urlscan.io logo urlscan.io
SecurityTrails logo

crushus-s3.daemonproxy.xyz Open in urlscan Pro
2606:4700:3030::6812:3baa  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Effective URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Submission Tags: @ipnigh
Submission: On March 11 via api from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 22 HTTP transactions. The main IP is 2606:4700:3030::6812:3baa, located in United States and belongs to CLOUDFLARENET, US. The main domain is crushus-s3.daemonproxy.xyz.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 14th 2020. Valid for: 8 months.
This is the only time crushus-s3.daemonproxy.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 16 2606:4700:303... 13335 (CLOUDFLAR...)
1 198.134.112.243 27257 (WEBAIR-IN...)
1 2a00:1450:400... 15169 (GOOGLE)
1 190.2.139.23 49981 (WORLDSTREAM)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 217.23.10.44 49981 (WORLDSTREAM)
22 7
16    2606:4700:3030::6812:3baa (United States)

ASN13335 (CLOUDFLARENET, US)
crushus-s3.daemonproxy.xyz
1    198.134.112.243 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET, US)
o4uxrk33.com
1    2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    190.2.139.23 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: server73-vm12.openfrost.com
yvzgazds6d.com
2    2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    217.23.10.44 (Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: server45-vm01-old.openfrost.com
cleverjump.org
Domain Requested by
16 crushus-s3.daemonproxy.xyz 1 redirects crushus-s3.daemonproxy.xyz
2 cleverjump.org yvzgazds6d.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
1 stats.g.doubleclick.net crushus-s3.daemonproxy.xyz
1 yvzgazds6d.com crushus-s3.daemonproxy.xyz
1 www.googletagmanager.com crushus-s3.daemonproxy.xyz
1 o4uxrk33.com crushus-s3.daemonproxy.xyz
22 7
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-02-14 -
2020-10-09		 8 months crt.sh
o4uxrk33.com
Let's Encrypt Authority X3		 2020-02-10 -
2020-05-10		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh
*.wherearethefayolle.com
Let's Encrypt Authority X3		 2020-02-01 -
2020-05-01		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh
cleverjump.org
Let's Encrypt Authority X3		 2020-02-08 -
2020-05-08		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Frame ID: 3F611C712DBAB3C083046F0E4402A4A3
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com HTTP 301
    https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

22
Requests

100 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

426 kB
Transfer

1556 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com HTTP 301
    https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1970362263&t=pageview&_s=1&dl=https%3A%2F%2Fcrushus-s3.daemonproxy.xyz%2Fja-jp.facebook.com&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=881812612&gjid=1755407186&cid=856568560.1583889814&tid=UA-74375366-3&_gid=230200856.1583889814&_r=1&gtm=2ou2q2&z=2026595263 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-74375366-3&cid=856568560.1583889814&jid=881812612&_gid=230200856.1583889814&gjid=1755407186&_v=j81&z=2026595263

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ja-jp.facebook.com
crushus-s3.daemonproxy.xyz/
Redirect Chain
  • http://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
  • https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
137 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ce1ce7c4102f20a6e73ecb76ca90adc825a9c1022750ae54599facf7a5e1dba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

:method
GET
:authority
crushus-s3.daemonproxy.xyz
:scheme
https
:path
/ja-jp.facebook.com
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Wed, 11 Mar 2020 01:23:33 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d79cbc0f521f46f35b0736b33337be7de1583889813; expires=Fri, 10-Apr-20 01:23:33 GMT; path=/; domain=.daemonproxy.xyz; HttpOnly; SameSite=Lax; Secure
x-frame-options
DENY
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
x-proxy-cache
HIT
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
572178834e9bdfef-FRA
content-encoding
br

Redirect headers

Date
Wed, 11 Mar 2020 01:23:32 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Wed, 11 Mar 2020 02:23:32 GMT
Location
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
57217883181b96e0-FRA
2497b33a9b4d65137a8950d2b41c267c.js
o4uxrk33.com/24/97/b3/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://o4uxrk33.com/24/97/b3/2497b33a9b4d65137a8950d2b41c267c.js
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.134.112.243 Garden City, United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Access-Control-Allow-Origin
*
Date
Wed, 11 Mar 2020 01:23:33 GMT
Server
nginx/1.17.6
Connection
keep-alive
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length
0
Content-Type
application/javascript
js
www.googletagmanager.com/gtag/ 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-74375366-3
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e386c02f6e17b89e8ff4e9310af0464527deb2855ae51d236f66f6b7232070cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 11 Mar 2020 01:23:33 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
28488
x-xss-protection
0
last-modified
Wed, 11 Mar 2020 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 11 Mar 2020 01:23:33 GMT
2497b33a9b4d65137a8950d2b41c267c.js
yvzgazds6d.com/24/97/b3/ 		19 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yvzgazds6d.com/24/97/b3/2497b33a9b4d65137a8950d2b41c267c.js
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.2.139.23 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
server73-vm12.openfrost.com
Software
nginx/1.16.0 / PHP/7.2.21
Resource Hash
de1804dca755f988413f48f82d95ba2a60fe6312cbd18880bb8980ccba6804fd

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Wed, 11 Mar 2020 01:23:36 GMT
Content-Encoding
gzip
Server
nginx/1.16.0
X-Powered-By
PHP/7.2.21
Vary
Accept-Encoding, Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
rOWMIxGwr8h.css
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yM/l/0,ja_JP/ 		145 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yM/l/0,ja_JP/rOWMIxGwr8h.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
732ef2ec0215e99c92490ad88584703a145e565eb740ce98e7c0bb6189d809ed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
style
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Mar 2020 01:23:33 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
text/css
status
200
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-ray
57217883df3cdfef-FRA
vary
Accept-Encoding
x-proxy-cache
HIT
qAB2DwQDSe_.css
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yM/l/0,ja_JP/ 		25 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yM/l/0,ja_JP/qAB2DwQDSe_.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc17f5fd7897864e3357879db451ec199213c94e5371d41e717dc3a6085760b6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
style
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Mar 2020 01:23:33 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
text/css
status
200
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-ray
57217883df3edfef-FRA
vary
Accept-Encoding
x-proxy-cache
HIT
KlIJDCJEW9k.css
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y1/l/0,ja_JP/ 		465 KB
100 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y1/l/0,ja_JP/KlIJDCJEW9k.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f07ddbb5dc3f9416de72f0d7f4a3e75617632d6dc122ed82cb012afe71b2daf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
style
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Mar 2020 01:23:33 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
text/css
status
200
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-ray
57217883df41dfef-FRA
vary
Accept-Encoding
x-proxy-cache
HIT
-pqO9eY0AbP.css
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,ja_JP/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,ja_JP/-pqO9eY0AbP.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cdfb2f537f37777461e80cb074a5e3075b890b2fd191dc01254f6e23bcb8cd20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
style
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Mar 2020 01:23:33 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
text/css
status
200
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-ray
57217883df43dfef-FRA
vary
Accept-Encoding
x-proxy-cache
HIT
RXp4RHkJYIQ.css
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,ja_JP/ 		152 KB
43 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,ja_JP/RXp4RHkJYIQ.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f64d48aee00ad4304f0a0bc4fd2c31cbf944d98d8497aa0719e6d832eeca4787
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
style
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Mar 2020 01:23:33 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
text/css
status
200
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-ray
57217883df44dfef-FRA
vary
Accept-Encoding
x-proxy-cache
HIT
3TuHXfY7n5r.css
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,ja_JP/ 		97 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,ja_JP/3TuHXfY7n5r.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bdf4e97ab85ef9138bfc1cc3fe1628452bb6bdb02eeee403cfe62aa1748ec38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
style
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Mar 2020 01:23:33 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
34945
cf-polished
origSize=99712
status
200
cf-bgj
minify
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
cf-ray
57217883df45dfef-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
aP_HsroOrbX.js
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y5/r/ 		329 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y5/r/aP_HsroOrbX.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ead71e5432813c7549b5257016f80eb42a9f47742f47beb20aca30697b9ef2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Mar 2020 01:23:33 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
116986
cf-polished
origSize=337021
status
200
cf-bgj
minify
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=315360000
cf-ray
57217883df46dfef-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
OBaVg52wtTZ.png
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yi/r/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yi/r/OBaVg52wtTZ.png
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4287d1528382e5a28f80ea974fe73f74c6516bcf60cdabfc3f6202f1f6da03f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 11 Mar 2020 01:23:33 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
47137
status
200
content-length
42565
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
57217883df47dfef-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
GsNJNwuI-UM.gif
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yb/r/ 		522 B
591 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yb/r/GsNJNwuI-UM.gif
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f4fbb61e5a1226b421109d4bfeb68b371b240bb6a0131c54581b777cb649908
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 11 Mar 2020 01:23:33 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
171550
status
200
content-length
522
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
572178841f88dfef-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
hsts-pixel.gif
crushus-s3.daemonproxy.xyz/facebook.com/security/ 		43 B
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/facebook.com/security/hsts-pixel.gif
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 11 Mar 2020 01:23:33 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
178581
status
200
content-length
43
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
572178841f8adfef-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-74375366-3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
3002
date
Wed, 11 Mar 2020 00:33:31 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
18174
expires
Wed, 11 Mar 2020 02:33:31 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1970362263&t=pageview&_s=1&dl=https%3A%2F%2Fcrushus-s3.daemonproxy.xyz%2Fja-jp.facebook.com&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-74375366-3&cid=856568560.1583889814&jid=881812612&_gid=230200856.1583889814&gjid=1755407186&_v=j81&z=2026595263
35 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-74375366-3&cid=856568560.1583889814&jid=881812612&_gid=230200856.1583889814&gjid=1755407186&_v=j81&z=2026595263
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
date
Wed, 11 Mar 2020 01:23:33 GMT
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 11 Mar 2020 01:23:33 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-74375366-3&cid=856568560.1583889814&jid=881812612&_gid=230200856.1583889814&gjid=1755407186&_v=j81&z=2026595263
content-type
text/html; charset=UTF-8
status
302
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
417
expires
Fri, 01 Jan 1990 00:00:00 GMT
F5fJ75JdD_h.png
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yz/r/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yz/r/F5fJ75JdD_h.png
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12d85aa47b02c34604bd589ec5d53ac95fdae78f590799564d3e85117529f939
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y1/l/0,ja_JP/KlIJDCJEW9k.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 11 Mar 2020 01:23:36 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
203083
status
200
content-length
5739
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
5721789c1e01dfef-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
EPGryeIJYdE.png
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yt/r/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yt/r/EPGryeIJYdE.png
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f7d2d618b3d3517669077623b3b49ec3db811e266b772d02c91374d331251ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,ja_JP/-pqO9eY0AbP.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 11 Mar 2020 01:23:36 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
178583
status
200
content-length
5602
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
5721789c1e06dfef-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
DQDvQ2X3Nby.png
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yN/r/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yN/r/DQDvQ2X3Nby.png
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf9cac0fa688e2c311617d6d62a9a54adffb006f5d90f9dc22b89b2f373cd9bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yM/l/0,ja_JP/qAB2DwQDSe_.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 11 Mar 2020 01:23:36 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
163895
status
200
content-length
2997
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
5721789c1e0bdfef-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
counter.js
cleverjump.org/ 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cleverjump.org/counter.js
Requested by
Host: yvzgazds6d.com
URL: https://yvzgazds6d.com/24/97/b3/2497b33a9b4d65137a8950d2b41c267c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.23.10.44 , Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
server45-vm01-old.openfrost.com
Software
nginx/1.16.1 /
Resource Hash
c1c464d6fb2ef26d9b18e9655c2495dd1d3b35a0f342dc00b21ea6ebd21af7eb

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Wed, 11 Mar 2020 01:23:37 GMT
Last-Modified
Thu, 14 Mar 2019 10:53:09 GMT
Server
nginx/1.16.1
ETag
"5c8a3295-135f"
Content-Type
application/javascript
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4959
Expires
Thu, 12 Mar 2020 01:23:37 GMT
Wgvi79PVW7I.png
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y0/r/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y0/r/Wgvi79PVW7I.png
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d48f567f54c6042c0eb4d21051adc0d19aa7d9291b9d4e23dd068c189ce96797
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y1/l/0,ja_JP/KlIJDCJEW9k.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 11 Mar 2020 01:23:36 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
178583
status
200
content-length
5298
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
5721789c1e12dfef-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
hit
cleverjump.org/ 		0
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cleverjump.org/hit?z-60;s1600*1200*24;fKPmcxDU6twSzdcEoe6f0QMeK0sd36R;cshb2;r;uhttps%3A%2F%2Fcrushus-s3.daemonproxy.xyz%2Fja-jp.facebook.com;hFacebook%20-%20%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%E3%81%BE%E3%81%9F%E3%81%AF%E7%99%BB%E9%8C%B2;0.5031042995514723
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.23.10.44 , Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
server45-vm01-old.openfrost.com
Software
nginx/1.16.1 / PHP/7.2.24
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 11 Mar 2020 01:23:37 GMT
Server
nginx/1.16.1
Connection
keep-alive
P3P
CP=CleverJump
X-Powered-By
PHP/7.2.24
Transfer-Encoding
chunked
Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData boolean| shbNetLoaded number| _cstart function| envFlush object| Env number| __DEV__ function| CavalryLogger undefined| __p function| emptyFunction function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ object| ErrorSerializer object| ErrorGuard object| ErrorUtils function| Arbiter object| JSCC function| $ function| ge object| Parent object| TimeSlice function| goURI function| ProfilingCounters object| Bootloader object| PageEvents function| _domcontentready function| onloadRegister_DEPRECATED function| onloadRegister function| onafterloadRegister_DEPRECATED function| onafterloadRegister function| onleaveRegister function| onbeforeunloadRegister function| onunloadRegister function| wait_for_load function| $E string| CJSource string| _script_path object| onloadhooks object| domreadyhooks object| bigPipe object| CleverJump

4 Cookies

Domain/Path Name / Value
.daemonproxy.xyz/ Name: _gat_gtag_UA_74375366_3
Value: 1
.daemonproxy.xyz/ Name: _gid
Value: GA1.2.230200856.1583889814
.daemonproxy.xyz/ Name: _ga
Value: GA1.2.856568560.1583889814
.daemonproxy.xyz/ Name: __cfduid
Value: d79cbc0f521f46f35b0736b33337be7de1583889813

1 Console Messages

Source Level URL
Text
console-api error URL: https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y5/r/aP_HsroOrbX.js?_nc_x=Ij3Wp8lg5Kz(Line 2)
Message:
ErrorUtils caught an error: Invalid regular expression flags Subsequent errors won't be logged; see https://fburl.com/debugjs.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cleverjump.org
crushus-s3.daemonproxy.xyz
o4uxrk33.com
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
yvzgazds6d.com
190.2.139.23
198.134.112.243
217.23.10.44
2606:4700:3030::6812:3baa
2a00:1450:4001:81c::200e
2a00:1450:4001:81d::2008
2a00:1450:400c:c00::9d
12d85aa47b02c34604bd589ec5d53ac95fdae78f590799564d3e85117529f939
2ce1ce7c4102f20a6e73ecb76ca90adc825a9c1022750ae54599facf7a5e1dba
2f07ddbb5dc3f9416de72f0d7f4a3e75617632d6dc122ed82cb012afe71b2daf
3f7d2d618b3d3517669077623b3b49ec3db811e266b772d02c91374d331251ce
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5ead71e5432813c7549b5257016f80eb42a9f47742f47beb20aca30697b9ef2e
6bdf4e97ab85ef9138bfc1cc3fe1628452bb6bdb02eeee403cfe62aa1748ec38
732ef2ec0215e99c92490ad88584703a145e565eb740ce98e7c0bb6189d809ed
7f4fbb61e5a1226b421109d4bfeb68b371b240bb6a0131c54581b777cb649908
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
c1c464d6fb2ef26d9b18e9655c2495dd1d3b35a0f342dc00b21ea6ebd21af7eb
cdfb2f537f37777461e80cb074a5e3075b890b2fd191dc01254f6e23bcb8cd20
cf9cac0fa688e2c311617d6d62a9a54adffb006f5d90f9dc22b89b2f373cd9bd
d48f567f54c6042c0eb4d21051adc0d19aa7d9291b9d4e23dd068c189ce96797
dc17f5fd7897864e3357879db451ec199213c94e5371d41e717dc3a6085760b6
de1804dca755f988413f48f82d95ba2a60fe6312cbd18880bb8980ccba6804fd
e386c02f6e17b89e8ff4e9310af0464527deb2855ae51d236f66f6b7232070cd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
f4287d1528382e5a28f80ea974fe73f74c6516bcf60cdabfc3f6202f1f6da03f
f64d48aee00ad4304f0a0bc4fd2c31cbf944d98d8497aa0719e6d832eeca4787