| zsexf.com/ | 188.114.96.1 | | 384 B |
IP188.114.96.1:0
File typeHTML document, ASCII text Hashe3eb0a1df437f3f97a64aca5952c8ea0 7dd71afcfb14e105e80b0c0d7fce370a28a41f0a 38ffd4972ae513a0c79a8be4573403edcd709f0f572105362b08ff50cf6de521
GET / HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 May 2024 23:43:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 22 Mar 2024 17:32:28 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BM5SCifN7cMYKv%2BnBbeQRsaqOiVtEXZpPf3QLV7FlTb9KqiwQEIHYKP4JTXctNb80BfR53SmmlxKxtt%2BgdOGQ%2B6rvpszUCQZptICHJYPFqFIiyPqniA2JJKhtEQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e41d527e70b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| zsexf.com/img/faqs-image.svg | 188.114.96.1 | 200 OK | 14 kB |
URL GET HTTP/3zsexf.com/img/faqs-image.svg IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typeSVG Scalable Vector Graphics image Hasha60b7216905928c625ae9592044476cd e70c5be728c7bd1198100337487aafe126834ca3 9a717285429d468fadc4d25179fc6feb49e6335f3af1675fb6be1cb50e7e8322
GET /img/faqs-image.svg HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: image/svg+xml
last-modified: Fri, 13 Jan 2023 13:29:35 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
cf-cache-status: HIT
age: 285915
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5VTFYeT%2FzlaDz%2FSgJ0gKsn%2FuOw%2FeBuxQm6DWBG7lBoQZIcImvI1Nc%2FL0lQ0ktRNvnQVjzD0i1uALEQ%2B93J5mgOWwFXO2on32VYiNoCWK2nOTuqlXwX9MTzEpnQE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d558d4cb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 188.114.96.1 | 200 OK | 354 kB |
URL User Request GET HTTP/2IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (58223), with CRLF, LF line terminators Size354 kB (353776 bytes) Hashd80ca184eff940f043cc96d5f6e2fef5 e6ecb551f6a9518b481a0db85e7658ff290a75c0 def4bbe53715b0327d43e2e1ef9ae2aba1729dd669301652288384b4dfa2b62b
GET /gSS1EM HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjdzbTBLbG1FUUZPOXRHbDVWc3N1ZkE9PSIsInZhbHVlIjoiNGdiLzRZdTFyLzFxdVV4TjVjdVRsQy9DcWhWbjRGMnR1eElRdlJJRmN2V1IxYTRmR2xYaDdIa25FWXg4OEFLZHJ2ZHNDNG83WWIyQ0hCckZFeHRpSFlWQ2ZXMFcrNWVqR0FORUhxdzB3STF0Tlh4RnhpVXhKQWYwZHNKaktZbnAiLCJtYWMiOiJjNzhkMzI0ODY3ZmY5NzY2Y2YyYmRiMWUxYmYwYzgzMzZiNWNiZmZkY2NhMjc3Mjk3NzE4NGIxZmJmNzBjZTc4IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6ImNNK3VNRmVQT3Rya0MxZ1FTb0h0S3c9PSIsInZhbHVlIjoiVnNJaUJ1YWNoTlBwYmxZQ1o2RXBPQWloQ1NIWWFONU5ZZEpjUXV5T2ZvTlB4NWtBT21BT1FRa2NPZUtFMzlnTmlZejFCbm1ybW5vZHFob2E3T0gyenJqa1VmQmhzR05NVE42TVVKWVZ3aVZRcXY4T1dBaExqMS8xdStnaUc1SSsiLCJtYWMiOiIxZmQ5ZTVmZDljN2NkY2NhMGRhODM1ZjExNWRmYmQ2Yzc4MjIyNmRiMTc5YmIzNWIzYTQ5MzIwZDA4MzJlOWQxIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; expires=Fri, 10-May-2024 23:43:39 GMT; Max-Age=604800; path=/; samesite=lax
upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D; expires=Fri, 10-May-2024 23:43:39 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pk1xgPNfLbizs0B%2FS68tU%2FlC04Ox2RVgwQw6qE8oTLsg%2B0HfCCsd2FRwZ%2FGzxuQuN%2BGmzklrK5fjM4n8iQBjxr43u8JKZy4TURW%2B01hREHH0t6ZB4Opbo70V5mU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d4a7da856c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| dampedvisored.com/1clkn/34742 | 23.109.170.31 | 200 OK | 26 B |
URL GET HTTP/1.1dampedvisored.com/1clkn/34742 IP23.109.170.31:443
CertificateIssuerLet's Encrypt Subjectdampedvisored.com Fingerprint49:EE:D2:FF:9B:98:5D:77:22:C4:3C:71:12:E6:8E:A0:00:64:2A:E5 ValidityTue, 16 Apr 2024 00:17:35 GMT - Mon, 15 Jul 2024 00:17:34 GMT
File typeASCII text, with no line terminators Hash9082dc37e5e8046929da411544ad071a 41e0e3963ed94e59e8a2f115994c382712411537 b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1clkn/34742 HTTP/1.1
Host: dampedvisored.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 May 2024 23:43:40 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 04-May-2024 23:43:40 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 04-May-2024 23:43:40 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 142.250.74.99 | 200 OK | 16 kB |
URL GET HTTP/3fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP142.250.74.99:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 06:08:19 GMT
expires: Sat, 03 May 2025 06:08:19 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 63321
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 | 142.250.74.99 | 200 OK | 47 kB |
URL GET HTTP/2fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 IP142.250.74.99:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 46704, version 1.0 Hash30a274cd01b6eeb0b082c918b0697f1e 393311bde26b99a4ad935fa55bad1dce7994388b 88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 14:44:38 GMT
expires: Fri, 02 May 2025 14:44:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 118742
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 142.250.74.99 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP142.250.74.99:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Apr 2024 10:46:32 GMT
expires: Wed, 30 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 305828
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 | 142.250.74.99 | 200 OK | 47 kB |
URL GET HTTP/2fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 IP142.250.74.99:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 46704, version 1.0 Hash30a274cd01b6eeb0b082c918b0697f1e 393311bde26b99a4ad935fa55bad1dce7994388b 88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 14:44:38 GMT
expires: Fri, 02 May 2025 14:44:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 118742
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| live.demand.supply/e/e.js?e=ll&d=277&cs=c&dsReferer=enNleGYuY29tL2dTUzFFTQ== | 104.17.39.115 | 200 OK | 0 B |
URL HEAD HTTP/3live.demand.supply/e/e.js?e=ll&d=277&cs=c&dsReferer=enNleGYuY29tL2dTUzFFTQ== IP104.17.39.115:443
CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /e/e.js?e=ll&d=277&cs=c&dsReferer=enNleGYuY29tL2dTUzFFTQ== HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
access-control-allow-origin: *
cache-status: "Netlify Edge"; hit
etag: "799cfe824336f1fce20d72fb9944d5d5-ssl"
strict-transport-security: max-age=31536000
x-nf-request-id: 01HWN6NJYED30PAWPTDQKVMGXY
cf-cache-status: HIT
age: 271612
accept-ranges: bytes
set-cookie: __cf_bm=H4YEe4Vq_BTSE4MvrWJLG.wUASs3GhgtU73qSLsOw0w-1714779821-1.0.1.1-crlMqZ5pGomQV9ugrwBDG7qSMk579RqMT48KGT4ktHdo.5.f3ryw4CTGrA4NnU.A4LuQkgZOl.kRZ4GVP60Wdw; path=/; expires=Sat, 04-May-24 00:13:41 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d59ca98568f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| absentcleannewspapers.com/f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js | 172.240.108.76 | 200 OK | 16 kB |
URL GET HTTP/1.1absentcleannewspapers.com/f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js IP172.240.108.76:443
CertificateIssuerLet's Encrypt Subjectabsentcleannewspapers.com FingerprintA6:E7:75:05:4C:FA:FF:D2:F7:67:61:89:73:1B:66:32:AF:19:2F:7D ValidityTue, 26 Mar 2024 06:03:56 GMT - Mon, 24 Jun 2024 06:03:55 GMT
File typeJavaScript source, ASCII text, with very long lines (45363), with no line terminators Hash669d112eb83ee07614d865cc263802c4 5b67c81d61a96d2c8bfb2f5f6513e4aa72e0c625 b6c4d3cec06a929999f7c6baaee4cdd9b6ff6b5d8881c355afde55e02bbd09bd
GET /f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js HTTP/1.1
Host: absentcleannewspapers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=1; expires=Tue, 07 May 2024 02:43:41 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 66a564121675cb00fe7402377bcb61c4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.r2m03.amazontrust.com/ | 3.164.222.26 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP3.164.222.26:0
Hash353dbae1e1b45a750770ae51bef13ba7 465917a2a0bbb947e9727e7f08b584a82aa6fb81 9fa5becc3e07f31f2f08bf5f331d6bfda4f6386634ea524bc3a8c56ac1c0bc2b
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 03 May 2024 23:43:41 GMT
Last-Modified: Fri, 03 May 2024 23:19:03 GMT
Server: ECAcc (ska/F775)
X-Cache: Miss from cloudfront
Via: 1.1 5d44e22fe93ef8713c49e65bc8443112.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: ZYLlijyl-3VxdcL2aM9pKy-mvr9DYZpokSduRvroWKWLK1CBCYImYA==
Age: 1479
|
|
| zsexf.com/images/arrow-down.png?c98e5283a69cb508d054d30256af43c6 | 188.114.96.1 | 200 OK | 208 B |
URL GET HTTP/3zsexf.com/images/arrow-down.png?c98e5283a69cb508d054d30256af43c6 IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typePNG image data, 6 x 12, 8-bit/color RGBA, non-interlaced Hash31f073499665afb237f3294219d2d7c6 c1ada0510e31f661dab66203c15a3d6c8f5468d0 59b7ad6d6f457b624e25d22959edc7c83af2ac52edba32fd6648c97af0d1780c
GET /images/arrow-down.png?c98e5283a69cb508d054d30256af43c6 HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/css/frontend.css?id=2396ffb76e738e465b53
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D; ab=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: image/png
content-length: 208
last-modified: Fri, 08 Apr 2022 10:55:45 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 271774
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZSGWS78gtBYwbGHqx6lmb0WXgslxHixIpGV%2BdzgWq9B%2B%2BZ2x%2F9722k6odRzZNZwBcrCiRHxAvoIJA2jIIR%2Bt88Mm8q71ieUGjUYpWb5N4XSQWpX4AYeogK3Si0Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d5be8e7b4f1-OSL
alt-svc: h3=":443"; ma=86400
|
|
| live.demand.supply/p4/v17-24-0/enNleGYuY29tL2dTUzFFTQ== | 104.17.39.115 | 200 OK | 132 B |
URL GET HTTP/3live.demand.supply/p4/v17-24-0/enNleGYuY29tL2dTUzFFTQ== IP104.17.39.115:443
CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with no line terminators Hashab3db78294876480edccd2b9ffe2259b 7690642b47fcef4e5be8e8c10d83633267eb02df fb94b462f27f138f78bc2f58584c8e4377ea23828ec4bf2de9a76b624419b6d0
GET /p4/v17-24-0/enNleGYuY29tL2dTUzFFTQ== HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: __cf_bm=RJvtE9dKaXavNXI.EkyWR4CWjuwm6Iht9WTakq16OaA-1714779820-1.0.1.1-5_txhfFc1J9_.2Q.k_EVMd.h9ynjg6gT0tIZw2wODIYGKo9ipP2UEkQdqcfC..nnANrR2zgJ30ZCfQhEPoRK4A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d598e05569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 | 142.250.74.99 | 200 OK | 47 kB |
URL GET HTTP/2fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 IP142.250.74.99:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 46704, version 1.0 Hash30a274cd01b6eeb0b082c918b0697f1e 393311bde26b99a4ad935fa55bad1dce7994388b 88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 14:44:38 GMT
expires: Fri, 02 May 2025 14:44:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 118743
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 | 142.250.74.99 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 IP142.250.74.99:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15920, version 1.0 Hash3a44e06eb954b96aa043227f3534189d 23cef6993ddb2b2979e8e7647fc3763694e2ba7d b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:49:11 GMT
expires: Fri, 02 May 2025 01:49:11 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 165270
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| iresandal.info/T20zUUJgUlAifxgHWxYYfAlHEgoVNWEGCwMJZR8SLTxfYRR/JBUlKytQAmFwfl0GYmQ/BFdsc2keRzA2Oh4OYGQmA1U+f2kbDmBsfFkdYnRhWRUkf35LRyEjKFACdzI7GV9sc3hcB2Z1dlUBYHB4Wg | 104.21.40.187 | 204 No Content | 0 B |
URL GET HTTP/2iresandal.info/T20zUUJgUlAifxgHWxYYfAlHEgoVNWEGCwMJZR8SLTxfYRR/JBUlKytQAmFwfl0GYmQ/BFdsc2keRzA2Oh4OYGQmA1U+f2kbDmBsfFkdYnRhWRUkf35LRyEjKFACdzI7GV9sc3hcB2Z1dlUBYHB4Wg IP104.21.40.187:443
CertificateIssuerGoogle Trust Services LLC Subjectiresandal.info FingerprintD9:9E:21:6F:70:F4:90:F2:B5:4A:CC:E5:AB:CD:07:D7:A8:09:59:3A ValidityMon, 01 Apr 2024 07:01:50 GMT - Sun, 30 Jun 2024 07:01:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /T20zUUJgUlAifxgHWxYYfAlHEgoVNWEGCwMJZR8SLTxfYRR/JBUlKytQAmFwfl0GYmQ/BFdsc2keRzA2Oh4OYGQmA1U+f2kbDmBsfFkdYnRhWRUkf35LRyEjKFACdzI7GV9sc3hcB2Z1dlUBYHB4Wg HTTP/1.1
Host: iresandal.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Fri, 03 May 2024 23:43:41 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KNUOuQ0AO9IUuUa5lRXlHDuabTBb9TIGvNW8XLTzfZxj27qluj5bM7zj2aTgKtQfw8G%2Bj2gMk9lLTuHBgFI2nmOt5atoe2pIy8UiYBKn9jlrFkwXA3Cuo7%2Bc%2BYm3VJY4lw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d5b5bf75697-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ativesathyas.info/TUJBczEsICIeDix/I1VEPy58VgMLZ3M1VX9zMwNaKjt5A1AlITRdUiEtNBdXPy0vBx8jJzVWAwsmIytBOhsWPn4LEHU7aQ8pFTV3NREZJlkPFxcpVBUDACdzKjYJMFkEBQchSSgDJgRwFQAuIHUMDwonYxwaBidGGAkDMl8GKhQrf3xzIjFzPgoUNkEaBhA6dQUXcDtzKg8bJ2cPBAUxBR4aBxd9CSUAPHILAwowVgQYAyFoDgQ5HHYVAxQyaSoDFzBWKhIAIUUbFzglaBsHAzZkG3MSMHcPERI2WjQQBzVVCyoqI3clFCciXQggFyZGOxRwF3geFmw5dBgUcTpzJhAQP3QDBRVCfwgacTljDwMmKXY6dwYrSzUBFCV7KREqNWMYKSk6YAwhCjtJdRUFG0UEEQUpaBsXDzhnJRAkK3BrKDIcXz1/NAdFCyYIAHsdJzcnAQ | 143.204.55.56 | 200 OK | 1.2 kB |
URL GET HTTP/2ativesathyas.info/TUJBczEsICIeDix/I1VEPy58VgMLZ3M1VX9zMwNaKjt5A1AlITRdUiEtNBdXPy0vBx8jJzVWAwsmIytBOhsWPn4LEHU7aQ8pFTV3NREZJlkPFxcpVBUDACdzKjYJMFkEBQchSSgDJgRwFQAuIHUMDwonYxwaBidGGAkDMl8GKhQrf3xzIjFzPgoUNkEaBhA6dQUXcDtzKg8bJ2cPBAUxBR4aBxd9CSUAPHILAwowVgQYAyFoDgQ5HHYVAxQyaSoDFzBWKhIAIUUbFzglaBsHAzZkG3MSMHcPERI2WjQQBzVVCyoqI3clFCciXQggFyZGOxRwF3geFmw5dBgUcTpzJhAQP3QDBRVCfwgacTljDwMmKXY6dwYrSzUBFCV7KREqNWMYKSk6YAwhCjtJdRUFG0UEEQUpaBsXDzhnJRAkK3BrKDIcXz1/NAdFCyYIAHsdJzcnAQ IP143.204.55.56:443
CertificateIssuerAmazon Subjectativesathyas.info Fingerprint8E:5E:CA:78:42:82:73:4A:27:4C:A3:6A:A4:2E:95:BF:C4:9C:27:89 ValidityMon, 15 Apr 2024 00:00:00 GMT - Wed, 14 May 2025 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (3042), with no line terminators Hashad4d07dbd3084ed105c91cfa843b1b81 bb6e7f2a2943d59dea237b833a396a4be8396caa dc0439419585b4af231ad6d1bf66a13302b029e314e8f3b76e5ab02291fa9428
GET /TUJBczEsICIeDix/I1VEPy58VgMLZ3M1VX9zMwNaKjt5A1AlITRdUiEtNBdXPy0vBx8jJzVWAwsmIytBOhsWPn4LEHU7aQ8pFTV3NREZJlkPFxcpVBUDACdzKjYJMFkEBQchSSgDJgRwFQAuIHUMDwonYxwaBidGGAkDMl8GKhQrf3xzIjFzPgoUNkEaBhA6dQUXcDtzKg8bJ2cPBAUxBR4aBxd9CSUAPHILAwowVgQYAyFoDgQ5HHYVAxQyaSoDFzBWKhIAIUUbFzglaBsHAzZkG3MSMHcPERI2WjQQBzVVCyoqI3clFCciXQggFyZGOxRwF3geFmw5dBgUcTpzJhAQP3QDBRVCfwgacTljDwMmKXY6dwYrSzUBFCV7KREqNWMYKSk6YAwhCjtJdRUFG0UEEQUpaBsXDzhnJRAkK3BrKDIcXz1/NAdFCyYIAHsdJzcnAQ HTTP/1.1
Host: ativesathyas.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Fri, 03 May 2024 23:43:41 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ocbCgOw_KKyvKgNwKGpqf2e0PWmPRiObKfUr9OrgXkzPwcwcMITqUQ==
X-Firefox-Spdy: h2
|
|
| pogothere.xyz/asd100.bin | 104.21.24.208 | 200 OK | 192 kB |
IP104.21.24.208:443
CertificateIssuerGoogle Trust Services LLC Subjectpogothere.xyz Fingerprint34:D3:33:F8:49:E2:1E:3E:44:A8:5D:74:68:9C:B8:A0:D5:F8:DD:0B ValidityWed, 27 Mar 2024 02:15:30 GMT - Tue, 25 Jun 2024 02:15:29 GMT
Size192 kB (192134 bytes) Hashc88e66804fb48937b8beb3d6a37fae65 f942c9c02ecf31236401567c0feb97ccd0757adc 5da071aceb4769b5dcb7d5cb3883ba644deb693459ed219e2f0003ca608673da
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://zsexf.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2322
last-modified: Fri, 03 May 2024 23:04:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WE6UfjnIb8ibjYKjrCxgXBUBt45GJdiBr%2FWxGe51wp0yC9IuHBUHj3TSVyVsE9JfA%2FVEfa%2B4XQi%2BpXqltANOMRJOI2NJVZHmR1qygXdoLeagZX6QpJU2hZ1vhCMgDEUO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d5b2abb712a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail | 74.125.131.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail IP74.125.131.84:443
CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67 ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:1mBek0nnb_H6y8UsujgbX777MT-6Tw:ukEiaMoz2v1byuPP; Expires=Sun, 03-May-2026 23:43:41 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:43:41 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwBmyMCvY2frZbWipR92_rjlrrOjc9eovgCty29erJifCnZSLID47rHTkzf7wXfW6XNYn-30g
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-tCHa0eS_vKvSTnklLwRrVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube | 74.125.131.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube IP74.125.131.84:443
CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67 ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:kNa9n-7BAKamoCbth7QYVqPEMWH6yg:rO2bPkfl5Erkf9A0; Expires=Sun, 03-May-2026 23:43:41 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:43:41 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz038qT3hLcLFzwTzsUTgRxUOWw6zaUjkF8_stdMeN_Vl0dRRe2OT-goZIsy988-i3hWjGr8Q
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-CqHHiruLNNEsb-i8CNm4qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | 216.58.207.226 | 200 OK | 0 B |
URL HEAD HTTP/2pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP216.58.207.226:443
CertificateIssuerGoogle Trust Services LLC Subject*.g.doubleclick.net Fingerprint09:C3:90:43:D3:09:4E:26:62:79:17:6F:1D:33:E5:FA:DF:77:3E:7B ValidityTue, 16 Apr 2024 03:18:52 GMT - Tue, 09 Jul 2024 03:18:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Fri, 03 May 2024 23:43:41 GMT
expires: Fri, 03 May 2024 23:43:41 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 17214524835582719890
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51521
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwBmyMCvY2frZbWipR92_rjlrrOjc9eovgCty29erJifCnZSLID47rHTkzf7wXfW6XNYn-30g | 74.125.131.84 | 302 Found | 426 B |
URL GET HTTP/2accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwBmyMCvY2frZbWipR92_rjlrrOjc9eovgCty29erJifCnZSLID47rHTkzf7wXfW6XNYn-30g IP74.125.131.84:443
CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67 ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT
File typeHTML document, ASCII text, with very long lines (403) Hashb07bb1763c95109b10e3bd857b66ac2b 287f445ac38fe1f741b8dd7cd10d726c74079f2a 93e4fed7baf7990d8f518608c00f6231357fc1f273e5314b9b8a1205c3a2f5c7
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwBmyMCvY2frZbWipR92_rjlrrOjc9eovgCty29erJifCnZSLID47rHTkzf7wXfW6XNYn-30g HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:1xpjAb_uho3UiBOLfzqT_KaIWffxQw:-a4fNLzyRU9KTRJP;Path=/;Expires=Sun, 03-May-2026 23:43:41 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:43:41 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwyzr1fiV5XLN02YgS51jPUHuQEZA5AeC5iGuc2z4LBJJdk9gq0VHE9uqxGrcndudhGJ3u74Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-334730664%3A1714779821752183&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-gEchJN-EsBsT5iWUPxi-pw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 426
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz038qT3hLcLFzwTzsUTgRxUOWw6zaUjkF8_stdMeN_Vl0dRRe2OT-goZIsy988-i3hWjGr8Q | 74.125.131.84 | 302 Found | 431 B |
URL GET HTTP/2accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz038qT3hLcLFzwTzsUTgRxUOWw6zaUjkF8_stdMeN_Vl0dRRe2OT-goZIsy988-i3hWjGr8Q IP74.125.131.84:443
CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67 ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT
File typeHTML document, ASCII text, with very long lines (406) Hasha05061e89024b384298495d989bd1b3f d4f000ee30ae86839b6804831bf19a1790cc2850 5106cc04fb7dc26ab4ca5b6841b7ac175fd0db762380219a97ca8f9316b139e3
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz038qT3hLcLFzwTzsUTgRxUOWw6zaUjkF8_stdMeN_Vl0dRRe2OT-goZIsy988-i3hWjGr8Q HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:J8L0DzBrpJinzscvKxhdg3GfUaSFxA:KH7swgGIlnB9lSHr;Path=/;Expires=Sun, 03-May-2026 23:43:41 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:43:41 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzK_HoxCEJcb5lD9a6yNNowotbX9gqjou4FsPEjU-69zcTJODWMZFdbxO13qL6Wvty5kK42iQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S856129801%3A1714779821774148&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-xPlIZBI8tR1ZKkFFLi084A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 431
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| d21rpkgy8pahcu.cloudfront.net/dbXpwYWMOFR4HXBkTFFxSXUhBUVZeXAATBgtHChIGFRxeAgwAXBoSDAMKTRQXGTwUKBAnKhUXN11cBBsHUEpWDQIDHU1HBgMZTVBFDB4SXFdLDgAOCFAKCgIZBRYCFxoGXAUAXgAVCggPARtVUyVYVEBEUV1SCFBSSEkyRFFdFhkPFhVfQlEbVUwvV1dIST-JEUV0IBkRQLENGT1NEX0JRBAgZGw5GXzxCUVJdSkFRUkhIQAcKHx8WDhtISDZYVUNKVhReXA | 54.230.241.100 | | 480 B |
URL d21rpkgy8pahcu.cloudfront.net/dbXpwYWMOFR4HXBkTFFxSXUhBUVZeXAATBgtHChIGFRxeAgwAXBoSDAMKTRQXGTwUKBAnKhUXN11cBBsHUEpWDQIDHU1HBgMZTVBFDB4SXFdLDgAOCFAKCgIZBRYCFxoGXAUAXgAVCggPARtVUyVYVEBEUV1SCFBSSEkyRFFdFhkPFhVfQlEbVUwvV1dIST-JEUV0IBkRQLENGT1NEX0JRBAgZGw5GXzxCUVJdSkFRUkhIQAcKHx8WDhtISDZYVUNKVhReXA IP54.230.241.100:0
File typeASCII text, with very long lines (681), with no line terminators Hashf92e4d21c22ba0f9f36bf8285e3cbcc6 01c94b407517782ceb1820445a908f3a354d06e7 ebaa65591a4ddb0d626c6cc3478ad2b70586efdb7190788c9a9735592f67b695
GET /dbXpwYWMOFR4HXBkTFFxSXUhBUVZeXAATBgtHChIGFRxeAgwAXBoSDAMKTRQXGTwUKBAnKhUXN11cBBsHUEpWDQIDHU1HBgMZTVBFDB4SXFdLDgAOCFAKCgIZBRYCFxoGXAUAXgAVCggPARtVUyVYVEBEUV1SCFBSSEkyRFFdFhkPFhVfQlEbVUwvV1dIST-JEUV0IBkRQLENGT1NEX0JRBAgZGw5GXzxCUVJdSkFRUkhIQAcKHx8WDhtISDZYVUNKVhReXA HTTP/1.1
Host: d21rpkgy8pahcu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ativesathyas.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 480
date: Fri, 03 May 2024 23:43:41 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Yu8z385AQBiBkN5rDD_Bu_XA_hSQNzZU6-lgvYPyxcFXY35q1c8_kg==
X-Firefox-Spdy: h2
|
|
| downstairsnegotiatebarren.com/sfp.js | 188.114.97.1 | 200 OK | 28 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashf4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 97d7b9cb0e9ae0678ca22ecb152b64ec
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 03 May 2024 23:43:41 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Xvhl7k55jmITUjB2rTZwKmH4%2BtlywMSljDOw9v7VNU1JG682b0ye1gLpSF3HZEAXvGWQwYabPY9sEqtOFeTNMcPQwZaELoUCIps7iH%2Bf4CEYhWZfuuI2y1GBHALvq64hR9hKgMAT4oYHV57RrN7qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d5aea63b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| zsexf.com/wp-includes/images/w-logo-blue-white-bg.png | 188.114.96.1 | 200 OK | 4.1 kB |
URL GET HTTP/3zsexf.com/wp-includes/images/w-logo-blue-white-bg.png IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typePNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced Hash000bf649cc8f6bf27cfb04d1bcdcd3c7 d73d2f6d74ec6cdcbae07955592962e77d8ae814 6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/gSS1EM
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D; ab=2; sb_page_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_onpage_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_main_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_count_f348f1f4cb32736ea8b01bdf483d02ac=1; _ga_75C4L64NEB=GS1.1.1714779821.1.0.1714779821.0.0.0; _ga=GA1.1.122689552.1714779822; dom3ic8zudi28v8lr6fgphwffqoz0j6c=45802480-4502-442f-88fc-1c7defab388a%3A1%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:42 GMT
content-type: image/png
content-length: 4119
last-modified: Tue, 16 Nov 2021 00:04:01 GMT
etag: "1017-5d0dca9a37e40"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2698
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n2dXbSj6HjKeEQglefDyS95cW84NJKw9v%2FCCTQWJuWE4skdVKa5yJhhr%2FjPRAR891%2B%2Bu4v9XjlK1ji%2B7MtFAUMCDkt9viFMAMwFdVItuoqZB6qVVDKHX3aZiFH4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d612c4ab4f1-OSL
alt-svc: h3=":443"; ma=86400
|
|
| iresandal.info/popunder.gif | 104.21.40.187 | 200 OK | 206 kB |
URL GET HTTP/3iresandal.info/popunder.gif IP104.21.40.187:443
CertificateIssuerGoogle Trust Services LLC Subjectiresandal.info FingerprintD9:9E:21:6F:70:F4:90:F2:B5:4A:CC:E5:AB:CD:07:D7:A8:09:59:3A ValidityMon, 01 Apr 2024 07:01:50 GMT - Sun, 30 Jun 2024 07:01:49 GMT
File typeGIF image data, version 89a, 1 x 1 Size206 kB (205838 bytes) Hashae1f772215aa3dd37a730d09f4afe76a 75f6b21af7fd41d660713233bf1daf4b48d1152d a5175b7d66561fa86d849323ce9540de126105291cfc51f6a4ed30db09c978e3
GET /popunder.gif HTTP/1.1
Host: iresandal.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:42 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 271906
last-modified: Tue, 30 Apr 2024 20:11:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AduBkoRGRYmhVYYR%2FZiEJ6PaEmdXLFKaNH2iUvu5xK%2B8TDL%2FAzxpMl4GZjingkK5GKQgWUP1b%2BntoSeRQ8TanRXGq3Yb5wMh6GL9btBwB29%2F8r6PYHCGX%2FwZ%2FOTKthWmbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d606f2056a8-OSL
alt-svc: h3=":443"; ma=86400
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwyzr1fiV5XLN02YgS51jPUHuQEZA5AeC5iGuc2z4LBJJdk9gq0VHE9uqxGrcndudhGJ3u74Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-334730664%3A1714779821752183&theme=mn&ddm=0 | 74.125.131.84 | 403 Forbidden | 1.3 kB |
URL GET HTTP/3accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwyzr1fiV5XLN02YgS51jPUHuQEZA5AeC5iGuc2z4LBJJdk9gq0VHE9uqxGrcndudhGJ3u74Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-334730664%3A1714779821752183&theme=mn&ddm=0 IP74.125.131.84:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typegzip compressed data, max compression Hashd2359b44bdb394204a04428aa0bbe012 587a8a5d417df238659e8527ed89a5ee173a3a75 b036b917747f338d9a8571df834b42242a26c90f6b2b5cf62e60e126776846e7
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwyzr1fiV5XLN02YgS51jPUHuQEZA5AeC5iGuc2z4LBJJdk9gq0VHE9uqxGrcndudhGJ3u74Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-334730664%3A1714779821752183&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:43:42 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: script-src 'nonce-fKvWYv2SYEDnF665z-nZXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| dudleynutmeg.com/sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&psid=CF-3448_1 | 192.243.61.227 | 200 OK | 7.8 kB |
URL GET HTTP/1.1dudleynutmeg.com/sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&psid=CF-3448_1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
Hash2476a2da20f57e674a3952dc7b30d511 21fac391cff16b9b6303444470b10a3540a8226a 134644354807ed1c2f5e64a94ab888e2689717abe3d4b48358070f795a20367c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&psid=CF-3448_1 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:42 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zsexf.com
Access-Control-Allow-Origin: https://zsexf.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22256744; expires=Sat, 04 May 2024 23:43:42 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 04 May 2024 23:43:42 GMT; secure; SameSite=None
uncs=1; expires=Sat, 04 May 2024 23:43:42 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 04 May 2024 23:43:42 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 04 May 2024 23:43:42 GMT; secure; SameSite=None
slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]; expires=Fri, 03 May 2024 23:43:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0023124581b0161f3b1128008ff3c560
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | 216.58.207.226 | 200 OK | 0 B |
URL HEAD HTTP/2pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP216.58.207.226:443
CertificateIssuerGoogle Trust Services LLC Subject*.g.doubleclick.net Fingerprint09:C3:90:43:D3:09:4E:26:62:79:17:6F:1D:33:E5:FA:DF:77:3E:7B ValidityTue, 16 Apr 2024 03:18:52 GMT - Tue, 09 Jul 2024 03:18:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Fri, 03 May 2024 23:43:42 GMT
expires: Fri, 03 May 2024 23:43:42 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 2725226783781222339
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51523
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| dudleynutmeg.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReuzp%2F%2F5EF22ZsIc1BQWCfdM5OeiXtY3N1EgnGzbhQFhaW6qnpSprqrqerqnuQUDCx7HLx4Een5Jtmwuqx68ebuMlkQDAgZTzmYq1dB2LPMbHDwQdV73%2Ftewffeq7sDd0YacPT0xvt6RypFFxbrfu2NT4LgSm1Npq5X63XCO2HrSs0Uby%2BFdf%2FN2ruCbemFhh%2F4fuAHtRVpRKx7CxMSMnu4FNSX%2FHqrUQ8WW%2BiZ%2F2LrPFjqgRdn5CIkH88%2F8y5BshHS5Icbwm7lOru8nDhFc21Q8MOP0q1UlymSWRgbD3F6eF4NbU9WHkOnB1O50MW%2FhZEcE%2B%2BXx4jSw3ORiIr9qc5IQaSI%2BEsoixGEGkHSEZjeg%2BQnBGAcN9eRJvdvalPS7RcsnbBjMv%2F8b8hyTOb%2FuIQ0eXRNyV5tQyuXS51a9OIKsjeC7I6QuSPkO3OQ5RFY%2FgUk%2F40sPF9DmuyvW6UheTXtXcoRZDyCEn1Q68FNjvTgYg8u85Dw0xoLgqDtc0b9zhJjTd4WUcj9gLbjgAZ%2B2IFjE3l95FkfTPXBzC4ys4st2YdxT2E3K1juweZj4n2wi4JXKAVBaQlKSlBKgjInKIvqgCvbsNV9rqyLgnPfOPfNaqjz7oAe6LwrUgJq%2BjC8GmRn5MJkPt7G15vYEqe1uNnqxEHcYlGz0W6GgnYiP4h43Oo0ud%2BgDFY%2BuL7yVrPV6twJIO3ctPcdOSb1119DJsdk%2Fpu7iOgRrDoCkxdA3augZQW6WWEn%2Fd5lsVTCOqNsnekEXFfI8v8j3%2FYG6oy8Mt3W%2Bp6DYMfk3MBMhcxU%2BFw%2BI%2Biqe8PbuiT7t3VpyY%2FrWS4TuUMnm9zIaS68b98T26U2fPWG7T94h02ISfjwQ2HzNZpymXYt%2Be6a5FyYFW2YID%2Bv2o9FdMvZzWvOpC5bu3V9ZTXJjLBW6nQEKk%2BWvwKTY%2FLyk8%2BmX%2FTyp39CmhGMq5C4mVKpj8CyXdhslrOawKgZjjIPpauGphHNkkoSKDHDNKpgxfHVn5YHvz7du4hIHD%2F56wU3NHTymspqYO%2Bha%2BZA8z2kSYXCVChUBar6sO5%2Fwzwzx1d%2Fb04NkZobRsrM7UfKqC%2BnQ55cOaw8rbWbTZ%2BGS4tBu01FO2o1OnEYcEobrbARhrSJ3I7jxeLRPwAAAP%2F%2FAQAA%2F%2F9qPi%2FtfAQAAA%3D%3D | 192.243.61.227 | 200 OK | 7 B |
URL GET HTTP/1.1dudleynutmeg.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReuzp%2F%2F5EF22ZsIc1BQWCfdM5OeiXtY3N1EgnGzbhQFhaW6qnpSprqrqerqnuQUDCx7HLx4Een5Jtmwuqx68ebuMlkQDAgZTzmYq1dB2LPMbHDwQdV73%2Ftewffeq7sDd0YacPT0xvt6RypFFxbrfu2NT4LgSm1Npq5X63XCO2HrSs0Uby%2BFdf%2FN2ruCbemFhh%2F4fuAHtRVpRKx7CxMSMnu4FNSX%2FHqrUQ8WW%2BiZ%2F2LrPFjqgRdn5CIkH88%2F8y5BshHS5Icbwm7lOru8nDhFc21Q8MOP0q1UlymSWRgbD3F6eF4NbU9WHkOnB1O50MW%2FhZEcE%2B%2BXx4jSw3ORiIr9qc5IQaSI%2BEsoixGEGkHSEZjeg%2BQnBGAcN9eRJvdvalPS7RcsnbBjMv%2F8b8hyTOb%2FuIQ0eXRNyV5tQyuXS51a9OIKsjeC7I6QuSPkO3OQ5RFY%2FgUk%2F40sPF9DmuyvW6UheTXtXcoRZDyCEn1Q68FNjvTgYg8u85Dw0xoLgqDtc0b9zhJjTd4WUcj9gLbjgAZ%2B2IFjE3l95FkfTPXBzC4ys4st2YdxT2E3K1juweZj4n2wi4JXKAVBaQlKSlBKgjInKIvqgCvbsNV9rqyLgnPfOPfNaqjz7oAe6LwrUgJq%2BjC8GmRn5MJkPt7G15vYEqe1uNnqxEHcYlGz0W6GgnYiP4h43Oo0ud%2BgDFY%2BuL7yVrPV6twJIO3ctPcdOSb1119DJsdk%2Fpu7iOgRrDoCkxdA3augZQW6WWEn%2Fd5lsVTCOqNsnekEXFfI8v8j3%2FYG6oy8Mt3W%2Bp6DYMfk3MBMhcxU%2BFw%2BI%2Biqe8PbuiT7t3VpyY%2FrWS4TuUMnm9zIaS68b98T26U2fPWG7T94h02ISfjwQ2HzNZpymXYt%2Be6a5FyYFW2YID%2Bv2o9FdMvZzWvOpC5bu3V9ZTXJjLBW6nQEKk%2BWvwKTY%2FLyk8%2BmX%2FTyp39CmhGMq5C4mVKpj8CyXdhslrOawKgZjjIPpauGphHNkkoSKDHDNKpgxfHVn5YHvz7du4hIHD%2F56wU3NHTymspqYO%2Bha%2BZA8z2kSYXCVChUBar6sO5%2Fwzwzx1d%2Fb04NkZobRsrM7UfKqC%2BnQ55cOaw8rbWbTZ%2BGS4tBu01FO2o1OnEYcEobrbARhrSJ3I7jxeLRPwAAAP%2F%2FAQAA%2F%2F9qPi%2FtfAQAAA%3D%3D IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReuzp%2F%2F5EF22ZsIc1BQWCfdM5OeiXtY3N1EgnGzbhQFhaW6qnpSprqrqerqnuQUDCx7HLx4Een5Jtmwuqx68ebuMlkQDAgZTzmYq1dB2LPMbHDwQdV73%2Ftewffeq7sDd0YacPT0xvt6RypFFxbrfu2NT4LgSm1Npq5X63XCO2HrSs0Uby%2BFdf%2FN2ruCbemFhh%2F4fuAHtRVpRKx7CxMSMnu4FNSX%2FHqrUQ8WW%2BiZ%2F2LrPFjqgRdn5CIkH88%2F8y5BshHS5Icbwm7lOru8nDhFc21Q8MOP0q1UlymSWRgbD3F6eF4NbU9WHkOnB1O50MW%2FhZEcE%2B%2BXx4jSw3ORiIr9qc5IQaSI%2BEsoixGEGkHSEZjeg%2BQnBGAcN9eRJvdvalPS7RcsnbBjMv%2F8b8hyTOb%2FuIQ0eXRNyV5tQyuXS51a9OIKsjeC7I6QuSPkO3OQ5RFY%2FgUk%2F40sPF9DmuyvW6UheTXtXcoRZDyCEn1Q68FNjvTgYg8u85Dw0xoLgqDtc0b9zhJjTd4WUcj9gLbjgAZ%2B2IFjE3l95FkfTPXBzC4ys4st2YdxT2E3K1juweZj4n2wi4JXKAVBaQlKSlBKgjInKIvqgCvbsNV9rqyLgnPfOPfNaqjz7oAe6LwrUgJq%2BjC8GmRn5MJkPt7G15vYEqe1uNnqxEHcYlGz0W6GgnYiP4h43Oo0ud%2BgDFY%2BuL7yVrPV6twJIO3ctPcdOSb1119DJsdk%2Fpu7iOgRrDoCkxdA3augZQW6WWEn%2Fd5lsVTCOqNsnekEXFfI8v8j3%2FYG6oy8Mt3W%2Bp6DYMfk3MBMhcxU%2BFw%2BI%2Biqe8PbuiT7t3VpyY%2FrWS4TuUMnm9zIaS68b98T26U2fPWG7T94h02ISfjwQ2HzNZpymXYt%2Be6a5FyYFW2YID%2Bv2o9FdMvZzWvOpC5bu3V9ZTXJjLBW6nQEKk%2BWvwKTY%2FLyk8%2BmX%2FTyp39CmhGMq5C4mVKpj8CyXdhslrOawKgZjjIPpauGphHNkkoSKDHDNKpgxfHVn5YHvz7du4hIHD%2F56wU3NHTymspqYO%2Bha%2BZA8z2kSYXCVChUBar6sO5%2Fwzwzx1d%2Fb04NkZobRsrM7UfKqC%2BnQ55cOaw8rbWbTZ%2BGS4tBu01FO2o1OnEYcEobrbARhrSJ3I7jxeLRPwAAAP%2F%2FAQAA%2F%2F9qPi%2FtfAQAAA%3D%3D HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: abca0539ae5e050eab08dad66fa5ff12
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/close.png | 104.21.70.253 | 200 OK | 6.0 kB |
URL GET HTTP/3cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/close.png IP104.21.70.253:443
CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typePNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced Hashc489ce2c491a22ee37a55e26a92dfd73 2fa588ab09e94dd902e5bd24b48f98ad1949c9d6 1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/notifications/gambling/unibet/social-box-confetti/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:43 GMT
content-type: image/png
content-length: 5982
last-modified: Fri, 02 Feb 2024 15:34:06 GMT
etag: "65bd0b6e-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 129420
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yh3E2SVWN3EGSj04Ra%2FYRJlEy9MZvNvXlcFomFUjt7FKwvrchtG6Wr6DqKjEWXiJCbuxX5tLh1Cc0XfKRxaKqrUzp905vw1aR2az%2Fo3%2Bxs4Xs%2BNG2ptwuc2hcsOJ394%2FlvC7Q2Kd0Oyj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d65eacc56ab-OSL
alt-svc: h3=":443"; ma=86400
|
|
| dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Findex.html&l=1738&fd=34 | 192.243.61.227 | 200 OK | 0 B |
URL GET HTTP/1.1dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Findex.html&l=1738&fd=34 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Findex.html&l=1738&fd=34 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/confetti.gif | 104.21.70.253 | 200 OK | 206 kB |
URL GET HTTP/3cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/confetti.gif IP104.21.70.253:443
CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeGIF image data, version 89a, 480 x 360 Size206 kB (206291 bytes) Hash0b33face774f2203446507ce5f075538 1dd3522529bce7739df0687f47f5bc84356698a0 ac345899461d5634d25c47281b10e3c1886abb33019e2ce8140573a79e9f52f2
GET /sb/notifications/gambling/unibet/social-box-confetti/1/img/confetti.gif HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:43 GMT
content-type: image/gif
content-length: 206291
last-modified: Fri, 02 Feb 2024 15:34:07 GMT
etag: "65bd0b6f-325d3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 129420
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wf5yBCYod9CUSq1zfXFlzDMvWXbxhsmoMbS7pFdD7yAr3FZ2fWYZLAeec9uS4q5OzMjrL6ebuE7hWX%2Fp3X28Slc3CynyCLO78UUsNKJD9L9ZY88uIHIfCHpjIMSmlbNXZ841gNb2K%2Bip"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d65eace56ab-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/logo.png | 104.21.70.253 | 200 OK | 44 kB |
URL GET HTTP/3cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/logo.png IP104.21.70.253:443
CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typePNG image data, 2038 x 728, 8-bit/color RGBA, non-interlaced Hash7385ff746ad38c8d244e3c5ee4a939a1 2bf171af67d57e5ed098473551ab9a4729051136 9d16ffd0a510eaf5e7a8509f0c02c7d26bc8b65675f2be5aba15d8094c00269a
GET /sb/notifications/gambling/unibet/social-box-confetti/1/img/logo.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:43 GMT
content-type: image/png
content-length: 43597
last-modified: Thu, 02 May 2024 09:37:49 GMT
etag: "66335eed-aa4d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 129420
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2B0SikRNuBhl13ukkduzS%2BRU8ZwCDZTPbXWsj9A9G9Twf7JKyBowsATzC3BndDX0MaIRx%2FYFRHuLmvLco03FrrtQoNWjfV3M2dnzzVFL65iCnrfUZDk4TAiofZL3Md8HCqyhOMANTKxu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d65fad156ab-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/css/style.css | 104.21.70.253 | 200 OK | 1.2 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/css/style.css IP104.21.70.253:443
CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash6e37e8eb72d0e626bd912db4993e9319 aa878bce133e5b09603e724a9c50b985ae5144f2 ab588d8a18e7730d63f5bd86c9ace0530bf35163dfae8ba6f221a93ff57c94cb
GET /sb/notifications/gambling/unibet/social-box-confetti/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:42 GMT
content-type: text/css
last-modified: Thu, 02 May 2024 09:36:08 GMT
etag: W/"66335e88-11de"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 118558
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0tQQHAN91ThUbN7t8WwMGad38wCEK1Cl3ToPuUMnSq2sf%2BOqpYyJJ3zsiSrhIQKU6EjoKyqTRdmM6vit6NI3iEaR1EJyencrpN2NzIQleTY6SE9PnDCD43UbyU9l9z4AQYU%2B1KqC60VI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d655fb57131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/js/script.js | 104.21.70.253 | 200 OK | 855 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/js/script.js IP104.21.70.253:443
CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash240731cf1c4b2bcad70c2365c2d81cbd 7604629159b8131ae062623e7971d51b6b223903 5ba205b36a8a1119104acfd210d008258b9de7a98b3efe25970c2a75053616a8
GET /sb/notifications/gambling/unibet/social-box-confetti/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:42 GMT
content-type: application/javascript
last-modified: Thu, 02 May 2024 09:40:33 GMT
etag: W/"66335f91-827"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 118558
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KhbU%2BSVr9EupJhR7Gb8KGPURYudon6t4pCfBq0k1DNAX7H1O2KpVdrRD69qriZvUrvXjtzY63m2vJ7yjriaIPVYanjAnI0JRWvbnN51%2F8GyQ4MjaG7TqVsiwYF59gaq1D9FB%2BhFnDsyp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d655fb67131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fstyle.css&l=4574&fd=44 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fstyle.css&l=4574&fd=44 IP172.240.108.68:443
CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fstyle.css&l=4574&fd=44 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| unseenreport.com/pxf.gif?uuid=45802480-4502-442f-88fc-1c7defab388a&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23 | 192.243.59.12 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=45802480-4502-442f-88fc-1c7defab388a&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23 IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=45802480-4502-442f-88fc-1c7defab388a&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 May 2024 23:43:43 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c79df6bba84efc9d820704b5b51a03d4
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 142.250.74.99 | 200 OK | 16 kB |
URL GET HTTP/3fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP142.250.74.99:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 06:08:19 GMT
expires: Sat, 03 May 2025 06:08:19 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 63324
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 142.250.74.99 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP142.250.74.99:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Apr 2024 10:46:32 GMT
expires: Wed, 30 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 305831
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| dudleynutmeg.com/8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js | 172.240.108.68 | 200 OK | 30 kB |
URL GET HTTP/1.1dudleynutmeg.com/8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js IP172.240.108.68:443
CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashd5163f4e9939fd4d2e1823f1130518b6 80d0845dcad2fdb3faa13f8d849bc4b8de645235 9eebcc1b82e441b7283cc672fa8470350b2fda8e38651e19f46e91012dfa7cee
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3345c4c8810d45d767757fabc1c0c5c3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| dudleynutmeg.com/pixel/sbs?c=1 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1dudleynutmeg.com/pixel/sbs?c=1 IP172.240.108.68:443
CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbs?c=1 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| dudleynutmeg.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2hc1Re%2BL7%2F8Vi6kpTsRZqGgUCfvzf%2FYRbF%2FIsXY1EZRUCj335tcc9%2B7j3vfnTfJKhgoXQ5u3Ii8%2BSZpqJaqG3e2ZVIQDAgZV1mYrVtB6FpmGhw8cO853%2FnOhe%2Bcc%2B8O%2FSmpwdOTa%2B%2BbbaU1XWpWw8obn0TRpcqqSn2%2F0u%2B07rQalyq29%2FZyqxq%2BWXlX8k2zVAujMIzCqLKirIxNf2lKQmUPl6Pqclht1KpRs4G%2B%2FS92PoCjAUTvlJyHEpPFZ8EFKD5GmvxwTbrN3GQXryde09xY9MTBR%2BlmaooUyTyMbYA4PTirhnHHK49h0v2ZXJjev4VMTUjwy2Ow9OBMJFhvb6aTacgUTLyEojeG1GMoOgY3u1DimABc4OYa0uT%2BTWMLuvWCpVN2Qhaf%2Fw1VTMjiHxeQJo%2BuaNWvrBvtc2VSh35cQvXHUN0xMn%2BIfHsBqjgEz7%2BAEr%2BRpeerSJO9NacNlChnvSs1horH0HIA6gL46VEBfBzAZwEScVLhURS1Q8Fp2FnmvC7akrVEGNF2HNEobHXg%2BVTeAHk2ANcDcLuDzO5gUw1g%2FVO4jRJOBHD5hAQf7KAnShSSoHAEBSUoFEGRExS9cl9oV3PlfaGdZ9GZr535ejkyeXdI903elSkBtQNYUQ6zU3JuOp9g%2FesNbMqTSlxvdOIobnBWr7XrLUk7LIyYiBudughrlMOpB1dX3qo3Gp07EZRbmPW%2BrSak%2BvpryNSELH5zF4wewulDcHUO1L8KWpSgGyW20%2B99FistnbfaVblJIEyJLP8%2F8q1gqE%2FJK7Ntre16SH5Ezgzclshsic%2FVM4Kuvje6bQqyd9sUjvy4luUqUdt0usn1nOYy%2BPY9uVUYK25cc4MH7%2FApMQ0ffihdvkpTodKuI99dUUJIu2Isl%2BTnG%2B5jyW55t3HF29Rnq7eurtxIMiudUyYdg6rj61%2BBqwl5%2Bclnsy968dM%2FoewY1pdI%2FFypMofg2Q5cNs85Q2D1HLMsQOHLka2xeVIrAi3nmLISTh5d%2Fun68Nenu%2BfB5NGTv15wI0unr6kqh%2B4eunYBNN9FmpTo2RI9XYLqAZz%2F3yjP7NHl3%2BszA9MLI6btwh7TVn85G%2FL0yuHUSaUeijaTsWwz2Wg2YskFazZZyGPO6qLT4cjdJG72Hv0DAAD%2F%2FwEAAP%2F%2F6ur6BXwEAAA%3D | 192.243.61.227 | 200 OK | 7 B |
URL GET HTTP/1.1dudleynutmeg.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2hc1Re%2BL7%2F8Vi6kpTsRZqGgUCfvzf%2FYRbF%2FIsXY1EZRUCj335tcc9%2B7j3vfnTfJKhgoXQ5u3Ii8%2BSZpqJaqG3e2ZVIQDAgZV1mYrVtB6FpmGhw8cO853%2FnOhe%2Bcc%2B8O%2FSmpwdOTa%2B%2BbbaU1XWpWw8obn0TRpcqqSn2%2F0u%2B07rQalyq29%2FZyqxq%2BWXlX8k2zVAujMIzCqLKirIxNf2lKQmUPl6Pqclht1KpRs4G%2B%2FS92PoCjAUTvlJyHEpPFZ8EFKD5GmvxwTbrN3GQXryde09xY9MTBR%2BlmaooUyTyMbYA4PTirhnHHK49h0v2ZXJjev4VMTUjwy2Ow9OBMJFhvb6aTacgUTLyEojeG1GMoOgY3u1DimABc4OYa0uT%2BTWMLuvWCpVN2Qhaf%2Fw1VTMjiHxeQJo%2BuaNWvrBvtc2VSh35cQvXHUN0xMn%2BIfHsBqjgEz7%2BAEr%2BRpeerSJO9NacNlChnvSs1horH0HIA6gL46VEBfBzAZwEScVLhURS1Q8Fp2FnmvC7akrVEGNF2HNEobHXg%2BVTeAHk2ANcDcLuDzO5gUw1g%2FVO4jRJOBHD5hAQf7KAnShSSoHAEBSUoFEGRExS9cl9oV3PlfaGdZ9GZr535ejkyeXdI903elSkBtQNYUQ6zU3JuOp9g%2FesNbMqTSlxvdOIobnBWr7XrLUk7LIyYiBudughrlMOpB1dX3qo3Gp07EZRbmPW%2BrSak%2BvpryNSELH5zF4wewulDcHUO1L8KWpSgGyW20%2B99FistnbfaVblJIEyJLP8%2F8q1gqE%2FJK7Ntre16SH5Ezgzclshsic%2FVM4Kuvje6bQqyd9sUjvy4luUqUdt0usn1nOYy%2BPY9uVUYK25cc4MH7%2FApMQ0ffihdvkpTodKuI99dUUJIu2Isl%2BTnG%2B5jyW55t3HF29Rnq7eurtxIMiudUyYdg6rj61%2BBqwl5%2Bclnsy968dM%2FoewY1pdI%2FFypMofg2Q5cNs85Q2D1HLMsQOHLka2xeVIrAi3nmLISTh5d%2Fun68Nenu%2BfB5NGTv15wI0unr6kqh%2B4eunYBNN9FmpTo2RI9XYLqAZz%2F3yjP7NHl3%2BszA9MLI6btwh7TVn85G%2FL0yuHUSaUeijaTsWwz2Wg2YskFazZZyGPO6qLT4cjdJG72Hv0DAAD%2F%2FwEAAP%2F%2F6ur6BXwEAAA%3D IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST2hc1Re%2BL7%2F8Vi6kpTsRZqGgUCfvzf%2FYRbF%2FIsXY1EZRUCj335tcc9%2B7j3vfnTfJKhgoXQ5u3Ii8%2BSZpqJaqG3e2ZVIQDAgZV1mYrVtB6FpmGhw8cO853%2FnOhe%2Bcc%2B8O%2FSmpwdOTa%2B%2BbbaU1XWpWw8obn0TRpcqqSn2%2F0u%2B07rQalyq29%2FZyqxq%2BWXlX8k2zVAujMIzCqLKirIxNf2lKQmUPl6Pqclht1KpRs4G%2B%2FS92PoCjAUTvlJyHEpPFZ8EFKD5GmvxwTbrN3GQXryde09xY9MTBR%2BlmaooUyTyMbYA4PTirhnHHK49h0v2ZXJjev4VMTUjwy2Ow9OBMJFhvb6aTacgUTLyEojeG1GMoOgY3u1DimABc4OYa0uT%2BTWMLuvWCpVN2Qhaf%2Fw1VTMjiHxeQJo%2BuaNWvrBvtc2VSh35cQvXHUN0xMn%2BIfHsBqjgEz7%2BAEr%2BRpeerSJO9NacNlChnvSs1horH0HIA6gL46VEBfBzAZwEScVLhURS1Q8Fp2FnmvC7akrVEGNF2HNEobHXg%2BVTeAHk2ANcDcLuDzO5gUw1g%2FVO4jRJOBHD5hAQf7KAnShSSoHAEBSUoFEGRExS9cl9oV3PlfaGdZ9GZr535ejkyeXdI903elSkBtQNYUQ6zU3JuOp9g%2FesNbMqTSlxvdOIobnBWr7XrLUk7LIyYiBudughrlMOpB1dX3qo3Gp07EZRbmPW%2BrSak%2BvpryNSELH5zF4wewulDcHUO1L8KWpSgGyW20%2B99FistnbfaVblJIEyJLP8%2F8q1gqE%2FJK7Ntre16SH5Ezgzclshsic%2FVM4Kuvje6bQqyd9sUjvy4luUqUdt0usn1nOYy%2BPY9uVUYK25cc4MH7%2FApMQ0ffihdvkpTodKuI99dUUJIu2Isl%2BTnG%2B5jyW55t3HF29Rnq7eurtxIMiudUyYdg6rj61%2BBqwl5%2Bclnsy968dM%2FoewY1pdI%2FFypMofg2Q5cNs85Q2D1HLMsQOHLka2xeVIrAi3nmLISTh5d%2Fun68Nenu%2BfB5NGTv15wI0unr6kqh%2B4eunYBNN9FmpTo2RI9XYLqAZz%2F3yjP7NHl3%2BszA9MLI6btwh7TVn85G%2FL0yuHUSaUeijaTsWwz2Wg2YskFazZZyGPO6qLT4cjdJG72Hv0DAAD%2F%2FwEAAP%2F%2F6ur6BXwEAAA%3D HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:43 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 00b5db76ca4cdb5284d5523aaee02bc7
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| zsexf.com/js/ads.js | 188.114.96.1 | 200 OK | 1.5 kB |
IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typeJavaScript source, ASCII text, with very long lines (1498), with no line terminators Hash4c46340e14f18a67fee668d9cf5f82d5 d0aa271a10e51424f6e5d1e0c6a8f40fc2216cd8 0eda9e41ed0b8d1f8bfa8c520ba784b53bca48a8536fb24e41dc1d0fe3c18c1d
GET /js/ads.js HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 08 Apr 2024 13:27:25 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
cf-cache-status: HIT
age: 285914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fpkn%2BdWED9NURKpz2MRHoVs0aTumHN%2ByUEAGO0moLpBV4eJkCuZdTHoGQOlP9vbfjfMiY7bz9a7wE7VryEipeEqeII%2Bwfbg65mEZ3eUWKAPEICJRb2TEDH%2B6cwU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d55cd67b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| zsexf.com/js/frontend.js?id=f7e07cec5812d52a9077 | 188.114.96.1 | 200 OK | 981 kB |
URL GET HTTP/3zsexf.com/js/frontend.js?id=f7e07cec5812d52a9077 IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
Size981 kB (980867 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/frontend.js?id=f7e07cec5812d52a9077 HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 08 Apr 2024 13:27:25 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
cf-cache-status: HIT
age: 285913
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zu7FPzvtkGujESekKCpCrH87ZdEquAiITg4sKPgTPfSMmXMVKGPFrZmV4allugCvNMosbgdAao50wGtNdIwdu4DSbUGPX1YY09Vuub4y45QIWi5dtlKapBc544o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d55cd69b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 254 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Size254 kB (254193 bytes) Hash61fdbf1941e80916b8f4962072d38efc a7b6c5baf37876635d7c19a34d7bc2ab451c292c de3b68445833c7898b29c7c7b844cc08b31d210210b2214bf7f9a0dd9daced02
GET /gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 03 May 2024 23:43:41 GMT
expires: Fri, 03 May 2024 23:43:41 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89734
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| live.demand.supply/up.js | 104.17.39.115 | 200 OK | 5.5 kB |
IP104.17.39.115:443
CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (5703), with no line terminators Hash45050d5dc9d131fc2638587091a7ef65 166051eb127dfb810a7d09feb5ba2df4a01613bc f4925789f31061c3496ec4c7acfc79ed2d6a8f6a1513bdfb4215b83b27794d58
GET /up.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 87e41d585ad256a2-OSL
cf-cache-status: HIT
age: 608
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
etag: W/"dbfb28e408f563c47c5a6f819ef24bd8-ssl-df"
link: <https://live.demand.supply/impl.v17.32.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v17-24-0/enNleGYuY29tLw==>; rel=preload; as=script
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cache-status: "Netlify Edge"; fwd=miss
cf-bgj: minify
cf-polished: origSize=5343
timing-allow-origin: *
x-nf-request-id: 01HWR9N3F30KS67B771J5SPTEE
set-cookie: __cf_bm=RJvtE9dKaXavNXI.EkyWR4CWjuwm6Iht9WTakq16OaA-1714779820-1.0.1.1-5_txhfFc1J9_.2Q.k_EVMd.h9ynjg6gT0tIZw2wODIYGKo9ipP2UEkQdqcfC..nnANrR2zgJ30ZCfQhEPoRK4A; path=/; expires=Sat, 04-May-24 00:13:40 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| zsexf.com/img/menu.svg | 188.114.96.1 | 200 OK | 1.8 kB |
IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typeSVG Scalable Vector Graphics image Hash384fec65fc108518c176b62a88b40a1f d6c42c0b2dbdfef2d8468fc91f6c5611596075ef 00e2d83eb75a29fcfbf8e8373352d2e566d143764ddc05d982f46c85bb58517f
GET /img/menu.svg HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Jan 2023 16:39:42 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
cf-cache-status: HIT
age: 277523
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sNrKuqYlGRK3VOXsnJ2QM5hioOg81nSdL5GRWmN8mqyjnMMrPj8VLXzxm0%2Ff9FFzdG%2FQ5TiLcvNI56nFQHnKeEEgNFaOauBACy8m8gRLsdhEkYkxQ1HnDldo%2F1M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d557d46b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=44 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=44 IP172.240.108.68:443
CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=44 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.106 | 200 OK | 7.0 kB |
URL GET HTTP/3fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.106:443
CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeASCII text, with very long lines (7193), with no line terminators Hash16b49a99486594c0b42d9bd7821deb2c 2fb46e5e86d6b37d4497cc04bfd89b3cb33a276a 3f3540952441e06ef81189cf63d46bac242804e386779dbb0cdd78ed10025c21
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 May 2024 23:43:43 GMT
date: Fri, 03 May 2024 23:43:43 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| zsexf.com/css/frontend.css?id=2396ffb76e738e465b53 | 188.114.96.1 | 200 OK | 260 kB |
URL GET HTTP/3zsexf.com/css/frontend.css?id=2396ffb76e738e465b53 IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
Size260 kB (260376 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /css/frontend.css?id=2396ffb76e738e465b53 HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: text/css
last-modified: Wed, 21 Dec 2022 18:47:00 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
cf-cache-status: HIT
age: 285914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FPODOGDBzQNYHnS%2FazIxI%2BN8gojLiSF7qSLEjv9K1mxRiEgOJ1NddLNgCYOS5BNUVgn2viQjGJyMooQKiKMi%2BRhTf0c1Eiqx9iidAxWcnP8nLsVgDOXjiXPjL94%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d557d43b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=UA-197252557-1 | 142.250.74.168 | 200 OK | 208 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=UA-197252557-1 IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Size208 kB (207550 bytes) Hash0cd81c08741231b7d8094949bfb66caf 4bdd839c9e21583e13d02e3278069f05008c0ce0 309e9545d3da1ad00508630709bb1b63cf91fbd82294eab9a0e2ce6499b458a5
GET /gtag/js?id=UA-197252557-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 03 May 2024 23:43:40 GMT
expires: Fri, 03 May 2024 23:43:40 GMT
cache-control: private, max-age=900
last-modified: Fri, 03 May 2024 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74666
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| zsexf.com/favicon.ico | 188.114.96.1 | 302 Found | 4.1 kB |
IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D; ab=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Fri, 03 May 2024 23:43:42 GMT
content-type: text/html; charset=UTF-8
location: https://zsexf.com/wp-includes/images/w-logo-blue-white-bg.png
x-powered-by: PHP/8.2.15
cf-edge-cache: cache,platform=wordpress
link: <https://zsexf.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bBZVGqkyiAHXHyj9DrvlgXvsDL%2BjVz%2FGinc%2BoxJtsdAvytWGDsqDFBKVCEL2jfWgZJxHzWge8sV2ViL5995GHzLp5z6BpZv1LurhxwCpkyTecLH4FTlOiY7jUJg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d5cf9a8b4f1-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.yourwebbars.com/sb/notifications/gambling/unibet/social-box-confetti/1/index.html | 104.26.7.19 | 200 OK | 1.7 kB |
URL GET HTTP/2cdn.yourwebbars.com/sb/notifications/gambling/unibet/social-box-confetti/1/index.html IP104.26.7.19:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint84:82:6E:35:03:D4:C4:FC:BA:08:CD:C8:E6:A3:97:A9:20:2F:F5:49 ValiditySun, 23 Jul 2023 00:00:00 GMT - Mon, 22 Jul 2024 23:59:59 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (1831), with no line terminators Hash510a07e6fe6490ab1e3a185f91481685 165f2215ae5425981596a4b0e643b632b7c4b5d3 ce00ef4159181eed94e01be3ee6cdad381fade7da0ed6814ee2c2d387689fb40
GET /sb/notifications/gambling/unibet/social-box-confetti/1/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:42 GMT
content-type: text/html
last-modified: Thu, 02 May 2024 09:41:58 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 33583
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bPC7YM3r%2BO7Cr7UEDR9Sk%2Bs3MmC%2F8hFeMUOHDYHu9uOy1%2FOsVhGBvC5HcvYmkz56EpfHmGTIh9MJP2btlr7xFSwFhF38kXssw%2BB5iJOel5Abztz%2BwZGqjeoCMDMgT6dn0Zj0V%2BY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d64bf1c7131-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| live.demand.supply/ds.2.html | 104.17.39.115 | 200 OK | 413 B |
URL GET HTTP/3live.demand.supply/ds.2.html IP104.17.39.115:443
CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (430), with no line terminators Hash68dce237203af5e16657b39e1f2e7b46 8084ece9e2500c1a0731aaf8f33290744b174b9c 8534d0076676e85517a298ded722e84bb64abf655fbc565588f76a7e26ad4680
GET /ds.2.html HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
cache-status: "Netlify Edge"; hit
strict-transport-security: max-age=31536000
timing-allow-origin: *
x-nf-request-id: 01HWN6NJYJEW7AMPRG1K1C5P4B
cf-cache-status: HIT
age: 277220
set-cookie: __cf_bm=0gsINVUTFnx4wZubJ7kdQV9_j_oIv9AebJnP_v5vM7o-1714779821-1.0.1.1-b5zie68egThPGAC7oYp4KVhKEpeV6GpxgWUPAPUsdFtiPc2K0.o7xBL9nWaGXl7BeUUnxfJD1JB3BSs.izbKPg; path=/; expires=Sat, 04-May-24 00:13:41 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d598e06569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzK_HoxCEJcb5lD9a6yNNowotbX9gqjou4FsPEjU-69zcTJODWMZFdbxO13qL6Wvty5kK42iQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S856129801%3A1714779821774148&theme=mn&ddm=0 | 74.125.131.84 | 403 Forbidden | 0 B |
URL GET HTTP/3accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzK_HoxCEJcb5lD9a6yNNowotbX9gqjou4FsPEjU-69zcTJODWMZFdbxO13qL6Wvty5kK42iQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S856129801%3A1714779821774148&theme=mn&ddm=0 IP74.125.131.84:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzK_HoxCEJcb5lD9a6yNNowotbX9gqjou4FsPEjU-69zcTJODWMZFdbxO13qL6Wvty5kK42iQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S856129801%3A1714779821774148&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 May 2024 23:43:42 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-29C0VybCHaB1AuShnkK9OQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| proftrafficcounter.com/stats | 52.29.105.35 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP52.29.105.35:443
CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash217141cadd12b9d4754149d5612d78aa cd6063d8b41a2e210cec4a33340b996ea557f1d2 5dfc472f66929db4439e599d3e4e741445cc27bc22047ec1351d181eeb5b1d24
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://zsexf.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=45802480-4502-442f-88fc-1c7defab388a:1:1; expires=Mon, 01 May 2034 23:43:41 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fjs%2Fscript.js&l=2042&fd=38 | 192.243.61.227 | 200 OK | 0 B |
URL GET HTTP/1.1dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fjs%2Fscript.js&l=2042&fd=38 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fjs%2Fscript.js&l=2042&fd=38 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210997,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 03 May 2024 23:43:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap | 142.250.74.106 | 200 OK | 19 kB |
URL GET HTTP/2fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap IP142.250.74.106:443
CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
Hashe9214a1167aa27518bc869450a50706d b5790e68611559bccd7a422ab3b63d4a9fa50c80 d2c53adf35264dffc9fb93e79e489fb00a10883c98108f57c0413a3c286fb4da
GET /css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 May 2024 23:43:40 GMT
date: Fri, 03 May 2024 23:43:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| pogothere.xyz/ | 104.21.24.208 | 200 OK | 27 B |
IP104.21.24.208:443
CertificateIssuerGoogle Trust Services LLC Subjectpogothere.xyz Fingerprint34:D3:33:F8:49:E2:1E:3E:44:A8:5D:74:68:9C:B8:A0:D5:F8:DD:0B ValidityWed, 27 Mar 2024 02:15:30 GMT - Tue, 25 Jun 2024 02:15:29 GMT
File typeASCII text, with no line terminators Hashee391c6d2d8eb57aff88bed4ad439294 e0024bade65911e7cbb723bd725c22df32d9fae7 5cd117f57a2875cf7a9e55dede4c4f664b6ace46891d71d2cdcea1b06589e0c7
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: text/plain
set-cookie: csu=1881742822836911@1@1714779821; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://zsexf.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bGVC6jG5jtBTf3eAkk6D0XuE65hu7bzAVmVfbrdos8D6yN36o0ZsCQF9nI%2BU98nLnLIHrCyFSQqqEMTuSovIGVOxF60v6%2FR%2B0JF7e4tRZIwr9qm17xr1DRThLRQ8fSth"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d5b4ace712a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| live.demand.supply/impl.v17.32.0.js | 104.17.39.115 | 200 OK | 91 kB |
URL GET HTTP/3live.demand.supply/impl.v17.32.0.js IP104.17.39.115:443
CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (23282) Hash3501fe52a8aeb0dc9b89aa1c12ea6e5a b6221b443437b86f096112d2ec77fab1975fd811 b77415363ffad60ce3f975e393d3ef44a47d8bddbec2f0a2f9f0e9587dd5c501
GET /impl.v17.32.0.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: __cf_bm=RJvtE9dKaXavNXI.EkyWR4CWjuwm6Iht9WTakq16OaA-1714779820-1.0.1.1-5_txhfFc1J9_.2Q.k_EVMd.h9ynjg6gT0tIZw2wODIYGKo9ipP2UEkQdqcfC..nnANrR2zgJ30ZCfQhEPoRK4A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:41 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=91396
access-control-allow-origin: *
cache-status: "Netlify Edge"; fwd=miss
etag: W/"b0ea5d9194ab3fdb131dbfcf767a3676-ssl-df"
strict-transport-security: max-age=31536000
timing-allow-origin: *
vary: Accept-Encoding
x-nf-request-id: 01HWAW44Z8KJM1G27JKQDGSW4N
cf-cache-status: HIT
age: 285970
server: cloudflare
cf-ray: 87e41d598e04569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/css/animate.css | 104.21.70.253 | 200 OK | 79 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/css/animate.css IP104.21.70.253:443
CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash5982c5377696d20476871062646b253f 8bf2c93fa9ccc908f7df0fb7abb911bbac3e4242 4e23a6449e6ef4614f0107cecf5c9eda75d2041c7c71f4a55d45f2a7e75450f4
GET /sb/notifications/gambling/unibet/social-box-confetti/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 May 2024 23:43:42 GMT
content-type: text/css
last-modified: Fri, 02 Feb 2024 15:34:04 GMT
etag: W/"65bd0b6c-13365"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 118558
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cf9f97PcIAuo8yY%2Bv0vsB6mWc7V%2F2AJoEjO%2Fc2r7IBZPkSaZEZ9h3WsLibAvtDnQq0br4ASYERaSyue5thfUXCyhtPHfghjcg%2B6myKs6o5K6hGZXlgbxnMVpI1MFQkNqL5BSdMRC2vrS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e41d655fb37131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| zsexf.com/img/logo.svg | 188.114.96.1 | 200 OK | 22 kB |
IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typeSVG Scalable Vector Graphics image Hash1e28749acbd90e7e99a883c1890327cd 638b4525d3f0ed776db136ca1025a8961f46c9e0 d526da1f4d4af45cefd2a0d140abec2beddc3150d13c47d3de893eaa278a369d
GET /img/logo.svg HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: image/svg+xml
last-modified: Fri, 08 Apr 2022 10:55:45 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
cf-cache-status: HIT
age: 271774
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qvf5bau8we3TAM%2FsRiQOiMRbk%2F8SUhi3LlQLmAK8ICbrJn6OwXhptd82xf2DFVK%2BqoFpKTrpX%2BCqNIMQE4UAvHy3hVqcjwkowNu%2BSSMp7ZzTzAdr6kn3Ohm95vY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d557d45b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit | 142.250.74.131 | 200 OK | 921 B |
URL GET HTTP/2www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit IP142.250.74.131:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc.google.com Fingerprint7C:B7:19:49:C1:10:A7:C1:57:8C:3C:B8:82:CC:C7:26:D1:7F:3A:39 ValidityTue, 16 Apr 2024 03:24:32 GMT - Tue, 09 Jul 2024 03:24:31 GMT
File typeJavaScript source, ASCII text, with very long lines (921), with no line terminators Hashb832740e618479615e7f4ec2d6d18e95 39e2c70fbc1164d6748e0314c36691c42245c53a 66b51ffa06c4662b57b6b492d53318ac5e672cd53f52ce08e2699325eb796414
GET /recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit HTTP/1.1
Host: www.recaptcha.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Fri, 03 May 2024 23:43:41 GMT
date: Fri, 03 May 2024 23:43:41 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| zsexf.com/gSS1EM?token=eyJpdiI6IndTS0I0MWNLZUh6YnNvSGg1Y0ZTcmc9PSIsInZhbHVlIjoiSEZKUDNFc2M2ZlFFbjNMcUxOcEhaUT09IiwibWFjIjoiNGVhMWM4OTg2ZWQyMjIyM2ZkZjc5YzNlZmEyOWE3N2E3YzIwZDBkMDdkNzMyMzg0MGRkMjlkYTg0NzA5MTZiOSIsInRhZyI6IiJ9 | 188.114.96.1 | 302 Found | 313 kB |
URL User Request GET HTTP/2zsexf.com/gSS1EM?token=eyJpdiI6IndTS0I0MWNLZUh6YnNvSGg1Y0ZTcmc9PSIsInZhbHVlIjoiSEZKUDNFc2M2ZlFFbjNMcUxOcEhaUT09IiwibWFjIjoiNGVhMWM4OTg2ZWQyMjIyM2ZkZjc5YzNlZmEyOWE3N2E3YzIwZDBkMDdkNzMyMzg0MGRkMjlkYTg0NzA5MTZiOSIsInRhZyI6IiJ9 IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
Size313 kB (312727 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /gSS1EM?token=eyJpdiI6IndTS0I0MWNLZUh6YnNvSGg1Y0ZTcmc9PSIsInZhbHVlIjoiSEZKUDNFc2M2ZlFFbjNMcUxOcEhaUT09IiwibWFjIjoiNGVhMWM4OTg2ZWQyMjIyM2ZkZjc5YzNlZmEyOWE3N2E3YzIwZDBkMDdkNzMyMzg0MGRkMjlkYTg0NzA5MTZiOSIsInRhZyI6IiJ9 HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 03 May 2024 23:43:38 GMT
content-type: text/html; charset=UTF-8
location: https://zsexf.com/gSS1EM
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IjdzbTBLbG1FUUZPOXRHbDVWc3N1ZkE9PSIsInZhbHVlIjoiNGdiLzRZdTFyLzFxdVV4TjVjdVRsQy9DcWhWbjRGMnR1eElRdlJJRmN2V1IxYTRmR2xYaDdIa25FWXg4OEFLZHJ2ZHNDNG83WWIyQ0hCckZFeHRpSFlWQ2ZXMFcrNWVqR0FORUhxdzB3STF0Tlh4RnhpVXhKQWYwZHNKaktZbnAiLCJtYWMiOiJjNzhkMzI0ODY3ZmY5NzY2Y2YyYmRiMWUxYmYwYzgzMzZiNWNiZmZkY2NhMjc3Mjk3NzE4NGIxZmJmNzBjZTc4IiwidGFnIjoiIn0%3D; expires=Fri, 10-May-2024 23:43:38 GMT; Max-Age=604800; path=/; samesite=lax
upfiles_session=eyJpdiI6ImNNK3VNRmVQT3Rya0MxZ1FTb0h0S3c9PSIsInZhbHVlIjoiVnNJaUJ1YWNoTlBwYmxZQ1o2RXBPQWloQ1NIWWFONU5ZZEpjUXV5T2ZvTlB4NWtBT21BT1FRa2NPZUtFMzlnTmlZejFCbm1ybW5vZHFob2E3T0gyenJqa1VmQmhzR05NVE42TVVKWVZ3aVZRcXY4T1dBaExqMS8xdStnaUc1SSsiLCJtYWMiOiIxZmQ5ZTVmZDljN2NkY2NhMGRhODM1ZjExNWRmYmQ2Yzc4MjIyNmRiMTc5YmIzNWIzYTQ5MzIwZDA4MzJlOWQxIiwidGFnIjoiIn0%3D; expires=Fri, 10-May-2024 23:43:38 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FoK62%2Be9WmR6uyZXRg91byPdAVw8RcyFYDWiGJnYDhO1qmdY3lcCCUnvx0BIzGHX2eJ1jhJj82jALwoLMmKZ%2BNIQfoGA4cTSnLkWLRA5QADaBZv%2BM1PH9L94kN4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d400f9256c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| zsexf.com/img/plane.svg | 188.114.96.1 | 200 OK | 684 B |
IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typeSVG Scalable Vector Graphics image Hash8e7c41bde9bc90def2171d239eb22f04 853c0fbf7ca55b313af83201d95d6f6f3d3225ba 9bc4e093793a06ba14d0505710aad5254212125573342fa92c228f873d05bfea
GET /img/plane.svg HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/gSS1EM
Cookie: XSRF-TOKEN=eyJpdiI6InJrOXZ3SnpKQlppenRIQ1RCRFlENnc9PSIsInZhbHVlIjoiRG5XTDh5OGVldWNITU4yWk5saUlsWDVVM0IrRGppR01VdE9OWXloNkFpTmc3aHFURGh5elNtbVV0VitTY08wbXcraUtqcVpac0xkQjBvZStaV2lWUWRSVlNrMjhmMmh6dHpMVDdORVE4ay8yR2ZZTmpTd3YwL0I5dWRVQmJ5Y0QiLCJtYWMiOiI2YjIzODA3MjI2MjBkNjZiNmEyNzc1ZGUzMTdjM2ZjYzJjYjFiY2JkMWZlYTU1Y2MxZTk1MmRhNTczY2FhYWQzIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkI1NFF1YUR4eXFZcGxoUHpSWk11SlE9PSIsInZhbHVlIjoiblJsT0VkbUhpamdmeTFaTEMzVnhGMlZoK1RGZ1h0dUk2V092TmFPak9veThCall4R0VmSk0xd2tUby92ajQrRjZabE5pdEo2TXdTZmJ0MlpxV0RENC9KOHh5UUt2a2dBWjBsTDNzckM4QnVBYkdKalptZE5BQXhQdVhlbks0RVgiLCJtYWMiOiJkMjdmM2YzNmQxNDhjZTdkOTQ5OWFjOGEyOWZkNjE2M2E3MWQ3MWNjMTRkZDQ4M2EzM2NjNzQwYTZlOTA4Yjg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 03 May 2024 23:43:40 GMT
content-type: image/svg+xml
last-modified: Fri, 13 Jan 2023 13:29:35 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
cf-cache-status: HIT
age: 277523
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PFVhNhQxEaxCdX%2Bi3MgdO1qEavKu1J3ju2seiwgv38knRhpSPkuXOQj%2F9rDOjvS45%2BpKiR3e2s9AXFo8SgZyKK44RZiisY7GRa%2F5jVpa0BavrsU2G9GwS1RFxaY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e41d55cd66b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js | 142.250.74.35 | 200 OK | 518 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP142.250.74.35:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeJavaScript source, ASCII text, with very long lines (631) Size518 kB (517649 bytes) Hashe2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:11 GMT
expires: Fri, 02 May 2025 01:56:11 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 164851
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|