urlscan.io logo urlscan.io
SecurityTrails logo

crushus-s3.daemonproxy.xyz Open in urlscan Pro
2606:4700:3030::6812:3baa  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Effective URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Submission Tags: @ipnigh
Submission: On March 11 via api from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 22 HTTP transactions. The main IP is 2606:4700:3030::6812:3baa, located in United States and belongs to CLOUDFLARENET, US. The main domain is crushus-s3.daemonproxy.xyz.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 14th 2020. Valid for: 8 months.
This is the only time crushus-s3.daemonproxy.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 16 2606:4700:303... 13335 (CLOUDFLAR...)
1 198.134.112.241 27257 (WEBAIR-IN...)
1 2a00:1450:400... 15169 (GOOGLE)
1 190.2.139.23 49981 (WORLDSTREAM)
2 217.23.10.44 49981 (WORLDSTREAM)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
22 7
16    2606:4700:3030::6812:3baa (United States)

ASN13335 (CLOUDFLARENET, US)
crushus-s3.daemonproxy.xyz
1    198.134.112.241 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET, US)
o4uxrk33.com
1    2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    190.2.139.23 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: server73-vm12.openfrost.com
yvzgazds6d.com
2    217.23.10.44 (Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: server45-vm01-old.openfrost.com
cleverjump.org
2    2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
Domain Requested by
16 crushus-s3.daemonproxy.xyz 1 redirects crushus-s3.daemonproxy.xyz
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 cleverjump.org yvzgazds6d.com
crushus-s3.daemonproxy.xyz
1 stats.g.doubleclick.net crushus-s3.daemonproxy.xyz
1 yvzgazds6d.com crushus-s3.daemonproxy.xyz
1 www.googletagmanager.com crushus-s3.daemonproxy.xyz
1 o4uxrk33.com crushus-s3.daemonproxy.xyz
22 7
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-02-14 -
2020-10-09		 8 months crt.sh
o4uxrk33.com
Let's Encrypt Authority X3		 2020-02-10 -
2020-05-10		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh
*.wherearethefayolle.com
Let's Encrypt Authority X3		 2020-02-01 -
2020-05-01		 3 months crt.sh
cleverjump.org
Let's Encrypt Authority X3		 2020-02-08 -
2020-05-08		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Frame ID: 7AA40EB5D2386A728AEC2C6533FD2ADB
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com HTTP 301
    https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

22
Requests

100 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

408 kB
Transfer

1435 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com HTTP 301
    https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=604535463&t=pageview&_s=1&dl=https%3A%2F%2Fcrushus-s3.daemonproxy.xyz%2Fko-kr.facebook.com&ul=en-us&de=UTF-8&dt=Facebook%20-%20%EB%A1%9C%EA%B7%B8%EC%9D%B8%20%EB%98%90%EB%8A%94%20%EA%B0%80%EC%9E%85&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=738506665&gjid=779984461&cid=624338797.1583889812&tid=UA-74375366-3&_gid=1390859364.1583889812&_r=1&gtm=2ou2q2&z=674817346 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-74375366-3&cid=624338797.1583889812&jid=738506665&_gid=1390859364.1583889812&gjid=779984461&_v=j81&z=674817346

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ko-kr.facebook.com
crushus-s3.daemonproxy.xyz/
Redirect Chain
  • http://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
  • https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
136 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae5d7fa0033de3302687193850cf3cc89046d36cbc7c4b8aace86c952893c40b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

:method
GET
:authority
crushus-s3.daemonproxy.xyz
:scheme
https
:path
/ko-kr.facebook.com
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Wed, 11 Mar 2020 01:23:31 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d33a8090077e0e7291cdf405a6347dda61583889811; expires=Fri, 10-Apr-20 01:23:31 GMT; path=/; domain=.daemonproxy.xyz; HttpOnly; SameSite=Lax; Secure
x-frame-options
DENY
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
x-proxy-cache
HIT
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
57217878df51145a-FRA
content-encoding
br

Redirect headers

Date
Wed, 11 Mar 2020 01:23:31 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Wed, 11 Mar 2020 02:23:31 GMT
Location
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
57217878a806d6fd-FRA
2497b33a9b4d65137a8950d2b41c267c.js
o4uxrk33.com/24/97/b3/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://o4uxrk33.com/24/97/b3/2497b33a9b4d65137a8950d2b41c267c.js
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.134.112.241 Garden City, United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Access-Control-Allow-Origin
*
Date
Wed, 11 Mar 2020 01:23:32 GMT
Server
nginx/1.17.6
Connection
keep-alive
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length
0
Content-Type
application/javascript
js
www.googletagmanager.com/gtag/ 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-74375366-3
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e386c02f6e17b89e8ff4e9310af0464527deb2855ae51d236f66f6b7232070cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 11 Mar 2020 01:23:31 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
28488
x-xss-protection
0
last-modified
Wed, 11 Mar 2020 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 11 Mar 2020 01:23:31 GMT
2497b33a9b4d65137a8950d2b41c267c.js
yvzgazds6d.com/24/97/b3/ 		19 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yvzgazds6d.com/24/97/b3/2497b33a9b4d65137a8950d2b41c267c.js
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.2.139.23 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
server73-vm12.openfrost.com
Software
nginx/1.16.0 / PHP/7.2.21
Resource Hash
ce7bede8d5be58e56e6595e32f3f0d2f372e0137c2531f690eeaf4c8e2051ae6

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Wed, 11 Mar 2020 01:23:31 GMT
Content-Encoding
gzip
Server
nginx/1.16.0
X-Powered-By
PHP/7.2.21
Vary
Accept-Encoding, Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
XnAEAyMrW52.css
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yk/l/0,cross/ 		28 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yk/l/0,cross/XnAEAyMrW52.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5521059bb44026eff1d1de30cbb66f8a4a786e949ca64a70bc39270f0925be01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
style
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Mar 2020 01:23:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
text/css
status
200
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-ray
572178796831145a-FRA
vary
Accept-Encoding
x-proxy-cache
HIT
qAB2DwQDSe_.css
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yy/l/0,cross/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yy/l/0,cross/qAB2DwQDSe_.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d57743945f4a47e0bd8df81db3a3aa1e36c453d825c4c7a384e9b5c9a7d7ec25
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
style
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Mar 2020 01:23:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
34948
cf-polished
origSize=24086
status
200
cf-bgj
minify
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
cf-ray
572178796833145a-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
ml9qEnOixXl.css
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/ 		463 KB
99 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/ml9qEnOixXl.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a1b6896f7a6b4fce9aed05a8037a0ad087cc323ca428d4aed54881629973aea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
style
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Mar 2020 01:23:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
34948
cf-polished
origSize=475626
status
200
cf-bgj
minify
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
cf-ray
572178796834145a-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
BMdZqLlDyoC.css
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yz/l/0,cross/ 		3 KB
960 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yz/l/0,cross/BMdZqLlDyoC.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b5dac93f6a6d1d6bef8bb6c3b2d49f5e6e1c872a27ecfb28c306bd711f38bc0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
style
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Mar 2020 01:23:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
text/css
status
200
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-ray
572178796836145a-FRA
vary
Accept-Encoding
x-proxy-cache
HIT
kleB-SmK4TB.css
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yh/l/0,cross/ 		152 KB
43 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yh/l/0,cross/kleB-SmK4TB.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54a56db9d161bb5e5a4a4f96c5f32bd3a0256a6aa1bcd6210308d84ef72d163b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
style
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Mar 2020 01:23:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
text/css
status
200
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-ray
572178796837145a-FRA
vary
Accept-Encoding
x-proxy-cache
HIT
3TuHXfY7n5r.css
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/ 		97 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/3TuHXfY7n5r.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1257bf9f15d53adbbfb887776d6bf36e4eec4eac5f0124ea65ab10affe79dddb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
style
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Mar 2020 01:23:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
text/css
status
200
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-ray
572178796839145a-FRA
vary
Accept-Encoding
x-proxy-cache
HIT
aP_HsroOrbX.js
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y5/r/ 		329 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y5/r/aP_HsroOrbX.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ead71e5432813c7549b5257016f80eb42a9f47742f47beb20aca30697b9ef2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Mar 2020 01:23:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
116984
cf-polished
origSize=337021
status
200
cf-bgj
minify
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=315360000
cf-ray
57217879683a145a-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
OBaVg52wtTZ.png
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yi/r/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yi/r/OBaVg52wtTZ.png
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4287d1528382e5a28f80ea974fe73f74c6516bcf60cdabfc3f6202f1f6da03f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 11 Mar 2020 01:23:31 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
47135
status
200
content-length
42565
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
57217879683b145a-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
GsNJNwuI-UM.gif
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yb/r/ 		522 B
591 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yb/r/GsNJNwuI-UM.gif
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f4fbb61e5a1226b421109d4bfeb68b371b240bb6a0131c54581b777cb649908
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 11 Mar 2020 01:23:31 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
171548
status
200
content-length
522
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
572178799874145a-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
hsts-pixel.gif
crushus-s3.daemonproxy.xyz/facebook.com/security/ 		43 B
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/facebook.com/security/hsts-pixel.gif
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 11 Mar 2020 01:23:31 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
178579
status
200
content-length
43
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
572178799875145a-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
F5fJ75JdD_h.png
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yz/r/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yz/r/F5fJ75JdD_h.png
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12d85aa47b02c34604bd589ec5d53ac95fdae78f590799564d3e85117529f939
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/ml9qEnOixXl.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 11 Mar 2020 01:23:32 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
203079
status
200
content-length
5739
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
5721787e5ef9145a-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
EPGryeIJYdE.png
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yt/r/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yt/r/EPGryeIJYdE.png
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f7d2d618b3d3517669077623b3b49ec3db811e266b772d02c91374d331251ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yz/l/0,cross/BMdZqLlDyoC.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 11 Mar 2020 01:23:32 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
178579
status
200
content-length
5602
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
5721787e5efb145a-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
DQDvQ2X3Nby.png
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yN/r/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yN/r/DQDvQ2X3Nby.png
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf9cac0fa688e2c311617d6d62a9a54adffb006f5d90f9dc22b89b2f373cd9bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yy/l/0,cross/qAB2DwQDSe_.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 11 Mar 2020 01:23:32 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
163891
status
200
content-length
2997
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
5721787e5f01145a-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
counter.js
cleverjump.org/ 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cleverjump.org/counter.js
Requested by
Host: yvzgazds6d.com
URL: https://yvzgazds6d.com/24/97/b3/2497b33a9b4d65137a8950d2b41c267c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.23.10.44 , Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
server45-vm01-old.openfrost.com
Software
nginx/1.16.1 /
Resource Hash
c1c464d6fb2ef26d9b18e9655c2495dd1d3b35a0f342dc00b21ea6ebd21af7eb

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Wed, 11 Mar 2020 01:23:32 GMT
Last-Modified
Thu, 14 Mar 2019 10:53:09 GMT
Server
nginx/1.16.1
ETag
"5c8a3295-135f"
Content-Type
application/javascript
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4959
Expires
Thu, 12 Mar 2020 01:23:32 GMT
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-74375366-3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
3001
date
Wed, 11 Mar 2020 00:33:31 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
18174
expires
Wed, 11 Mar 2020 02:33:31 GMT
Wgvi79PVW7I.png
crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y0/r/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y0/r/Wgvi79PVW7I.png
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d48f567f54c6042c0eb4d21051adc0d19aa7d9291b9d4e23dd068c189ce96797
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/ml9qEnOixXl.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 11 Mar 2020 01:23:32 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
178579
status
200
content-length
5298
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
5721787e6f11145a-FRA
x-proxy-cache
HIT
expires
Thu, 31 Dec 2037 23:55:55 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=604535463&t=pageview&_s=1&dl=https%3A%2F%2Fcrushus-s3.daemonproxy.xyz%2Fko-kr.facebook.com&ul=en-us&de=UTF-8&dt=Facebook%20-%20%EB%A1%9C%EA%B...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-74375366-3&cid=624338797.1583889812&jid=738506665&_gid=1390859364.1583889812&gjid=779984461&_v=j81&z=674817346
35 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-74375366-3&cid=624338797.1583889812&jid=738506665&_gid=1390859364.1583889812&gjid=779984461&_v=j81&z=674817346
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
date
Wed, 11 Mar 2020 01:23:32 GMT
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 11 Mar 2020 01:23:32 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-74375366-3&cid=624338797.1583889812&jid=738506665&_gid=1390859364.1583889812&gjid=779984461&_v=j81&z=674817346
content-type
text/html; charset=UTF-8
status
302
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
416
expires
Fri, 01 Jan 1990 00:00:00 GMT
hit
cleverjump.org/ 		0
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cleverjump.org/hit?z-60;s1600*1200*24;f6dnSSv7YbOyzsc3bVfQ0f512mx8sCo;cshb2;r;uhttps%3A%2F%2Fcrushus-s3.daemonproxy.xyz%2Fko-kr.facebook.com;hFacebook%20-%20%EB%A1%9C%EA%B7%B8%EC%9D%B8%20%EB%98%90%EB%8A%94%20%EA%B0%80%EC%9E%85;0.9520566163546738
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/ko-kr.facebook.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.23.10.44 , Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
server45-vm01-old.openfrost.com
Software
nginx/1.16.1 / PHP/7.2.24
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 11 Mar 2020 01:23:32 GMT
Server
nginx/1.16.1
Connection
keep-alive
P3P
CP=CleverJump
X-Powered-By
PHP/7.2.24
Transfer-Encoding
chunked
Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| gtag object| dataLayer boolean| shbNetLoaded number| _cstart function| envFlush object| Env number| __DEV__ function| CavalryLogger object| google_tag_manager undefined| __p function| emptyFunction function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ object| ErrorSerializer object| ErrorGuard object| ErrorUtils function| Arbiter object| JSCC function| $ function| ge object| Parent object| TimeSlice function| goURI function| ProfilingCounters object| Bootloader object| PageEvents function| _domcontentready function| onloadRegister_DEPRECATED function| onloadRegister function| onafterloadRegister_DEPRECATED function| onafterloadRegister function| onleaveRegister function| onbeforeunloadRegister function| onunloadRegister function| wait_for_load function| $E string| CJSource string| GoogleAnalyticsObject function| ga string| _script_path object| onloadhooks object| domreadyhooks object| bigPipe object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| CleverJump

4 Cookies

Domain/Path Name / Value
.daemonproxy.xyz/ Name: _gat_gtag_UA_74375366_3
Value: 1
.daemonproxy.xyz/ Name: _gid
Value: GA1.2.1390859364.1583889812
.daemonproxy.xyz/ Name: _ga
Value: GA1.2.624338797.1583889812
.daemonproxy.xyz/ Name: __cfduid
Value: d33a8090077e0e7291cdf405a6347dda61583889811

1 Console Messages

Source Level URL
Text
console-api error URL: https://crushus-s3.daemonproxy.xyz/static.xx.fbcdn.net/rsrc.php/v3/y5/r/aP_HsroOrbX.js?_nc_x=Ij3Wp8lg5Kz(Line 2)
Message:
ErrorUtils caught an error: Invalid regular expression flags Subsequent errors won't be logged; see https://fburl.com/debugjs.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cleverjump.org
crushus-s3.daemonproxy.xyz
o4uxrk33.com
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
yvzgazds6d.com
190.2.139.23
198.134.112.241
217.23.10.44
2606:4700:3030::6812:3baa
2a00:1450:4001:800::2008
2a00:1450:4001:81c::200e
2a00:1450:400c:c00::9d
1257bf9f15d53adbbfb887776d6bf36e4eec4eac5f0124ea65ab10affe79dddb
12d85aa47b02c34604bd589ec5d53ac95fdae78f590799564d3e85117529f939
2b5dac93f6a6d1d6bef8bb6c3b2d49f5e6e1c872a27ecfb28c306bd711f38bc0
3f7d2d618b3d3517669077623b3b49ec3db811e266b772d02c91374d331251ce
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a56db9d161bb5e5a4a4f96c5f32bd3a0256a6aa1bcd6210308d84ef72d163b
5521059bb44026eff1d1de30cbb66f8a4a786e949ca64a70bc39270f0925be01
5ead71e5432813c7549b5257016f80eb42a9f47742f47beb20aca30697b9ef2e
7f4fbb61e5a1226b421109d4bfeb68b371b240bb6a0131c54581b777cb649908
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9a1b6896f7a6b4fce9aed05a8037a0ad087cc323ca428d4aed54881629973aea
ae5d7fa0033de3302687193850cf3cc89046d36cbc7c4b8aace86c952893c40b
c1c464d6fb2ef26d9b18e9655c2495dd1d3b35a0f342dc00b21ea6ebd21af7eb
ce7bede8d5be58e56e6595e32f3f0d2f372e0137c2531f690eeaf4c8e2051ae6
cf9cac0fa688e2c311617d6d62a9a54adffb006f5d90f9dc22b89b2f373cd9bd
d48f567f54c6042c0eb4d21051adc0d19aa7d9291b9d4e23dd068c189ce96797
d57743945f4a47e0bd8df81db3a3aa1e36c453d825c4c7a384e9b5c9a7d7ec25
e386c02f6e17b89e8ff4e9310af0464527deb2855ae51d236f66f6b7232070cd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
f4287d1528382e5a28f80ea974fe73f74c6516bcf60cdabfc3f6202f1f6da03f