crushus-s3.curd.io Open in urlscan Pro
107.173.102.248 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
Effective URL:
https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
Submission: On June 03 via automatic, source phishtank (June 3rd 2019, 1:03:22 pm UTC)

Summary HTTP 29 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 8 domains to perform 29 HTTP transactions. The main IP is 107.173.102.248, located in Los Angeles, United States and belongs to AS-COLOCROSSING - ColoCrossing, US. The main domain is crushus-s3.curd.io.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 25th 2019. Valid for: 3 months.

This is the only time crushus-s3.curd.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 8	107.173.102.248 107.173.102.248	36352 (AS-COLOCR...) (AS-COLOCROSSING - ColoCrossing)
1	198.134.112.242 198.134.112.242	27257 (WEBAIR-IN...) (WEBAIR-INTERNET - Webair Internet Development Company Inc.)
1	198.134.112.243 198.134.112.243	27257 (WEBAIR-IN...) (WEBAIR-INTERNET - Webair Internet Development Company Inc.)
1	213.196.2.2 213.196.2.2	7979 (SERVERS) (SERVERS - Servers.com)
1	213.196.2.1 213.196.2.1	7979 (SERVERS) (SERVERS - Servers.com)
15	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	213.196.5.4 213.196.5.4	7979 (SERVERS) (SERVERS - Servers.com)
29	8

8 107.173.102.248 (Los Angeles, United States) 1 redirects

ASN36352 (AS-COLOCROSSING - ColoCrossing, US)
PTR: 107-173-102-248-host.colocrossing.com

crushus-s3.curd.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.134.112.242 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET - Webair Internet Development Company Inc., US)

s20dh7e9dh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.134.112.243 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET - Webair Internet Development Company Inc., US)

www.modulepush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.196.2.2 (Netherlands)

ASN7979 (SERVERS - Servers.com, Inc., US)

www.bnserving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.196.2.1 (Netherlands)

ASN7979 (SERVERS - Servers.com, Inc., US)

r.remarketingpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.196.5.4 (Netherlands)

ASN7979 (SERVERS - Servers.com, Inc., US)

www.urldelivery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	fbcdn.net static.xx.fbcdn.net	165 KB
8	curd.io 1 redirects crushus-s3.curd.io	419 KB
2	urldelivery.com www.urldelivery.com
1	remarketingpixel.com r.remarketingpixel.com	522 B
1	bnserving.com www.bnserving.com	5 KB
1	modulepush.com www.modulepush.com
1	s20dh7e9dh.com s20dh7e9dh.com
0	coinhive.com Failed coinhive.com Failed
29	8

	Domain	Requested by
15	static.xx.fbcdn.net	crushus-s3.curd.io static.xx.fbcdn.net
8	crushus-s3.curd.io	1 redirects crushus-s3.curd.io static.xx.fbcdn.net
2	www.urldelivery.com	www.bnserving.com
1	r.remarketingpixel.com	www.bnserving.com
1	www.bnserving.com	crushus-s3.curd.io
1	www.modulepush.com	crushus-s3.curd.io
1	s20dh7e9dh.com	crushus-s3.curd.io
0	coinhive.com Failed	crushus-s3.curd.io
29	8

This site contains no links.

Subject Issuer	Validity	Valid
*.curd.io Let's Encrypt Authority X3	`2019-05-25` - `2019-08-23`	3 months	crt.sh
s20dh7e9dh.com Let's Encrypt Authority X3	`2019-04-29` - `2019-07-28`	3 months	crt.sh
modulepush.com Let's Encrypt Authority X3	`2019-04-13` - `2019-07-12`	3 months	crt.sh
bnserving.com Let's Encrypt Authority X3	`2019-04-04` - `2019-07-03`	3 months	crt.sh
r.remarketingpixel.com Let's Encrypt Authority X3	`2019-05-05` - `2019-08-03`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-04-22` - `2019-07-21`	3 months	crt.sh
urldelivery.com Let's Encrypt Authority X3	`2019-04-11` - `2019-07-10`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
Frame ID: 03F8694111B6C9C0DF87BAD538E0335F
Requests: 30 HTTP requests in this frame

Frame: https://www.urldelivery.com/watch.1066106086953?key=0431f3ed3379adc2b1427adeeae7b242&kw=%5B%5D&refer=https%3A%2F%2Fcrushus-s3.curd.io%2Ffacebook.com%2F1324786344%3F_fb_noscript%3D1&tz=0&dev=r&res=4.23&uuid=ccce4795-1677-48a4-a0de-c8248c2cd67d%3A1%3A2
Frame ID: C3666BF3D160A1DB91D447D3B4C63E61
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1 HTTP 301
https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1 Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

29
Requests

97 %
HTTPS

14 %
IPv6

8
Domains

8
Subdomains

8
IPs

3
Countries

590 kB
Transfer

1099 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1 HTTP 301
https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request 1324786344 Show response
crushus-s3.curd.io/facebook.com/
Redirect Chain

http://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1

79 KB
26 KB

1720ms
316ms

Document
text/html

107.173.102.248
ColoCrossing

General

Check archive.org

Show headers Download Go to

Full URL

https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

107.173.102.248 Los Angeles, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),

Reverse DNS

107-173-102-248-host.colocrossing.com

Software

nginx/1.10.3 /

Resource Hash

702e31f734eb69a63dfcf6899c76063b00d6cb14afb4e90a7088d0e4916b4709

Security Headers

Name	Value
Strict-Transport-Security	max-age=60; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Host: crushus-s3.curd.io
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server: nginx/1.10.3
Date: Mon, 03 Jun 2019 13:02:46 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-xss-protection: 1; mode=block
strict-transport-security: max-age=60; includeSubDomains
x-content-type-options: nosniff
X-Frame-Options: DENY
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Proxy-Cache: HIT
Content-Encoding: gzip

Redirect headers

Server: nginx/1.10.3
Date: Mon, 03 Jun 2019 13:02:44 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1

GET
H/1.1 403
Forbidden 2497b33a9b4d65137a8950d2b41c267c.js
s20dh7e9dh.com/24/97/b3/ 0
0 421ms
97ms Script
application/javascript 198.134.112.242
Webair Internet D...

General

Check archive.org

Show headers Download Go to

Full URL: https://s20dh7e9dh.com/24/97/b3/2497b33a9b4d65137a8950d2b41c267c.js
Requested by: Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.134.112.242 Garden City, United States, ASN27257 (WEBAIR-INTERNET - Webair Internet Development Company Inc., US),
Reverse DNS
Software: nginx/1.15.1 /
Resource Hash

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 03 Jun 2019 13:02:47 GMT
Server: nginx/1.15.1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 0
Content-Type: application/javascript

GET coinhive.min.js
coinhive.com/lib/ 0
0

GET
H/1.1 200
OK 24Nz9XYA7Mg.css
crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yi/l/0,cross/ 36 KB
37 KB 217ms
212ms Stylesheet
text/css 107.173.102.248
ColoCrossing

General

Check archive.org

Show headers Download Go to

Full URL

https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yi/l/0,cross/24Nz9XYA7Mg.css

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

107.173.102.248 Los Angeles, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),

Reverse DNS

107-173-102-248-host.colocrossing.com

Software

nginx/1.10.3 /

Resource Hash

860b4f6166fdc3fc5b3301e248ef23337e354725c981421f920a85626b201581

Security Headers

Name	Value
Strict-Transport-Security	max-age=60; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 13:02:46 GMT
strict-transport-security: max-age=60; includeSubDomains
x-content-type-options: nosniff
Server: nginx/1.10.3
X-Frame-Options: DENY
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
X-Proxy-Cache: HIT
Content-Length: 37075
x-xss-protection: 1; mode=block
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 0cDM_mVXwyz.css
crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yy/l/0,cross/ 28 KB
28 KB 1614ms
351ms Stylesheet
text/css 107.173.102.248
ColoCrossing

General

Check archive.org

Show headers Download Go to

Full URL

https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yy/l/0,cross/0cDM_mVXwyz.css

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

107.173.102.248 Los Angeles, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),

Reverse DNS

107-173-102-248-host.colocrossing.com

Software

nginx/1.10.3 /

Resource Hash

9041dee7305b4ae5a36f68382eefe4d86ae2f9c4b19e163f1dc2ad6f2aeb89a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=60; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 13:02:48 GMT
strict-transport-security: max-age=60; includeSubDomains
x-content-type-options: nosniff
Server: nginx/1.10.3
X-Frame-Options: DENY
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
X-Proxy-Cache: HIT
Content-Length: 28176
x-xss-protection: 1; mode=block
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK gaysq4mKON_.js Show response
crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/ 313 KB
313 KB 1824ms
206ms Script
application/x-javascript 107.173.102.248
ColoCrossing

General

Check archive.org

Show headers Download Go to

Full URL

https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

107.173.102.248 Los Angeles, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),

Reverse DNS

107-173-102-248-host.colocrossing.com

Software

nginx/1.10.3 /

Resource Hash

955db9a70569ed634946b0cf808606db07bab3e2a2875fd1efece6b7a93c3cbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=60; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 13:02:48 GMT
strict-transport-security: max-age=60; includeSubDomains
x-content-type-options: nosniff
Server: nginx/1.10.3
X-Frame-Options: DENY
Content-Type: application/x-javascript
Cache-Control: max-age=315360000
Connection: keep-alive
X-Proxy-Cache: HIT
Content-Length: 320095
x-xss-protection: 1; mode=block
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK hsts-pixel.gif
crushus-s3.curd.io/facebook.com/security/ 43 B
431 B 2811ms
168ms Image
image/gif 107.173.102.248
ColoCrossing

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://crushus-s3.curd.io/facebook.com/security/hsts-pixel.gif?c=3.2.5

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

107.173.102.248 Los Angeles, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),

Reverse DNS

107-173-102-248-host.colocrossing.com

Software

nginx/1.10.3 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=60; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 13:02:49 GMT
strict-transport-security: max-age=60; includeSubDomains
x-content-type-options: nosniff
Server: nginx/1.10.3
X-Frame-Options: DENY
Content-Type: image/gif
Cache-Control: max-age=315360000
Connection: keep-alive
X-Proxy-Cache: HIT
Content-Length: 43
x-xss-protection: 1; mode=block
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 403
Forbidden invoke.js
www.modulepush.com/2b7c8abc9a1b4c9a413e6845db201275/ 0
0 1697ms
99ms Script
application/javascript 198.134.112.243
Webair Internet D...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.modulepush.com/2b7c8abc9a1b4c9a413e6845db201275/invoke.js
Requested by: Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.134.112.243 Garden City, United States, ASN27257 (WEBAIR-INTERNET - Webair Internet Development Company Inc., US),
Reverse DNS
Software: nginx/1.15.1 /
Resource Hash

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 03 Jun 2019 13:02:47 GMT
Server: nginx/1.15.1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 0
Content-Type: application/javascript

GET
H/1.1 200
OK invoke.js Show response
www.bnserving.com/ 11 KB
5 KB 100ms
20ms Script
application/javascript 213.196.2.2
Servers.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bnserving.com/invoke.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.196.2.2 , Netherlands, ASN7979 (SERVERS - Servers.com, Inc., US),

Reverse DNS

Software

nginx/1.15.1 /

Resource Hash

7a14e2c32c6a42c292a80640d77b95254b03b08756fff2f2602b7396f9203679

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Mon, 03 Jun 2019 13:02:48 GMT
Content-Encoding: gzip
Server: nginx/1.15.1
Strict-Transport-Security: max-age=0; includeSubdomains
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: application/javascript
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK stats Show response
r.remarketingpixel.com/ 40 B
522 B 98ms
21ms XHR
text/html 213.196.2.1
Servers.com

General

Check archive.org

Show headers Download Go to

Full URL: https://r.remarketingpixel.com/stats
Requested by: Host: www.bnserving.com
URL: https://www.bnserving.com/invoke.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.196.2.1 , Netherlands, ASN7979 (SERVERS - Servers.com, Inc., US),
Reverse DNS
Software: nginx/1.15.1 /
Resource Hash: db21dc3ef2b98c61abe731185f7a2ce8082661666aabe3a6c68de3fd5922a912

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
Origin: https://crushus-s3.curd.io

Response headers

Date: Mon, 03 Jun 2019 13:02:49 GMT
Server: nginx/1.15.1
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://crushus-s3.curd.io
Cache-Control: max-age=0, : no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 40
Expires: Mon, 03 Jun 2019 13:02:49 GMT

GET
H/1.1 200
OK ccm050L6PDw.png
crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/y3/r/ 15 KB
16 KB 166ms
166ms Image
image/png 107.173.102.248
ColoCrossing

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/y3/r/ccm050L6PDw.png

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

107.173.102.248 Los Angeles, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),

Reverse DNS

107-173-102-248-host.colocrossing.com

Software

nginx/1.10.3 /

Resource Hash

75a4024bd08a8a068579603a524bd51b72713eb452529b721b7c54f2c90fec17

Security Headers

Name	Value
Strict-Transport-Security	max-age=60; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yi/l/0,cross/24Nz9XYA7Mg.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 13:02:49 GMT
strict-transport-security: max-age=60; includeSubDomains
x-content-type-options: nosniff
Server: nginx/1.10.3
X-Frame-Options: DENY
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
X-Proxy-Cache: HIT
Content-Length: 15663
x-xss-protection: 1; mode=block
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ 0
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: text/css

GET
DATA 200
OK truncated
/ 74 B
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8627d83666e5f29db4f5ddfba459bf17a542a4b20569815b8055223dbe6d3f75

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: text/css;charset=utf-8

GET
H2 200 2orgPrFUUIG.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yl/r/ 25 KB
7 KB 23ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yl/r/2orgPrFUUIG.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

5041f9cb562095dfed50ff16558cc85997a956b9632166d1f2c868ed5e5d42eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: FKU++hYbDTC0vtYBwmYRLaELtUm3CSJMCzw2W3R3mtHhyTxZL1K1UTWY/rbZ7BVKzW70jwvfWCIgcEh1xGR5jQ==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: VV7uZZPWYZwvLEegZhchpA==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 6869
expires: Sun, 31 May 2020 12:13:02 GMT

GET
H2 200 SUpvVcuV0go.js Show response
static.xx.fbcdn.net/rsrc.php/v3i7M54/yU/l/en_US/ 98 KB
23 KB 23ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yU/l/en_US/SUpvVcuV0go.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

d2a91fe694e5dfa0cce36c241f3a448a10e60611ddf32e5846b9520378111308

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: q631BJaauyNiqCkzWuiYBzp65yTqL/R+CMvEZrM9k7ICwPp7TEUIzmAOweQttrUaA7zPKFCpeYpa8H+BfeHOeQ==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: Wq4HJEeqHqkskyVaOE4t9Q==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 23373
expires: Sun, 31 May 2020 12:01:28 GMT

GET
H2 200 W5f9GMwvXnv.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yf/r/ 20 KB
7 KB 24ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yf/r/W5f9GMwvXnv.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

0dc280746adbb1fecef2bb40182fe4fb0b8a13c0b5efd8ea847756760b5665d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: 6usWUq6EZAKw96WWF0BHMhFlDtg4P5hIKjI6qpdqHvdtM1taSHThHgtQzhFOmpI00fZ2GSHI1nhK7UZ+rz1Ifw==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: r4++nDTisZbMXJcidt5xDg==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 6463
expires: Sun, 31 May 2020 11:59:43 GMT

GET
H/1.1 200
OK watch.1066106086953.js Show response
www.urldelivery.com/ 0
0 101ms
20ms XHR
text/html 213.196.5.4
Servers.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.urldelivery.com/watch.1066106086953.js?key=0431f3ed3379adc2b1427adeeae7b242&kw=%5B%5D&refer=https%3A%2F%2Fcrushus-s3.curd.io%2Ffacebook.com%2F1324786344%3F_fb_noscript%3D1&tz=0&dev=r&res=4.23&uuid=ccce4795-1677-48a4-a0de-c8248c2cd67d%3A1%3A2
Requested by: Host: www.bnserving.com
URL: https://www.bnserving.com/invoke.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.196.5.4 , Netherlands, ASN7979 (SERVERS - Servers.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
Origin: https://crushus-s3.curd.io

Response headers

GET
H2 200 g_6NYHt7WO-.js Show response
static.xx.fbcdn.net/rsrc.php/v3iYXl4/yl/l/en_US/ 42 KB
10 KB 11ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iYXl4/yl/l/en_US/g_6NYHt7WO-.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

b725192efd60291665a49a4e9ff0a511f367bf2ad5b533af2c8ec3b3772bd463

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: KrNsSqH0JE2r5vRjJmC+EJioagvhf6bv24FUtPEZXOeb4QCpDodi6xHr+hD+lSSnr1R1JqGWgGBvn48HViIRPQ==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: qYOyLXvx/9SDtXjDHy1XyA==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 10192
expires: Sun, 31 May 2020 13:26:17 GMT

GET
H2 200 DIlycSgjOHy.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y1/r/ 46 KB
13 KB 11ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/DIlycSgjOHy.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

58c19ef0a81b1d6859f7120742f2d52c4663a632e22c581d5d21aef87b4b33c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: gSGEg0zse4floFfV2y+uJ5E8NM1MtIgiYjoxFPTFQ3o145KeNdKzwf6w6oNlz+tkvJm1KSoLCdByAgDCYM+FeQ==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 3tQwF1sJa6ipp+8iP9rRiw==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 12896
expires: Sun, 31 May 2020 12:20:31 GMT

GET
H2 200 9ufbYmwTrD9.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yP/r/ 63 KB
17 KB 11ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yP/r/9ufbYmwTrD9.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

1b44aa311aad08700743beb7b8e94747052a7044c86efe49162babc9345d9a41

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: nmt8HZ/onl5e+gu5CqoBhTJRpw2TRFmyfzIRVzWKa0q3SFonmwKVU/upFKmRM86Me2sgWdnyL7Q8PqHBdTG2Rw==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: k0ikCCTqIl5tAokomXLHlw==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 16814
expires: Sun, 31 May 2020 12:00:17 GMT

GET
H2 200 7IF4WFK48g7.js Show response
static.xx.fbcdn.net/rsrc.php/v3i-RI4/yq/l/en_US/ 40 KB
10 KB 10ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3i-RI4/yq/l/en_US/7IF4WFK48g7.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

daf3688d3d70a199de47728aecf014474fb67af1370f613e232219d972589806

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: GKNozyKjjUTSQuoMnxoY94pN6NXwciMniHTM251cofoVpMnROLwsCNTnrHqFxtyep77tc5PnxbnsLbe05Lw3Og==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: f1IE6D35HiDcJ/vDpeAU0w==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 10424
expires: Sun, 31 May 2020 13:26:17 GMT

GET
H2 200 fMBxhj8Ch1V.js Show response
static.xx.fbcdn.net/rsrc.php/v3iqES4/yw/l/en_US/ 25 KB
7 KB 10ms
9ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iqES4/yw/l/en_US/fMBxhj8Ch1V.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

ac7f8a95ebe05255f204524d468088ee452f683d15ea807880c145a314e6080f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: w+e8ynomCRzBioZY1SDLsSKJtm29M361tww5OC+R4+kl/oXJHIFRpy3jeYnxxaqUbXvsQgGIclaZnFoxqFgo1A==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: +Ft8G91WOn0WlI3AY82pwA==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 7234
expires: Sun, 31 May 2020 13:26:17 GMT

GET
H2 200 xL44fPnLqWO.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yg/r/ 47 KB
11 KB 14ms
12ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yg/r/xL44fPnLqWO.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

b95be031ffea531a8dc1222aa7d5a8e87fcb0ac8e93f913996606a6ec7db0ca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: omuffVzx6ppW0ohw984dgEZ9tXzGJ+3WueZlZ7G+OrorDta9r9wGhheaC5zEjx4qEcvF2XgFmyPuGSxr7OrPPg==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: NlyeLMZTQjNZH9Vt6vKeow==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 11143
expires: Sun, 31 May 2020 12:00:20 GMT

GET
H2 200 QRjc23yfln2.js Show response
static.xx.fbcdn.net/rsrc.php/v3iQYn4/yh/l/en_US/ 17 KB
5 KB 10ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iQYn4/yh/l/en_US/QRjc23yfln2.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

f434c98c6be6d622c936daee875d804526b82c9236a38a1cf6bab4d4d15a8353

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: gPz3FlITJnwKJAp7eqrviGEkjIp8QJ+JkMMnw9QWDu2GEzrJqr7CdJkjle0a1U7ArIeL2nLwq6ZkI4UG/KTK/Q==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 888T3ruXIUa0sJ23N643jQ==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 5134
expires: Sun, 31 May 2020 13:26:17 GMT

GET
H2 200 -g6lSEhMbby.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y-/r/ 9 KB
3 KB 11ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y-/r/-g6lSEhMbby.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

932c31793dbd765c2e5f5373aa12f5723054de64727d0084babcca2367fcc262

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: nsZ6svo5DkjrfxF1QAgFGIfaBegxeMYG6OABbD9zzjfG735dme1aY6yFBkiSYb1TJkmTckOPBbLlIEFn8VTJmw==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: JShbO/wbupGFCym41Ty+fw==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 2855
expires: Sun, 31 May 2020 12:13:03 GMT

GET
H2 200 k9qGqfsyEyM.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y4/r/ 132 KB
36 KB 11ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y4/r/k9qGqfsyEyM.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

38c86d0a02981215ff76ecf710beaab646bb9f6bc82013d202215a3f343dd359

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: XcoR2UAuNDiuRIQ8/1REUM6lc55NS3lnCxNyOesrZWSgAE7LCuimgU9Tvq0MS6jDTJxzYE7WjyFgtIyoZOLxzw==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: ziOioYi3fpOpfSfT4dTyPw==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 37183
expires: Sun, 31 May 2020 12:00:17 GMT

GET
H2 200 B5XrX8hGL3-.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yF/r/ 46 KB
13 KB 9ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/B5XrX8hGL3-.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

688e0251ea977ff41bf3e40fefe3681669422c2633386ac1747177eb8c2ce527

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: dxPmkEGA9PQ/8nVW61hC6TFrag1HheR1RCWHDe7/rjv4EFa3pns+23ED9mY4iuYMwY97jC1gneuhRmzFMbRUGg==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: eSLJCstasG7SAVyJjJ8rvw==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 13158
expires: Sun, 31 May 2020 11:59:43 GMT

GET
H2 200 v4WgC_pJT9B.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yz/r/ 7 KB
2 KB 12ms
10ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/v4WgC_pJT9B.js

Requested by

Host: crushus-s3.curd.io
URL: https://crushus-s3.curd.io/static.xx.fbcdn.net/rsrc.php/v3/yq/r/gaysq4mKON_.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

a01808b8a2d6e28821f87b2b3bf59abfb34c2aa9050ecd6ba212d3c2c8f28538

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: YuJxJqO+bE8tSbRNE+JE+7X9PL2RLaHSWH0D7HcwPxpCfDSqW/YhHhDuNTvz6Jv9QCsU8Y0gnvv4aXBsOeXHqA==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: zhO7kDvY1KlYWGjrr+zJSw==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 2214
expires: Sat, 30 May 2020 19:36:14 GMT

GET
H2 200 -PAXP-deijE.gif
static.xx.fbcdn.net/rsrc.php/v3/y4/r/ 43 B
238 B 7ms
6ms Image
image/gif 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y4/r/-PAXP-deijE.gif

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3iqES4/yw/l/en_US/fMBxhj8Ch1V.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

5a52dbaf980be015c37ea658dc83e753f345ecb7c48a7dafd71bf1ed67e8b4bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug: Qnk5clCw2bY1zKNPEBV0iA3uCYnxsT5Aj3u821OSzUmhz0rGjNQH2Jq+emaR/Xsm2/7nCdA+2ilNjTtbYCecbQ==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: YRyRbJo4R7CNEE1X8k7Jfg==
access-control-allow-origin: *
date: Mon, 03 Jun 2019 13:02:49 GMT
content-type: image/gif
status: 200
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
content-length: 43
expires: Sat, 30 May 2020 21:02:01 GMT

GET
H/1.1 200
OK watch.1066106086953
www.urldelivery.com/ Frame C366 0
0 20ms
18ms Document
text/html 213.196.5.4
Servers.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.urldelivery.com/watch.1066106086953?key=0431f3ed3379adc2b1427adeeae7b242&kw=%5B%5D&refer=https%3A%2F%2Fcrushus-s3.curd.io%2Ffacebook.com%2F1324786344%3F_fb_noscript%3D1&tz=0&dev=r&res=4.23&uuid=ccce4795-1677-48a4-a0de-c8248c2cd67d%3A1%3A2

Requested by

Host: www.bnserving.com
URL: https://www.bnserving.com/invoke.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.196.5.4 , Netherlands, ASN7979 (SERVERS - Servers.com, Inc., US),

Reverse DNS

Software

nginx/1.15.1 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

Host: www.urldelivery.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
Accept-Encoding: gzip, deflate, br
Cookie: u_pl=14142203
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1

Response headers

Server: nginx/1.15.1
Date: Mon, 03 Jun 2019 13:02:50 GMT
Content-Type: text/html
Content-Length: 103
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

POST
H/1.1 403
Forbidden bz
crushus-s3.curd.io/ajax/ 0
0 439ms
438ms XHR
text/html 107.173.102.248
ColoCrossing

General

Check archive.org

Show headers Download Go to

Full URL

https://crushus-s3.curd.io/ajax/bz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yf/r/W5f9GMwvXnv.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

107.173.102.248 Los Angeles, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),

Reverse DNS

107-173-102-248-host.colocrossing.com

Software

nginx/1.10.3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=60; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://crushus-s3.curd.io/facebook.com/1324786344?_fb_noscript=1
Origin: https://crushus-s3.curd.io
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Mon, 03 Jun 2019 13:02:57 GMT
Content-Encoding: gzip
x-content-type-options: nosniff
Server: nginx/1.10.3
X-Frame-Options: DENY
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Transfer-Encoding: chunked
strict-transport-security: max-age=60; includeSubDomains
x-xss-protection: 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: coinhive.com
URL: https://coinhive.com/lib/coinhive.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.urldelivery.com/	1970-01-19 01:14:13	Name: u_pl Value: 14142203
.crushus-s3.curd.io/	1970-01-19 18:43:58	Name: _js_datr Value: ZBX1XFBqVI8xwLmzq7tzRWUv
.crushus-s3.curd.io/	1970-01-19 01:22:51	Name: wd Value: 1600x1200
.curd.io/	1970-01-19 01:22:51	Name: 494668b4c0ef4d25bda4e75c27de2817 Value: ccce4795-1677-48a4-a0de-c8248c2cd67d%3A1%3A2

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.bnserving.com/invoke.js(Line 1) Message: [object HTMLImageElement]
console-api	log	URL: https://www.bnserving.com/invoke.js(Line 1) Message: console.clear
console-api	log	URL: https://www.bnserving.com/invoke.js(Line 1) Message: [object HTMLImageElement]
console-api	log	URL: https://www.bnserving.com/invoke.js(Line 1) Message: console.clear

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=60; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

coinhive.com
crushus-s3.curd.io
r.remarketingpixel.com
s20dh7e9dh.com
static.xx.fbcdn.net
www.bnserving.com
www.modulepush.com
www.urldelivery.com
coinhive.com
107.173.102.248
198.134.112.242
198.134.112.243
213.196.2.1
213.196.2.2
213.196.5.4
2a03:2880:f02d:12:face:b00c:0:3
0dc280746adbb1fecef2bb40182fe4fb0b8a13c0b5efd8ea847756760b5665d6
1b44aa311aad08700743beb7b8e94747052a7044c86efe49162babc9345d9a41
38c86d0a02981215ff76ecf710beaab646bb9f6bc82013d202215a3f343dd359
5041f9cb562095dfed50ff16558cc85997a956b9632166d1f2c868ed5e5d42eb
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
58c19ef0a81b1d6859f7120742f2d52c4663a632e22c581d5d21aef87b4b33c2
5a52dbaf980be015c37ea658dc83e753f345ecb7c48a7dafd71bf1ed67e8b4bd
688e0251ea977ff41bf3e40fefe3681669422c2633386ac1747177eb8c2ce527
702e31f734eb69a63dfcf6899c76063b00d6cb14afb4e90a7088d0e4916b4709
75a4024bd08a8a068579603a524bd51b72713eb452529b721b7c54f2c90fec17
7a14e2c32c6a42c292a80640d77b95254b03b08756fff2f2602b7396f9203679
860b4f6166fdc3fc5b3301e248ef23337e354725c981421f920a85626b201581
8627d83666e5f29db4f5ddfba459bf17a542a4b20569815b8055223dbe6d3f75
9041dee7305b4ae5a36f68382eefe4d86ae2f9c4b19e163f1dc2ad6f2aeb89a2
932c31793dbd765c2e5f5373aa12f5723054de64727d0084babcca2367fcc262
955db9a70569ed634946b0cf808606db07bab3e2a2875fd1efece6b7a93c3cbb
a01808b8a2d6e28821f87b2b3bf59abfb34c2aa9050ecd6ba212d3c2c8f28538
ac7f8a95ebe05255f204524d468088ee452f683d15ea807880c145a314e6080f
b725192efd60291665a49a4e9ff0a511f367bf2ad5b533af2c8ec3b3772bd463
b95be031ffea531a8dc1222aa7d5a8e87fcb0ac8e93f913996606a6ec7db0ca8
d2a91fe694e5dfa0cce36c241f3a448a10e60611ddf32e5846b9520378111308
daf3688d3d70a199de47728aecf014474fb67af1370f613e232219d972589806
db21dc3ef2b98c61abe731185f7a2ce8082661666aabe3a6c68de3fd5922a912
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f434c98c6be6d622c936daee875d804526b82c9236a38a1cf6bab4d4d15a8353

crushus-s3.curd.io Open in urlscan Pro 107.173.102.248 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

29 Requests

97 %HTTPS

14 %IPv6

8 Domains

8 Subdomains

8 IPs

3 Countries

590 kBTransfer

1099 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

29 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

crushus-s3.curd.io Open in urlscan Pro
107.173.102.248 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

29
Requests

97 %
HTTPS

14 %
IPv6

8
Domains

8
Subdomains

8
IPs

3
Countries

590 kB
Transfer

1099 kB
Size

4
Cookies

29 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!