Report - zsexf.com/gSS1EM?token=eyJpdiI6IndTS0I0MWNLZUh6YnNvSGg1Y0ZTcmc9PSIsInZhbHVlIjoiSEZKUDNFc2M2ZlFFbjNMcUxOcEhaUT09IiwibWFjIjoiNGVhMWM4OTg2ZWQyMjIyM2ZkZjc5YzNlZmEyOWE3N2E3YzIwZDBkMDdkNzMyMzg0MGRkMjlkYTg0NzA5MTZiOSIsInRhZyI6IiJ9

Report Overview

Submitted URL
zsexf.com/gSS1EM?token=eyJpdiI6IndTS0I0MWNLZUh6YnNvSGg1Y0ZTcmc9PSIsInZhbHVlIjoiSEZKUDNFc2M2ZlFFbjNMcUxOcEhaUT09IiwibWFjIjoiNGVhMWM4OTg2ZWQyMjIyM2ZkZjc5YzNlZmEyOWE3N2E3YzIwZDBkMDdkNzMyMzg0MGRkMjlkYTg0NzA5MTZiOSIsInRhZyI6IiJ9
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-03 23:44:05
Access
public
Website Title
(1) New Message!
Final URL
zsexf.com/gSS1EM
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-03	470 B	518 kB	142.250.74.35
dampedvisored.com	unknown	2024-04-16	2024-04-16	2024-04-17	397 B	1.2 kB	23.109.170.31
iresandal.info	unknown	2024-03-31	2024-05-01	2024-05-02	984 B	207 kB	104.21.40.187
ativesathyas.info	unknown	unknown	No data	No data	953 B	1.8 kB	143.204.55.56
pogothere.xyz	unknown	2022-08-22	2022-09-04	2024-05-03	822 B	194 kB	104.21.24.208
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-03	4.2 kB	226 kB	142.250.74.99
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-02	909 B	27 kB	142.250.74.106
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-03	421 B	418 B	52.29.105.35
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-05-02	2.8 kB	342 kB	104.21.70.253
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-03	729 B	423 B	192.243.59.12
www.recaptcha.net	2060	2007-01-06	2012-07-11	2024-05-03	451 B	1.4 kB	142.250.74.131
live.demand.supply	31265	2014-06-22	2018-03-13	2024-04-30	2.5 kB	101 kB	104.17.39.115
absentcleannewspapers.com	unknown	2024-01-25	2024-01-25	2024-03-26	438 B	17 kB	172.240.108.76
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-03	338 B	942 B	3.164.222.26
d21rpkgy8pahcu.cloudfront.net	unknown	unknown	No data	No data	670 B	859 B	54.230.241.100
dudleynutmeg.com	unknown	2024-04-30	2024-05-01	2024-05-02	8.0 kB	44 kB	192.243.61.227
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-02	855 B	463 kB	142.250.74.168
cdn.yourwebbars.com	62037	2020-08-21	2021-01-29	2024-05-02	478 B	2.5 kB	104.26.7.19
zsexf.com	unknown	2023-08-21	2023-08-28	2024-03-02	14 kB	2.0 MB	188.114.96.1
accounts.google.com	81	1997-09-15	2016-03-20	2024-05-02	3.7 kB	12 kB	74.125.131.84
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20	2024-05-03	858 B	1.6 kB	216.58.207.226
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-03	404 B	30 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-03	medium	dampedvisored.com	Sinkholed
2024-05-03	medium	dudleynutmeg.com	Sinkholed
2024-05-03	medium	dudleynutmeg.com	Sinkholed
2024-05-03	medium	dudleynutmeg.com	Sinkholed
2024-05-03	medium	dudleynutmeg.com	Sinkholed
2024-05-03	medium	unseenreport.com	Sinkholed
2024-05-03	medium	dudleynutmeg.com	Sinkholed
2024-05-03	medium	dudleynutmeg.com	Sinkholed
2024-05-03	medium	dudleynutmeg.com	Sinkholed
2024-05-03	medium	dudleynutmeg.com	Sinkholed
2024-05-03	medium	dudleynutmeg.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (32)

	URL	Size	First Seen	Last Seen
	live.demand.supply/up.js	5.5 kB	2024-05-04	2024-05-04
Pretty URL live.demand.supply/up.js IP 104.17.39.115 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 01:44:12 Last Seen2024-05-04 19:30:08 Times Seen2 Hash 85e79ed3378eb120ed708697d1a0db34 50403675ee43118d44b629ec4b6f10bf19d7dbb7 68990dd20b20c6524e8ea9130ed0b773b8763378bec12e40437e7be7f0c01185 Loading...

	unknown	38 B	2023-04-11	2024-05-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:23:25 Last Seen2024-05-18 00:29:48 Times Seen32695 Hash caf13b633ab4249aeadda1952a9038ae 1eb64473acd8bff2d081a66f128c611d079f6cbe 30d90270fd3125eb763b9958a72bd513c90cd6207b97dd0ef40c06aa22111ac7 Loading...

	zsexf.com/gSS1EM	119 B	2023-03-08	2024-05-18
Pretty URL zsexf.com/gSS1EM IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 15:28:47 Last Seen2024-05-18 00:29:48 Times Seen1124 Hash bbdd43a315309ebd811a1e555db11f7f 4f221fbceb33ca51ca52ebe80577f681bc8c17df 212dfa0151b22549ac14757d4e65f3909dd45c9cdb366d8bd00fd6b17b906a09 Loading...

	zsexf.com/gSS1EM	2.9 kB	2023-03-12	2024-05-18
Pretty URL zsexf.com/gSS1EM IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 16:23:04 Last Seen2024-05-18 00:29:48 Times Seen1770 Hash b9dd502c04f179299a891e65a107e887 8e02ecbfb34c4371548dd0213076bcbf9a2b1523 fb6d9228943aa1956f95e9e330577772a47470e279ffbf84c2bc4e4ed4885c1a Loading...

	www.googletagmanager.com/gtag/js?id=UA-197252557-1	208 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=UA-197252557-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 01:44:12 Last Seen2024-05-04 01:44:13 Times Seen2 Hash 0cd81c08741231b7d8094949bfb66caf 4bdd839c9e21583e13d02e3278069f05008c0ce0 309e9545d3da1ad00508630709bb1b63cf91fbd82294eab9a0e2ce6499b458a5 Loading...

	live.demand.supply/p4/v17-24-0/enNleGYuY29tL2dTUzFFTQ==	156 B	2023-03-07	2024-05-18
Pretty URL live.demand.supply/p4/v17-24-0/enNleGYuY29tL2dTUzFFTQ== IP 104.17.39.115 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:02 Last Seen2024-05-18 00:29:49 Times Seen325 Hash ab3db78294876480edccd2b9ffe2259b 7690642b47fcef4e5be8e8c10d83633267eb02df fb94b462f27f138f78bc2f58584c8e4377ea23828ec4bf2de9a76b624419b6d0 Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-18
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-18 02:13:41 Times Seen349605 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	zsexf.com/gSS1EM	191 B	2023-03-08	2024-05-18
Pretty URL zsexf.com/gSS1EM IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 15:28:47 Last Seen2024-05-18 00:29:48 Times Seen1124 Hash da30bb47614694e4cc233b287d20eb05 33483604c226b92b61915d364fd6489029cafe57 c5db272b10d5a0729fecd702bbe86f8447f72e2a10049608007c8e2646c803f8 Loading...

	zsexf.com/sandbox%20eval%20code	136 B	2023-04-11	2024-05-18
Pretty URL zsexf.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:23:25 Last Seen2024-05-18 01:58:42 Times Seen32307 Hash fb4eb094524daea58bf7f82331598541 f5ca39eb98fa1685f8647514a627d3d7f216f7ef 7cbf1e77bb9277bac7030ded2087246adf5c59564a5a1f28ce8c09be6ef48683 Loading...

	securepubads.g.doubleclick.net/tag/js/gpt.js	13 kB	2023-04-05	2024-05-18
Pretty URL securepubads.g.doubleclick.net/tag/js/gpt.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 04:46:03 Last Seen2024-05-18 01:58:42 Times Seen31695 Hash 0c9ed134ae3d5ffe972da2a3e59dc428 620df222551395592e46e4c5f425cf23dcdad891 5f9efa604bfe2aee8c1a90376125a098306ba390530a6f9b2ecb0a67cdac178d Loading...

	www.googletagmanager.com/gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c	254 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 01:44:12 Last Seen2024-05-04 01:44:13 Times Seen2 Hash 61fdbf1941e80916b8f4962072d38efc a7b6c5baf37876635d7c19a34d7bc2ab451c292c de3b68445833c7898b29c7c7b844cc08b31d210210b2214bf7f9a0dd9daced02 Loading...

	unknown	2.3 kB	2024-05-04	2024-05-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 01:44:13 Last Seen2024-05-06 02:58:04 Times Seen2 Hash 18702a78ae4a738fdf026f46693b119a ba8ed0c7e57f11e1a9378c9a42303479b59be40a 652feb6d3db2b2a1a31b958d66b5e5524879da6128ea6ac4382584a516be6cb5 Loading...

	zsexf.com/gSS1EM	284 kB	2024-05-03	2024-05-04
Pretty URL zsexf.com/gSS1EM IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-03 21:43:49 Last Seen2024-05-04 01:44:13 Times Seen4 Hash 118214435abf9e6d30378add2d1d1824 21a1d4be1fc20a0967ed9c6dbec9c032e78b589a 37fc27244c1f62b62bb8be49b123c63c3c3d49c7dceb87da06aa742ccfec736d Loading...

	zsexf.com/gSS1EM	370 B	2024-04-29	2024-05-07
Pretty URL zsexf.com/gSS1EM IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-29 17:35:34 Last Seen2024-05-07 09:24:36 Times Seen25 Hash 58e0c3d87354d8a7f3c453f35713c984 eb09d3029b7f38d4d8c1f1e182a368c1f6960b2f c414e514b85d4e9340c17cc58bf9a28f45ec130952dcda6bff2cf6867deb259e Loading...

	zsexf.com/gSS1EM	92 B	2024-04-29	2024-05-07
Pretty URL zsexf.com/gSS1EM IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-29 17:35:34 Last Seen2024-05-07 09:24:36 Times Seen25 Hash 0189843a023511a9028f6f468a5ce96b 4db729f9d319316add291356f8e049ce9663ee0e f9aa8ce7372335d24cffc9a682844d9e4385e5067bc9f194ebc25cfff3513b2f Loading...

	live.demand.supply/impl.v17.32.0.js	91 kB	2024-04-26	2024-05-18
Pretty URL live.demand.supply/impl.v17.32.0.js IP 104.17.39.115 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 23:55:44 Last Seen2024-05-18 00:29:49 Times Seen184 Hash 3501fe52a8aeb0dc9b89aa1c12ea6e5a b6221b443437b86f096112d2ec77fab1975fd811 b77415363ffad60ce3f975e393d3ef44a47d8bddbec2f0a2f9f0e9587dd5c501 Loading...

	zsexf.com/gSS1EM	370 B	2024-04-29	2024-05-07
Pretty URL zsexf.com/gSS1EM IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-29 17:35:35 Last Seen2024-05-07 09:24:36 Times Seen25 Hash 58272eca18334239c8fb3cc83b474a9b 220bdbbfa04245d4021c755f72004d33d5175a86 c2507f88f4959845a79505d67eed8fbd6eba7df7beb0306e127e48cb2b89c729 Loading...

	zsexf.com/gSS1EM	92 B	2024-04-29	2024-05-07
Pretty URL zsexf.com/gSS1EM IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-29 17:35:35 Last Seen2024-05-07 09:24:36 Times Seen25 Hash 777a93643dfbc0cee926e21d52abc94f 7f25ca12349964c7eac950793275597e39c9001f 847a755c0ac8e94429f7fbd99e767dc44e760a08d19dcd897b3166cce5ed97f1 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit	921 B	2024-04-24	2024-05-08
Pretty URL www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit IP 142.250.74.131 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 19:48:15 Last Seen2024-05-08 00:50:40 Times Seen110 Hash b832740e618479615e7f4ec2d6d18e95 39e2c70fbc1164d6748e0314c36691c42245c53a 66b51ffa06c4662b57b6b492d53318ac5e672cd53f52ce08e2699325eb796414 Loading...

	zsexf.com/gSS1EM	370 B	2024-04-29	2024-05-07
Pretty URL zsexf.com/gSS1EM IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-29 17:35:35 Last Seen2024-05-07 09:24:36 Times Seen25 Hash 94031e6e7ebdd902372cd7580f33ca73 261ac784ffceedfb83b59ab3dea3abff40c1e4aa c25b974cd55cb7099a7656053af627ce8893ecf3d55a77e17db5b7dadc6b6501 Loading...

	zsexf.com/js/ads.js	1.5 kB	2024-04-25	2024-05-18
Pretty URL zsexf.com/js/ads.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:40:06 Last Seen2024-05-18 00:29:48 Times Seen90 Hash 663675db8bdf037ef8a96ceec4c0eaac 00a32b1173b6c96bf349f6adb7f00e0c6a24faa4 54827120728e3e7d171b392b13b3f5fe2d2ec344d6bdd491c1d44eb2760eecbe Loading...

	dampedvisored.com/1clkn/34742	6 B	2023-03-07	2024-05-18
Pretty URL dampedvisored.com/1clkn/34742 IP 23.109.170.31 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:04 Last Seen2024-05-18 01:38:29 Times Seen15088 Hash 9082dc37e5e8046929da411544ad071a 41e0e3963ed94e59e8a2f115994c382712411537 b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550 Loading...

	unknown	49 B	2023-04-11	2024-05-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:23:25 Last Seen2024-05-18 00:29:48 Times Seen2070 Hash efde3719ad2205f4e3b6504a9bf45646 83101bef8fc5445fd9dcf54dd04495fc490e939a d84287d2b4f27cb1c02d18a77c979f739a5107585cf81911fea18a14b204f9ba Loading...

	absentcleannewspapers.com/f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js	45 kB	2024-05-04	2024-05-04
Pretty URL absentcleannewspapers.com/f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 01:44:13 Last Seen2024-05-04 01:44:13 Times Seen2 Hash 669d112eb83ee07614d865cc263802c4 5b67c81d61a96d2c8bfb2f5f6513e4aa72e0c625 b6c4d3cec06a929999f7c6baaee4cdd9b6ff6b5d8881c355afde55e02bbd09bd Loading...

	zsexf.com/gSS1EM	92 B	2024-04-29	2024-05-07
Pretty URL zsexf.com/gSS1EM IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-29 17:35:35 Last Seen2024-05-07 09:24:36 Times Seen25 Hash 80f50e20fde96cef245415cc5fe320dc cc4cf1dc61a5ed50b7af33da1f370022137c75cc 0a2bdd5eea70f920be55d60e065b93f802873478648266c7b462bdda01742da8 Loading...

	zsexf.com/js/frontend.js?id=f7e07cec5812d52a9077	981 kB	2024-04-13	2024-05-18
Pretty URL zsexf.com/js/frontend.js?id=f7e07cec5812d52a9077 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 19:48:22 Last Seen2024-05-18 00:29:49 Times Seen99 Hash f7e07cec5812d52a9077a4baf1b4348b 669d6cfda9a2b056cebe7f5a31dfa50d7d73405e 24c59cb722ec2564f9f0ea38d57ebd2c6b66a88485aaa9035f3afd68376d4c87 Loading...

	www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js	518 kB	2024-04-24	2024-05-15
Pretty URL www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 09:18:30 Last Seen2024-05-15 19:10:18 Times Seen9003 Hash e2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b Loading...

	unknown	36 B	2023-04-11	2024-05-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:23:25 Last Seen2024-05-18 00:29:48 Times Seen2071 Hash c6417364696009e1ecada40d12c97a2f dd602b8bbd3a3656463ec3f6868c74f3a937859d 5a59e842a79e328e171f1da23754526329095be86fe355574fd7622f04ed3854 Loading...

	zsexf.com/gSS1EM	1.0 kB	2024-05-04	2024-05-04
Pretty URL zsexf.com/gSS1EM IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 01:44:13 Last Seen2024-05-04 01:44:13 Times Seen1 Hash 8544ae3ce1999827e0ef76591e061944 caca2ff5a2a5e19e870732b87f6fc3bc9718bed4 3434e79593ac928acd68e921ace1b9a00a2b394bbdd64b553aeca5f551227e40 Loading...

	zsexf.com/sandbox%20eval%20code	147 B	2023-04-11	2024-05-18
Pretty URL zsexf.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-18 02:13:42 Times Seen350116 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	zsexf.com/gSS1EM	155 B	2023-03-08	2024-05-18
Pretty URL zsexf.com/gSS1EM IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 15:28:47 Last Seen2024-05-18 00:29:48 Times Seen1138 Hash a1e0d623f9e510e759498d67c8281999 65e9e9287fd8060ebb5b624463ff977040e3d154 c66a236b63a0191f0cc1cb5a3c1b675c0fb7bf7d5e56b8c5ed34d70b10059aa7 Loading...

HTTP Transactions (68)

URL IP Response Size

zsexf.com/

188.114.96.1

384 B

URL
zsexf.com/
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text
Size
384 B (384 bytes)
Hash
e3eb0a1df437f3f97a64aca5952c8ea0
7dd71afcfb14e105e80b0c0d7fce370a28a41f0a
38ffd4972ae513a0c79a8be4573403edcd709f0f572105362b08ff50cf6de521

HTTP Headers

GET / HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 May 2024 23:43:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 22 Mar 2024 17:32:28 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BM5SCifN7cMYKv%2BnBbeQRsaqOiVtEXZpPf3QLV7FlTb9KqiwQEIHYKP4JTXctNb80BfR53SmmlxKxtt%2BgdOGQ%2B6rvpszUCQZptICHJYPFqFIiyPqniA2JJKhtEQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e41d527e70b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

zsexf.com/img/faqs-image.svg

188.114.96.1

200 OK

14 kB

URL GET HTTP/3
zsexf.com/img/faqs-image.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectzsexf.com
Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21
ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT

File type
SVG Scalable Vector Graphics image
Size
14 kB (13564 bytes)
Hash
a60b7216905928c625ae9592044476cd
e70c5be728c7bd1198100337487aafe126834ca3
9a717285429d468fadc4d25179fc6feb49e6335f3af1675fb6be1cb50e7e8322

HTTP Headers

GET /img/faqs-image.svg HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: image/svg+xml
last-modified: Fri, 13 Jan 2023 13:29:35 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
cf-cache-status: HIT
age: 285915
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5VTFYeT%2FzlaDz%2FSgJ0gKsn%2FuOw%2FeBuxQm6DWBG7lBoQZIcImvI1Nc%2FL0lQ0ktRNvnQVjzD0i1uALEQ%2B93J5mgOWwFXO2on32VYiNoCWK2nOTuqlXwX9MTzEpnQE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d558d4cb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

zsexf.com/gSS1EM

188.114.96.1

200 OK

354 kB

URL User Request GET HTTP/2
zsexf.com/gSS1EM
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectzsexf.com
Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21
ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (58223), with CRLF, LF line terminators
Size
354 kB (353776 bytes)
Hash
d80ca184eff940f043cc96d5f6e2fef5
e6ecb551f6a9518b481a0db85e7658ff290a75c0
def4bbe53715b0327d43e2e1ef9ae2aba1729dd669301652288384b4dfa2b62b

HTTP Headers

GET /gSS1EM HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjdzbTBLbG1FUUZPOXRHbDVWc3N1ZkE9PSIsInZhbHVlIjoiNGdiLzRZdTFyLzFxdVV4TjVjdVRsQy9DcWhWbjRGMnR1eElRdlJJRmN2V1IxYTRmR2xYaDdIa25FWXg4OEFLZHJ2ZHNDNG83WWIyQ0hCckZFeHRpSFlWQ2ZXMFcrNWVqR0FORUhxdzB3STF0Tlh4RnhpVXhKQWYwZHNKaktZbnAiLCJtYWMiOiJjNzhkMzI0ODY3ZmY5NzY2Y2YyYmRiMWUxYmYwYzgzMzZiNWNiZmZkY2NhMjc3Mjk3NzE4NGIxZmJmNzBjZTc4IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6ImNNK3VNRmVQT3Rya0MxZ1FTb0h0S3c9PSIsInZhbHVlIjoiVnNJaUJ1YWNoTlBwYmxZQ1o2RXBPQWloQ1NIWWFONU5ZZEpjUXV5T2ZvTlB4NWtBT21BT1FRa2NPZUtFMzlnTmlZejFCbm1ybW5vZHFob2E3T0gyenJqa1VmQmhzR05NVE42TVVKWVZ3aVZRcXY4T1dBaExqMS8xdStnaUc1SSsiLCJtYWMiOiIxZmQ5ZTVmZDljN2NkY2NhMGRhODM1ZjExNWRmYmQ2Yzc4MjIyNmRiMTc5YmIzNWIzYTQ5MzIwZDA4MzJlOWQxIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; expires=Fri, 10-May-2024 23:43:39 GMT; Max-Age=604800; path=/; samesite=lax
upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D; expires=Fri, 10-May-2024 23:43:39 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pk1xgPNfLbizs0B%2FS68tU%2FlC04Ox2RVgwQw6qE8oTLsg%2B0HfCCsd2FRwZ%2FGzxuQuN%2BGmzklrK5fjM4n8iQBjxr43u8JKZy4TURW%2B01hREHH0t6ZB4Opbo70V5mU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d4a7da856c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

dampedvisored.com/1clkn/34742

23.109.170.31

200 OK

26 B

URL GET HTTP/1.1
dampedvisored.com/1clkn/34742
IP
23.109.170.31:443
ASN
#7979 SERVERS-COM

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectdampedvisored.com
Fingerprint49:EE:D2:FF:9B:98:5D:77:22:C4:3C:71:12:E6:8E:A0:00:64:2A:E5
ValidityTue, 16 Apr 2024 00:17:35 GMT - Mon, 15 Jul 2024 00:17:34 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
9082dc37e5e8046929da411544ad071a
41e0e3963ed94e59e8a2f115994c382712411537
b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1clkn/34742 HTTP/1.1
Host: dampedvisored.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 May 2024 23:43:40 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 04-May-2024 23:43:40 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 04-May-2024 23:43:40 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 06:08:19 GMT
expires: Sat, 03 May 2025 06:08:19 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 63321
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

142.250.74.99

200 OK

47 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Size
47 kB (46704 bytes)
Hash
30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 14:44:38 GMT
expires: Fri, 02 May 2025 14:44:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 118742
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Apr 2024 10:46:32 GMT
expires: Wed, 30 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 305828
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

142.250.74.99

200 OK

47 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Size
47 kB (46704 bytes)
Hash
30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 14:44:38 GMT
expires: Fri, 02 May 2025 14:44:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 118742
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

live.demand.supply/e/e.js?e=ll&d=277&cs=c&dsReferer=enNleGYuY29tL2dTUzFFTQ==

104.17.39.115

200 OK

0 B

URL HEAD HTTP/3
live.demand.supply/e/e.js?e=ll&d=277&cs=c&dsReferer=enNleGYuY29tL2dTUzFFTQ==
IP
104.17.39.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerCloudflare, Inc.
Subjectdemand.supply
Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E
ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /e/e.js?e=ll&d=277&cs=c&dsReferer=enNleGYuY29tL2dTUzFFTQ== HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
access-control-allow-origin: *
cache-status: "Netlify Edge"; hit
etag: "799cfe824336f1fce20d72fb9944d5d5-ssl"
strict-transport-security: max-age=31536000
x-nf-request-id: 01HWN6NJYED30PAWPTDQKVMGXY
cf-cache-status: HIT
age: 271612
accept-ranges: bytes
set-cookie: __cf_bm=H4YEe4Vq_BTSE4MvrWJLG.wUASs3GhgtU73qSLsOw0w-1714779821-1.0.1.1-crlMqZ5pGomQV9ugrwBDG7qSMk579RqMT48KGT4ktHdo.5.f3ryw4CTGrA4NnU.A4LuQkgZOl.kRZ4GVP60Wdw; path=/; expires=Sat, 04-May-24 00:13:41 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d59ca98568f-OSL
alt-svc: h3=":443"; ma=86400

absentcleannewspapers.com/f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js

172.240.108.76

200 OK

16 kB

URL GET HTTP/1.1
absentcleannewspapers.com/f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectabsentcleannewspapers.com
FingerprintA6:E7:75:05:4C:FA:FF:D2:F7:67:61:89:73:1B:66:32:AF:19:2F:7D
ValidityTue, 26 Mar 2024 06:03:56 GMT - Mon, 24 Jun 2024 06:03:55 GMT

File type
JavaScript source, ASCII text, with very long lines (45363), with no line terminators
Size
16 kB (16052 bytes)
Hash
669d112eb83ee07614d865cc263802c4
5b67c81d61a96d2c8bfb2f5f6513e4aa72e0c625
b6c4d3cec06a929999f7c6baaee4cdd9b6ff6b5d8881c355afde55e02bbd09bd

HTTP Headers

GET /f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js HTTP/1.1
Host: absentcleannewspapers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=1; expires=Tue, 07 May 2024 02:43:41 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 66a564121675cb00fe7402377bcb61c4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

3.164.222.26

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
3.164.222.26:0
ASN
#0

File type
data
Size
471 B (471 bytes)
Hash
353dbae1e1b45a750770ae51bef13ba7
465917a2a0bbb947e9727e7f08b584a82aa6fb81
9fa5becc3e07f31f2f08bf5f331d6bfda4f6386634ea524bc3a8c56ac1c0bc2b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 03 May 2024 23:43:41 GMT
Last-Modified: Fri, 03 May 2024 23:19:03 GMT
Server: ECAcc (ska/F775)
X-Cache: Miss from cloudfront
Via: 1.1 5d44e22fe93ef8713c49e65bc8443112.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: ZYLlijyl-3VxdcL2aM9pKy-mvr9DYZpokSduRvroWKWLK1CBCYImYA==
Age: 1479

zsexf.com/images/arrow-down.png?c98e5283a69cb508d054d30256af43c6

188.114.96.1

200 OK

208 B

URL GET HTTP/3
zsexf.com/images/arrow-down.png?c98e5283a69cb508d054d30256af43c6
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectzsexf.com
Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21
ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT

File type
PNG image data, 6 x 12, 8-bit/color RGBA, non-interlaced
Size
208 B (208 bytes)
Hash
31f073499665afb237f3294219d2d7c6
c1ada0510e31f661dab66203c15a3d6c8f5468d0
59b7ad6d6f457b624e25d22959edc7c83af2ac52edba32fd6648c97af0d1780c

HTTP Headers

GET /images/arrow-down.png?c98e5283a69cb508d054d30256af43c6 HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/css/frontend.css?id=2396ffb76e738e465b53
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D; ab=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: image/png
content-length: 208
last-modified: Fri, 08 Apr 2022 10:55:45 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 271774
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZSGWS78gtBYwbGHqx6lmb0WXgslxHixIpGV%2BdzgWq9B%2B%2BZ2x%2F9722k6odRzZNZwBcrCiRHxAvoIJA2jIIR%2Bt88Mm8q71ieUGjUYpWb5N4XSQWpX4AYeogK3Si0Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d5be8e7b4f1-OSL
alt-svc: h3=":443"; ma=86400

live.demand.supply/p4/v17-24-0/enNleGYuY29tL2dTUzFFTQ==

104.17.39.115

200 OK

132 B

URL GET HTTP/3
live.demand.supply/p4/v17-24-0/enNleGYuY29tL2dTUzFFTQ==
IP
104.17.39.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerCloudflare, Inc.
Subjectdemand.supply
Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E
ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with no line terminators
Size
132 B (132 bytes)
Hash
ab3db78294876480edccd2b9ffe2259b
7690642b47fcef4e5be8e8c10d83633267eb02df
fb94b462f27f138f78bc2f58584c8e4377ea23828ec4bf2de9a76b624419b6d0

HTTP Headers

GET /p4/v17-24-0/enNleGYuY29tL2dTUzFFTQ== HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: __cf_bm=RJvtE9dKaXavNXI.EkyWR4CWjuwm6Iht9WTakq16OaA-1714779820-1.0.1.1-5_txhfFc1J9_.2Q.k_EVMd.h9ynjg6gT0tIZw2wODIYGKo9ipP2UEkQdqcfC..nnANrR2zgJ30ZCfQhEPoRK4A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d598e05569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

142.250.74.99

200 OK

47 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Size
47 kB (46704 bytes)
Hash
30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 14:44:38 GMT
expires: Fri, 02 May 2025 14:44:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 118743
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:49:11 GMT
expires: Fri, 02 May 2025 01:49:11 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 165270
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

iresandal.info/T20zUUJgUlAifxgHWxYYfAlHEgoVNWEGCwMJZR8SLTxfYRR/JBUlKytQAmFwfl0GYmQ/BFdsc2keRzA2Oh4OYGQmA1U+f2kbDmBsfFkdYnRhWRUkf35LRyEjKFACdzI7GV9sc3hcB2Z1dlUBYHB4Wg

104.21.40.187

204 No Content

0 B

URL GET HTTP/2
iresandal.info/T20zUUJgUlAifxgHWxYYfAlHEgoVNWEGCwMJZR8SLTxfYRR/JBUlKytQAmFwfl0GYmQ/BFdsc2keRzA2Oh4OYGQmA1U+f2kbDmBsfFkdYnRhWRUkf35LRyEjKFACdzI7GV9sc3hcB2Z1dlUBYHB4Wg
IP
104.21.40.187:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectiresandal.info
FingerprintD9:9E:21:6F:70:F4:90:F2:B5:4A:CC:E5:AB:CD:07:D7:A8:09:59:3A
ValidityMon, 01 Apr 2024 07:01:50 GMT - Sun, 30 Jun 2024 07:01:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /T20zUUJgUlAifxgHWxYYfAlHEgoVNWEGCwMJZR8SLTxfYRR/JBUlKytQAmFwfl0GYmQ/BFdsc2keRzA2Oh4OYGQmA1U+f2kbDmBsfFkdYnRhWRUkf35LRyEjKFACdzI7GV9sc3hcB2Z1dlUBYHB4Wg HTTP/1.1
Host: iresandal.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Fri, 03 May 2024 23:43:41 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KNUOuQ0AO9IUuUa5lRXlHDuabTBb9TIGvNW8XLTzfZxj27qluj5bM7zj2aTgKtQfw8G%2Bj2gMk9lLTuHBgFI2nmOt5atoe2pIy8UiYBKn9jlrFkwXA3Cuo7%2Bc%2BYm3VJY4lw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d5b5bf75697-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ativesathyas.info/TUJBczEsICIeDix/I1VEPy58VgMLZ3M1VX9zMwNaKjt5A1AlITRdUiEtNBdXPy0vBx8jJzVWAwsmIytBOhsWPn4LEHU7aQ8pFTV3NREZJlkPFxcpVBUDACdzKjYJMFkEBQchSSgDJgRwFQAuIHUMDwonYxwaBidGGAkDMl8GKhQrf3xzIjFzPgoUNkEaBhA6dQUXcDtzKg8bJ2cPBAUxBR4aBxd9CSUAPHILAwowVgQYAyFoDgQ5HHYVAxQyaSoDFzBWKhIAIUUbFzglaBsHAzZkG3MSMHcPERI2WjQQBzVVCyoqI3clFCciXQggFyZGOxRwF3geFmw5dBgUcTpzJhAQP3QDBRVCfwgacTljDwMmKXY6dwYrSzUBFCV7KREqNWMYKSk6YAwhCjtJdRUFG0UEEQUpaBsXDzhnJRAkK3BrKDIcXz1/NAdFCyYIAHsdJzcnAQ

143.204.55.56

200 OK

1.2 kB

URL GET HTTP/2
ativesathyas.info/TUJBczEsICIeDix/I1VEPy58VgMLZ3M1VX9zMwNaKjt5A1AlITRdUiEtNBdXPy0vBx8jJzVWAwsmIytBOhsWPn4LEHU7aQ8pFTV3NREZJlkPFxcpVBUDACdzKjYJMFkEBQchSSgDJgRwFQAuIHUMDwonYxwaBidGGAkDMl8GKhQrf3xzIjFzPgoUNkEaBhA6dQUXcDtzKg8bJ2cPBAUxBR4aBxd9CSUAPHILAwowVgQYAyFoDgQ5HHYVAxQyaSoDFzBWKhIAIUUbFzglaBsHAzZkG3MSMHcPERI2WjQQBzVVCyoqI3clFCciXQggFyZGOxRwF3geFmw5dBgUcTpzJhAQP3QDBRVCfwgacTljDwMmKXY6dwYrSzUBFCV7KREqNWMYKSk6YAwhCjtJdRUFG0UEEQUpaBsXDzhnJRAkK3BrKDIcXz1/NAdFCyYIAHsdJzcnAQ
IP
143.204.55.56:443
ASN
#16509 AMAZON-02

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerAmazon
Subjectativesathyas.info
Fingerprint8E:5E:CA:78:42:82:73:4A:27:4C:A3:6A:A4:2E:95:BF:C4:9C:27:89
ValidityMon, 15 Apr 2024 00:00:00 GMT - Wed, 14 May 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (3042), with no line terminators
Size
1.2 kB (1195 bytes)
Hash
ad4d07dbd3084ed105c91cfa843b1b81
bb6e7f2a2943d59dea237b833a396a4be8396caa
dc0439419585b4af231ad6d1bf66a13302b029e314e8f3b76e5ab02291fa9428

HTTP Headers

GET /TUJBczEsICIeDix/I1VEPy58VgMLZ3M1VX9zMwNaKjt5A1AlITRdUiEtNBdXPy0vBx8jJzVWAwsmIytBOhsWPn4LEHU7aQ8pFTV3NREZJlkPFxcpVBUDACdzKjYJMFkEBQchSSgDJgRwFQAuIHUMDwonYxwaBidGGAkDMl8GKhQrf3xzIjFzPgoUNkEaBhA6dQUXcDtzKg8bJ2cPBAUxBR4aBxd9CSUAPHILAwowVgQYAyFoDgQ5HHYVAxQyaSoDFzBWKhIAIUUbFzglaBsHAzZkG3MSMHcPERI2WjQQBzVVCyoqI3clFCciXQggFyZGOxRwF3geFmw5dBgUcTpzJhAQP3QDBRVCfwgacTljDwMmKXY6dwYrSzUBFCV7KREqNWMYKSk6YAwhCjtJdRUFG0UEEQUpaBsXDzhnJRAkK3BrKDIcXz1/NAdFCyYIAHsdJzcnAQ HTTP/1.1
Host: ativesathyas.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Fri, 03 May 2024 23:43:41 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ocbCgOw_KKyvKgNwKGpqf2e0PWmPRiObKfUr9OrgXkzPwcwcMITqUQ==
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

104.21.24.208

200 OK

192 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
104.21.24.208:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectpogothere.xyz
Fingerprint34:D3:33:F8:49:E2:1E:3E:44:A8:5D:74:68:9C:B8:A0:D5:F8:DD:0B
ValidityWed, 27 Mar 2024 02:15:30 GMT - Tue, 25 Jun 2024 02:15:29 GMT

File type
data
Size
192 kB (192134 bytes)
Hash
c88e66804fb48937b8beb3d6a37fae65
f942c9c02ecf31236401567c0feb97ccd0757adc
5da071aceb4769b5dcb7d5cb3883ba644deb693459ed219e2f0003ca608673da

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://zsexf.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2322
last-modified: Fri, 03 May 2024 23:04:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WE6UfjnIb8ibjYKjrCxgXBUBt45GJdiBr%2FWxGe51wp0yC9IuHBUHj3TSVyVsE9JfA%2FVEfa%2B4XQi%2BpXqltANOMRJOI2NJVZHmR1qygXdoLeagZX6QpJU2hZ1vhCMgDEUO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d5b2abb712a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

74.125.131.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:1mBek0nnb_H6y8UsujgbX777MT-6Tw:ukEiaMoz2v1byuPP; Expires=Sun, 03-May-2026 23:43:41 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:43:41 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwBmyMCvY2frZbWipR92_rjlrrOjc9eovgCty29erJifCnZSLID47rHTkzf7wXfW6XNYn-30g
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-tCHa0eS_vKvSTnklLwRrVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

74.125.131.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:kNa9n-7BAKamoCbth7QYVqPEMWH6yg:rO2bPkfl5Erkf9A0; Expires=Sun, 03-May-2026 23:43:41 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:43:41 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz038qT3hLcLFzwTzsUTgRxUOWw6zaUjkF8_stdMeN_Vl0dRRe2OT-goZIsy988-i3hWjGr8Q
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-CqHHiruLNNEsb-i8CNm4qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

216.58.207.226

200 OK

0 B

URL HEAD HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
216.58.207.226:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:C3:90:43:D3:09:4E:26:62:79:17:6F:1D:33:E5:FA:DF:77:3E:7B
ValidityTue, 16 Apr 2024 03:18:52 GMT - Tue, 09 Jul 2024 03:18:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Fri, 03 May 2024 23:43:41 GMT
expires: Fri, 03 May 2024 23:43:41 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 17214524835582719890
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51521
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwBmyMCvY2frZbWipR92_rjlrrOjc9eovgCty29erJifCnZSLID47rHTkzf7wXfW6XNYn-30g

74.125.131.84

302 Found

426 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwBmyMCvY2frZbWipR92_rjlrrOjc9eovgCty29erJifCnZSLID47rHTkzf7wXfW6XNYn-30g
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type
HTML document, ASCII text, with very long lines (403)
Size
426 B (426 bytes)
Hash
b07bb1763c95109b10e3bd857b66ac2b
287f445ac38fe1f741b8dd7cd10d726c74079f2a
93e4fed7baf7990d8f518608c00f6231357fc1f273e5314b9b8a1205c3a2f5c7

HTTP Headers

GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwBmyMCvY2frZbWipR92_rjlrrOjc9eovgCty29erJifCnZSLID47rHTkzf7wXfW6XNYn-30g HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:1xpjAb_uho3UiBOLfzqT_KaIWffxQw:-a4fNLzyRU9KTRJP;Path=/;Expires=Sun, 03-May-2026 23:43:41 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:43:41 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwyzr1fiV5XLN02YgS51jPUHuQEZA5AeC5iGuc2z4LBJJdk9gq0VHE9uqxGrcndudhGJ3u74Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-334730664%3A1714779821752183&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-gEchJN-EsBsT5iWUPxi-pw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 426
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz038qT3hLcLFzwTzsUTgRxUOWw6zaUjkF8_stdMeN_Vl0dRRe2OT-goZIsy988-i3hWjGr8Q

74.125.131.84

302 Found

431 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz038qT3hLcLFzwTzsUTgRxUOWw6zaUjkF8_stdMeN_Vl0dRRe2OT-goZIsy988-i3hWjGr8Q
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type
HTML document, ASCII text, with very long lines (406)
Size
431 B (431 bytes)
Hash
a05061e89024b384298495d989bd1b3f
d4f000ee30ae86839b6804831bf19a1790cc2850
5106cc04fb7dc26ab4ca5b6841b7ac175fd0db762380219a97ca8f9316b139e3

HTTP Headers

GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz038qT3hLcLFzwTzsUTgRxUOWw6zaUjkF8_stdMeN_Vl0dRRe2OT-goZIsy988-i3hWjGr8Q HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:J8L0DzBrpJinzscvKxhdg3GfUaSFxA:KH7swgGIlnB9lSHr;Path=/;Expires=Sun, 03-May-2026 23:43:41 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:43:41 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzK_HoxCEJcb5lD9a6yNNowotbX9gqjou4FsPEjU-69zcTJODWMZFdbxO13qL6Wvty5kK42iQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S856129801%3A1714779821774148&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-xPlIZBI8tR1ZKkFFLi084A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 431
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

d21rpkgy8pahcu.cloudfront.net/dbXpwYWMOFR4HXBkTFFxSXUhBUVZeXAATBgtHChIGFRxeAgwAXBoSDAMKTRQXGTwUKBAnKhUXN11cBBsHUEpWDQIDHU1HBgMZTVBFDB4SXFdLDgAOCFAKCgIZBRYCFxoGXAUAXgAVCggPARtVUyVYVEBEUV1SCFBSSEkyRFFdFhkPFhVfQlEbVUwvV1dIST-JEUV0IBkRQLENGT1NEX0JRBAgZGw5GXzxCUVJdSkFRUkhIQAcKHx8WDhtISDZYVUNKVhReXA

54.230.241.100

480 B

URL
d21rpkgy8pahcu.cloudfront.net/dbXpwYWMOFR4HXBkTFFxSXUhBUVZeXAATBgtHChIGFRxeAgwAXBoSDAMKTRQXGTwUKBAnKhUXN11cBBsHUEpWDQIDHU1HBgMZTVBFDB4SXFdLDgAOCFAKCgIZBRYCFxoGXAUAXgAVCggPARtVUyVYVEBEUV1SCFBSSEkyRFFdFhkPFhVfQlEbVUwvV1dIST-JEUV0IBkRQLENGT1NEX0JRBAgZGw5GXzxCUVJdSkFRUkhIQAcKHx8WDhtISDZYVUNKVhReXA
IP
54.230.241.100:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (681), with no line terminators
Size
480 B (480 bytes)
Hash
f92e4d21c22ba0f9f36bf8285e3cbcc6
01c94b407517782ceb1820445a908f3a354d06e7
ebaa65591a4ddb0d626c6cc3478ad2b70586efdb7190788c9a9735592f67b695

HTTP Headers

GET /dbXpwYWMOFR4HXBkTFFxSXUhBUVZeXAATBgtHChIGFRxeAgwAXBoSDAMKTRQXGTwUKBAnKhUXN11cBBsHUEpWDQIDHU1HBgMZTVBFDB4SXFdLDgAOCFAKCgIZBRYCFxoGXAUAXgAVCggPARtVUyVYVEBEUV1SCFBSSEkyRFFdFhkPFhVfQlEbVUwvV1dIST-JEUV0IBkRQLENGT1NEX0JRBAgZGw5GXzxCUVJdSkFRUkhIQAcKHx8WDhtISDZYVUNKVhReXA HTTP/1.1
Host: d21rpkgy8pahcu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ativesathyas.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 480
date: Fri, 03 May 2024 23:43:41 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Yu8z385AQBiBkN5rDD_Bu_XA_hSQNzZU6-lgvYPyxcFXY35q1c8_kg==
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

188.114.97.1

200 OK

28 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (28516 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 97d7b9cb0e9ae0678ca22ecb152b64ec
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 03 May 2024 23:43:41 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Xvhl7k55jmITUjB2rTZwKmH4%2BtlywMSljDOw9v7VNU1JG682b0ye1gLpSF3HZEAXvGWQwYabPY9sEqtOFeTNMcPQwZaELoUCIps7iH%2Bf4CEYhWZfuuI2y1GBHALvq64hR9hKgMAT4oYHV57RrN7qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d5aea63b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

zsexf.com/wp-includes/images/w-logo-blue-white-bg.png

188.114.96.1

200 OK

4.1 kB

URL GET HTTP/3
zsexf.com/wp-includes/images/w-logo-blue-white-bg.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectzsexf.com
Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21
ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT

File type
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
Size
4.1 kB (4119 bytes)
Hash
000bf649cc8f6bf27cfb04d1bcdcd3c7
d73d2f6d74ec6cdcbae07955592962e77d8ae814
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

HTTP Headers

GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/gSS1EM
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D; ab=2; sb_page_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_onpage_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_main_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_count_f348f1f4cb32736ea8b01bdf483d02ac=1; _ga_75C4L64NEB=GS1.1.1714779821.1.0.1714779821.0.0.0; _ga=GA1.1.122689552.1714779822; dom3ic8zudi28v8lr6fgphwffqoz0j6c=45802480-4502-442f-88fc-1c7defab388a%3A1%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:42 GMT
content-type: image/png
content-length: 4119
last-modified: Tue, 16 Nov 2021 00:04:01 GMT
etag: "1017-5d0dca9a37e40"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2698
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n2dXbSj6HjKeEQglefDyS95cW84NJKw9v%2FCCTQWJuWE4skdVKa5yJhhr%2FjPRAR891%2B%2Bu4v9XjlK1ji%2B7MtFAUMCDkt9viFMAMwFdVItuoqZB6qVVDKHX3aZiFH4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d612c4ab4f1-OSL
alt-svc: h3=":443"; ma=86400

iresandal.info/popunder.gif

104.21.40.187

200 OK

206 kB

URL GET HTTP/3
iresandal.info/popunder.gif
IP
104.21.40.187:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectiresandal.info
FingerprintD9:9E:21:6F:70:F4:90:F2:B5:4A:CC:E5:AB:CD:07:D7:A8:09:59:3A
ValidityMon, 01 Apr 2024 07:01:50 GMT - Sun, 30 Jun 2024 07:01:49 GMT

File type
GIF image data, version 89a, 1 x 1
Size
206 kB (205838 bytes)
Hash
ae1f772215aa3dd37a730d09f4afe76a
75f6b21af7fd41d660713233bf1daf4b48d1152d
a5175b7d66561fa86d849323ce9540de126105291cfc51f6a4ed30db09c978e3

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: iresandal.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:42 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 271906
last-modified: Tue, 30 Apr 2024 20:11:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AduBkoRGRYmhVYYR%2FZiEJ6PaEmdXLFKaNH2iUvu5xK%2B8TDL%2FAzxpMl4GZjingkK5GKQgWUP1b%2BntoSeRQ8TanRXGq3Yb5wMh6GL9btBwB29%2F8r6PYHCGX%2FwZ%2FOTKthWmbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d606f2056a8-OSL
alt-svc: h3=":443"; ma=86400

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwyzr1fiV5XLN02YgS51jPUHuQEZA5AeC5iGuc2z4LBJJdk9gq0VHE9uqxGrcndudhGJ3u74Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-334730664%3A1714779821752183&theme=mn&ddm=0

74.125.131.84

403 Forbidden

1.3 kB

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwyzr1fiV5XLN02YgS51jPUHuQEZA5AeC5iGuc2z4LBJJdk9gq0VHE9uqxGrcndudhGJ3u74Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-334730664%3A1714779821752183&theme=mn&ddm=0
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
gzip compressed data, max compression
Size
1.3 kB (1309 bytes)
Hash
d2359b44bdb394204a04428aa0bbe012
587a8a5d417df238659e8527ed89a5ee173a3a75
b036b917747f338d9a8571df834b42242a26c90f6b2b5cf62e60e126776846e7

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwyzr1fiV5XLN02YgS51jPUHuQEZA5AeC5iGuc2z4LBJJdk9gq0VHE9uqxGrcndudhGJ3u74Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-334730664%3A1714779821752183&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:43:42 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: script-src 'nonce-fKvWYv2SYEDnF665z-nZXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

dudleynutmeg.com/sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&psid=CF-3448_1

192.243.61.227

200 OK

7.8 kB

URL GET HTTP/1.1
dudleynutmeg.com/sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&psid=CF-3448_1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectdudleynutmeg.com
Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90
ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT

File type
JSON text data
Size
7.8 kB (7805 bytes)
Hash
2476a2da20f57e674a3952dc7b30d511
21fac391cff16b9b6303444470b10a3540a8226a
134644354807ed1c2f5e64a94ab888e2689717abe3d4b48358070f795a20367c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&psid=CF-3448_1 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:42 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zsexf.com
Access-Control-Allow-Origin: https://zsexf.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22256744; expires=Sat, 04 May 2024 23:43:42 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 04 May 2024 23:43:42 GMT; secure; SameSite=None
uncs=1; expires=Sat, 04 May 2024 23:43:42 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 04 May 2024 23:43:42 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 04 May 2024 23:43:42 GMT; secure; SameSite=None
slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]; expires=Fri, 03 May 2024 23:43:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0023124581b0161f3b1128008ff3c560
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

216.58.207.226

200 OK

0 B

URL HEAD HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
216.58.207.226:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:C3:90:43:D3:09:4E:26:62:79:17:6F:1D:33:E5:FA:DF:77:3E:7B
ValidityTue, 16 Apr 2024 03:18:52 GMT - Tue, 09 Jul 2024 03:18:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Fri, 03 May 2024 23:43:42 GMT
expires: Fri, 03 May 2024 23:43:42 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 2725226783781222339
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51523
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dudleynutmeg.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReuzp%2F%2F5EF22ZsIc1BQWCfdM5OeiXtY3N1EgnGzbhQFhaW6qnpSprqrqerqnuQUDCx7HLx4Een5Jtmwuqx68ebuMlkQDAgZTzmYq1dB2LPMbHDwQdV73%2Ftewffeq7sDd0YacPT0xvt6RypFFxbrfu2NT4LgSm1Npq5X63XCO2HrSs0Uby%2BFdf%2FN2ruCbemFhh%2F4fuAHtRVpRKx7CxMSMnu4FNSX%2FHqrUQ8WW%2BiZ%2F2LrPFjqgRdn5CIkH88%2F8y5BshHS5Icbwm7lOru8nDhFc21Q8MOP0q1UlymSWRgbD3F6eF4NbU9WHkOnB1O50MW%2FhZEcE%2B%2BXx4jSw3ORiIr9qc5IQaSI%2BEsoixGEGkHSEZjeg%2BQnBGAcN9eRJvdvalPS7RcsnbBjMv%2F8b8hyTOb%2FuIQ0eXRNyV5tQyuXS51a9OIKsjeC7I6QuSPkO3OQ5RFY%2FgUk%2F40sPF9DmuyvW6UheTXtXcoRZDyCEn1Q68FNjvTgYg8u85Dw0xoLgqDtc0b9zhJjTd4WUcj9gLbjgAZ%2B2IFjE3l95FkfTPXBzC4ys4st2YdxT2E3K1juweZj4n2wi4JXKAVBaQlKSlBKgjInKIvqgCvbsNV9rqyLgnPfOPfNaqjz7oAe6LwrUgJq%2BjC8GmRn5MJkPt7G15vYEqe1uNnqxEHcYlGz0W6GgnYiP4h43Oo0ud%2BgDFY%2BuL7yVrPV6twJIO3ctPcdOSb1119DJsdk%2Fpu7iOgRrDoCkxdA3augZQW6WWEn%2Fd5lsVTCOqNsnekEXFfI8v8j3%2FYG6oy8Mt3W%2Bp6DYMfk3MBMhcxU%2BFw%2BI%2Biqe8PbuiT7t3VpyY%2FrWS4TuUMnm9zIaS68b98T26U2fPWG7T94h02ISfjwQ2HzNZpymXYt%2Be6a5FyYFW2YID%2Bv2o9FdMvZzWvOpC5bu3V9ZTXJjLBW6nQEKk%2BWvwKTY%2FLyk8%2BmX%2FTyp39CmhGMq5C4mVKpj8CyXdhslrOawKgZjjIPpauGphHNkkoSKDHDNKpgxfHVn5YHvz7du4hIHD%2F56wU3NHTymspqYO%2Bha%2BZA8z2kSYXCVChUBar6sO5%2Fwzwzx1d%2Fb04NkZobRsrM7UfKqC%2BnQ55cOaw8rbWbTZ%2BGS4tBu01FO2o1OnEYcEobrbARhrSJ3I7jxeLRPwAAAP%2F%2FAQAA%2F%2F9qPi%2FtfAQAAA%3D%3D

192.243.61.227

200 OK

7 B

URL GET HTTP/1.1
dudleynutmeg.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReuzp%2F%2F5EF22ZsIc1BQWCfdM5OeiXtY3N1EgnGzbhQFhaW6qnpSprqrqerqnuQUDCx7HLx4Een5Jtmwuqx68ebuMlkQDAgZTzmYq1dB2LPMbHDwQdV73%2Ftewffeq7sDd0YacPT0xvt6RypFFxbrfu2NT4LgSm1Npq5X63XCO2HrSs0Uby%2BFdf%2FN2ruCbemFhh%2F4fuAHtRVpRKx7CxMSMnu4FNSX%2FHqrUQ8WW%2BiZ%2F2LrPFjqgRdn5CIkH88%2F8y5BshHS5Icbwm7lOru8nDhFc21Q8MOP0q1UlymSWRgbD3F6eF4NbU9WHkOnB1O50MW%2FhZEcE%2B%2BXx4jSw3ORiIr9qc5IQaSI%2BEsoixGEGkHSEZjeg%2BQnBGAcN9eRJvdvalPS7RcsnbBjMv%2F8b8hyTOb%2FuIQ0eXRNyV5tQyuXS51a9OIKsjeC7I6QuSPkO3OQ5RFY%2FgUk%2F40sPF9DmuyvW6UheTXtXcoRZDyCEn1Q68FNjvTgYg8u85Dw0xoLgqDtc0b9zhJjTd4WUcj9gLbjgAZ%2B2IFjE3l95FkfTPXBzC4ys4st2YdxT2E3K1juweZj4n2wi4JXKAVBaQlKSlBKgjInKIvqgCvbsNV9rqyLgnPfOPfNaqjz7oAe6LwrUgJq%2BjC8GmRn5MJkPt7G15vYEqe1uNnqxEHcYlGz0W6GgnYiP4h43Oo0ud%2BgDFY%2BuL7yVrPV6twJIO3ctPcdOSb1119DJsdk%2Fpu7iOgRrDoCkxdA3augZQW6WWEn%2Fd5lsVTCOqNsnekEXFfI8v8j3%2FYG6oy8Mt3W%2Bp6DYMfk3MBMhcxU%2BFw%2BI%2Biqe8PbuiT7t3VpyY%2FrWS4TuUMnm9zIaS68b98T26U2fPWG7T94h02ISfjwQ2HzNZpymXYt%2Be6a5FyYFW2YID%2Bv2o9FdMvZzWvOpC5bu3V9ZTXJjLBW6nQEKk%2BWvwKTY%2FLyk8%2BmX%2FTyp39CmhGMq5C4mVKpj8CyXdhslrOawKgZjjIPpauGphHNkkoSKDHDNKpgxfHVn5YHvz7du4hIHD%2F56wU3NHTymspqYO%2Bha%2BZA8z2kSYXCVChUBar6sO5%2Fwzwzx1d%2Fb04NkZobRsrM7UfKqC%2BnQ55cOaw8rbWbTZ%2BGS4tBu01FO2o1OnEYcEobrbARhrSJ3I7jxeLRPwAAAP%2F%2FAQAA%2F%2F9qPi%2FtfAQAAA%3D%3D
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectdudleynutmeg.com
Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90
ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReuzp%2F%2F5EF22ZsIc1BQWCfdM5OeiXtY3N1EgnGzbhQFhaW6qnpSprqrqerqnuQUDCx7HLx4Een5Jtmwuqx68ebuMlkQDAgZTzmYq1dB2LPMbHDwQdV73%2Ftewffeq7sDd0YacPT0xvt6RypFFxbrfu2NT4LgSm1Npq5X63XCO2HrSs0Uby%2BFdf%2FN2ruCbemFhh%2F4fuAHtRVpRKx7CxMSMnu4FNSX%2FHqrUQ8WW%2BiZ%2F2LrPFjqgRdn5CIkH88%2F8y5BshHS5Icbwm7lOru8nDhFc21Q8MOP0q1UlymSWRgbD3F6eF4NbU9WHkOnB1O50MW%2FhZEcE%2B%2BXx4jSw3ORiIr9qc5IQaSI%2BEsoixGEGkHSEZjeg%2BQnBGAcN9eRJvdvalPS7RcsnbBjMv%2F8b8hyTOb%2FuIQ0eXRNyV5tQyuXS51a9OIKsjeC7I6QuSPkO3OQ5RFY%2FgUk%2F40sPF9DmuyvW6UheTXtXcoRZDyCEn1Q68FNjvTgYg8u85Dw0xoLgqDtc0b9zhJjTd4WUcj9gLbjgAZ%2B2IFjE3l95FkfTPXBzC4ys4st2YdxT2E3K1juweZj4n2wi4JXKAVBaQlKSlBKgjInKIvqgCvbsNV9rqyLgnPfOPfNaqjz7oAe6LwrUgJq%2BjC8GmRn5MJkPt7G15vYEqe1uNnqxEHcYlGz0W6GgnYiP4h43Oo0ud%2BgDFY%2BuL7yVrPV6twJIO3ctPcdOSb1119DJsdk%2Fpu7iOgRrDoCkxdA3augZQW6WWEn%2Fd5lsVTCOqNsnekEXFfI8v8j3%2FYG6oy8Mt3W%2Bp6DYMfk3MBMhcxU%2BFw%2BI%2Biqe8PbuiT7t3VpyY%2FrWS4TuUMnm9zIaS68b98T26U2fPWG7T94h02ISfjwQ2HzNZpymXYt%2Be6a5FyYFW2YID%2Bv2o9FdMvZzWvOpC5bu3V9ZTXJjLBW6nQEKk%2BWvwKTY%2FLyk8%2BmX%2FTyp39CmhGMq5C4mVKpj8CyXdhslrOawKgZjjIPpauGphHNkkoSKDHDNKpgxfHVn5YHvz7du4hIHD%2F56wU3NHTymspqYO%2Bha%2BZA8z2kSYXCVChUBar6sO5%2Fwzwzx1d%2Fb04NkZobRsrM7UfKqC%2BnQ55cOaw8rbWbTZ%2BGS4tBu01FO2o1OnEYcEobrbARhrSJ3I7jxeLRPwAAAP%2F%2FAQAA%2F%2F9qPi%2FtfAQAAA%3D%3D HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: abca0539ae5e050eab08dad66fa5ff12
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/close.png

104.21.70.253

200 OK

6.0 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/close.png
IP
104.21.70.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced
Size
6.0 kB (5982 bytes)
Hash
c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd

HTTP Headers

GET /sb/notifications/gambling/unibet/social-box-confetti/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:43 GMT
content-type: image/png
content-length: 5982
last-modified: Fri, 02 Feb 2024 15:34:06 GMT
etag: "65bd0b6e-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 129420
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yh3E2SVWN3EGSj04Ra%2FYRJlEy9MZvNvXlcFomFUjt7FKwvrchtG6Wr6DqKjEWXiJCbuxX5tLh1Cc0XfKRxaKqrUzp905vw1aR2az%2Fo3%2Bxs4Xs%2BNG2ptwuc2hcsOJ394%2FlvC7Q2Kd0Oyj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d65eacc56ab-OSL
alt-svc: h3=":443"; ma=86400

dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Findex.html&l=1738&fd=34

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Findex.html&l=1738&fd=34
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectdudleynutmeg.com
Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90
ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Findex.html&l=1738&fd=34 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/confetti.gif

104.21.70.253

200 OK

206 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/confetti.gif
IP
104.21.70.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
GIF image data, version 89a, 480 x 360
Size
206 kB (206291 bytes)
Hash
0b33face774f2203446507ce5f075538
1dd3522529bce7739df0687f47f5bc84356698a0
ac345899461d5634d25c47281b10e3c1886abb33019e2ce8140573a79e9f52f2

HTTP Headers

GET /sb/notifications/gambling/unibet/social-box-confetti/1/img/confetti.gif HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:43 GMT
content-type: image/gif
content-length: 206291
last-modified: Fri, 02 Feb 2024 15:34:07 GMT
etag: "65bd0b6f-325d3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 129420
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wf5yBCYod9CUSq1zfXFlzDMvWXbxhsmoMbS7pFdD7yAr3FZ2fWYZLAeec9uS4q5OzMjrL6ebuE7hWX%2Fp3X28Slc3CynyCLO78UUsNKJD9L9ZY88uIHIfCHpjIMSmlbNXZ841gNb2K%2Bip"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d65eace56ab-OSL
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/logo.png

104.21.70.253

200 OK

44 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/logo.png
IP
104.21.70.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 2038 x 728, 8-bit/color RGBA, non-interlaced
Size
44 kB (43597 bytes)
Hash
7385ff746ad38c8d244e3c5ee4a939a1
2bf171af67d57e5ed098473551ab9a4729051136
9d16ffd0a510eaf5e7a8509f0c02c7d26bc8b65675f2be5aba15d8094c00269a

HTTP Headers

GET /sb/notifications/gambling/unibet/social-box-confetti/1/img/logo.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:43 GMT
content-type: image/png
content-length: 43597
last-modified: Thu, 02 May 2024 09:37:49 GMT
etag: "66335eed-aa4d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 129420
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2B0SikRNuBhl13ukkduzS%2BRU8ZwCDZTPbXWsj9A9G9Twf7JKyBowsATzC3BndDX0MaIRx%2FYFRHuLmvLco03FrrtQoNWjfV3M2dnzzVFL65iCnrfUZDk4TAiofZL3Md8HCqyhOMANTKxu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d65fad156ab-OSL
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/css/style.css

104.21.70.253

200 OK

1.2 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/css/style.css
IP
104.21.70.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
1.2 kB (1189 bytes)
Hash
6e37e8eb72d0e626bd912db4993e9319
aa878bce133e5b09603e724a9c50b985ae5144f2
ab588d8a18e7730d63f5bd86c9ace0530bf35163dfae8ba6f221a93ff57c94cb

HTTP Headers

GET /sb/notifications/gambling/unibet/social-box-confetti/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:42 GMT
content-type: text/css
last-modified: Thu, 02 May 2024 09:36:08 GMT
etag: W/"66335e88-11de"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 118558
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0tQQHAN91ThUbN7t8WwMGad38wCEK1Cl3ToPuUMnSq2sf%2BOqpYyJJ3zsiSrhIQKU6EjoKyqTRdmM6vit6NI3iEaR1EJyencrpN2NzIQleTY6SE9PnDCD43UbyU9l9z4AQYU%2B1KqC60VI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d655fb57131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/js/script.js

104.21.70.253

200 OK

855 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/js/script.js
IP
104.21.70.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
Unicode text, UTF-8 text
Size
855 B (855 bytes)
Hash
240731cf1c4b2bcad70c2365c2d81cbd
7604629159b8131ae062623e7971d51b6b223903
5ba205b36a8a1119104acfd210d008258b9de7a98b3efe25970c2a75053616a8

HTTP Headers

GET /sb/notifications/gambling/unibet/social-box-confetti/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:42 GMT
content-type: application/javascript
last-modified: Thu, 02 May 2024 09:40:33 GMT
etag: W/"66335f91-827"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 118558
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KhbU%2BSVr9EupJhR7Gb8KGPURYudon6t4pCfBq0k1DNAX7H1O2KpVdrRD69qriZvUrvXjtzY63m2vJ7yjriaIPVYanjAnI0JRWvbnN51%2F8GyQ4MjaG7TqVsiwYF59gaq1D9FB%2BhFnDsyp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d655fb67131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fstyle.css&l=4574&fd=44

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fstyle.css&l=4574&fd=44
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectdudleynutmeg.com
Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90
ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fstyle.css&l=4574&fd=44 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

unseenreport.com/pxf.gif?uuid=45802480-4502-442f-88fc-1c7defab388a&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23

192.243.59.12

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=45802480-4502-442f-88fc-1c7defab388a&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=45802480-4502-442f-88fc-1c7defab388a&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 May 2024 23:43:43 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c79df6bba84efc9d820704b5b51a03d4
Strict-Transport-Security: max-age=0; includeSubdomains

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 06:08:19 GMT
expires: Sat, 03 May 2025 06:08:19 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 63324
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Apr 2024 10:46:32 GMT
expires: Wed, 30 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 305831
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

dudleynutmeg.com/8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js

172.240.108.68

200 OK

30 kB

URL GET HTTP/1.1
dudleynutmeg.com/8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectdudleynutmeg.com
Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90
ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (30384 bytes)
Hash
d5163f4e9939fd4d2e1823f1130518b6
80d0845dcad2fdb3faa13f8d849bc4b8de645235
9eebcc1b82e441b7283cc672fa8470350b2fda8e38651e19f46e91012dfa7cee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3345c4c8810d45d767757fabc1c0c5c3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

dudleynutmeg.com/pixel/sbs?c=1

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
dudleynutmeg.com/pixel/sbs?c=1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectdudleynutmeg.com
Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90
ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

dudleynutmeg.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2hc1Re%2BL7%2F8Vi6kpTsRZqGgUCfvzf%2FYRbF%2FIsXY1EZRUCj335tcc9%2B7j3vfnTfJKhgoXQ5u3Ii8%2BSZpqJaqG3e2ZVIQDAgZV1mYrVtB6FpmGhw8cO853%2FnOhe%2Bcc%2B8O%2FSmpwdOTa%2B%2BbbaU1XWpWw8obn0TRpcqqSn2%2F0u%2B07rQalyq29%2FZyqxq%2BWXlX8k2zVAujMIzCqLKirIxNf2lKQmUPl6Pqclht1KpRs4G%2B%2FS92PoCjAUTvlJyHEpPFZ8EFKD5GmvxwTbrN3GQXryde09xY9MTBR%2BlmaooUyTyMbYA4PTirhnHHK49h0v2ZXJjev4VMTUjwy2Ow9OBMJFhvb6aTacgUTLyEojeG1GMoOgY3u1DimABc4OYa0uT%2BTWMLuvWCpVN2Qhaf%2Fw1VTMjiHxeQJo%2BuaNWvrBvtc2VSh35cQvXHUN0xMn%2BIfHsBqjgEz7%2BAEr%2BRpeerSJO9NacNlChnvSs1horH0HIA6gL46VEBfBzAZwEScVLhURS1Q8Fp2FnmvC7akrVEGNF2HNEobHXg%2BVTeAHk2ANcDcLuDzO5gUw1g%2FVO4jRJOBHD5hAQf7KAnShSSoHAEBSUoFEGRExS9cl9oV3PlfaGdZ9GZr535ejkyeXdI903elSkBtQNYUQ6zU3JuOp9g%2FesNbMqTSlxvdOIobnBWr7XrLUk7LIyYiBudughrlMOpB1dX3qo3Gp07EZRbmPW%2BrSak%2BvpryNSELH5zF4wewulDcHUO1L8KWpSgGyW20%2B99FistnbfaVblJIEyJLP8%2F8q1gqE%2FJK7Ntre16SH5Ezgzclshsic%2FVM4Kuvje6bQqyd9sUjvy4luUqUdt0usn1nOYy%2BPY9uVUYK25cc4MH7%2FApMQ0ffihdvkpTodKuI99dUUJIu2Isl%2BTnG%2B5jyW55t3HF29Rnq7eurtxIMiudUyYdg6rj61%2BBqwl5%2Bclnsy968dM%2FoewY1pdI%2FFypMofg2Q5cNs85Q2D1HLMsQOHLka2xeVIrAi3nmLISTh5d%2Fun68Nenu%2BfB5NGTv15wI0unr6kqh%2B4eunYBNN9FmpTo2RI9XYLqAZz%2F3yjP7NHl3%2BszA9MLI6btwh7TVn85G%2FL0yuHUSaUeijaTsWwz2Wg2YskFazZZyGPO6qLT4cjdJG72Hv0DAAD%2F%2FwEAAP%2F%2F6ur6BXwEAAA%3D

192.243.61.227

200 OK

7 B

URL GET HTTP/1.1
dudleynutmeg.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2hc1Re%2BL7%2F8Vi6kpTsRZqGgUCfvzf%2FYRbF%2FIsXY1EZRUCj335tcc9%2B7j3vfnTfJKhgoXQ5u3Ii8%2BSZpqJaqG3e2ZVIQDAgZV1mYrVtB6FpmGhw8cO853%2FnOhe%2Bcc%2B8O%2FSmpwdOTa%2B%2BbbaU1XWpWw8obn0TRpcqqSn2%2F0u%2B07rQalyq29%2FZyqxq%2BWXlX8k2zVAujMIzCqLKirIxNf2lKQmUPl6Pqclht1KpRs4G%2B%2FS92PoCjAUTvlJyHEpPFZ8EFKD5GmvxwTbrN3GQXryde09xY9MTBR%2BlmaooUyTyMbYA4PTirhnHHK49h0v2ZXJjev4VMTUjwy2Ow9OBMJFhvb6aTacgUTLyEojeG1GMoOgY3u1DimABc4OYa0uT%2BTWMLuvWCpVN2Qhaf%2Fw1VTMjiHxeQJo%2BuaNWvrBvtc2VSh35cQvXHUN0xMn%2BIfHsBqjgEz7%2BAEr%2BRpeerSJO9NacNlChnvSs1horH0HIA6gL46VEBfBzAZwEScVLhURS1Q8Fp2FnmvC7akrVEGNF2HNEobHXg%2BVTeAHk2ANcDcLuDzO5gUw1g%2FVO4jRJOBHD5hAQf7KAnShSSoHAEBSUoFEGRExS9cl9oV3PlfaGdZ9GZr535ejkyeXdI903elSkBtQNYUQ6zU3JuOp9g%2FesNbMqTSlxvdOIobnBWr7XrLUk7LIyYiBudughrlMOpB1dX3qo3Gp07EZRbmPW%2BrSak%2BvpryNSELH5zF4wewulDcHUO1L8KWpSgGyW20%2B99FistnbfaVblJIEyJLP8%2F8q1gqE%2FJK7Ntre16SH5Ezgzclshsic%2FVM4Kuvje6bQqyd9sUjvy4luUqUdt0usn1nOYy%2BPY9uVUYK25cc4MH7%2FApMQ0ffihdvkpTodKuI99dUUJIu2Isl%2BTnG%2B5jyW55t3HF29Rnq7eurtxIMiudUyYdg6rj61%2BBqwl5%2Bclnsy968dM%2FoewY1pdI%2FFypMofg2Q5cNs85Q2D1HLMsQOHLka2xeVIrAi3nmLISTh5d%2Fun68Nenu%2BfB5NGTv15wI0unr6kqh%2B4eunYBNN9FmpTo2RI9XYLqAZz%2F3yjP7NHl3%2BszA9MLI6btwh7TVn85G%2FL0yuHUSaUeijaTsWwz2Wg2YskFazZZyGPO6qLT4cjdJG72Hv0DAAD%2F%2FwEAAP%2F%2F6ur6BXwEAAA%3D
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectdudleynutmeg.com
Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90
ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST2hc1Re%2BL7%2F8Vi6kpTsRZqGgUCfvzf%2FYRbF%2FIsXY1EZRUCj335tcc9%2B7j3vfnTfJKhgoXQ5u3Ii8%2BSZpqJaqG3e2ZVIQDAgZV1mYrVtB6FpmGhw8cO853%2FnOhe%2Bcc%2B8O%2FSmpwdOTa%2B%2BbbaU1XWpWw8obn0TRpcqqSn2%2F0u%2B07rQalyq29%2FZyqxq%2BWXlX8k2zVAujMIzCqLKirIxNf2lKQmUPl6Pqclht1KpRs4G%2B%2FS92PoCjAUTvlJyHEpPFZ8EFKD5GmvxwTbrN3GQXryde09xY9MTBR%2BlmaooUyTyMbYA4PTirhnHHK49h0v2ZXJjev4VMTUjwy2Ow9OBMJFhvb6aTacgUTLyEojeG1GMoOgY3u1DimABc4OYa0uT%2BTWMLuvWCpVN2Qhaf%2Fw1VTMjiHxeQJo%2BuaNWvrBvtc2VSh35cQvXHUN0xMn%2BIfHsBqjgEz7%2BAEr%2BRpeerSJO9NacNlChnvSs1horH0HIA6gL46VEBfBzAZwEScVLhURS1Q8Fp2FnmvC7akrVEGNF2HNEobHXg%2BVTeAHk2ANcDcLuDzO5gUw1g%2FVO4jRJOBHD5hAQf7KAnShSSoHAEBSUoFEGRExS9cl9oV3PlfaGdZ9GZr535ejkyeXdI903elSkBtQNYUQ6zU3JuOp9g%2FesNbMqTSlxvdOIobnBWr7XrLUk7LIyYiBudughrlMOpB1dX3qo3Gp07EZRbmPW%2BrSak%2BvpryNSELH5zF4wewulDcHUO1L8KWpSgGyW20%2B99FistnbfaVblJIEyJLP8%2F8q1gqE%2FJK7Ntre16SH5Ezgzclshsic%2FVM4Kuvje6bQqyd9sUjvy4luUqUdt0usn1nOYy%2BPY9uVUYK25cc4MH7%2FApMQ0ffihdvkpTodKuI99dUUJIu2Isl%2BTnG%2B5jyW55t3HF29Rnq7eurtxIMiudUyYdg6rj61%2BBqwl5%2Bclnsy968dM%2FoewY1pdI%2FFypMofg2Q5cNs85Q2D1HLMsQOHLka2xeVIrAi3nmLISTh5d%2Fun68Nenu%2BfB5NGTv15wI0unr6kqh%2B4eunYBNN9FmpTo2RI9XYLqAZz%2F3yjP7NHl3%2BszA9MLI6btwh7TVn85G%2FL0yuHUSaUeijaTsWwz2Wg2YskFazZZyGPO6qLT4cjdJG72Hv0DAAD%2F%2FwEAAP%2F%2F6ur6BXwEAAA%3D HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:43 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 00b5db76ca4cdb5284d5523aaee02bc7
Strict-Transport-Security: max-age=0; includeSubdomains

zsexf.com/js/ads.js

188.114.96.1

200 OK

1.5 kB

URL GET HTTP/3
zsexf.com/js/ads.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectzsexf.com
Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21
ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT

File type
JavaScript source, ASCII text, with very long lines (1498), with no line terminators
Size
1.5 kB (1491 bytes)
Hash
4c46340e14f18a67fee668d9cf5f82d5
d0aa271a10e51424f6e5d1e0c6a8f40fc2216cd8
0eda9e41ed0b8d1f8bfa8c520ba784b53bca48a8536fb24e41dc1d0fe3c18c1d

HTTP Headers

GET /js/ads.js HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 08 Apr 2024 13:27:25 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
cf-cache-status: HIT
age: 285914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fpkn%2BdWED9NURKpz2MRHoVs0aTumHN%2ByUEAGO0moLpBV4eJkCuZdTHoGQOlP9vbfjfMiY7bz9a7wE7VryEipeEqeII%2Bwfbg65mEZ3eUWKAPEICJRb2TEDH%2B6cwU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d55cd67b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

zsexf.com/js/frontend.js?id=f7e07cec5812d52a9077

188.114.96.1

200 OK

981 kB

URL GET HTTP/3
zsexf.com/js/frontend.js?id=f7e07cec5812d52a9077
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectzsexf.com
Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21
ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT

File type

Size
981 kB (980867 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/frontend.js?id=f7e07cec5812d52a9077 HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 08 Apr 2024 13:27:25 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
cf-cache-status: HIT
age: 285913
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zu7FPzvtkGujESekKCpCrH87ZdEquAiITg4sKPgTPfSMmXMVKGPFrZmV4allugCvNMosbgdAao50wGtNdIwdu4DSbUGPX1YY09Vuub4y45QIWi5dtlKapBc544o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d55cd69b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c

142.250.74.168

200 OK

254 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
254 kB (254193 bytes)
Hash
61fdbf1941e80916b8f4962072d38efc
a7b6c5baf37876635d7c19a34d7bc2ab451c292c
de3b68445833c7898b29c7c7b844cc08b31d210210b2214bf7f9a0dd9daced02

HTTP Headers

GET /gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 03 May 2024 23:43:41 GMT
expires: Fri, 03 May 2024 23:43:41 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89734
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

live.demand.supply/up.js

104.17.39.115

200 OK

5.5 kB

URL GET HTTP/2
live.demand.supply/up.js
IP
104.17.39.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerCloudflare, Inc.
Subjectdemand.supply
Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E
ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (5703), with no line terminators
Size
5.5 kB (5525 bytes)
Hash
45050d5dc9d131fc2638587091a7ef65
166051eb127dfb810a7d09feb5ba2df4a01613bc
f4925789f31061c3496ec4c7acfc79ed2d6a8f6a1513bdfb4215b83b27794d58

HTTP Headers

GET /up.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 87e41d585ad256a2-OSL
cf-cache-status: HIT
age: 608
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
etag: W/"dbfb28e408f563c47c5a6f819ef24bd8-ssl-df"
link: <https://live.demand.supply/impl.v17.32.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v17-24-0/enNleGYuY29tLw==>; rel=preload; as=script
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cache-status: "Netlify Edge"; fwd=miss
cf-bgj: minify
cf-polished: origSize=5343
timing-allow-origin: *
x-nf-request-id: 01HWR9N3F30KS67B771J5SPTEE
set-cookie: __cf_bm=RJvtE9dKaXavNXI.EkyWR4CWjuwm6Iht9WTakq16OaA-1714779820-1.0.1.1-5_txhfFc1J9_.2Q.k_EVMd.h9ynjg6gT0tIZw2wODIYGKo9ipP2UEkQdqcfC..nnANrR2zgJ30ZCfQhEPoRK4A; path=/; expires=Sat, 04-May-24 00:13:40 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

zsexf.com/img/menu.svg

188.114.96.1

200 OK

1.8 kB

URL GET HTTP/3
zsexf.com/img/menu.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectzsexf.com
Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21
ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT

File type
SVG Scalable Vector Graphics image
Size
1.8 kB (1838 bytes)
Hash
384fec65fc108518c176b62a88b40a1f
d6c42c0b2dbdfef2d8468fc91f6c5611596075ef
00e2d83eb75a29fcfbf8e8373352d2e566d143764ddc05d982f46c85bb58517f

HTTP Headers

GET /img/menu.svg HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Jan 2023 16:39:42 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
cf-cache-status: HIT
age: 277523
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sNrKuqYlGRK3VOXsnJ2QM5hioOg81nSdL5GRWmN8mqyjnMMrPj8VLXzxm0%2Ff9FFzdG%2FQ5TiLcvNI56nFQHnKeEEgNFaOauBACy8m8gRLsdhEkYkxQ1HnDldo%2F1M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d557d46b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=44

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=44
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectdudleynutmeg.com
Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90
ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=44 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

7.0 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (7193), with no line terminators
Size
7.0 kB (7004 bytes)
Hash
16b49a99486594c0b42d9bd7821deb2c
2fb46e5e86d6b37d4497cc04bfd89b3cb33a276a
3f3540952441e06ef81189cf63d46bac242804e386779dbb0cdd78ed10025c21

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 May 2024 23:43:43 GMT
date: Fri, 03 May 2024 23:43:43 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

zsexf.com/css/frontend.css?id=2396ffb76e738e465b53

188.114.96.1

200 OK

260 kB

URL GET HTTP/3
zsexf.com/css/frontend.css?id=2396ffb76e738e465b53
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectzsexf.com
Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21
ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT

File type

Size
260 kB (260376 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /css/frontend.css?id=2396ffb76e738e465b53 HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: text/css
last-modified: Wed, 21 Dec 2022 18:47:00 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
cf-cache-status: HIT
age: 285914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FPODOGDBzQNYHnS%2FazIxI%2BN8gojLiSF7qSLEjv9K1mxRiEgOJ1NddLNgCYOS5BNUVgn2viQjGJyMooQKiKMi%2BRhTf0c1Eiqx9iidAxWcnP8nLsVgDOXjiXPjL94%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d557d43b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=UA-197252557-1

142.250.74.168

200 OK

208 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-197252557-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
208 kB (207550 bytes)
Hash
0cd81c08741231b7d8094949bfb66caf
4bdd839c9e21583e13d02e3278069f05008c0ce0
309e9545d3da1ad00508630709bb1b63cf91fbd82294eab9a0e2ce6499b458a5

HTTP Headers

GET /gtag/js?id=UA-197252557-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 03 May 2024 23:43:40 GMT
expires: Fri, 03 May 2024 23:43:40 GMT
cache-control: private, max-age=900
last-modified: Fri, 03 May 2024 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74666
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

zsexf.com/favicon.ico

188.114.96.1

302 Found

4.1 kB

URL GET HTTP/3
zsexf.com/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectzsexf.com
Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21
ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT

File type

Size
4.1 kB (4119 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D; ab=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Fri, 03 May 2024 23:43:42 GMT
content-type: text/html; charset=UTF-8
location: https://zsexf.com/wp-includes/images/w-logo-blue-white-bg.png
x-powered-by: PHP/8.2.15
cf-edge-cache: cache,platform=wordpress
link: <https://zsexf.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bBZVGqkyiAHXHyj9DrvlgXvsDL%2BjVz%2FGinc%2BoxJtsdAvytWGDsqDFBKVCEL2jfWgZJxHzWge8sV2ViL5995GHzLp5z6BpZv1LurhxwCpkyTecLH4FTlOiY7jUJg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d5cf9a8b4f1-OSL
alt-svc: h3=":443"; ma=86400

cdn.yourwebbars.com/sb/notifications/gambling/unibet/social-box-confetti/1/index.html

104.26.7.19

200 OK

1.7 kB

URL GET HTTP/2
cdn.yourwebbars.com/sb/notifications/gambling/unibet/social-box-confetti/1/index.html
IP
104.26.7.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint84:82:6E:35:03:D4:C4:FC:BA:08:CD:C8:E6:A3:97:A9:20:2F:F5:49
ValiditySun, 23 Jul 2023 00:00:00 GMT - Mon, 22 Jul 2024 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1831), with no line terminators
Size
1.7 kB (1740 bytes)
Hash
510a07e6fe6490ab1e3a185f91481685
165f2215ae5425981596a4b0e643b632b7c4b5d3
ce00ef4159181eed94e01be3ee6cdad381fade7da0ed6814ee2c2d387689fb40

HTTP Headers

GET /sb/notifications/gambling/unibet/social-box-confetti/1/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:42 GMT
content-type: text/html
last-modified: Thu, 02 May 2024 09:41:58 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 33583
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bPC7YM3r%2BO7Cr7UEDR9Sk%2Bs3MmC%2F8hFeMUOHDYHu9uOy1%2FOsVhGBvC5HcvYmkz56EpfHmGTIh9MJP2btlr7xFSwFhF38kXssw%2BB5iJOel5Abztz%2BwZGqjeoCMDMgT6dn0Zj0V%2BY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d64bf1c7131-OSL
content-encoding: br
X-Firefox-Spdy: h2

live.demand.supply/ds.2.html

104.17.39.115

200 OK

413 B

URL GET HTTP/3
live.demand.supply/ds.2.html
IP
104.17.39.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerCloudflare, Inc.
Subjectdemand.supply
Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E
ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (430), with no line terminators
Size
413 B (413 bytes)
Hash
68dce237203af5e16657b39e1f2e7b46
8084ece9e2500c1a0731aaf8f33290744b174b9c
8534d0076676e85517a298ded722e84bb64abf655fbc565588f76a7e26ad4680

HTTP Headers

GET /ds.2.html HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
cache-status: "Netlify Edge"; hit
strict-transport-security: max-age=31536000
timing-allow-origin: *
x-nf-request-id: 01HWN6NJYJEW7AMPRG1K1C5P4B
cf-cache-status: HIT
age: 277220
set-cookie: __cf_bm=0gsINVUTFnx4wZubJ7kdQV9_j_oIv9AebJnP_v5vM7o-1714779821-1.0.1.1-b5zie68egThPGAC7oYp4KVhKEpeV6GpxgWUPAPUsdFtiPc2K0.o7xBL9nWaGXl7BeUUnxfJD1JB3BSs.izbKPg; path=/; expires=Sat, 04-May-24 00:13:41 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d598e06569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzK_HoxCEJcb5lD9a6yNNowotbX9gqjou4FsPEjU-69zcTJODWMZFdbxO13qL6Wvty5kK42iQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S856129801%3A1714779821774148&theme=mn&ddm=0

74.125.131.84

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzK_HoxCEJcb5lD9a6yNNowotbX9gqjou4FsPEjU-69zcTJODWMZFdbxO13qL6Wvty5kK42iQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S856129801%3A1714779821774148&theme=mn&ddm=0
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzK_HoxCEJcb5lD9a6yNNowotbX9gqjou4FsPEjU-69zcTJODWMZFdbxO13qL6Wvty5kK42iQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S856129801%3A1714779821774148&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:43:42 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-29C0VybCHaB1AuShnkK9OQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
217141cadd12b9d4754149d5612d78aa
cd6063d8b41a2e210cec4a33340b996ea557f1d2
5dfc472f66929db4439e599d3e4e741445cc27bc22047ec1351d181eeb5b1d24

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://zsexf.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=45802480-4502-442f-88fc-1c7defab388a:1:1; expires=Mon, 01 May 2034 23:43:41 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fjs%2Fscript.js&l=2042&fd=38

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fjs%2Fscript.js&l=2042&fd=38
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectdudleynutmeg.com
Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90
ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fjs%2Fscript.js&l=2042&fd=38 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap

142.250.74.106

200 OK

19 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text
Size
19 kB (19004 bytes)
Hash
e9214a1167aa27518bc869450a50706d
b5790e68611559bccd7a422ab3b63d4a9fa50c80
d2c53adf35264dffc9fb93e79e489fb00a10883c98108f57c0413a3c286fb4da

HTTP Headers

GET /css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 May 2024 23:43:40 GMT
date: Fri, 03 May 2024 23:43:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pogothere.xyz/

104.21.24.208

200 OK

27 B

URL GET HTTP/2
pogothere.xyz/
IP
104.21.24.208:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectpogothere.xyz
Fingerprint34:D3:33:F8:49:E2:1E:3E:44:A8:5D:74:68:9C:B8:A0:D5:F8:DD:0B
ValidityWed, 27 Mar 2024 02:15:30 GMT - Tue, 25 Jun 2024 02:15:29 GMT

File type
ASCII text, with no line terminators
Size
27 B (27 bytes)
Hash
ee391c6d2d8eb57aff88bed4ad439294
e0024bade65911e7cbb723bd725c22df32d9fae7
5cd117f57a2875cf7a9e55dede4c4f664b6ace46891d71d2cdcea1b06589e0c7

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: text/plain
set-cookie: csu=1881742822836911@1@1714779821; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://zsexf.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bGVC6jG5jtBTf3eAkk6D0XuE65hu7bzAVmVfbrdos8D6yN36o0ZsCQF9nI%2BU98nLnLIHrCyFSQqqEMTuSovIGVOxF60v6%2FR%2B0JF7e4tRZIwr9qm17xr1DRThLRQ8fSth"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d5b4ace712a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

live.demand.supply/impl.v17.32.0.js

104.17.39.115

200 OK

91 kB

URL GET HTTP/3
live.demand.supply/impl.v17.32.0.js
IP
104.17.39.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerCloudflare, Inc.
Subjectdemand.supply
Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E
ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (23282)
Size
91 kB (91209 bytes)
Hash
3501fe52a8aeb0dc9b89aa1c12ea6e5a
b6221b443437b86f096112d2ec77fab1975fd811
b77415363ffad60ce3f975e393d3ef44a47d8bddbec2f0a2f9f0e9587dd5c501

HTTP Headers

GET /impl.v17.32.0.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: __cf_bm=RJvtE9dKaXavNXI.EkyWR4CWjuwm6Iht9WTakq16OaA-1714779820-1.0.1.1-5_txhfFc1J9_.2Q.k_EVMd.h9ynjg6gT0tIZw2wODIYGKo9ipP2UEkQdqcfC..nnANrR2zgJ30ZCfQhEPoRK4A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=91396
access-control-allow-origin: *
cache-status: "Netlify Edge"; fwd=miss
etag: W/"b0ea5d9194ab3fdb131dbfcf767a3676-ssl-df"
strict-transport-security: max-age=31536000
timing-allow-origin: *
vary: Accept-Encoding
x-nf-request-id: 01HWAW44Z8KJM1G27JKQDGSW4N
cf-cache-status: HIT
age: 285970
server: cloudflare
cf-ray: 87e41d598e04569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/css/animate.css

104.21.70.253

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/css/animate.css
IP
104.21.70.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
79 kB (78693 bytes)
Hash
5982c5377696d20476871062646b253f
8bf2c93fa9ccc908f7df0fb7abb911bbac3e4242
4e23a6449e6ef4614f0107cecf5c9eda75d2041c7c71f4a55d45f2a7e75450f4

HTTP Headers

GET /sb/notifications/gambling/unibet/social-box-confetti/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:42 GMT
content-type: text/css
last-modified: Fri, 02 Feb 2024 15:34:04 GMT
etag: W/"65bd0b6c-13365"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 118558
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cf9f97PcIAuo8yY%2Bv0vsB6mWc7V%2F2AJoEjO%2Fc2r7IBZPkSaZEZ9h3WsLibAvtDnQq0br4ASYERaSyue5thfUXCyhtPHfghjcg%2B6myKs6o5K6hGZXlgbxnMVpI1MFQkNqL5BSdMRC2vrS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d655fb37131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

zsexf.com/img/logo.svg

188.114.96.1

200 OK

22 kB

URL GET HTTP/3
zsexf.com/img/logo.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectzsexf.com
Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21
ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT

File type
SVG Scalable Vector Graphics image
Size
22 kB (22248 bytes)
Hash
1e28749acbd90e7e99a883c1890327cd
638b4525d3f0ed776db136ca1025a8961f46c9e0
d526da1f4d4af45cefd2a0d140abec2beddc3150d13c47d3de893eaa278a369d

HTTP Headers

GET /img/logo.svg HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: image/svg+xml
last-modified: Fri, 08 Apr 2022 10:55:45 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
cf-cache-status: HIT
age: 271774
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qvf5bau8we3TAM%2FsRiQOiMRbk%2F8SUhi3LlQLmAK8ICbrJn6OwXhptd82xf2DFVK%2BqoFpKTrpX%2BCqNIMQE4UAvHy3hVqcjwkowNu%2BSSMp7ZzTzAdr6kn3Ohm95vY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d557d45b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit

142.250.74.131

200 OK

921 B

URL GET HTTP/2
www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc.google.com
Fingerprint7C:B7:19:49:C1:10:A7:C1:57:8C:3C:B8:82:CC:C7:26:D1:7F:3A:39
ValidityTue, 16 Apr 2024 03:24:32 GMT - Tue, 09 Jul 2024 03:24:31 GMT

File type
JavaScript source, ASCII text, with very long lines (921), with no line terminators
Size
921 B (921 bytes)
Hash
b832740e618479615e7f4ec2d6d18e95
39e2c70fbc1164d6748e0314c36691c42245c53a
66b51ffa06c4662b57b6b492d53318ac5e672cd53f52ce08e2699325eb796414

HTTP Headers

GET /recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit HTTP/1.1
Host: www.recaptcha.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Fri, 03 May 2024 23:43:41 GMT
date: Fri, 03 May 2024 23:43:41 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

zsexf.com/gSS1EM?token=eyJpdiI6IndTS0I0MWNLZUh6YnNvSGg1Y0ZTcmc9PSIsInZhbHVlIjoiSEZKUDNFc2M2ZlFFbjNMcUxOcEhaUT09IiwibWFjIjoiNGVhMWM4OTg2ZWQyMjIyM2ZkZjc5YzNlZmEyOWE3N2E3YzIwZDBkMDdkNzMyMzg0MGRkMjlkYTg0NzA5MTZiOSIsInRhZyI6IiJ9

188.114.96.1

302 Found

313 kB

URL User Request GET HTTP/2
zsexf.com/gSS1EM?token=eyJpdiI6IndTS0I0MWNLZUh6YnNvSGg1Y0ZTcmc9PSIsInZhbHVlIjoiSEZKUDNFc2M2ZlFFbjNMcUxOcEhaUT09IiwibWFjIjoiNGVhMWM4OTg2ZWQyMjIyM2ZkZjc5YzNlZmEyOWE3N2E3YzIwZDBkMDdkNzMyMzg0MGRkMjlkYTg0NzA5MTZiOSIsInRhZyI6IiJ9
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectzsexf.com
Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21
ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT

File type

Size
313 kB (312727 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gSS1EM?token=eyJpdiI6IndTS0I0MWNLZUh6YnNvSGg1Y0ZTcmc9PSIsInZhbHVlIjoiSEZKUDNFc2M2ZlFFbjNMcUxOcEhaUT09IiwibWFjIjoiNGVhMWM4OTg2ZWQyMjIyM2ZkZjc5YzNlZmEyOWE3N2E3YzIwZDBkMDdkNzMyMzg0MGRkMjlkYTg0NzA5MTZiOSIsInRhZyI6IiJ9 HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 03 May 2024 23:43:38 GMT
content-type: text/html; charset=UTF-8
location: https://zsexf.com/gSS1EM
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IjdzbTBLbG1FUUZPOXRHbDVWc3N1ZkE9PSIsInZhbHVlIjoiNGdiLzRZdTFyLzFxdVV4TjVjdVRsQy9DcWhWbjRGMnR1eElRdlJJRmN2V1IxYTRmR2xYaDdIa25FWXg4OEFLZHJ2ZHNDNG83WWIyQ0hCckZFeHRpSFlWQ2ZXMFcrNWVqR0FORUhxdzB3STF0Tlh4RnhpVXhKQWYwZHNKaktZbnAiLCJtYWMiOiJjNzhkMzI0ODY3ZmY5NzY2Y2YyYmRiMWUxYmYwYzgzMzZiNWNiZmZkY2NhMjc3Mjk3NzE4NGIxZmJmNzBjZTc4IiwidGFnIjoiIn0%3D; expires=Fri, 10-May-2024 23:43:38 GMT; Max-Age=604800; path=/; samesite=lax
upfiles_session=eyJpdiI6ImNNK3VNRmVQT3Rya0MxZ1FTb0h0S3c9PSIsInZhbHVlIjoiVnNJaUJ1YWNoTlBwYmxZQ1o2RXBPQWloQ1NIWWFONU5ZZEpjUXV5T2ZvTlB4NWtBT21BT1FRa2NPZUtFMzlnTmlZejFCbm1ybW5vZHFob2E3T0gyenJqa1VmQmhzR05NVE42TVVKWVZ3aVZRcXY4T1dBaExqMS8xdStnaUc1SSsiLCJtYWMiOiIxZmQ5ZTVmZDljN2NkY2NhMGRhODM1ZjExNWRmYmQ2Yzc4MjIyNmRiMTc5YmIzNWIzYTQ5MzIwZDA4MzJlOWQxIiwidGFnIjoiIn0%3D; expires=Fri, 10-May-2024 23:43:38 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FoK62%2Be9WmR6uyZXRg91byPdAVw8RcyFYDWiGJnYDhO1qmdY3lcCCUnvx0BIzGHX2eJ1jhJj82jALwoLMmKZ%2BNIQfoGA4cTSnLkWLRA5QADaBZv%2BM1PH9L94kN4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d400f9256c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

zsexf.com/img/plane.svg

188.114.96.1

200 OK

684 B

URL GET HTTP/3
zsexf.com/img/plane.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerLet's Encrypt
Subjectzsexf.com
Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21
ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT

File type
SVG Scalable Vector Graphics image
Size
684 B (684 bytes)
Hash
8e7c41bde9bc90def2171d239eb22f04
853c0fbf7ca55b313af83201d95d6f6f3d3225ba
9bc4e093793a06ba14d0505710aad5254212125573342fa92c228f873d05bfea

HTTP Headers

GET /img/plane.svg HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: image/svg+xml
last-modified: Fri, 13 Jan 2023 13:29:35 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
cf-cache-status: HIT
age: 277523
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PFVhNhQxEaxCdX%2Bi3MgdO1qEavKu1J3ju2seiwgv38knRhpSPkuXOQj%2F9rDOjvS45%2BpKiR3e2s9AXFo8SgZyKK44RZiisY7GRa%2F5jVpa0BavrsU2G9GwS1RFxaY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d55cd66b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js

142.250.74.35

200 OK

518 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://zsexf.com/gSS1EM
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
JavaScript source, ASCII text, with very long lines (631)
Size
518 kB (517649 bytes)
Hash
e2e79d6b927169d9e0e57e3baecc0993
1299473950b2999ba0b7f39bd5e4a60eafd1819d
231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b

HTTP Headers

GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:11 GMT
expires: Fri, 02 May 2025 01:56:11 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 164851
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (32)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL