urlscan.io logo urlscan.io
SecurityTrails logo

crushus-s3.daemonproxy.xyz Open in urlscan Pro
2606:4700:3030::6812:3baa  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com/local/lists/569443253486733
Effective URL: https://crushus-s3.daemonproxy.xyz/
Submission Tags: @ipnigh
Submission: On February 25 via api from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 4 countries across 13 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3030::6812:3baa, located in United States and belongs to CLOUDFLARENET, US. The main domain is crushus-s3.daemonproxy.xyz.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 14th 2020. Valid for: 8 months.
This is the only time crushus-s3.daemonproxy.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 4 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 190.2.139.23 49981 (WORLDSTREAM)
1 2a03:2880:f12... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
1 198.134.112.243 27257 (WEBAIR-IN...)
2 217.23.10.44 49981 (WORLDSTREAM)
1 213.196.2.2 7979 (SERVERS)
1 213.196.2.1 7979 (SERVERS)
2 213.196.5.4 7979 (SERVERS)
18 13
4    2606:4700:3030::6812:3baa (United States)

ASN13335 (CLOUDFLARENET, US)
crushus-s3.daemonproxy.xyz
1    2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2001:4de0:ac19::1:b:1b (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
1    2606:4700::6811:4004 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2001:4de0:ac19::1:b:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)
maxcdn.bootstrapcdn.com
1    190.2.139.23 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: server73-vm12.openfrost.com
yvzgazds6d.com
1    2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    198.134.112.243 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET, US)
www.modulepush.com
2    217.23.10.44 (Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: server45-vm01-old.openfrost.com
cleverjump.org
1    213.196.2.2 (Netherlands)

ASN7979 (SERVERS, US)
www.bnserving.com
1    213.196.2.1 (Netherlands)

ASN7979 (SERVERS, US)
r.remarketingpixel.com
2    213.196.5.4 (Netherlands)

ASN7979 (SERVERS, US)
www.urldelivery.com
Domain Requested by
4 crushus-s3.daemonproxy.xyz 1 redirects crushus-s3.daemonproxy.xyz
2 www.urldelivery.com www.bnserving.com
2 cleverjump.org yvzgazds6d.com
crushus-s3.daemonproxy.xyz
2 maxcdn.bootstrapcdn.com crushus-s3.daemonproxy.xyz
1 r.remarketingpixel.com www.bnserving.com
1 www.bnserving.com crushus-s3.daemonproxy.xyz
1 www.modulepush.com crushus-s3.daemonproxy.xyz
1 fonts.gstatic.com crushus-s3.daemonproxy.xyz
1 www.facebook.com crushus-s3.daemonproxy.xyz
1 yvzgazds6d.com crushus-s3.daemonproxy.xyz
1 cdnjs.cloudflare.com crushus-s3.daemonproxy.xyz
1 code.jquery.com crushus-s3.daemonproxy.xyz
1 fonts.googleapis.com crushus-s3.daemonproxy.xyz
18 13
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-02-14 -
2020-10-09		 8 months crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh
jquery.org
COMODO RSA Domain Validation Secure Server CA		 2018-10-17 -
2020-10-16		 2 years crt.sh
ssl412106.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-12-05 -
2020-06-12		 6 months crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2019-09-14 -
2020-10-13		 a year crt.sh
*.wherearethefayolle.com
Let's Encrypt Authority X3		 2020-02-01 -
2020-05-01		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-01-16 -
2020-04-15		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh
modulepush.com
Let's Encrypt Authority X3		 2020-02-10 -
2020-05-10		 3 months crt.sh
cleverjump.org
Let's Encrypt Authority X3		 2020-02-08 -
2020-05-08		 3 months crt.sh
bnserving.com
Let's Encrypt Authority X3		 2020-01-31 -
2020-04-30		 3 months crt.sh
r.remarketingpixel.com
Let's Encrypt Authority X3		 2020-01-02 -
2020-04-01		 3 months crt.sh
urldelivery.com
Let's Encrypt Authority X3		 2020-02-12 -
2020-05-12		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://crushus-s3.daemonproxy.xyz/
Frame ID: C9ABDFFBD15AFDE52C1912BE45912B40
Requests: 16 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2FWallpapers.Hq&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21&appId=223442217781615
Frame ID: C5C749C999069EAFCFB239361E589449
Requests: 1 HTTP requests in this frame

Frame: https://www.urldelivery.com/watch.783379829130?key=0431f3ed3379adc2b1427adeeae7b242&kw=%5B%22unblocked%22%2C%22every%22%2C%22blocked%22%2C%22censored%22%2C%22website%22%2C%22free%22%2C%22crushus%22%2C%22com%22%5D&refer=https%3A%2F%2Fcrushus-s3.daemonproxy.xyz%2F&tz=1&dev=r&res=4.23&uuid=f8cf1d4e-87b9-4f96-af06-2521c2aa029c%3A1%3A2
Frame ID: 45B2286E0326CC37D3DC6BA1EDA4C3C7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com/local/lists/569443253486733 HTTP 302
    https://crushus-s3.daemonproxy.xyz/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

18
Requests

100 %
HTTPS

54 %
IPv6

13
Domains

13
Subdomains

13
IPs

4
Countries

100 kB
Transfer

337 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com/local/lists/569443253486733 HTTP 302
    https://crushus-s3.daemonproxy.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
crushus-s3.daemonproxy.xyz/
Redirect Chain
  • https://crushus-s3.daemonproxy.xyz/ja-jp.facebook.com/local/lists/569443253486733
  • https://crushus-s3.daemonproxy.xyz/
24 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b11e38e94d75a4350101267180edde36cb249a823b88f7700fe9583886a97adc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

:method
GET
:authority
crushus-s3.daemonproxy.xyz
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=d0e587bcd7dfaec12efff9f7a410f2fcf1582620098
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
200
date
Tue, 25 Feb 2020 08:41:38 GMT
content-type
text/html; charset=utf-8
x-frame-options
DENY
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
x-proxy-cache
HIT
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
56a8619eb95218e5-FRA
content-encoding
br

Redirect headers

status
302
date
Tue, 25 Feb 2020 08:41:38 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d0e587bcd7dfaec12efff9f7a410f2fcf1582620098; expires=Thu, 26-Mar-20 08:41:38 GMT; path=/; domain=.daemonproxy.xyz; HttpOnly; SameSite=Lax; Secure
location
/
x-frame-options
DENY
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
x-proxy-cache
HIT
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
56a8619e2f6e18e5-FRA
css
fonts.googleapis.com/ 		1 KB
541 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Dosis
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ebe145b6e57c78481855dae298886d148770d81fdeaf0ce74b931bd62b2a8725
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 25 Feb 2020 08:41:38 GMT
server
ESF
date
Tue, 25 Feb 2020 08:41:38 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 25 Feb 2020 08:41:38 GMT
jquery-3.2.1.slim.min.js
code.jquery.com/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 25 Feb 2020 08:41:38 GMT
Content-Encoding
gzip
Last-Modified
Mon, 20 Mar 2017 19:01:15 GMT
Server
nginx
ETag
W/"58d026fb-10fdd"
Vary
Accept-Encoding
X-HW
1582620093.dop016.fr8.shc,1582620093.dop016.fr8.t,1582620098.cds007.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
23856
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.11.0/umd/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.11.0/umd/popper.min.js
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5292e677fe712c80863414e9e73f3678d86d409f751392b6803b70a949fc1017
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 25 Feb 2020 08:41:38 GMT
content-encoding
br
cf-cache-status
HIT
age
14566289
cf-ray
56a8619f3c0cd6d5-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:26:22 GMT
server
cloudflare
etag
W/"5afd4abe-4a59"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sun, 14 Feb 2021 08:41:38 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.001
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/js/ 		50 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/js/bootstrap.min.js
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
0e25895d7caaf355a53d19c37c69a06198f668e5422b211d27597ed93983b80b

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 25 Feb 2020 08:41:38 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 18:33:52 GMT
access-control-allow-origin
*
etag
"1544639632"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
12979
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/ 		122 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
9bf87f7140c085febf881462c536ee73cf9183670811342d3dc1fd0f7a762a0d

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
style
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 25 Feb 2020 08:41:38 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 18:34:10 GMT
access-control-allow-origin
*
etag
"1544639650"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
18604
base.css
crushus-s3.daemonproxy.xyz/static/css/ 		2 KB
570 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crushus-s3.daemonproxy.xyz/static/css/base.css
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc65543060042316227633af33d497cc9bfa52c4831822601f87cb8fc2cbb0bb

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 25 Feb 2020 08:41:38 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 31 Jan 2020 09:11:16 GMT
server
cloudflare
age
8
etag
W/"5e33ef34-90c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-polished
origSize=2316
cf-ray
56a8619f4b5518e5-FRA
cf-bgj
minify
2497b33a9b4d65137a8950d2b41c267c.js
yvzgazds6d.com/24/97/b3/ 		18 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yvzgazds6d.com/24/97/b3/2497b33a9b4d65137a8950d2b41c267c.js
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.2.139.23 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
server73-vm12.openfrost.com
Software
nginx/1.16.0 / PHP/7.2.21
Resource Hash
c46e59a19bfebffb685e478e023da560f2d9aa19130b891f4686fbad72593041

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Tue, 25 Feb 2020 08:41:40 GMT
Content-Encoding
gzip
Server
nginx/1.16.0
X-Powered-By
PHP/7.2.21
Vary
Accept-Encoding, Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
lock.png
crushus-s3.daemonproxy.xyz/static/images/ 		161 B
219 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crushus-s3.daemonproxy.xyz/static/images/lock.png
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6812:3baa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45f5a209079611483e4a990fcf69fe22971d3a941002da68092df2ba33b65115

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 25 Feb 2020 08:41:38 GMT
cf-cache-status
HIT
last-modified
Fri, 31 Jan 2020 09:11:16 GMT
server
cloudflare
age
8
etag
"5e33ef34-a1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
56a8619f4b5a18e5-FRA
content-length
161
like.php
www.facebook.com/plugins/ Frame C5C7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2FWallpapers.Hq&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21&appId=223442217781615
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2FWallpapers.Hq&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=21&appId=223442217781615
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://crushus-s3.daemonproxy.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://crushus-s3.daemonproxy.xyz/

Response headers

status
200
cache-control
private, no-cache, no-store, must-revalidate
pragma
no-cache
strict-transport-security
max-age=15552000; preload
content-encoding
br
timing-allow-origin
*
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
content-type
text/html; charset="utf-8"
x-fb-debug
VOBXQnHZTKYSauKsVDMxJja2A8woga8qFXUzkjuZwQ9RmuRtGdiFvlCnTMcfKJupEodt8Pe4V3kWDmVLoIcVIA==
date
Tue, 25 Feb 2020 08:41:38 GMT Tue, 25 Feb 2020 08:41:38 GMT
alt-svc
h3-24=":443"; ma=3600
HhyJU5sn9vOmLxNkIwRSjTVNWLEJN7Ml2xMCbKsUPqjm.woff
fonts.gstatic.com/s/dosis/v17/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/dosis/v17/HhyJU5sn9vOmLxNkIwRSjTVNWLEJN7Ml2xMCbKsUPqjm.woff
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eecd62ff64dc7f28eb3cb05691c3d017cbbc65a066b5b0943597688ad14372c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Dosis
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 05 Feb 2020 03:34:12 GMT
x-content-type-options
nosniff
last-modified
Tue, 04 Feb 2020 23:24:14 GMT
server
sffe
age
1746446
content-type
font/woff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
18216
x-xss-protection
0
expires
Thu, 04 Feb 2021 03:34:12 GMT
invoke.js
www.modulepush.com/2b7c8abc9a1b4c9a413e6845db201275/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.modulepush.com/2b7c8abc9a1b4c9a413e6845db201275/invoke.js
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.134.112.243 Garden City, United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 25 Feb 2020 08:41:40 GMT
Server
nginx/1.17.6
Connection
keep-alive
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length
0
Content-Type
application/javascript
counter.js
cleverjump.org/ 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cleverjump.org/counter.js
Requested by
Host: yvzgazds6d.com
URL: https://yvzgazds6d.com/24/97/b3/2497b33a9b4d65137a8950d2b41c267c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.23.10.44 , Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
server45-vm01-old.openfrost.com
Software
nginx/1.16.1 /
Resource Hash
c1c464d6fb2ef26d9b18e9655c2495dd1d3b35a0f342dc00b21ea6ebd21af7eb

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Tue, 25 Feb 2020 08:41:40 GMT
Last-Modified
Thu, 14 Mar 2019 10:53:09 GMT
Server
nginx/1.16.1
ETag
"5c8a3295-135f"
Content-Type
application/javascript
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4959
Expires
Wed, 26 Feb 2020 08:41:40 GMT
hit
cleverjump.org/ 		0
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cleverjump.org/hit?z-60;s1600*1200*24;fDfilwdJwkMaNe7vLVDg0l2uxmsKhjR;cshb2;r;uhttps%3A%2F%2Fcrushus-s3.daemonproxy.xyz%2F;hUnBlocked%20Every%20Blocked%2C%20Censored%20Website%2C%20Free%20%7C%20Crushus.com;0.9812906236306358
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.23.10.44 , Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
server45-vm01-old.openfrost.com
Software
nginx/1.16.1 / PHP/7.2.24
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Tue, 25 Feb 2020 08:41:40 GMT
Server
nginx/1.16.1
Connection
keep-alive
P3P
CP=CleverJump
X-Powered-By
PHP/7.2.24
Transfer-Encoding
chunked
Content-Type
image/png
invoke.js
www.bnserving.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bnserving.com/invoke.js
Requested by
Host: crushus-s3.daemonproxy.xyz
URL: https://crushus-s3.daemonproxy.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.196.2.2 , Netherlands, ASN7979 (SERVERS, US),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash
7a14e2c32c6a42c292a80640d77b95254b03b08756fff2f2602b7396f9203679
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubdomains

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Tue, 25 Feb 2020 08:41:40 GMT
Content-Encoding
gzip
Server
nginx/1.17.6
Strict-Transport-Security
max-age=0; includeSubdomains
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript
Expires
Thu, 01 Jan 1970 00:00:01 GMT
stats
r.remarketingpixel.com/ 		40 B
530 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.remarketingpixel.com/stats
Requested by
Host: www.bnserving.com
URL: https://www.bnserving.com/invoke.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.196.2.1 , Netherlands, ASN7979 (SERVERS, US),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash
6dc7a32670f40b4473f1bb5dcac788a4a12127c2a0f7f826ca781abfe0fe3794

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 25 Feb 2020 08:41:40 GMT
Server
nginx/1.17.6
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
https://crushus-s3.daemonproxy.xyz
Cache-Control
max-age=0, : no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
40
Expires
Tue, 25 Feb 2020 08:41:40 GMT
watch.783379829130.js
www.urldelivery.com/ 		0
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.urldelivery.com/watch.783379829130.js?key=0431f3ed3379adc2b1427adeeae7b242&kw=%5B%22unblocked%22%2C%22every%22%2C%22blocked%22%2C%22censored%22%2C%22website%22%2C%22free%22%2C%22crushus%22%2C%22com%22%5D&refer=https%3A%2F%2Fcrushus-s3.daemonproxy.xyz%2F&tz=1&dev=r&res=4.23&uuid=f8cf1d4e-87b9-4f96-af06-2521c2aa029c%3A1%3A2
Requested by
Host: www.bnserving.com
URL: https://www.bnserving.com/invoke.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.196.5.4 , Netherlands, ASN7979 (SERVERS, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://crushus-s3.daemonproxy.xyz/
Origin
https://crushus-s3.daemonproxy.xyz
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers
watch.783379829130
www.urldelivery.com/ Frame 45B2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.urldelivery.com/watch.783379829130?key=0431f3ed3379adc2b1427adeeae7b242&kw=%5B%22unblocked%22%2C%22every%22%2C%22blocked%22%2C%22censored%22%2C%22website%22%2C%22free%22%2C%22crushus%22%2C%22com%22%5D&refer=https%3A%2F%2Fcrushus-s3.daemonproxy.xyz%2F&tz=1&dev=r&res=4.23&uuid=f8cf1d4e-87b9-4f96-af06-2521c2aa029c%3A1%3A2
Requested by
Host: www.bnserving.com
URL: https://www.bnserving.com/invoke.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.196.5.4 , Netherlands, ASN7979 (SERVERS, US),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubdomains

Request headers

Host
www.urldelivery.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://crushus-s3.daemonproxy.xyz/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
u_pl=14142203
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://crushus-s3.daemonproxy.xyz/

Response headers

Server
nginx/1.17.6
Date
Tue, 25 Feb 2020 08:41:40 GMT
Content-Type
text/html
Content-Length
103
Connection
keep-alive
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control
no-cache
Strict-Transport-Security
max-age=0; includeSubdomains

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery function| Popper string| activeColor string| disabledColor string| defaultValue function| loadBox function| focusBox function| blurBox function| submitUrl boolean| shbNetLoaded string| CJSource object| CleverJump object| LieDetector object| atAsyncContainers

1 Cookies

Domain/Path Name / Value
.daemonproxy.xyz/ Name: __cfduid
Value: d0e587bcd7dfaec12efff9f7a410f2fcf1582620098

4 Console Messages

Source Level URL
Text
console-api log URL: https://www.bnserving.com/invoke.js(Line 1)
Message:
[object HTMLImageElement]
console-api log URL: https://www.bnserving.com/invoke.js(Line 1)
Message:
console.clear
console-api log URL: https://www.bnserving.com/invoke.js(Line 1)
Message:
[object HTMLImageElement]
console-api log URL: https://www.bnserving.com/invoke.js(Line 1)
Message:
console.clear

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
cleverjump.org
code.jquery.com
crushus-s3.daemonproxy.xyz
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
r.remarketingpixel.com
www.bnserving.com
www.facebook.com
www.modulepush.com
www.urldelivery.com
yvzgazds6d.com
190.2.139.23
198.134.112.243
2001:4de0:ac19::1:b:1b
2001:4de0:ac19::1:b:2b
213.196.2.1
213.196.2.2
213.196.5.4
217.23.10.44
2606:4700:3030::6812:3baa
2606:4700::6811:4004
2a00:1450:4001:809::2003
2a00:1450:4001:81c::200a
2a03:2880:f12d:83:face:b00c:0:25de
0e25895d7caaf355a53d19c37c69a06198f668e5422b211d27597ed93983b80b
45f5a209079611483e4a990fcf69fe22971d3a941002da68092df2ba33b65115
5292e677fe712c80863414e9e73f3678d86d409f751392b6803b70a949fc1017
6dc7a32670f40b4473f1bb5dcac788a4a12127c2a0f7f826ca781abfe0fe3794
7a14e2c32c6a42c292a80640d77b95254b03b08756fff2f2602b7396f9203679
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
9bf87f7140c085febf881462c536ee73cf9183670811342d3dc1fd0f7a762a0d
b11e38e94d75a4350101267180edde36cb249a823b88f7700fe9583886a97adc
bc65543060042316227633af33d497cc9bfa52c4831822601f87cb8fc2cbb0bb
c1c464d6fb2ef26d9b18e9655c2495dd1d3b35a0f342dc00b21ea6ebd21af7eb
c46e59a19bfebffb685e478e023da560f2d9aa19130b891f4686fbad72593041
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebe145b6e57c78481855dae298886d148770d81fdeaf0ce74b931bd62b2a8725
eecd62ff64dc7f28eb3cb05691c3d017cbbc65a066b5b0943597688ad14372c0