict-transport-security
max-age=60; includeSubDomains
x-content-type-options
nosniff
Server
nginx/1.10.3
X-Frame-Options
DENY
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
X-Proxy-Cache
HIT
Content-Length
42053
x-xss-protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
QnNIF0lqAYL.css
crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yg/l/0,cross/ 		33 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yg/l/0,cross/QnNIF0lqAYL.css
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
107.173.102.248 Los Angeles, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
107-173-102-248-host.colocrossing.com
Software
nginx/1.10.3 /
Resource Hash
78ec2fb5748be66bdaff32f6d03e697bd78f3aff2df0f7004da39b104302e12e
Security Headers
Name Value
Strict-Transport-Security max-age=60; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 14 Jun 2019 02:01:46 GMT
strict-transport-security
max-age=60; includeSubDomains
x-content-type-options
nosniff
Server
nginx/1.10.3
X-Frame-Options
DENY
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
X-Proxy-Cache
HIT
Content-Length
33340
x-xss-protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
WEQuniVCzZG.js
crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yv/r/ 		314 KB
315 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yv/r/WEQuniVCzZG.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
107.173.102.248 Los Angeles, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
107-173-102-248-host.colocrossing.com
Software
nginx/1.10.3 /
Resource Hash
93071f14b990f0f3224a77b4667fb7e14d5c79495a5188a8cf8f7c4964f74f2f
Security Headers
Name Value
Strict-Transport-Security max-age=60; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 14 Jun 2019 02:01:46 GMT
strict-transport-security
max-age=60; includeSubDomains
x-content-type-options
nosniff
Server
nginx/1.10.3
X-Frame-Options
DENY
Content-Type
application/x-javascript
Cache-Control
max-age=315360000
Connection
keep-alive
X-Proxy-Cache
HIT
Content-Length
321948
x-xss-protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
hsts-pixel.gif
crushus-s3.curd.io/facebook.com/security/ 		43 B
431 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.curd.io/facebook.com/security/hsts-pixel.gif?c=3.2.5
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
107.173.102.248 Los Angeles, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
107-173-102-248-host.colocrossing.com
Software
nginx/1.10.3 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=60; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 14 Jun 2019 02:01:46 GMT
strict-transport-security
max-age=60; includeSubDomains
x-content-type-options
nosniff
Server
nginx/1.10.3
X-Frame-Options
DENY
Content-Type
image/gif
Cache-Control
max-age=315360000
Connection
keep-alive
X-Proxy-Cache
HIT
Content-Length
43
x-xss-protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
invoke.js
www.modulepush.com/2b7c8abc9a1b4c9a413e6845db201275/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.modulepush.com/2b7c8abc9a1b4c9a413e6845db201275/invoke.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.134.112.242 Garden City, United States, ASN27257 (WEBAIR-INTERNET - Webair Internet Development Company Inc., US),
Reverse DNS
Software
nginx/1.15.1 /
Resource Hash

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 14 Jun 2019 02:01:47 GMT
Server
nginx/1.15.1
Connection
keep-alive
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length
0
Content-Type
application/javascript
invoke.js
www.bnserving.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bnserving.com/invoke.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.196.2.2 , Netherlands, ASN7979 (SERVERS - Servers.com, Inc., US),
Reverse DNS
Software
nginx/1.15.1 /
Resource Hash
7a14e2c32c6a42c292a80640d77b95254b03b08756fff2f2602b7396f9203679
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubdomains

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 14 Jun 2019 02:01:47 GMT
Content-Encoding
gzip
Server
nginx/1.15.1
Strict-Transport-Security
max-age=0; includeSubdomains
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript
Expires
Thu, 01 Jan 1970 00:00:01 GMT
stats
r.remarketingpixel.com/ 		40 B
522 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.remarketingpixel.com/stats
Requested by
Host: www.bnserving.com
URL: https://www.bnserving.com/invoke.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.196.2.1 , Netherlands, ASN7979 (SERVERS - Servers.com, Inc., US),
Reverse DNS
Software
nginx/1.15.1 /
Resource Hash
812ce7b3dcba29ed320faad216f4b9eface62a5e01fd342e94363b090de89e5c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
Origin
https://crushus-s3.curd.io

Response headers

Date
Fri, 14 Jun 2019 02:01:47 GMT
Server
nginx/1.15.1
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
https://crushus-s3.curd.io
Cache-Control
max-age=0, : no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
40
Expires
Fri, 14 Jun 2019 02:01:47 GMT
watch.456897017043.js
www.urldelivery.com/ 		0
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.urldelivery.com/watch.456897017043.js?key=0431f3ed3379adc2b1427adeeae7b242&kw=%5B%5D&refer=https%3A%2F%2Fcrushus-s3.curd.io%2Ffacebook.com%2F1324786344%2F&tz=0&dev=r&res=4.23&uuid=081ccae6-3b92-4834-8bb0-24f8d33895d2%3A1%3A1
Requested by
Host: www.bnserving.com
URL: https://www.bnserving.com/invoke.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.196.5.3 , Netherlands, ASN7979 (SERVERS - Servers.com, Inc., US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
Origin
https://crushus-s3.curd.io

Response headers
watch.456897017043
www.urldelivery.com/ Frame A51E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.urldelivery.com/watch.456897017043?key=0431f3ed3379adc2b1427adeeae7b242&kw=%5B%5D&refer=https%3A%2F%2Fcrushus-s3.curd.io%2Ffacebook.com%2F1324786344%2F&tz=0&dev=r&res=4.23&uuid=081ccae6-3b92-4834-8bb0-24f8d33895d2%3A1%3A1
Requested by
Host: www.bnserving.com
URL: https://www.bnserving.com/invoke.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.196.5.3 , Netherlands, ASN7979 (SERVERS - Servers.com, Inc., US),
Reverse DNS
Software
nginx/1.15.1 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubdomains

Request headers

Host
www.urldelivery.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
Accept-Encoding
gzip, deflate, br
Cookie
u_pl=14142203
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://crushus-s3.curd.io/facebook.com/1324786344/

Response headers

Server
nginx/1.15.1
Date
Fri, 14 Jun 2019 02:01:47 GMT
Content-Type
text/html
Content-Length
103
Connection
keep-alive
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control
no-cache
Strict-Transport-Security
max-age=0; includeSubdomains
qsMZIfI4rGU.png
crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yS/r/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yS/r/qsMZIfI4rGU.png
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
107.173.102.248 Los Angeles, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
107-173-102-248-host.colocrossing.com
Software
nginx/1.10.3 /
Resource Hash
03d0e2d9ff35d62e9497de1a8d8577783237e5402389b532d59b89ceefa8a038
Security Headers
Name Value
Strict-Transport-Security max-age=60; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/lpmMTaBbFzj.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 14 Jun 2019 02:01:48 GMT
strict-transport-security
max-age=60; includeSubDomains
x-content-type-options
nosniff
Server
nginx/1.10.3
X-Frame-Options
DENY
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
X-Proxy-Cache
HIT
Content-Length
15995
x-xss-protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
truncated
/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
text/css
truncated
/ 		74 B
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8627d83666e5f29db4f5ddfba459bf17a542a4b20569815b8055223dbe6d3f75

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
text/css;charset=utf-8
9afyj11AmX-.js
static.xx.fbcdn.net/rsrc.php/v3i7M54/yD/l/en_US/ 		145 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yD/l/en_US/9afyj11AmX-.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yv/r/WEQuniVCzZG.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
c2e399e0191dc22fdea8b9a25717810dc7d289e4e20b52e43ded3fa40a53e9dc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
rBLj0QqZdWHmJb+bA05wwyI9OhMqtY/Cnc8TIKs6SfMjYdL9PZxhXHHhruc8mORzDB4+hMFScR9uSoCcOUVUdA==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
PjbgGtPVgZXYSBYteeWVVQ==
access-control-allow-origin
*
date
Fri, 14 Jun 2019 02:01:47 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
34553
expires
Fri, 12 Jun 2020 11:04:10 GMT
wXmPKw6jBhF.js
static.xx.fbcdn.net/rsrc.php/v3/ys/r/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/ys/r/wXmPKw6jBhF.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yv/r/WEQuniVCzZG.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
c565c16ff437369e16a63f9d0d6f5ffe5a014ca1327af9d25f9e920e1bc6b2cc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
+5O33wwk4NhuXJ/LtaRa0fyPLqfp5+nVnK1ixLBaruck1ZbyTvSbWulEkse/gfKWNfq4iGt9C3lT9yKEXsPbAA==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
Sv7j8OvoHYSY4xYN5YE/cA==
access-control-allow-origin
*
date
Fri, 14 Jun 2019 02:01:47 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
6629
expires
Fri, 12 Jun 2020 20:40:51 GMT
lul7Ztcum4U.js
static.xx.fbcdn.net/rsrc.php/v3iYXl4/yH/l/en_US/ 		35 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iYXl4/yH/l/en_US/lul7Ztcum4U.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yv/r/WEQuniVCzZG.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
2bce233308215e8a9c70fbaf15347fae4b00aa8e677ba9214c7bf0afb8d96df6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
ReocpcVtkZL6nUrwjbE/kwYkpyWhEHUE/XSFez9YRW4Xk1ARnUpjKSdH4KZ7z44bfkx8tQFeAdqtXO/fstCmNg==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
clhEWG8kGeznhGo9TVILbQ==
access-control-allow-origin
*
date
Fri, 14 Jun 2019 02:01:48 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
8793
expires
Fri, 12 Jun 2020 19:24:13 GMT
fjA3O5J_75f.js
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ 		74 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/fjA3O5J_75f.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yv/r/WEQuniVCzZG.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
e4215219f4d71f3192485a8cb301751b6c70f6671a5f88d02cbc119246faa9d2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
RhOOkKDglC8SclrnzSRiXY0JXXfsdwVBwNg0S33dUIiJTiWfKBqwTi+p7f3ND25K912jZL8SXuFDcP4p9wJWZA==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
KC1sIeCa7l1HW+NhWy8hGg==
access-control-allow-origin
*
date
Fri, 14 Jun 2019 02:01:48 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
19462
expires
Fri, 12 Jun 2020 20:40:52 GMT
zp_Z6fFfzgb.js
static.xx.fbcdn.net/rsrc.php/v3/y2/r/ 		54 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y2/r/zp_Z6fFfzgb.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yv/r/WEQuniVCzZG.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
c2c2f5464d7b2e837d88d515a39defaf55c37c922fcd595825c05f67929a077d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
Y46e7qgFoCXmGHlRaDNZ7e7SyzgScwpmc303dxKpgay2YVpejAF/yLjpTFofrKgVcBclHLoPvLmFv3zTT7exUg==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
zQO4mMbdBcUx5WnUzi0Wtg==
access-control-allow-origin
*
date
Fri, 14 Jun 2019 02:01:48 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
15075
expires
Fri, 12 Jun 2020 13:58:20 GMT
KMizZ3BvRni.js
static.xx.fbcdn.net/rsrc.php/v3i-RI4/yE/l/en_US/ 		77 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3i-RI4/yE/l/en_US/KMizZ3BvRni.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yv/r/WEQuniVCzZG.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
00cf4bc1a208c50157ea55158af08f9a56ae3695ef772b5e1ffd1fef7ec3e589
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
6qafsWVJAQyiV7SYGxDYsfVa6weymO2dgk+ZZ+xnqgSlKOCPWlrN7qnVsijpMVAVTZiSIsawOI4UinlUt4UKWg==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
YpG7OdqXC1vgskmp5jyFCA==
access-control-allow-origin
*
date
Fri, 14 Jun 2019 02:01:48 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
17639
expires
Fri, 12 Jun 2020 11:36:44 GMT
2DiyryXhJ9H.js
static.xx.fbcdn.net/rsrc.php/v3iQYn4/yH/l/en_US/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iQYn4/yH/l/en_US/2DiyryXhJ9H.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yv/r/WEQuniVCzZG.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
420c55fe3937a0e5fe40f5ce12487ff093a7b95088ac927251b43e7025158a5f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
wxAss9XpJdXeEUWz6ZENw50Qe3W0U04ghEt6kmXKGBIrTUyLvvUF4G0/y8uVzaKTnby84bw5GgGBYEXTJWuqqg==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
4dNec/FSJ0xtv1FPlthVFQ==
access-control-allow-origin
*
date
Fri, 14 Jun 2019 02:01:48 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
6787
expires
Fri, 12 Jun 2020 21:19:46 GMT
63IrXRXEyc0.js
static.xx.fbcdn.net/rsrc.php/v3/yR/r/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yR/r/63IrXRXEyc0.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yv/r/WEQuniVCzZG.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
40e353059e879ee5cccb45283160f279005bfaa4c183b1565a228e201db3eda9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
hpJrVUBIraq53D3ecyOmcETLSRlzyn3l7mMi0Wx3ayUVDJJjnnTBiXR0bvk98FM05nIxxZPwZyUwvgP2OhPVcw==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
W6lmnMPjxfjFeZE/out7bQ==
access-control-allow-origin
*
date
Fri, 14 Jun 2019 02:01:48 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
3194
expires
Fri, 12 Jun 2020 21:06:55 GMT
1OJD5twL76N.js
static.xx.fbcdn.net/rsrc.php/v3/yg/r/ 		133 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yg/r/1OJD5twL76N.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yv/r/WEQuniVCzZG.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
3e3ff323b73d58a05bf4921612f3b1f909f65ae6970ac9404cab724feac758c4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
RUIXJ/MG1C6u78w3jmIqPf3dQYKQ2KUhn7Rfe/v5DVFpC5sXUEkOOVwZfBWIdeTf2TEZlBbFkDkt5rJoLLYF3g==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
pMwCusa8FBKd0V0A+WNutQ==
access-control-allow-origin
*
date
Fri, 14 Jun 2019 02:01:48 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
37326
expires
Fri, 12 Jun 2020 21:49:17 GMT
pGYOuvfnZmj.js
static.xx.fbcdn.net/rsrc.php/v3iqES4/yi/l/en_US/ 		47 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iqES4/yi/l/en_US/pGYOuvfnZmj.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yv/r/WEQuniVCzZG.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
352bf9fb8ae7d0c4fd482564806e434c36ef2341957d6c0d5c4258858c4e2f18
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
k3lHDKVKLi5istZ47iWIKAph8OIgrW5rAA/0+FDc8YYqybXEwVmdj6JzxkFxADnO/jrC85I3UaBFRGip1G44eQ==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
/2bDgUNiT/ATM0uM8nQu7w==
access-control-allow-origin
*
date
Fri, 14 Jun 2019 02:01:48 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
13548
expires
Fri, 12 Jun 2020 11:33:03 GMT
v4WgC_pJT9B.js
static.xx.fbcdn.net/rsrc.php/v3/yz/r/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/v4WgC_pJT9B.js
Requested by
Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yv/r/WEQuniVCzZG.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
a01808b8a2d6e28821f87b2b3bf59abfb34c2aa9050ecd6ba212d3c2c8f28538
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
antmniaVswbxIuAqVlPius8jJrRvcyANq011FMTzXvTHzVQQ6dTK5sIw9V70CoC/Qv31TgDdNHawMo0Z4mMPqQ==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
zhO7kDvY1KlYWGjrr+zJSw==
access-control-allow-origin
*
date
Fri, 14 Jun 2019 02:01:48 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
2214
expires
Fri, 12 Jun 2020 20:40:51 GMT
-PAXP-deijE.gif
static.xx.fbcdn.net/rsrc.php/v3/y4/r/ 		43 B
236 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y4/r/-PAXP-deijE.gif
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yD/l/en_US/9afyj11AmX-.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
5a52dbaf980be015c37ea658dc83e753f345ecb7c48a7dafd71bf1ed67e8b4bd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
pqw7kMO8TGEby2JE4t7bUyR4DtTAPHfRvuP8nnVxOn9R+e3WiraLcjxrPUUenkTt/BPRtBMorW4Ph4KV6BPjGw==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
YRyRbJo4R7CNEE1X8k7Jfg==
access-control-allow-origin
*
date
Fri, 14 Jun 2019 02:01:48 GMT
content-type
image/gif
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
43
expires
Fri, 12 Jun 2020 05:14:44 GMT
bz
crushus-s3.curd.io/ajax/ 		0
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.curd.io/ajax/bz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/ys/r/wXmPKw6jBhF.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
107.173.102.248 Los Angeles, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
107-173-102-248-host.colocrossing.com
Software
nginx/1.10.3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=60; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
Origin
https://crushus-s3.curd.io
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Fri, 14 Jun 2019 02:01:57 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
Server
nginx/1.10.3
X-Frame-Options
DENY
Content-Type
text/html; charset=utf-8
Connection
keep-alive
Transfer-Encoding
chunked
strict-transport-security
max-age=60; includeSubDomains
x-xss-protection
1; mode=block
/
pixel.facebook.com/si/kappa/async/
Redirect Chain
  • https://pixel.facebook.com/si/kappa/?Ko=a&__a=1&__be=1&__dyn=7xe6Fo4OQ1PyUhxOnFwn84a2i5U4e0yoW3q327E2vwXx61rwf24o29wmU1upE4W0OE2WxO2u0Io5u1Aw60KdwnU1oU881FU&__pc=PHASED%3ADEFAULT&__req=2&__rev=1000...
  • https://pixel.facebook.com/si/kappa/async/?Ka=AbG93VxJMgbXF7qj&Kt=1560477723174&Ko=a&__a=1&__be=1&__dyn=7xe6Fo4OQ1PyUhxOnFwn84a2i5U4e0yoW3q327E2vwXx61rwf24o29wmU1upE4W0OE2WxO2u0Io5u1Aw60KdwnU1oU881...
67 B
212 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.facebook.com/si/kappa/async/?Ka=AbG93VxJMgbXF7qj&Kt=1560477723174&Ko=a&__a=1&__be=1&__dyn=7xe6Fo4OQ1PyUhxOnFwn84a2i5U4e0yoW3q327E2vwXx61rwf24o29wmU1upE4W0OE2WxO2u0Io5u1Aw60KdwnU1oU881FU&__pc=PHASED%3ADEFAULT&__req=2&__rev=1000829096&__s=%3A2g6j68%3Azgxjb1&__user=0&asyncSignal=2504&dpr=1&jazoest=2668&lsd=AVq0dEaZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8084:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.curd.io/facebook.com/1324786344/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
x-fb-debug
DMJFEkHaEN6EtdkeBVcoDBv6XzlvVAEYSedj88PCUtXw4HXdYPM1C4u/YUdUhL0IYYjz60bxTym9I4zbIEM+4A==
content-encoding
br
x-content-type-options
nosniff
access-control-allow-origin
https://pixel.facebook.com
date
Fri, 14 Jun 2019 02:02:03 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
image/png
status
200
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin, Accept-Encoding
expires
Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
x-content-type-options
nosniff
status
302
strict-transport-security
max-age=15552000; preload
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
xBTnWnBPD0gFrSHfmbawY/JW28ss7Th4bhN2Ns+g3i2r7FNGi/7ctOAKMgDY2wlqeXwn+4kz8mUqqB8jux/YAg==
location
/si/kappa/async/?Ka=AbG93VxJMgbXF7qj&Kt=1560477723174&Ko=a&__a=1&__be=1&__dyn=7xe6Fo4OQ1PyUhxOnFwn84a2i5U4e0yoW3q327E2vwXx61rwf24o29wmU1upE4W0OE2WxO2u0Io5u1Aw60KdwnU1oU881FU&__pc=PHASED%3ADEFAULT&__req=2&__rev=1000829096&__s=%3A2g6j68%3Azgxjb1&__user=0&asyncSignal=2504&dpr=1&jazoest=2668&lsd=AVq0dEaZ
x-frame-options
DENY
date
Fri, 14 Jun 2019 02:02:03 GMT
vary
Origin
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://pixel.facebook.com
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
Sat, 01 Jan 2000 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
coinhive.com
URL
https://coinhive.com/lib/coinhive.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| LieDetector object| atAsyncContainers undefined| miner number| _cstart function| envFlush object| Env number| __DEV__ function| CavalryLogger undefined| __p function| emptyFunction function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d object| ErrorUtils object| TimeSlice object| JSCC function| $ function| ge object| Parent function| Arbiter object| PageEvents function| _domcontentready function| onloadRegister_DEPRECATED function| onloadRegister function| onafterloadRegister_DEPRECATED function| onafterloadRegister function| onleaveRegister function| onbeforeunloadRegister function| onunloadRegister function| wait_for_load function| goURI object| Bootloader function| ProfilingCounters function| $E object| domreadyhooks object| onloadhooks string| _script_path object| bigPipe object| onafterunloadhooks object| onunloadhooks object| PageHooks function| _domreadyHook function| _onloadHook function| runHook function| runHooks function| keep_window_set_as_loaded function| AsyncRequest object| onbeforeunloadhooks object| onleavehooks object| __FB_STORE function| intl_set_xmode function| intl_set_amode function| intl_set_rmode function| intl_set_locale object| PageTransitions boolean| domready boolean| loaded object| SnappyJS

3 Cookies

Domain/Path Name / Value
www.urldelivery.com/ Name: u_pl
Value: 14142203
.crushus-s3.curd.io/ Name: _js_datr
Value: FPsCXYE9Mu8zf17p_igiW-ZH
.curd.io/ Name: 494668b4c0ef4d25bda4e75c27de2817
Value: 081ccae6-3b92-4834-8bb0-24f8d33895d2%3A1%3A1

4 Console Messages

Source Level URL
Text
console-api log URL: https://www.bnserving.com/invoke.js(Line 1)
Message:
[object HTMLImageElement]
console-api log URL: https://www.bnserving.com/invoke.js(Line 1)
Message:
console.clear
console-api log URL: https://www.bnserving.com/invoke.js(Line 1)
Message:
[object HTMLImageElement]
console-api log URL: https://www.bnserving.com/invoke.js(Line 1)
Message:
console.clear

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=60; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

coinhive.com
crushus-s3.curd.io
pixel.facebook.com
r.remarketingpixel.com
s20dh7e9dh.com
static.xx.fbcdn.net
www.bnserving.com
www.modulepush.com
www.urldelivery.com
coinhive.com
107.173.102.248
198.134.112.242
198.134.112.243
213.196.2.1
213.196.2.2
213.196.5.3
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8084:face:b00c:0:14c9
00cf4bc1a208c50157ea55158af08f9a56ae3695ef772b5e1ffd1fef7ec3e589
03d0e2d9ff35d62e9497de1a8d8577783237e5402389b532d59b89ceefa8a038
2bce233308215e8a9c70fbaf15347fae4b00aa8e677ba9214c7bf0afb8d96df6
352bf9fb8ae7d0c4fd482564806e434c36ef2341957d6c0d5c4258858c4e2f18
3e3ff323b73d58a05bf4921612f3b1f909f65ae6970ac9404cab724feac758c4
40e353059e879ee5cccb45283160f279005bfaa4c183b1565a228e201db3eda9
420c55fe3937a0e5fe40f5ce12487ff093a7b95088ac927251b43e7025158a5f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5a52dbaf980be015c37ea658dc83e753f345ecb7c48a7dafd71bf1ed67e8b4bd
78ec2fb5748be66bdaff32f6d03e697bd78f3aff2df0f7004da39b104302e12e
7a14e2c32c6a42c292a80640d77b95254b03b08756fff2f2602b7396f9203679
812ce7b3dcba29ed320faad216f4b9eface62a5e01fd342e94363b090de89e5c
8627d83666e5f29db4f5ddfba459bf17a542a4b20569815b8055223dbe6d3f75
8f483d8dee99bf74e06dce9d7bc4721a04d999477c16714e7e1a4d532bd40717
93071f14b990f0f3224a77b4667fb7e14d5c79495a5188a8cf8f7c4964f74f2f
a01808b8a2d6e28821f87b2b3bf59abfb34c2aa9050ecd6ba212d3c2c8f28538
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b3a9b91de6aa52d13160a33d10ddb6c8290acf6644987f60950e1dc0f7523fa0
c2c2f5464d7b2e837d88d515a39defaf55c37c922fcd595825c05f67929a077d
c2e399e0191dc22fdea8b9a25717810dc7d289e4e20b52e43ded3fa40a53e9dc
c565c16ff437369e16a63f9d0d6f5ffe5a014ca1327af9d25f9e920e1bc6b2cc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4215219f4d71f3192485a8cb301751b6c70f6671a5f88d02cbc119246faa9d2