urlscan.io logo urlscan.io
SecurityTrails logo

pr-ii-bu-ab.xyz Open in urlscan Pro
149.100.154.8  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://pr-ii-bu-ab.xyz/
Submission: On September 20 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 5 countries across 9 domains to perform 34 HTTP transactions. The main IP is 149.100.154.8, located in São Paulo, Brazil and belongs to AS-HOSTINGER, CY. The main domain is pr-ii-bu-ab.xyz.
TLS certificate: Issued by R3 on September 18th 2023. Valid for: 3 months.
This is the only time pr-ii-bu-ab.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
10 149.100.154.8 47583 (AS-HOSTINGER)
5 2a03:2880:f00... 32934 (FACEBOOK)
2 3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2404:6800:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 2620:1ec:bdf::46 8075 (MICROSOFT...)
4 104.18.4.98 13335 (CLOUDFLAR...)
2 2404:6800:400... 15169 (GOOGLE)
6 2a03:2880:f10... 32934 (FACEBOOK)
34 9
10    149.100.154.8 (São Paulo, Brazil)

ASN47583 (AS-HOSTINGER, CY)
pr-ii-bu-ab.xyz
5    2a03:2880:f00f:8:face:b00c:0:1 (Tokyo, Japan)

ASN32934 (FACEBOOK, US)
connect.facebook.net
3    2606:4700::6810:7aaf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    2404:6800:4004:818::200a (Australia)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
4    2620:1ec:bdf::46 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
logincdn.msauth.net
acctcdn.msauth.net
4    104.18.4.98 (None, )

ASN13335 (CLOUDFLARENET, US)
www.paribu.com
2    2404:6800:4004:824::2003 (Australia)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
6    2a03:2880:f10f:83:face:b00c:0:25de (Tokyo, Japan)

ASN32934 (FACEBOOK, US)
www.facebook.com
Apex Domain
Subdomains		 Transfer
10 pr-ii-bu-ab.xyz
pr-ii-bu-ab.xyz
642 KB
6 facebook.com
www.facebook.com — Cisco Umbrella Rank: 109
279 B
5 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 229
290 KB
4 paribu.com
www.paribu.com
58 KB
4 msauth.net
logincdn.msauth.net — Cisco Umbrella Rank: 6229
acctcdn.msauth.net — Cisco Umbrella Rank: 6416
5 KB
3 unpkg.com
unpkg.com — Cisco Umbrella Rank: 1425
24 KB
2 gstatic.com
fonts.gstatic.com
27 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 410
24 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 720
31 KB
34 9
Domain Requested by
10 pr-ii-bu-ab.xyz pr-ii-bu-ab.xyz
6 www.facebook.com pr-ii-bu-ab.xyz
5 connect.facebook.net pr-ii-bu-ab.xyz
connect.facebook.net
4 www.paribu.com pr-ii-bu-ab.xyz
3 unpkg.com 2 redirects pr-ii-bu-ab.xyz
2 fonts.gstatic.com pr-ii-bu-ab.xyz
2 acctcdn.msauth.net pr-ii-bu-ab.xyz
2 logincdn.msauth.net pr-ii-bu-ab.xyz
1 cdnjs.cloudflare.com pr-ii-bu-ab.xyz
1 ajax.googleapis.com pr-ii-bu-ab.xyz
34 10

This site contains links to these domains. Also see Links.

Domain
support.google.com
accounts.google.com
account.live.com
www.paribu.com
Subject Issuer Validity Valid
pr-ii-bu-ab.xyz
R3		 2023-09-18 -
2023-12-17		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-06-29 -
2023-09-27		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
identitycdn.msauth.net
Microsoft Azure TLS Issuing CA 01		 2023-09-18 -
2024-06-27		 9 months crt.sh
paribu.com
Cloudflare Inc ECC CA-3		 2023-04-05 -
2024-04-04		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://pr-ii-bu-ab.xyz/
Frame ID: FD6BF59D8CCA14FD5044BD99AE79C47B
Requests: 34 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Giriş yap - ParibuOturum açın - Google HesaplarıOturum açın - Google Hesapları

Detected technologies

Overall confidence: 100%
Detected patterns
  • socket\.io.*\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

34
Requests

97 %
HTTPS

78 %
IPv6

9
Domains

10
Subdomains

9
IPs

5
Countries

1102 kB
Transfer

4060 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://unpkg.com/imask HTTP 302
  • https://unpkg.com/imask@7.1.3 HTTP 302
  • https://unpkg.com/imask@7.1.3/dist/imask.js

34 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
pr-ii-bu-ab.xyz/ 		2 MB
269 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
57862ceba056b8037fd826dfa16beefa6d558b05f3205babbee69defb9fcce92

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
gzip
content-length
274944
content-type
text/html; charset=UTF-8
date
Wed, 20 Sep 2023 03:51:29 GMT
server
LiteSpeed
vary
Accept-Encoding
chunk-vendors.83e128cd.css
pr-ii-bu-ab.xyz/css/ 		22 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pr-ii-bu-ab.xyz/css/chunk-vendors.83e128cd.css
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
c4f6c2c50964f40a66ca084c5647451a5f3aeb5e9de5a08d66ab041aca8ce138

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:30 GMT
content-encoding
br
last-modified
Thu, 27 Jul 2023 13:54:17 GMT
server
LiteSpeed
etag
"56ac-64c27709-a08e9;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
4128
expires
Wed, 27 Sep 2023 03:51:30 GMT
app.16d64c55.css
pr-ii-bu-ab.xyz/css/ 		225 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pr-ii-bu-ab.xyz/css/app.16d64c55.css
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
e47ed18e51899d2d27e23331edaa5122d4ca80aedf7d4fbb51f5d8061e132682

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:30 GMT
content-encoding
br
last-modified
Thu, 27 Jul 2023 13:54:19 GMT
server
LiteSpeed
etag
"38424-64c2770b-a08ea;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
32687
expires
Wed, 27 Sep 2023 03:51:30 GMT
fbevents.js
connect.facebook.net/en_US/ 		197 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
66e58d37cc4b8168a1bd6678e085b43e939eb138fe608b7faffe3b1ba76b0c7b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 20 Sep 2023 03:51:29 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
53155
x-xss-protection
0
pragma
public
x-fb-debug
LbLQpzpMMzi96vudELF7WY9cWbdR6d/cRGnQO51xt1jYL3rffb2s+Fvgv0CrDozrkDxjzCSrrgw4GrvZDP5Bng==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
imask.js
unpkg.com/imask@7.1.3/dist/
Redirect Chain
  • https://unpkg.com/imask
  • https://unpkg.com/imask@7.1.3
  • https://unpkg.com/imask@7.1.3/dist/imask.js
108 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/imask@7.1.3/dist/imask.js
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Server
2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42e7a5c70376b125d470d570585ff230cd777cfbbd9e4fbedc18d2de0c8dc83d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:29 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
5517098
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01H5KXX8ZRMWGFNJ96Q32HP04R-nrt
server
cloudflare
etag
W/"1ae1d-r3wKbDdr0Tj2yWbqhqDgCO3SNrM"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
80971c3bfdf92635-NRT

Redirect headers

date
Wed, 20 Sep 2023 03:51:29 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01H5KXX8T9JDZT7RF8KPT75QE6-nrt
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
5517098
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/imask@7.1.3/dist/imask.js
cache-control
public, max-age=31536000
cf-ray
80971c3bede72635-NRT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.3/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:818::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Fri, 15 Sep 2023 13:38:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
396809
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31191
x-xss-protection
0
last-modified
Wed, 11 Jan 2023 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 14 Sep 2024 13:38:00 GMT
socket.io.js
cdnjs.cloudflare.com/ajax/libs/socket.io/4.6.1/ 		122 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.6.1/socket.io.js
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54000ff14b964678f718f336056067b9ca90eae9d0148edf741199cbc77a7cd9
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
10304838
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
24022
last-modified
Tue, 21 Feb 2023 01:02:03 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"63f4180b-5dd6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LgG7VUvDLBjeXg4vAOKBuSgF5EMb2kKqvl%2Fj7GO3sUtqOHMqk11e4x1FAGYg%2F2KgAjlJgRLKZ5IJmHuFG3kdtBHtWjPwVYbKy70ROCexKeT7WpwgwAPLxdXI1av1fqNXcDTCs%2BM5brPBUM6FPrnnyHtw"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
80971c3bca16afe5-NRT
expires
Mon, 09 Sep 2024 03:51:29 GMT
microsoft.css
pr-ii-bu-ab.xyz/css/ 		94 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pr-ii-bu-ab.xyz/css/microsoft.css
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
2518655800698c89ae0bbc34b3b362c13e558bcb3ea4bd6c2cf4bbcf9e87b927

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:30 GMT
content-encoding
br
last-modified
Thu, 27 Jul 2023 13:54:19 GMT
server
LiteSpeed
etag
"176a6-64c2770b-a08ed;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
16219
expires
Wed, 27 Sep 2023 03:51:30 GMT
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
logincdn.msauth.net/shared/1.0/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::46 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 20 Sep 2023 03:51:30 GMT
content-encoding
gzip
x-cache
TCP_HIT
content-length
1435
x-ms-lease-status
unlocked
last-modified
Wed, 22 Jan 2020 00:38:07 GMT
etag
0x8D79ED359808AB6
x-azure-ref
20230920T035130Z-n2y6dxy9xt23z0n2bywnuy22nn000000021g00000001aaw1
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
11f351f1-e01e-0049-4f02-e79771000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
logincdn.msauth.net/shared/1.0/content/images/ 		513 B
798 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::46 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 20 Sep 2023 03:51:30 GMT
content-encoding
gzip
x-cache
TCP_HIT
content-length
276
x-ms-lease-status
unlocked
last-modified
Wed, 22 Jan 2020 00:38:00 GMT
etag
0x8D79ED35591CF44
x-azure-ref
20230920T035130Z-n2y6dxy9xt23z0n2bywnuy22nn000000021g00000001aaw2
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
189dbb74-601e-0005-4749-e6b079000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
acctcdn.msauth.net/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::46 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 20 Sep 2023 03:51:30 GMT
content-encoding
gzip
x-cache
TCP_HIT
content-length
1435
x-ms-lease-status
unlocked
last-modified
Sun, 17 Sep 2023 04:51:33 GMT
etag
0x8DBB739C42A3993
x-azure-ref
20230920T035130Z-n2y6dxy9xt23z0n2bywnuy22nn000000021g00000001aavp
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
ed89533e-901e-003e-61e1-e9b47f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
left_qcwoJO81F7bEFg3Pj_fUEA2.svg
acctcdn.msauth.net/images/Arrows/ 		513 B
795 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://acctcdn.msauth.net/images/Arrows/left_qcwoJO81F7bEFg3Pj_fUEA2.svg
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::46 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 20 Sep 2023 03:51:30 GMT
content-encoding
gzip
x-cache
TCP_HIT
content-length
276
x-ms-lease-status
unlocked
last-modified
Thu, 14 Sep 2023 15:26:32 GMT
etag
0x8DBB536F9C22AE3
x-azure-ref
20230920T035130Z-n2y6dxy9xt23z0n2bywnuy22nn000000021g00000001aavq
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
c5c56d7e-f01e-0028-073e-e7fe51000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
paribu-bubble-logo.3a7b53bd.svg
www.paribu.com/img/ 		73 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paribu.com/img/paribu-bubble-logo.3a7b53bd.svg
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.4.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f33c09723338c2b6c1f5ab065e343cb7c4b207f9dcf72495c0d9abd148d127d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:30 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
2927
x-xss-protection
1; mode=block
last-modified
Mon, 18 Sep 2023 15:55:22 GMT
server
cloudflare
etag
W/"650872ea-1256c"
x-frame-options
DENY
access-control-allow-methods
GET, POST, HEAD, PATCH, DELETE, OPTIONS, PUT
content-type
image/svg+xml
access-control-allow-origin
*
vary
Accept-Encoding
cf-ray
80971c40ec16e3b7-NRT
access-control-allow-headers
*
wave-mobile-light.8fe6bc79.svg
www.paribu.com/img/ 		6 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paribu.com/img/wave-mobile-light.8fe6bc79.svg
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.4.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13b10650254b3b79d98ef523cc493b96ed185f5b974c1f39b6d7e83f27a06068
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:30 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
2927
x-xss-protection
1; mode=block
last-modified
Mon, 18 Sep 2023 15:55:22 GMT
server
cloudflare
etag
W/"650872ea-1931"
x-frame-options
DENY
access-control-allow-methods
GET, POST, HEAD, PATCH, DELETE, OPTIONS, PUT
content-type
image/svg+xml
access-control-allow-origin
*
vary
Accept-Encoding
cf-ray
80971c40ec18e3b7-NRT
access-control-allow-headers
*
danger-status.2b5c6a0f.svg
www.paribu.com/img/ 		563 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paribu.com/img/danger-status.2b5c6a0f.svg
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.4.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5c10d75409ea9c64e52c0d87be353bc866f5320c031524ba2c359cc0c7abdcd3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:30 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
2927
content-security-policy-report-only
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=CGQBuElrMVsfDfBO2ONiUxCKazkoDQ_Uex9IHoyT7.E-1695181890-0-ASmUNZMzdB2F7xEqGffqyWKuDQYayb421Dtevlz7jXHs4niTlvOSGzASu3LMEAP1RPAqFQmB_sKboLVDZH-XBS9ETAIePWTz9N3aSDjK7TwLl3Oa1b1x-Ql_loDIF6tV4U88lUDTwk-lcMk1guk8DYI; report-to cf-csp-endpoint
x-xss-protection
1; mode=block
last-modified
Mon, 18 Sep 2023 15:55:22 GMT
server
cloudflare
etag
W/"650872ea-233"
x-frame-options
DENY
access-control-allow-methods
GET, POST, HEAD, PATCH, DELETE, OPTIONS, PUT
content-type
image/svg+xml
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=CGQBuElrMVsfDfBO2ONiUxCKazkoDQ_Uex9IHoyT7.E-1695181890-0-ASmUNZMzdB2F7xEqGffqyWKuDQYayb421Dtevlz7jXHs4niTlvOSGzASu3LMEAP1RPAqFQmB_sKboLVDZH-XBS9ETAIePWTz9N3aSDjK7TwLl3Oa1b1x-Ql_loDIF6tV4U88lUDTwk-lcMk1guk8DYI"}],"group":"cf-csp-endpoint","max_age":86400}
vary
Accept-Encoding
cf-ray
80971c40ec19e3b7-NRT
access-control-allow-headers
*
gift.png
pr-ii-bu-ab.xyz/images/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-ii-bu-ab.xyz/images/gift.png
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
fd52d7f07df46c76ab54e054ccfde5efa74d18657d3883a1d36c82bf594b23ca

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:30 GMT
last-modified
Thu, 27 Jul 2023 13:54:36 GMT
server
LiteSpeed
etag
"292f-64c2771c-a09f1;;;"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
10543
expires
Wed, 27 Sep 2023 03:51:30 GMT
success-status.3d51e790.svg
www.paribu.com/img/ 		603 B
664 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paribu.com/img/success-status.3d51e790.svg
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.4.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b95708051cbc570e6a09b50c50625eccb09dfbb6e26eb1005363e67b74fa2ec6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:30 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
2927
x-xss-protection
1; mode=block
last-modified
Mon, 18 Sep 2023 15:55:22 GMT
server
cloudflare
etag
W/"650872ea-25b"
x-frame-options
DENY
access-control-allow-methods
GET, POST, HEAD, PATCH, DELETE, OPTIONS, PUT
content-type
image/svg+xml
access-control-allow-origin
*
vary
Accept-Encoding
cf-ray
80971c40ec1be3b7-NRT
access-control-allow-headers
*
page-top-light.64e66809.svg
pr-ii-bu-ab.xyz/fonts/ 		920 B
646 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-ii-bu-ab.xyz/fonts/page-top-light.64e66809.svg
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/css/app.16d64c55.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
7446cfdf82851f3630864c8ab8d138f0c85f307d2f9597de87122a9eb587f1b2

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/css/app.16d64c55.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:31 GMT
content-encoding
br
last-modified
Thu, 27 Jul 2023 13:54:30 GMT
server
LiteSpeed
etag
"398-64c27716-a08fc;br"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
506
expires
Wed, 27 Sep 2023 03:51:31 GMT
inter-medium.75db5319.woff2
pr-ii-bu-ab.xyz/fonts/ 		103 KB
104 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pr-ii-bu-ab.xyz/fonts/inter-medium.75db5319.woff2
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/css/app.16d64c55.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
1b498b959e5b7decbf9185803591d25bc1fbf83e798372ed30d32d5c79d82ff6

Request headers

Referer
https://pr-ii-bu-ab.xyz/css/app.16d64c55.css
Origin
https://pr-ii-bu-ab.xyz
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:31 GMT
last-modified
Thu, 27 Jul 2023 13:54:25 GMT
server
LiteSpeed
etag
"19dc4-64c27711-a08f2;;;"
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
105924
expires
Wed, 27 Sep 2023 03:51:31 GMT
inter-light.780dd2ad.woff2
pr-ii-bu-ab.xyz/fonts/ 		102 KB
102 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pr-ii-bu-ab.xyz/fonts/inter-light.780dd2ad.woff2
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/css/app.16d64c55.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
36b86832422c8b2f8eb7a0de635369c10fcebbeb8d3a0f80edeacf8252bfd6da

Request headers

Referer
https://pr-ii-bu-ab.xyz/css/app.16d64c55.css
Origin
https://pr-ii-bu-ab.xyz
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:31 GMT
last-modified
Thu, 27 Jul 2023 13:54:24 GMT
server
LiteSpeed
etag
"1978c-64c27710-a08f1;;;"
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
104332
expires
Wed, 27 Sep 2023 03:51:31 GMT
inter-regular.dc131113.woff2
pr-ii-bu-ab.xyz/fonts/ 		97 KB
97 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pr-ii-bu-ab.xyz/fonts/inter-regular.dc131113.woff2
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/css/app.16d64c55.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

Request headers

Referer
https://pr-ii-bu-ab.xyz/css/app.16d64c55.css
Origin
https://pr-ii-bu-ab.xyz
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:31 GMT
last-modified
Thu, 27 Jul 2023 13:54:27 GMT
server
LiteSpeed
etag
"18234-64c27713-a08f7;;;"
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
98868
expires
Wed, 27 Sep 2023 03:51:31 GMT
icons.67aed64d.woff
pr-ii-bu-ab.xyz/fonts/ 		6 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pr-ii-bu-ab.xyz/fonts/icons.67aed64d.woff
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/css/app.16d64c55.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
93223932e67179df4b747078559cbd2529397089bf19a87ea402f78d3d4b5b0a

Request headers

Referer
https://pr-ii-bu-ab.xyz/css/app.16d64c55.css
Origin
https://pr-ii-bu-ab.xyz
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 03:51:31 GMT
last-modified
Thu, 27 Jul 2023 13:54:22 GMT
server
LiteSpeed
etag
"19c8-64c2770e-a08e7;;;"
content-type
application/font-woff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
6600
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:824::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pr-ii-bu-ab.xyz/
Origin
https://pr-ii-bu-ab.xyz
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Fri, 15 Sep 2023 00:31:53 GMT
x-content-type-options
nosniff
age
443977
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 14 Sep 2024 00:31:53 GMT
KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
fonts.gstatic.com/s/roboto/v18/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:824::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7566a2f09ff8534334b7a44f72a1afaba6bdbb782209be8804636ee8b963c75f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pr-ii-bu-ab.xyz/
Origin
https://pr-ii-bu-ab.xyz
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Sat, 16 Sep 2023 14:30:38 GMT
x-content-type-options
nosniff
age
307252
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11804
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 15 Sep 2024 14:30:38 GMT
fbevents.js
connect.facebook.net/en_US/ 		197 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
66e58d37cc4b8168a1bd6678e085b43e939eb138fe608b7faffe3b1ba76b0c7b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 20 Sep 2023 03:51:30 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
53155
x-xss-protection
0
pragma
public
x-fb-debug
LbLQpzpMMzi96vudELF7WY9cWbdR6d/cRGnQO51xt1jYL3rffb2s+Fvgv0CrDozrkDxjzCSrrgw4GrvZDP5Bng==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
822164865955015
connect.facebook.net/signals/config/ 		136 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/822164865955015?v=2.9.127&r=stable&domain=pr-ii-bu-ab.xyz
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
46863d9d9a0dc256adeaa413f045f6fa365f661aced170cbc5e16e2aa635e724
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 20 Sep 2023 03:51:31 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
pYToVoQZ+MQd141kKo9ELY9PMNqong5XrvpzWbLx/mqslxnHtWl8Htgg6+iHrqUK2RSJeTbi+bAUTzZ8/4z4ug==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
2796812650600770
connect.facebook.net/signals/config/ 		420 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/2796812650600770?v=2.9.127&r=stable&domain=pr-ii-bu-ab.xyz
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aac56d7775422ec15dffead032873ae734b22d27d47231c6437d1b1e169e6e48
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 20 Sep 2023 03:51:31 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
1DQSjpHP4YpBi2X5qYO6gjsb2G9s393HUFU5B0sRSFAKTnC7SI0GXWrkfi8rvLIVSNzBxAEhwwnckfvv5UJTew==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=822164865955015&ev=PageView&dl=https%3A%2F%2Fpr-ii-bu-ab.xyz%2F&rl=&if=false&ts=1695181891082&sw=1600&sh=1200&v=2.9.127&r=stable&ec=0&o=30&fbp=fb.1.1695181891081.1333821695&it=1695181890878&coo=false&rqm=GET
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f10f:83:face:b00c:0:25de Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 20 Sep 2023 03:51:31 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
976427096957149
connect.facebook.net/signals/config/ 		136 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/976427096957149?v=2.9.127&r=stable&domain=pr-ii-bu-ab.xyz
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
264f1bdff7ebc1bdc012760ad80c6505dde5986b25ff4988af4f1aff3eba8ebb
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 20 Sep 2023 03:51:31 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
Mqf8cRWSIvTIUEWH8qxVLa/6+StC/2zH9+E4kszEHNMcevRyOjYrOXuE0tKXzF5boJ5H87pMEx8vnGDLdLVtfA==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=2796812650600770&ev=PageView&dl=https%3A%2F%2Fpr-ii-bu-ab.xyz%2F&rl=&if=false&ts=1695181891329&sw=1600&sh=1200&v=2.9.127&r=stable&ec=0&o=30&fbp=fb.1.1695181891081.1333821695&it=1695181890878&coo=false&rqm=GET
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f10f:83:face:b00c:0:25de Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 20 Sep 2023 03:51:31 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/tr/ 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=976427096957149&ev=PageView&dl=https%3A%2F%2Fpr-ii-bu-ab.xyz%2F&rl=&if=false&ts=1695181891519&sw=1600&sh=1200&v=2.9.127&r=stable&ec=0&o=30&fbp=fb.1.1695181891081.1333821695&it=1695181890878&coo=false&rqm=GET
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10f:83:face:b00c:0:25de Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 20 Sep 2023 03:51:31 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
/
www.facebook.com/tr/ 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=822164865955015&ev=Microdata&dl=https%3A%2F%2Fpr-ii-bu-ab.xyz%2F&rl=&if=false&ts=1695181891590&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Giri%C5%9F%20yap%20-%20Paribu%22%2C%22meta%3Akeywords%22%3A%22paribu%2C%20bitcoin%2C%20btc%2C%20tether%2C%20usdt%2C%20ethereum%2C%20eth%2C%20ripple%2C%20xrp%2C%20eos%2C%20stellar%2C%20xlm%2C%20cardano%2C%20ada%2C%20litecoin%2C%20ltc%2C%20neo%2C%20tron%2C%20trx%2C%20holo%2C%20hot%2C%20bitcoin%20al%2C%20bitcoin%20sat%2C%20tether%20al%2C%20tether%20sat%2C%20ethereum%20al%2C%20ethereum%20sat%2C%20ripple%20al%2C%20ripple%20sat%2C%20tron%20al%2C%20tron%20sat%2C%20eos%20al%2C%20eos%20sat%2C%20stellar%20al%2C%20stellar%20sat%2C%20cardano%20al%2C%20cardano%20sat%2C%20litecoin%20al%2C%20litecoin%20sat%2C%20neo%20al%2C%20neo%20sat%2C%20hot%20al%2C%20hot%20sat%2C%20kripto%20para%20borsas%C4%B1%2C%20bitcoin%20c%C3%BCzdan%C4%B1%2C%20bitcoin%20adresi%2C%20bitcoin%20nas%C4%B1l%20al%C4%B1n%C4%B1r%2C%20bitcoin%20nedir%22%2C%22meta%3Adescription%22%3A%22TL%20ile%20BTC%2C%20USDT%2C%20XRP%2C%20ETH%2C%20TRX%2C%20HOT%2C%20XLM%2C%20ADA%2C%20LTC%2C%20EOS%2C%20NEO%20al%C4%B1%C5%9Fveri%C5%9Fi%20yapmak%20i%C3%A7in%20T%C3%BCrkiye%27nin%20lider%20kripto%20para%20borsas%C4%B1%20Paribu%27daki%20hesab%C4%B1n%C4%B1za%20giri%C5%9F%20yap%C4%B1n.%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Giri%C5%9F%20yap%20-%20Paribu%22%2C%22og%3Adescription%22%3A%22TL%20ile%20BTC%2C%20USDT%2C%20XRP%2C%20ETH%2C%20TRX%2C%20HOT%2C%20XLM%2C%20ADA%2C%20LTC%2C%20EOS%2C%20NEO%20al%C4%B1%C5%9Fveri%C5%9Fi%20yapmak%20i%C3%A7in%20T%C3%BCrkiye%27nin%20lider%20kripto%20para%20borsas%C4%B1%20Paribu%27daki%20hesab%C4%B1n%C4%B1za%20giri%C5%9F%20yap%C4%B1n.%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.paribu.com%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fv3.paribu.com%2Fimg%2Fparibu-og-2020.png%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.127&r=stable&ec=1&o=30&fbp=fb.1.1695181891081.1333821695&it=1695181890878&coo=false&es=automatic&tm=3&rqm=GET
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10f:83:face:b00c:0:25de Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 20 Sep 2023 03:51:31 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
/
www.facebook.com/tr/ 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=2796812650600770&ev=Microdata&dl=https%3A%2F%2Fpr-ii-bu-ab.xyz%2F&rl=&if=false&ts=1695181891836&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Giri%C5%9F%20yap%20-%20Paribu%22%2C%22meta%3Akeywords%22%3A%22paribu%2C%20bitcoin%2C%20btc%2C%20tether%2C%20usdt%2C%20ethereum%2C%20eth%2C%20ripple%2C%20xrp%2C%20eos%2C%20stellar%2C%20xlm%2C%20cardano%2C%20ada%2C%20litecoin%2C%20ltc%2C%20neo%2C%20tron%2C%20trx%2C%20holo%2C%20hot%2C%20bitcoin%20al%2C%20bitcoin%20sat%2C%20tether%20al%2C%20tether%20sat%2C%20ethereum%20al%2C%20ethereum%20sat%2C%20ripple%20al%2C%20ripple%20sat%2C%20tron%20al%2C%20tron%20sat%2C%20eos%20al%2C%20eos%20sat%2C%20stellar%20al%2C%20stellar%20sat%2C%20cardano%20al%2C%20cardano%20sat%2C%20litecoin%20al%2C%20litecoin%20sat%2C%20neo%20al%2C%20neo%20sat%2C%20hot%20al%2C%20hot%20sat%2C%20kripto%20para%20borsas%C4%B1%2C%20bitcoin%20c%C3%BCzdan%C4%B1%2C%20bitcoin%20adresi%2C%20bitcoin%20nas%C4%B1l%20al%C4%B1n%C4%B1r%2C%20bitcoin%20nedir%22%2C%22meta%3Adescription%22%3A%22TL%20ile%20BTC%2C%20USDT%2C%20XRP%2C%20ETH%2C%20TRX%2C%20HOT%2C%20XLM%2C%20ADA%2C%20LTC%2C%20EOS%2C%20NEO%20al%C4%B1%C5%9Fveri%C5%9Fi%20yapmak%20i%C3%A7in%20T%C3%BCrkiye%27nin%20lider%20kripto%20para%20borsas%C4%B1%20Paribu%27daki%20hesab%C4%B1n%C4%B1za%20giri%C5%9F%20yap%C4%B1n.%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Giri%C5%9F%20yap%20-%20Paribu%22%2C%22og%3Adescription%22%3A%22TL%20ile%20BTC%2C%20USDT%2C%20XRP%2C%20ETH%2C%20TRX%2C%20HOT%2C%20XLM%2C%20ADA%2C%20LTC%2C%20EOS%2C%20NEO%20al%C4%B1%C5%9Fveri%C5%9Fi%20yapmak%20i%C3%A7in%20T%C3%BCrkiye%27nin%20lider%20kripto%20para%20borsas%C4%B1%20Paribu%27daki%20hesab%C4%B1n%C4%B1za%20giri%C5%9F%20yap%C4%B1n.%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.paribu.com%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fv3.paribu.com%2Fimg%2Fparibu-og-2020.png%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.127&r=stable&ec=1&o=30&fbp=fb.1.1695181891081.1333821695&it=1695181890878&coo=false&es=automatic&tm=3&rqm=GET
Requested by
Host: pr-ii-bu-ab.xyz
URL: https://pr-ii-bu-ab.xyz/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10f:83:face:b00c:0:25de Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 20 Sep 2023 03:51:31 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
/
www.facebook.com/tr/ 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=976427096957149&ev=Microdata&dl=https%3A%2F%2Fpr-ii-bu-ab.xyz%2F&rl=&if=false&ts=1695181892023&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Giri%C5%9F%20yap%20-%20Paribu%22%2C%22meta%3Akeywords%22%3A%22paribu%2C%20bitcoin%2C%20btc%2C%20tether%2C%20usdt%2C%20ethereum%2C%20eth%2C%20ripple%2C%20xrp%2C%20eos%2C%20stellar%2C%20xlm%2C%20cardano%2C%20ada%2C%20litecoin%2C%20ltc%2C%20neo%2C%20tron%2C%20trx%2C%20holo%2C%20hot%2C%20bitcoin%20al%2C%20bitcoin%20sat%2C%20tether%20al%2C%20tether%20sat%2C%20ethereum%20al%2C%20ethereum%20sat%2C%20ripple%20al%2C%20ripple%20sat%2C%20tron%20al%2C%20tron%20sat%2C%20eos%20al%2C%20eos%20sat%2C%20stellar%20al%2C%20stellar%20sat%2C%20cardano%20al%2C%20cardano%20sat%2C%20litecoin%20al%2C%20litecoin%20sat%2C%20neo%20al%2C%20neo%20sat%2C%20hot%20al%2C%20hot%20sat%2C%20kripto%20para%20borsas%C4%B1%2C%20bitcoin%20c%C3%BCzdan%C4%B1%2C%20bitcoin%20adresi%2C%20bitcoin%20nas%C4%B1l%20al%C4%B1n%C4%B1r%2C%20bitcoin%20nedir%22%2C%22meta%3Adescription%22%3A%22TL%20ile%20BTC%2C%20USDT%2C%20XRP%2C%20ETH%2C%20TRX%2C%20HOT%2C%20XLM%2C%20ADA%2C%20LTC%2C%20EOS%2C%20NEO%20al%C4%B1%C5%9Fveri%C5%9Fi%20yapmak%20i%C3%A7in%20T%C3%BCrkiye%27nin%20lider%20kripto%20para%20borsas%C4%B1%20Paribu%27daki%20hesab%C4%B1n%C4%B1za%20giri%C5%9F%20yap%C4%B1n.%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Giri%C5%9F%20yap%20-%20Paribu%22%2C%22og%3Adescription%22%3A%22TL%20ile%20BTC%2C%20USDT%2C%20XRP%2C%20ETH%2C%20TRX%2C%20HOT%2C%20XLM%2C%20ADA%2C%20LTC%2C%20EOS%2C%20NEO%20al%C4%B1%C5%9Fveri%C5%9Fi%20yapmak%20i%C3%A7in%20T%C3%BCrkiye%27nin%20lider%20kripto%20para%20borsas%C4%B1%20Paribu%27daki%20hesab%C4%B1n%C4%B1za%20giri%C5%9F%20yap%C4%B1n.%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.paribu.com%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fv3.paribu.com%2Fimg%2Fparibu-og-2020.png%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.127&r=stable&ec=1&o=30&fbp=fb.1.1695181891081.1333821695&it=1695181890878&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10f:83:face:b00c:0:25de Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pr-ii-bu-ab.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 20 Sep 2023 03:51:32 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| IMask function| $ function| jQuery function| io object| IJ_values object| phoneMask function| checkEmailFormat object| ListGsm function| checkPhone function| CheckPassword function| isMicrosoftPageOpen number| smsSeconds function| myTimer function| myTimer2 object| socket undefined| smsTimer object| currentScreen number| sqlId boolean| isAdminActive object| otpList function| showPage function| fbq function| _fbq

3 Cookies

Domain/Path Name / Value
.paribu.com/ Name: __cf_bm
Value: m3QlDIrrfWiLTLKcwT4dPnuyLzhls2BUKQMjusP6zWI-1695181890-0-AQouhDH8muY4Dd8hwLiN800KkrxL7eBLIyKz4zc/k8FOSkdeWN8oM2ygyXXHSlO/ztSSCbtylw8iHezwFKt7FGI=
.paribu.com/ Name: _cfuvid
Value: DLCGnnGJ9001lOGn5AmQDjQAKkCw_hs6bFayF29x2bY-1695181890723-0-604800000
.pr-ii-bu-ab.xyz/ Name: _fbp
Value: fb.1.1695181891081.1333821695

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acctcdn.msauth.net
ajax.googleapis.com
cdnjs.cloudflare.com
connect.facebook.net
fonts.gstatic.com
logincdn.msauth.net
pr-ii-bu-ab.xyz
unpkg.com
www.facebook.com
www.paribu.com
104.18.4.98
149.100.154.8
2404:6800:4004:818::200a
2404:6800:4004:824::2003
2606:4700::6810:7aaf
2606:4700::6811:190e
2620:1ec:bdf::46
2a03:2880:f00f:8:face:b00c:0:1
2a03:2880:f10f:83:face:b00c:0:25de
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0f33c09723338c2b6c1f5ab065e343cb7c4b207f9dcf72495c0d9abd148d127d
13b10650254b3b79d98ef523cc493b96ed185f5b974c1f39b6d7e83f27a06068
1b498b959e5b7decbf9185803591d25bc1fbf83e798372ed30d32d5c79d82ff6
2518655800698c89ae0bbc34b3b362c13e558bcb3ea4bd6c2cf4bbcf9e87b927
264f1bdff7ebc1bdc012760ad80c6505dde5986b25ff4988af4f1aff3eba8ebb
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
36b86832422c8b2f8eb7a0de635369c10fcebbeb8d3a0f80edeacf8252bfd6da
42e7a5c70376b125d470d570585ff230cd777cfbbd9e4fbedc18d2de0c8dc83d
46863d9d9a0dc256adeaa413f045f6fa365f661aced170cbc5e16e2aa635e724
54000ff14b964678f718f336056067b9ca90eae9d0148edf741199cbc77a7cd9
57862ceba056b8037fd826dfa16beefa6d558b05f3205babbee69defb9fcce92
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5c10d75409ea9c64e52c0d87be353bc866f5320c031524ba2c359cc0c7abdcd3
66e58d37cc4b8168a1bd6678e085b43e939eb138fe608b7faffe3b1ba76b0c7b
7446cfdf82851f3630864c8ab8d138f0c85f307d2f9597de87122a9eb587f1b2
7566a2f09ff8534334b7a44f72a1afaba6bdbb782209be8804636ee8b963c75f
93223932e67179df4b747078559cbd2529397089bf19a87ea402f78d3d4b5b0a
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
aac56d7775422ec15dffead032873ae734b22d27d47231c6437d1b1e169e6e48
b95708051cbc570e6a09b50c50625eccb09dfbb6e26eb1005363e67b74fa2ec6
c4f6c2c50964f40a66ca084c5647451a5f3aeb5e9de5a08d66ab041aca8ce138
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47ed18e51899d2d27e23331edaa5122d4ca80aedf7d4fbb51f5d8061e132682
fd52d7f07df46c76ab54e054ccfde5efa74d18657d3883a1d36c82bf594b23ca