passionfruit12226132.brizy.site Open in urlscan Pro
34.237.47.210 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://curl.ro/xhemb
Effective URL:
https://passionfruit12226132.brizy.site/
Submission: On June 26 via manual (June 26th 2022, 1:30:06 pm UTC) from PL — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 4 countries across 9 domains to perform 11 HTTP transactions. The main IP is 34.237.47.210, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is passionfruit12226132.brizy.site.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 1st 2022. Valid for: a year.

This is the only time passionfruit12226132.brizy.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 1	89.42.231.136 89.42.231.136	48459 (CIANET-AS) (CIANET-AS)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	34.237.47.210 34.237.47.210	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
3	84.17.46.53 84.17.46.53	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2606:4700:303... 2606:4700:3037::6815:3ab7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.112.193 151.101.112.193	54113 (FASTLY) (FASTLY)
1	67.202.114.212 67.202.114.212	32748 (STEADFAST) (STEADFAST)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
11	9

1 89.42.231.136 (Romania) 1 redirects

ASN48459 (CIANET-AS, RO)
PTR: curl.ro

curl.ro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.237.47.210 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-47-210.compute-1.amazonaws.com

passionfruit12226132.brizy.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 84.17.46.53 (Amsterdam, Netherlands)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-84-17-46-53.cdn77.com

b-cloud.b-cdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::6815:3ab7 (United States)

ASN13335 (CLOUDFLARENET, US)

mackfbs.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.114.212 (United States)

ASN32748 (STEADFAST, US)
PTR: amung.us

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	b-cdn.net b-cloud.b-cdn.net — Cisco Umbrella Rank: 301433	128 KB
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 532	3 KB
1	amung.us whos.amung.us — Cisco Umbrella Rank: 14886	25 B
1	imgur.com i.imgur.com — Cisco Umbrella Rank: 5855	9 KB
1	mackfbs.me mackfbs.me	113 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 71	2 KB
1	brizy.site passionfruit12226132.brizy.site	2 KB
1	t.co t.co — Cisco Umbrella Rank: 455	519 B
1	curl.ro 1 redirects curl.ro	966 B
11	9

	Domain	Requested by
3	b-cloud.b-cdn.net	passionfruit12226132.brizy.site
2	static.xx.fbcdn.net
1	whos.amung.us
1	i.imgur.com
1	mackfbs.me	passionfruit12226132.brizy.site
1	fonts.googleapis.com	passionfruit12226132.brizy.site
1	passionfruit12226132.brizy.site	t.co
1	t.co
1	curl.ro	1 redirects
11	9

This site contains no links.

Subject Issuer	Validity	Valid
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.brizy.site Sectigo RSA Domain Validation Secure Server CA	`2022-04-01` - `2023-05-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.b-cdn.net Sectigo RSA Domain Validation Secure Server CA	`2021-11-07` - `2022-11-11`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-10` - `2023-05-09`	a year	crt.sh
*.imgur.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-03-16`	a year	crt.sh
*.amung.us Sectigo RSA Domain Validation Secure Server CA	`2022-05-18` - `2023-06-17`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-04-04` - `2022-07-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://passionfruit12226132.brizy.site/
Frame ID: E3705F3FB208D58476F88F3DA77FD98B
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Melden Sie sich bei Facebook an, um das Video anzusehen

Page URL History Show full URLs

https://curl.ro/xhemb HTTP 301
https://t.co/pQfpYYsSHY Page URL
https://passionfruit12226132.brizy.site/ Page URL

Page Statistics

11
Requests

100 %
HTTPS

33 %
IPv6

9
Domains

9
Subdomains

9
IPs

4
Countries

258 kB
Transfer

845 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://curl.ro/xhemb HTTP 301
https://t.co/pQfpYYsSHY Page URL
https://passionfruit12226132.brizy.site/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://curl.ro/xhemb HTTP 301
https://t.co/pQfpYYsSHY

11 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

pQfpYYsSHY
t.co/
Redirect Chain

https://curl.ro/xhemb
https://t.co/pQfpYYsSHY

275 B
519 B

330ms
142ms

Document
text/html

104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/pQfpYYsSHY

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 187
content-type: text/html; charset=utf-8
date: Sun, 26 Jun 2022 13:30:00 GMT
expires: Sun, 26 Jun 2022 13:35:00 GMT
server: tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 1fc575c8e84b2aa1a39da41a2c8b48ff32839253f7cc32903acd1aa1acb003f5
x-response-time: 120
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control: must-revalidate, no-cache, no-store, private
content-encoding: br
content-length: 164
content-type: text/html; charset=UTF-8
date: Sun, 26 Jun 2022 13:30:00 GMT
location: https://t.co/pQfpYYsSHY
vary: Accept-Encoding,User-Agent

GET
H2 200 Primary Request / Show response
passionfruit12226132.brizy.site/ 9 KB
2 KB 336ms
105ms Document
text/html 34.237.47.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://passionfruit12226132.brizy.site/
Requested by: Host: t.co
URL: https://t.co/pQfpYYsSHY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.237.47.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-237-47-210.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 1f466a2190699ade5ae25a46cd131b319712afecd43d010721ff16f138580270

Request headers

Referer: https://t.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 42013
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-length: 2016
content-type: text/html; charset=UTF-8
date: Sun, 26 Jun 2022 13:30:01 GMT
expires: -1
pragma: no-cache
server: nginx
vary: Accept-Encoding
via: 1.1 varnish (Varnish/6.2)
x-brizy-preview: 1
x-cache: HIT
x-cache-hits: 22794
x-varnish: 15764429 7182097

GET
H2 200 css
fonts.googleapis.com/ 34 KB
2 KB 84ms
33ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Overpass:100,100italic,200,200italic,300,300italic,regular,italic,600,600italic,700,700italic,800,800italic,900,900italic|Lato:100,100italic,300,300italic,regular,italic,700,700italic,900,900italic&subset=arabic,bengali,cyrillic,cyrillic-ext,devanagari,greek,greek-ext,gujarati,hebrew,khmer,korean,latin-ext,tamil,telugu,thai,vietnamese&display=swap

Requested by

Host: passionfruit12226132.brizy.site
URL: https://passionfruit12226132.brizy.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a19fc5244f2c5bd7f96ebefe24cdb3bbb9759140e04df643ff68e132c162d428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://passionfruit12226132.brizy.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 26 Jun 2022 13:30:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 26 Jun 2022 13:30:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 26 Jun 2022 13:30:01 GMT

GET
H2 200 preview.css
b-cloud.b-cdn.net/builds/free/237-cloud/editor/css/ 238 KB
37 KB 90ms
25ms Stylesheet
text/css 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://b-cloud.b-cdn.net/builds/free/237-cloud/editor/css/preview.css
Requested by: Host: passionfruit12226132.brizy.site
URL: https://passionfruit12226132.brizy.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS-879 /
Resource Hash: b342c02cf1b71aed9e48e8f28e24df74a833a8b3a2265839a7df3308f85a9ac0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://passionfruit12226132.brizy.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 13:30:01 GMT
content-encoding: br
cdn-edgestorageid: 879
x-amz-request-id: W9KQEPBJZ75CYS6Y
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 06/02/2022 08:46:20
cdn-pullzone: 246147
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: vR5Gt4QIFmui+4KNCYQDWJdTpSRfmob6JJBuSJaNqocs5FjjOXXhHyS88wbGaxmfD7k0YSh5/eo=
server: BunnyCDN-AMS-879
access-control-allow-origin: *
last-modified: Thu, 26 May 2022 13:26:10 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"545ed72c486d3a8de75bfe549653cec4"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
cdn-cache: HIT
cdn-uid: e647d0c9-3a16-4c3e-ae99-91e18e06d4b3
cache-control: public, max-age=31919000
cdn-requestid: 74b6bea4fe0dfbb3f55e40c5703a57e7
cdn-requestcountrycode: DE
link: <https://s3.amazonaws.com/brizy.cloud/builds/free/237-cloud/editor/css/preview.css>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 / Show response
mackfbs.me/ 179 KB
113 KB 715ms
610ms Script
text/html 2606:4700:3037::6815:3ab7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mackfbs.me/?token=U2FsdGVkX1%2BEitnfQgeexz1IRjzZHOSYSBzhBz67F3sQG4mD2Mzh1VU8FPolbJrfna0uFQScx4v%2BCO6vRIKKRQ%3D%3D
Requested by: Host: passionfruit12226132.brizy.site
URL: https://passionfruit12226132.brizy.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:3ab7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 46c9c3d941c8e6b2f74597612ea53c6d5ccb77a898ac6c5420b931965639597f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://passionfruit12226132.brizy.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 13:30:02 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3zA5YmGAx7kncOPq3hum51aIlk4CXISaBkzWTtw21HH7rbp4V2tVh9PCSzyAdPSZFTNhVSi1zBJFaVbdIIQJN8kdlEleXhW%2Ff80P9m%2FIHQdtggVgltlyT77vRaf16KA1iSXlrLkNxrJz"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cf-ray: 72164b8f8bed5c80-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 group-jq.js Show response
b-cloud.b-cdn.net/builds/free/237-cloud/editor/js/ 89 KB
34 KB 135ms
70ms Script
application/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://b-cloud.b-cdn.net/builds/free/237-cloud/editor/js/group-jq.js
Requested by: Host: passionfruit12226132.brizy.site
URL: https://passionfruit12226132.brizy.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS-879 /
Resource Hash: 3b443e63989cfbf4f92fe13acbaf14cf4423c2f63f378cb23c955b4dbfd1036c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://passionfruit12226132.brizy.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 13:30:01 GMT
content-encoding: br
cdn-edgestorageid: 879
x-amz-request-id: W9KTVR9DNGBKFVTJ
cdn-cachedat: 06/02/2022 08:46:20
cdn-pullzone: 246147
x-amz-id-2: /Hbty/g+/Epe7VjeWiJUnOowjch41hBMzZ4sHimjcCROrwyTQ88aY5lhMVo0WAJrWJoCGCVOsmE=
server: BunnyCDN-AMS-879
last-modified: Thu, 26 May 2022 13:28:26 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"ed710a097ec10ed3e2e1403b9380da89"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: e647d0c9-3a16-4c3e-ae99-91e18e06d4b3
cache-control: public, max-age=31919000
cdn-requestid: 0b47efaa12e0c4814e13a28260f4cce6
cdn-requestcountrycode: DE
link: <https://s3.amazonaws.com/brizy.cloud/builds/free/237-cloud/editor/js/group-jq.js>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 preview.js Show response
b-cloud.b-cdn.net/builds/free/237-cloud/editor/js/ 181 KB
57 KB 135ms
70ms Script
application/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://b-cloud.b-cdn.net/builds/free/237-cloud/editor/js/preview.js
Requested by: Host: passionfruit12226132.brizy.site
URL: https://passionfruit12226132.brizy.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS-879 /
Resource Hash: 9ba2b2408fc39bca2b4b7f77744aa1ee4b4d027b583f8c866eabbea3de13161a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://passionfruit12226132.brizy.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 13:30:01 GMT
content-encoding: br
cdn-edgestorageid: 883
x-amz-request-id: W9KVJHW29GN4V99C
cdn-cachedat: 06/02/2022 08:46:20
cdn-pullzone: 246147
x-amz-id-2: Y9EHMSZvdkUmLOiirh/n9z75ShT0YT1YSe+OJSwLWAMyNFq2dBPW980GQ9b6EOrxXPaaXL1LbIs=
server: BunnyCDN-AMS-879
last-modified: Thu, 26 May 2022 13:28:27 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"5b7cd1279af27a4f74579700bd09a222"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: e647d0c9-3a16-4c3e-ae99-91e18e06d4b3
cache-control: public, max-age=31919000
cdn-requestid: 5a523c4d4f00159966125f1472ded95c
cdn-requestcountrycode: DE
link: <https://s3.amazonaws.com/brizy.cloud/builds/free/237-cloud/editor/js/preview.js>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
DATA 200
OK truncated
/ 103 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 634d838fecff20190c0240c70c5b316fef0de1333282707b4bc22ffa3f943ea3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 wCOStwT.png
i.imgur.com/ 9 KB
9 KB 75ms
21ms Image
image/png 151.101.112.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/wCOStwT.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

0c4fbfd9d019d99f3e026fe0a41e5158bb3ec85c8c634d25328e4862559fc784

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://passionfruit12226132.brizy.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 13:30:02 GMT
x-content-type-options: nosniff
age: 2854530
x-cache: HIT, HIT
content-length: 9180
x-served-by: cache-iad-kiad7000071-IAD, cache-hhn4037-HHN
last-modified: Mon, 08 Mar 2021 04:50:40 GMT
server: cat factory 1.0
x-timer: S1656250202.277537,VS0,VE1
etag: "168c57cb0a4861565d8db5b896f40218"
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 4, 37

GET
H2 200 /
whos.amung.us/pingjs/ 25 B
25 B 379ms
125ms Image
text/javascript 67.202.114.212
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://whos.amung.us/pingjs/?k=ecdlm&t=%F0%9F%91%A7Emma%20Maria%F0%9F%91%A7&x=https://panelfbs.me
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.202.114.212 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: amung.us
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://passionfruit12226132.brizy.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 13:30:02 GMT
content-encoding: gzip
content-type: text/javascript;charset=UTF-8

GET
H2 200 5NR43BsYs8o.png
static.xx.fbcdn.net/rsrc.php/v3/yO/r/ 1 KB
2 KB 67ms
20ms Image
image/png 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/5NR43BsYs8o.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9615b777212478a41835e410c9897cd544b98c5473b7b73cbec777f1db2d5404

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://passionfruit12226132.brizy.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 13:30:02 GMT
x-content-type-options: nosniff
content-md5: zS7nNbuF+qoavNDFbgWDdA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1307
x-fb-rlafr: 0
x-fb-debug: lB+wXyWc6ch65rkOw9M7uZpHjka8JQtWwMClowATKC4QbSgg2TXYokfh/eFWY/FkjoOdQK3jkrlrRURyqKzBVA==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Wed, 21 Jun 2023 04:21:16 GMT

GET
H2 200 lqbz1hqlAFx.png
static.xx.fbcdn.net/rsrc.php/v3/yo/r/ 1 KB
2 KB 67ms
20ms Image
image/png 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/lqbz1hqlAFx.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0fd58536eb089f2060e86f14e60ef83f68169fbe34d95f8cdc2ad60abe4bb8c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://passionfruit12226132.brizy.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 13:30:02 GMT
x-content-type-options: nosniff
content-md5: 8kNJ+LeRDyhmr8oF+ZZjoQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1364
x-fb-rlafr: 0
x-fb-debug: MYEm+wsU7HwMH7oM9tgNQlJ3p5UQi2IrTRmnkyQ65tXg+wqiMnQj4kaDkCCDPPw1Dl+7yct6fwvKyAhL17r7sg==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 22 Jun 2023 02:40:32 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
curl.ro/	1970-01-20 04:04:17	Name: XSRF-TOKEN Value: eyJpdiI6InNmV0p3THBuUVBQalg5RjBYbVFNZmc9PSIsInZhbHVlIjoiOTI5bVVNOU02eUp1MTVwSVlidFYrdHc3b0M3OWVtM0I1MmVxM2grY01TSXlwRWVHMnFqUDZESlplejkzZWZvVDdjaTBvMWUrRVJ2MVA3K3kzS0c0WkExR2NlSWJ6Nm1Nb1I5d1NEMGNBY1IxVDZHczRkMDJjQ2RyM2JCZWJRYWEiLCJtYWMiOiI4Y2Y5NmUwNzM1MmMxZDdjOWQ1MGRkMWRmNjI5OTcyOWM0MTAyNmMxNmYzNDVkZTNkNzA2MjQyZmQyM2FjMGVkIn0%3D
curl.ro/	1970-01-20 04:04:17	Name: phpshort_session Value: eyJpdiI6Im5PSTdLT2Z3UlJ0Ull2TDZ1ekRxZ0E9PSIsInZhbHVlIjoiWUNzVlZhYjZVU0N0NW9DelU0SGt3UkE2V2tnTm44OHdaYzErenIxazhzXC9VM0F2Y3ZGMnRnUDlxUWUzUzhjdU1Mcm1JZ2pQWjZHMlQwNFJEbzU2Vk53T2RWRnZCRVwvdGZiODVhbHdscFFYSXNcL3hlQlZDemVQY1BKVEx3S3FCdFkiLCJtYWMiOiI2Y2EyNDVjMWU2ZmZiYzFlMmZlNjg3ZGJmNmEzMjdjMmE3MGNlMjgyMmEwZjU0YzgwMjJjOTNiYjUxYWE2Y2MzIn0%3D
.t.co/	1970-01-20 13:34:24	Name: muc Value: 0b35b73b-8551-40b0-923e-6b5e68398e70

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b-cloud.b-cdn.net
curl.ro
fonts.googleapis.com
i.imgur.com
mackfbs.me
passionfruit12226132.brizy.site
static.xx.fbcdn.net
t.co
whos.amung.us
104.244.42.5
151.101.112.193
2606:4700:3037::6815:3ab7
2a00:1450:4001:812::200a
2a03:2880:f01c:216:face:b00c:0:3
34.237.47.210
67.202.114.212
84.17.46.53
89.42.231.136
0c4fbfd9d019d99f3e026fe0a41e5158bb3ec85c8c634d25328e4862559fc784
0fd58536eb089f2060e86f14e60ef83f68169fbe34d95f8cdc2ad60abe4bb8c9
1f466a2190699ade5ae25a46cd131b319712afecd43d010721ff16f138580270
3b443e63989cfbf4f92fe13acbaf14cf4423c2f63f378cb23c955b4dbfd1036c
46c9c3d941c8e6b2f74597612ea53c6d5ccb77a898ac6c5420b931965639597f
634d838fecff20190c0240c70c5b316fef0de1333282707b4bc22ffa3f943ea3
9615b777212478a41835e410c9897cd544b98c5473b7b73cbec777f1db2d5404
9ba2b2408fc39bca2b4b7f77744aa1ee4b4d027b583f8c866eabbea3de13161a
a19fc5244f2c5bd7f96ebefe24cdb3bbb9759140e04df643ff68e132c162d428
b342c02cf1b71aed9e48e8f28e24df74a833a8b3a2265839a7df3308f85a9ac0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

passionfruit12226132.brizy.site Open in urlscan Pro 34.237.47.210 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

100 %HTTPS

33 %IPv6

9 Domains

9 Subdomains

9 IPs

4 Countries

258 kBTransfer

845 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

19 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

passionfruit12226132.brizy.site Open in urlscan Pro
34.237.47.210 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

33 %
IPv6

9
Domains

9
Subdomains

9
IPs

4
Countries

258 kB
Transfer

845 kB
Size

3
Cookies

11 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!