Report - xf0.me/

Report Overview

Submitted URL
xf0.me/
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 20:27:04
Access
public
Website Title
Taurus Omar | Cybersecurity Researcher, Bug Bounty Hunter
Final URL
xf0.me/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
48

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xf0.me	unknown	2024-04-05	2024-04-05	2024-04-05	9.2 kB	1.5 MB	188.114.96.1
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-10	1.6 kB	32 kB	216.58.207.227
tally.so	429592	2020-08-06	2020-08-06	2024-05-09	12 kB	731 kB	188.114.97.1
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-09	445 B	73 kB	104.17.24.14
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	892 B	5.1 kB	142.250.74.106
plausible.io	48197	2018-12-30	2019-02-01	2024-05-10	461 B	704 B	194.242.11.186
o407628.ingest.sentry.io	unknown	2012-04-07	2023-05-19	2024-05-07	608 B	520 B	34.120.195.249

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed
2024-05-10	medium	tally.so	Sinkholed

ThreatFox

No alerts detected

JavaScript (24)

	URL	Size	First Seen	Last Seen
	tally.so/_next/static/chunks/198-a66de611c8fa52cb.js	19 kB	2024-01-26	2024-05-10
Pretty URL tally.so/_next/static/chunks/198-a66de611c8fa52cb.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 21:00:28 Last Seen2024-05-10 23:02:56 Times Seen28 Hash f9f1fe2b45037a13e10b1401513c1eb9 e80892169b593e7a95430b970f57681dc75945d3 888f722340f1f1813db10c9428c93e5c97b1b260706b26b050b035809c1a33e3 Loading...

	tally.so/_next/static/chunks/5376-e74a5370b39f7eb8.js	19 kB	2024-01-26	2024-05-10
Pretty URL tally.so/_next/static/chunks/5376-e74a5370b39f7eb8.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 21:00:27 Last Seen2024-05-10 23:02:58 Times Seen27 Hash 473168f3895884cec3d66d5fe0225749 3412cadf0636ce2e377430829a32209b9f2b4bbf 0decdb13b25aa179bbc55efed69b124c022284cb9919b37e71f54da4dfdcae13 Loading...

	tally.so/_next/static/chunks/8391-a5a30af02358c8f8.js	12 kB	2024-05-03	2024-05-10
Pretty URL tally.so/_next/static/chunks/8391-a5a30af02358c8f8.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 05:02:48 Last Seen2024-05-10 23:02:56 Times Seen4 Hash 238cfb01004fd13136561f8c0484b1bc 265cf20bbfb8e41c3885897049b2201d1cd674f4 24e46bf5d8aae1a7c05bc47623fd4a6f6a026931dfde1b3082f81521dd2b4ee7 Loading...

	xf0.me/	884 B	2024-05-10	2024-05-10
Pretty URL xf0.me/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 22:27:06 Last Seen2024-05-10 22:27:06 Times Seen1 Hash 5719da15ed6feac6a9a062f962907f17 c7f62a5d84af1e3d33012ea7c0265740f1392b3f a469ec07bae0b48da82ac7409361f2ead581b62c5ac701ed35ed0a46c0849d7e Loading...

	xf0.me/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-05-23
Pretty URL xf0.me/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-23 07:11:48 Times Seen58122 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	tally.so/_next/static/chunks/webpack-d9db3c465b3cf931.js	19 kB	2024-05-10	2024-05-10
Pretty URL tally.so/_next/static/chunks/webpack-d9db3c465b3cf931.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:56:52 Last Seen2024-05-10 23:02:59 Times Seen6 Hash bff479cff154610edef4f0b444b887f0 cdc3ba90cfda99087a6c3d77853f0e3495f4e9bc a7356c740f25f8797eea8a807c917e64e488a24062dc4204a78bf9b4cecd4982 Loading...

	tally.so/_next/static/chunks/framework-314c182fa7e2bf37.js	141 kB	2024-01-18	2024-05-20
Pretty URL tally.so/_next/static/chunks/framework-314c182fa7e2bf37.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-18 10:46:26 Last Seen2024-05-20 20:38:07 Times Seen171 Hash ca12f319f3862c6aa595ce4c0e8eb4d4 be9bdde9d64cd7d08615070413a7726ae17ddc90 fff0bdb3f70b85b820a949503a24610fb007cf4582f1e67f4835a14de511d50f Loading...

	tally.so/_next/static/chunks/main-b131b8188e1836d4.js	131 kB	2024-01-26	2024-05-10
Pretty URL tally.so/_next/static/chunks/main-b131b8188e1836d4.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 21:00:28 Last Seen2024-05-10 23:02:59 Times Seen27 Hash 4b1459cad85234b16f4aa0bf15dc8e47 f3386b732666262946beb82a960a85ffbf82fc14 834edf8e4fac61db80667a2aa7acf3c1ceaf453037072bea8f38c84c130af726 Loading...

	tally.so/_next/static/chunks/177-441380e846747cd9.js	33 kB	2024-01-26	2024-05-19
Pretty URL tally.so/_next/static/chunks/177-441380e846747cd9.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 21:00:28 Last Seen2024-05-19 13:24:14 Times Seen29 Hash 937be1f1f9607e7c75d98e4b2182e72f c1b858abc2168e136c65762d7c3aedcc4a153b0a 36e208d86c97ce72a4950fba6b07259ec3fbbca513387657719e6d39c010a165 Loading...

	tally.so/_next/static/chunks/4681-2a027613c47b8f3f.js	80 kB	2024-05-10	2024-05-10
Pretty URL tally.so/_next/static/chunks/4681-2a027613c47b8f3f.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:56:52 Last Seen2024-05-10 23:02:56 Times Seen3 Hash 84655e63fa1a5129c78d721b0bf0052f db83318e3fb90606dc9a4d101bda834535f85e93 812b2071654d3ab294df9fae8172c22d13401435680c254a8b77e2b7a646fb93 Loading...

	tally.so/_next/static/chunks/8789-9ee76d50b5e95a37.js	28 kB	2024-05-10	2024-05-10
Pretty URL tally.so/_next/static/chunks/8789-9ee76d50b5e95a37.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:56:52 Last Seen2024-05-10 23:02:56 Times Seen3 Hash 8d560594a8e5b6c4f097948a12876265 40832917c1ac6cebf9f1dd88c2fddff3e399390e 9542bf249dd1329dd4d851d204cea3743fbfa032118fa3ebb24ba3f908b596e2 Loading...

	tally.so/_next/static/chunks/7251.8c652d7c649d4c86.js	3.0 kB	2024-01-26	2024-05-10
Pretty URL tally.so/_next/static/chunks/7251.8c652d7c649d4c86.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 21:00:27 Last Seen2024-05-10 23:02:55 Times Seen12 Hash 10c211746ea87cfa1907ef3460395300 860f865685731d135be9d291c4d7dcae36d58a74 3c57e8b76e0692c3b7068869a37a3cee2dadc97dd7548ea59fbbaa2464f1e5f6 Loading...

	tally.so/_next/static/chunks/8318.5cc791f16c8e5589.js	4.7 kB	2024-03-07	2024-05-10
Pretty URL tally.so/_next/static/chunks/8318.5cc791f16c8e5589.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-07 12:54:24 Last Seen2024-05-10 22:27:06 Times Seen9 Hash f8b1d5bf22e7037bd42f59e0737a1e6c b228ebdeeeefeb3a7c474541df75c1207488e1f5 ea9d1c3251a14e9fa7888a68b021e4bd9f26a9735f44a477c8f6e14a36b8a2fe Loading...

	tally.so/_next/static/chunks/6464-9409142de250ca50.js	58 kB	2024-05-10	2024-05-10
Pretty URL tally.so/_next/static/chunks/6464-9409142de250ca50.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:56:53 Last Seen2024-05-10 23:02:56 Times Seen3 Hash b4cb348a67e974d94213bb82dc13f6e0 66d7b5f3d08015ad246004564f349a342cea67e1 85647d17821b4dc5197d13e502b3224bf3ec3db0c7c47c116e8514ae8950cd0d Loading...

	tally.so/_next/static/d-Jui6R-ZIYIYmtzQio1O/_buildManifest.js	7.4 kB	2024-05-10	2024-05-10
Pretty URL tally.so/_next/static/d-Jui6R-ZIYIYmtzQio1O/_buildManifest.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:56:53 Last Seen2024-05-10 23:02:56 Times Seen3 Hash 45f071a20b1ec0fa579ac5b9dcb2f149 2ed066517db0acacccadd5dff958126aa471d01b 54df48606791e61e6afc7e0aa39baf89e7045331a1630aaa4e5381dfd5f53ddf Loading...

	unknown	102 B	2023-03-13	2024-05-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 22:57:07 Last Seen2024-05-19 13:24:13 Times Seen57 Hash 9645f9857acd996c94860cb6f275fb79 9f95e97e9837d71e6c369926f8ea63b696bed389 5ee96e3c0096c85fa654830c29b1f83cec5f1c6de4a31694444d259650bf55fa Loading...

	tally.so/_next/static/chunks/pages/_app-df01ac0ae1b94297.js	274 kB	2024-05-10	2024-05-10
Pretty URL tally.so/_next/static/chunks/pages/_app-df01ac0ae1b94297.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:56:53 Last Seen2024-05-10 23:02:58 Times Seen4 Hash a088a2441d08f99e8dcb20b359289e5b 2c8f1cbb5b27f7e64298a83fcde3c24efa3d5f20 ca806b7a1518a75a8e2fc8d9b8cb5edfb5533fa6733b4c016bb82d47c2399ee0 Loading...

	tally.so/_next/static/chunks/60-dfa3f4dad8f6725c.js	87 kB	2024-05-10	2024-05-10
Pretty URL tally.so/_next/static/chunks/60-dfa3f4dad8f6725c.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:56:52 Last Seen2024-05-10 23:02:56 Times Seen3 Hash ad27167db860e59f37fb69bc13749b9e 3f107c9a4eb6ffd68e87e90661d74f74a21f9615 c53d61cf46bbdd2da5f4ccc8462b969c3c1749cb29b4f111df87e2402d086a8f Loading...

	tally.so/_next/static/chunks/9027-d3448e6225e526c4.js	5.0 kB	2024-04-17	2024-05-10
Pretty URL tally.so/_next/static/chunks/9027-d3448e6225e526c4.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 13:16:22 Last Seen2024-05-10 23:02:55 Times Seen7 Hash 7238a35fdc582b851c5b6f2f7f866da0 4988a10e31d2e6f68ee656e849604e32be744a9c d0dfb8bb58ae09d91b54ec424a5043bd6cd6736df3b5630560fe612a3d024e74 Loading...

	tally.so/_next/static/chunks/9402-0d895e200dcc4ec3.js	13 kB	2024-05-10	2024-05-19
Pretty URL tally.so/_next/static/chunks/9402-0d895e200dcc4ec3.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 22:27:06 Last Seen2024-05-19 13:24:14 Times Seen5 Hash 11bff21b1b0d5ad23663d9c1a422f346 044bb716c64e9f2689a32d614f96ff2200598861 def262ec678db4751efe0b47175c606e420c2ef77c8aa9d6cd9debdab9e0ba91 Loading...

	tally.so/_next/static/chunks/2595-553c7e250cfe9afd.js	30 kB	2024-04-17	2024-05-10
Pretty URL tally.so/_next/static/chunks/2595-553c7e250cfe9afd.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 13:16:22 Last Seen2024-05-10 23:02:56 Times Seen11 Hash 6f9fb27599a81dffe70110cf0a4e0aca 5efc866fadfd665ebd7b493c4a5316e915591364 f778dc00778e295e7b30b99a22d8fe99e64a65bb1a85f1e6b8713e4484fa954b Loading...

	tally.so/_next/static/chunks/7621-df73cfe9fad20d06.js	14 kB	2024-01-26	2024-05-10
Pretty URL tally.so/_next/static/chunks/7621-df73cfe9fad20d06.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 21:00:27 Last Seen2024-05-10 23:02:57 Times Seen28 Hash d6437cc767c044124da05bbc3261fd44 6ee9da9420d292966f72e209561d39288719a5b6 8885446126c8c4e06328fafecb2f35e7d056d71fb1851c3bd21b6aad621ebc02 Loading...

	tally.so/_next/static/chunks/pages/embed/%5Bid%5D-0079320d2db817f0.js	975 B	2024-05-10	2024-05-10
Pretty URL tally.so/_next/static/chunks/pages/embed/%5Bid%5D-0079320d2db817f0.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 22:27:06 Last Seen2024-05-10 23:02:58 Times Seen3 Hash 61d05ed9cb1479b12cf7170f4c8f4873 3f7f35bcdeea9a49b611c26d59289b7303c60012 0eca678327664e3e39d8c0a32836e8924789295c9f6ed94c252bdefffacd2dc9 Loading...

	tally.so/_next/static/d-Jui6R-ZIYIYmtzQio1O/_ssgManifest.js	77 B	2023-03-07	2024-05-23
Pretty URL tally.so/_next/static/d-Jui6R-ZIYIYmtzQio1O/_ssgManifest.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:02 Last Seen2024-05-23 06:59:10 Times Seen88048 Hash b6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Loading...

HTTP Transactions (54)

URL IP Response Size

xf0.me/avatar2.png

188.114.96.1

200 OK

157 kB

URL GET HTTP/3
xf0.me/avatar2.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
PNG image data, 446 x 559, 8-bit/color RGBA, non-interlaced
Size
157 kB (157182 bytes)
Hash
c4fcd37e666317ee1ad0eae06185f2f2
51368ab9491b76ccc2eb5e3b2aa80dfbb7f170db
876170262ba743c1d3f0899bd59426601ca2089f477db5b46a4daa670c2d394a

HTTP Headers

GET /avatar2.png HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/png
content-length: 157182
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "327f84adb95ccb484bcd3a6968583505"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Di1Ya2%2BUFAzDdCE1SX7WooTacucKicDKqZvyfc4zA2NvZlhpAUTPIMc2jXnSdPVnMe4fr67lVQQA00a9Axo4BJC9Y4J7qjetg98c5q1QDfCAwGoIO5dCSXg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 881caa54cb96b4f3-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/reconbulk.png

188.114.96.1

200 OK

117 kB

URL GET HTTP/3
xf0.me/reconbulk.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
PNG image data, 1188 x 500, 8-bit/color RGBA, non-interlaced
Size
117 kB (117410 bytes)
Hash
1b007e949b0d4e59bc736fbac8ea0df7
f93b8a3f85691072ef56671bee6e5a39b2604645
6df1baba9481919534608f3d16d0baa2ff1d8e8fcd71f3d61a483d199bba1dd1

HTTP Headers

GET /reconbulk.png HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/png
content-length: 117410
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "3965ac817376a197c28c7d3d9028847a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rh4mQ%2FQvPoC2ww99%2BXNWjbz831GThnr8mgDqNbsk93Eo1zg2K1uPE%2F4UKz%2BIzKj1QKFreyaKyT46QCkg7VQrnV4arQXx4D9c4axq9rjy9VXcTF99v63dHzU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 881caa54dbb3b4f3-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/bug1.png

188.114.96.1

200 OK

124 kB

URL GET HTTP/3
xf0.me/bug1.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
PNG image data, 1188 x 500, 8-bit/color RGBA, non-interlaced
Size
124 kB (124084 bytes)
Hash
2a42be22bf6dd4bd8364277f856c8203
f5f17b72d2e43a69be08e3661aebd93d8edb0f67
83a588b26c42b35da732d24a1c0cda2eb332e2180acdc4a6463a7c7157ed6cf1

HTTP Headers

GET /bug1.png HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/png
content-length: 124084
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "70c46a72109d21a02e978df3a8eabcd6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NWKH%2BfL%2BvC1MpXXOSQORHGuYSspyaZRA2Gi1xDIhhK97k6PHv2fE7uEI9TfdDTIOc2aKjPZaWdxgj8mt1lqHjr4PId8q6VrJT%2FbzyAExExqlAdGgncz4DdU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 881caa54dbb5b4f3-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/newsletter.svg

188.114.96.1

200 OK

793 B

URL GET HTTP/3
xf0.me/newsletter.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
gzip compressed data, from Unix
Size
793 B (793 bytes)
Hash
94753165d853ecde9b39a496756fef52
81fa6a3b0dd0ead51026f465277a33db3385cfa2
49bd638664a589542d313e523eb617e222426275ca8afd4dfcf3d987e85f9021

HTTP Headers

GET /newsletter.svg HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"0b6b3bdd75b0f8c2317acf5464e9912b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xAHoW%2B%2BbMB0zloFaXLDxilW3xn0AJ4lBn2kLszRQdIjcbytOnR1jaeHlugQ1vsrx%2F0pJezPCUSjujoyWjEmyb6HaoMRoogWR1DAH%2BfF92v1c%2B43R%2Fc3ZUgE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 881caa54dbc0b4f3-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/bug.svg

188.114.96.1

200 OK

5.0 kB

URL GET HTTP/3
xf0.me/bug.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
gzip compressed data, from Unix
Size
5.0 kB (4990 bytes)
Hash
8f296736fb1a0e0674d3cdfbf5667cb2
9b166ab00ee9f705260cb2e75e979f236f706619
7179e2b4bd22feeb2239b19910540181708274c6e138a87100141f7b064958bd

HTTP Headers

GET /bug.svg HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"e1ecdb7d3d204e256f014e7df5ce178d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7B15dao49eHzEmp4r7TbM9hPvN2U%2Fzqnn%2FqzCi%2FuwIOJ0SjpVKQYkbpK8%2F9%2Fr5BgKEtUo1LCS%2FCOcp0naONFLywPAz58tz4G2i3N%2F%2FlpYSdNz7moRo8sEks%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 881caa54dbbcb4f3-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/linkedin.svg

188.114.96.1

200 OK

873 B

URL GET HTTP/3
xf0.me/linkedin.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
gzip compressed data, from Unix
Size
873 B (873 bytes)
Hash
6aa1d4c690cce07b4ba7fab142f257ed
f16decd2b9a799f038170ab4a39cf7c8ff38abdc
22d27adac0bd804116f9a249c81fef647461326b839ea925ba422d1e6f20fea2

HTTP Headers

GET /linkedin.svg HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"84ae34bb9da74f7d8788876906c2fc59"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zogXcvYTemes2CR0vqFqiXsOYeabJCwOzeXsKiEsZRoT7V0vBXly3E9Tu0o8oE2Id1c%2BGW%2Bc2EAWKQK8AmyAuc%2B%2BTNtWUTr38XlPaTu9ZcYZXUzsbqga3dU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 881caa54dba4b4f3-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/x.svg

188.114.96.1

200 OK

801 B

URL GET HTTP/3
xf0.me/x.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
gzip compressed data, from Unix
Size
801 B (801 bytes)
Hash
0dba5d9683dd243ce440d97d19536207
10abae2ee92825d2f1a31b33f786155d8a4af6e8
c31e660df2de139f2fc3548ae17fd1bbc3cbb3ed90b2dc1aa9e217a98c51de39

HTTP Headers

GET /x.svg HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"8d0059cadb7f0f20527876525afd80ff"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ktTp7LWJNzo1PLMvyCU3i%2B%2Bnz3jbLALWWpvfKDEepRv2a6u5Fi8Jog8gU68UGU5YUuwbSVfX7V15mNz9BjI7Tn6WuQdvlgUG4Yebl0dfQSnJAoxpaPMxDJ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 881caa54dba2b4f3-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

216.58.207.227

200 OK

7.7 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7748, version 1.0
Size
7.7 kB (7748 bytes)
Hash
a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

HTTP Headers

GET /s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xf0.me
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 May 2024 03:25:26 GMT
expires: Wed, 07 May 2025 03:25:26 GMT
cache-control: public, max-age=31536000
age: 320472
last-modified: Fri, 22 Mar 2024 00:01:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xf0.me/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

188.114.96.1

200 OK

14 kB

URL GET HTTP/3
xf0.me/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
gzip compressed data, from Unix
Size
14 kB (14531 bytes)
Hash
00ce9a874fa86a8feed43cd8039d166a
0ddd83e858bf6f8a0fc93db624124b3d87283e22
460a5352d96383d1a1aa26d5cd8383417e50c801c22f5f0b71d15bdabfb662e8

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 09:31:53 GMT
etag: W/"663b4689-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2B8PWQ5dAf0geMEdNN8aFXIanR%2FNXx8QWWls97QqDIujDjcEOvIMefH7ERSOzzz0YPYvHsFZnOHiACiIMRUkZxVyoXup1P4d1lShzjvomDhtzvzD0R0XBo0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881caa54ebccb4f3-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sun, 12 May 2024 20:26:38 GMT
cache-control: max-age=172800, public
content-encoding: gzip

fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

216.58.207.227

200 OK

7.8 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7840, version 1.0
Size
7.8 kB (7840 bytes)
Hash
8d91ec1ca2d8b56640a47117e313a3e9
a9e9bafe64666f4595051a0e895b47a5fa39e67e
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

HTTP Headers

GET /s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xf0.me
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 05:07:49 GMT
expires: Sat, 10 May 2025 05:07:49 GMT
cache-control: public, max-age=31536000
age: 55129
last-modified: Fri, 22 Mar 2024 00:02:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xf0.me/avatar.png

188.114.96.1

200 OK

353 kB

URL GET HTTP/3
xf0.me/avatar.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
PNG image data, 786 x 984, 8-bit/color RGBA, non-interlaced
Size
353 kB (352919 bytes)
Hash
007c835efeb7e2a58fcb94fc3bd09667
6b4644595dec22468f6062179c034ffc170f5a81
3e9ed1e0afe088dc6e249b271b0c05661acf9f2f7a086a88dacc44d528867fc7

HTTP Headers

GET /avatar.png HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: image/png
content-length: 352919
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "fb1203f14cb4da98c25bb35869a85c2e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b%2Flme1UyLd3EArwrpHzA8nZAd%2Fp9cvWUqpRPVKaSlgn%2FtPvJDUZijv91nfzJc3WZzbAKSdwRp%2Fh3Qit6HYY8q3ABOvURX20by9YLN%2FjpvZKWMHfTYO17nQ0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 881caa54ebc4b4f3-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/favicon-16x16.png

188.114.96.1

200 OK

1.3 kB

URL GET HTTP/3
xf0.me/favicon-16x16.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.3 kB (1281 bytes)
Hash
7b3b5f02bc2a582e418e236b111daa4e
cfa7aebe5209e4d666eda45f14c38f84a5b99606
46429f7efb49e4a898270d70aca694b3b4c6fb3738a085aa391a02ce9c789501

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: image/png
content-length: 1281
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "714384072cc6325ce6336b138dcfbcda"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jjZginy4rsN4YKuoIXcuV6cy5DwWj5ayVNiT2pcIxdSnxsxaq%2F8TAIYfaIukmgd5Il9VHvyml1gvfat1AOqC3hwAy9ex8%2BWizcaIPCJo3j%2FQl8quhWiC2Hk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 881caa5a49f9b4f3-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/apple-touch-icon.png

188.114.96.1

200 OK

11 kB

URL GET HTTP/3
xf0.me/apple-touch-icon.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
11 kB (11237 bytes)
Hash
5d6e29fee9328222c8fb3fc8567380e2
fe6971dfa8e6b15940fd1c7cc0738bf984593a89
3fd6c747041ec2e424770c78dfbc565632770cfca514b5ee225a8d81859f6c1f

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: image/png
content-length: 11237
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "b3f68dfcbcdb761f697423852cc5cc1e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cGRbWK0J5SEeq%2B9%2BF5lwkx2hDmKTKAI5g3Zr7%2FnIC3GJBkhIFa8Dc8sHkS4lsYy3ifCmQ9L6WLrTNFDJFxb7OZW%2BJPM0QvcwW4KjZkulGyS0gSAKwwlmrfM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 881caa5a49f7b4f3-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/media/c9a5bc6a7c948fb0-s.p.woff2

188.114.97.1

200 OK

47 kB

URL GET HTTP/3
tally.so/_next/static/media/c9a5bc6a7c948fb0-s.p.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46552, version 1.0
Size
47 kB (46552 bytes)
Hash
74c3556b9dad12fb76f84af53ba69410
342edef074482299f72f8f7a8862e6f908bd4137
3bcf04ca301e44f13f404c8a04aa4ae707f67a950e12ef30c238f96e784266a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/media/c9a5bc6a7c948fb0-s.p.woff2 HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: font/woff2
content-length: 46552
cache-control: public, max-age=86400, stale-while-revalidate
access-control-allow-origin: *
last-modified: Wed, 08 May 2024 15:55:33 GMT
etag: W/"b5d8-18f58eac908"
x-cloud-trace-context: 28fc9f9a3c7e26002a1feb5d683fe265
cf-cache-status: HIT
age: 52496
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JQWPW%2BtYJwGMU2Hnl8Lxx7h8SBzoNcYRP8pKd%2BnVw3PmIIwP8Srl3pCAOV3tpSJBXCotTDbSJp%2B%2FYJh8ZKKHsuXVPWaerqYu%2ByELpLZ22qMyaVAmmf1euMkGCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881caa5b2ec60b4d-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/main-b131b8188e1836d4.js

188.114.97.1

200 OK

38 kB

URL GET HTTP/3
tally.so/_next/static/chunks/main-b131b8188e1836d4.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
gzip compressed data, from Unix
Size
38 kB (37506 bytes)
Hash
31caf612eaf7a887c9e6eabc402b460d
2d067a963b01a32853446266b462f4b123ce5919
72a48f15aa8eebbe8ba45f3ab7d9dc4e1e0b858c681e3a98985ce27446cf8319

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/main-b131b8188e1836d4.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 08:26:23 GMT
etag: W/"1fee0-18f0f368798"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 878917
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZlsAtAlBnOucy%2Bb26f9lHVF7r3FJ7TJCrL3w6p2e8YvzU%2BqkjWaF51rJOdinM7T%2FYmyEOFaaNq1MyubTXcjS0ZkU8zhy2UUmFgtr%2FjsmPZk4h%2Bjp9Yw88HWwXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5b9f280b4d-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/pages/_app-df01ac0ae1b94297.js

188.114.97.1

200 OK

88 kB

URL GET HTTP/3
tally.so/_next/static/chunks/pages/_app-df01ac0ae1b94297.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
gzip compressed data, from Unix
Size
88 kB (87982 bytes)
Hash
1e31d224e007ea4542280e7c71aab49a
3cb7a35bd002a98d9aa0a35fa620f7aafaa7e928
d8cf00f99f005b6daf72d50396e5d3be9688270135d9da932feda2c60f183dbb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/_app-df01ac0ae1b94297.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 10 May 2024 14:26:35 GMT
etag: W/"4302e-18f62e60d78"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 21308
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5E8FyJ7kU1QKx7xiP%2BFuR%2BhbImYfzT%2FleI9%2FmH9PufoRQTvjA5gL5Or3cfqrLrirm746G14bRT%2B%2BA%2FXbsyqm%2F9rIlNfqh2mZPBn7vURwDDT8b%2BLyQU84Trhb8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5b9f2a0b4d-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/5376-e74a5370b39f7eb8.js

188.114.97.1

200 OK

6.7 kB

URL GET HTTP/3
tally.so/_next/static/chunks/5376-e74a5370b39f7eb8.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
gzip compressed data, from Unix
Size
6.7 kB (6665 bytes)
Hash
fa4305e1571858e7256f41603ddfb303
6a2462ac988e0c65ebe6316344c2da4967f03842
1fa3e7c4f26bb8f7dd74d8a6baa696851ac79c1ad2de2722c1b35681b897ce96

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/5376-e74a5370b39f7eb8.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 08:26:23 GMT
etag: W/"4b9a-18f0f368798"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 874788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gRG763omwgHQ%2Fyzio2pog2SfuGyjGogzs6bVpS%2B%2FNR4pdPrYv%2FJa22l5e8huGqDY1Px9mhFd8Dv2KE51mD1BlLzaIlHH5cc2THAsG9tRHa2lrAxJ%2FjstszFEiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5bbf3f0b4d-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/4681-2a027613c47b8f3f.js

188.114.97.1

200 OK

20 kB

URL GET HTTP/3
tally.so/_next/static/chunks/4681-2a027613c47b8f3f.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
gzip compressed data, from Unix
Size
20 kB (20068 bytes)
Hash
ca55f9fe3663e9feebdfbca204aad3c8
8d665c96aad2b1c9bbd5203a7275289fc150421e
9dbe95200bab751b4a6b55295931aed7d51b6392ca3ad979851eeba3856cce73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/4681-2a027613c47b8f3f.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 07 May 2024 13:54:35 GMT
etag: W/"13664-18f5355ad78"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 282423
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NW4%2Fyjskfx6CERGywY6wtDsVeSuXQHMWYjzdpttwn573xofQwz4IdwRro8VyIC4EHU97%2FmX8luBLgoW9%2FK5DUPEVApM6RuIwL0EF2WdBf%2B3JgTUREG%2BIrJHkzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5bdf5e0b4d-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/coffe.svg

188.114.96.1

200 OK

1.3 kB

URL GET HTTP/3
xf0.me/coffe.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
gzip compressed data, from Unix
Size
1.3 kB (1310 bytes)
Hash
79a9acd5971befb7c2ea4e67f75c8cdb
a8b452b96cecad7d04ddd6ee90a6cbc68c006dc9
5c152107677037d10db1a6e4c10b9b235c96e2c0762a3269f096f587643c2a4d

HTTP Headers

GET /coffe.svg HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"5a5c447acabff627beb95b81649b16c8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jIi31nZPb8f1isFxsPqxBgMAg6jidxHD%2BHabqH6ScKdg0VIky7YoKCb1sdaJ6koU59Ajsrtm%2FFcj82t83pNVtnpjez7ZbmHoU4ESU5yJ5az1QDc0ujKgyDM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 881caa54dbb1b4f3-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/9027-d3448e6225e526c4.js

188.114.97.1

200 OK

7.5 kB

URL GET HTTP/3
tally.so/_next/static/chunks/9027-d3448e6225e526c4.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
gzip compressed data, from Unix
Size
7.5 kB (7506 bytes)
Hash
dd29c7521a695cefc21b4b6d3a5dbe9a
a6b57130226964a7ec593df46edf183b83687145
ad7e136621f893ac40b45c41d8ca83f92a7f15b50a793028b366fad941d352be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/9027-d3448e6225e526c4.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 08:26:23 GMT
etag: W/"1371-18f0f368798"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 870473
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k06pR3jp2tKUVIoK0%2BopxZjwnuJqFOjmMepRyFwFk5Xfub9CN%2FDoDpZiZ3mxlBnIUNDRgbc4IfebXLMfvJPf%2FgDh2lHEl037ZhPpeRsDwv3zQ%2F6vhNsGNCUpQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5bcf460b4d-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/d-Jui6R-ZIYIYmtzQio1O/_ssgManifest.js

188.114.97.1

200 OK

7.3 kB

URL GET HTTP/3
tally.so/_next/static/d-Jui6R-ZIYIYmtzQio1O/_ssgManifest.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
ASCII text, with no line terminators
Size
7.3 kB (7256 bytes)
Hash
b6652df95db52feb4daf4eca35380933
65451d110137761b318c82d9071c042db80c4036
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/d-Jui6R-ZIYIYmtzQio1O/_ssgManifest.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 10 May 2024 14:26:35 GMT
etag: W/"4d-18f62e60d78"
vary: Accept-Encoding
x-cloud-trace-context: 54247fb50112b55cfb30eb51f57d1a61
cf-cache-status: HIT
age: 21308
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kim1qoxh5PGB0otNn03X98iNzYBdgQgPHXEYnMM%2FkBlL3laqZmkSpTGfz7FK87HgnjdTzVXZyBAZtAF88HrxdjNpXaaomC4umZdoLdYTb3M0y0TFQf1n6xyQPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5bff780b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/177-441380e846747cd9.js

188.114.97.1

200 OK

18 kB

URL GET HTTP/3
tally.so/_next/static/chunks/177-441380e846747cd9.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
gzip compressed data, from Unix
Size
18 kB (18381 bytes)
Hash
10c35fe9e96896889f324a16327e576a
14a905a4c42b62a3d47ab5271a174f71d913504f
4c90d722ab8e6583bddb5c80846fffd620e424de8f3bab1d8950616d4cddedd1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/177-441380e846747cd9.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 08:26:23 GMT
etag: W/"7fba-18f0f368798"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 874788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Bqp95DymbVNWC6iRGBYPYcQrn%2F4Apq2HVWx%2F%2FU5%2FL677KZBzIF%2BA7eDScFAlyLvqMpiN4pXCtR1U2PvyCil9btLnRw3Z1BceBlrU0Ozx0Ngo87ntqSmHqyRVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5bbf410b4d-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css

104.17.24.14

200 OK

72 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65348)
Size
72 kB (71750 bytes)
Hash
c0be8e53226ac34833fd9b5dbc01ebc5
b81ef1b22de26af8a7a4656f565fbc91a69d7518
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f

HTTP Headers

GET /ajax/libs/animate.css/4.1.1/animate.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: text/css; charset=utf-8
content-length: 4216
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f5628a2-11846"
last-modified: Mon, 07 Sep 2020 12:33:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 227725
expires: Wed, 30 Apr 2025 20:26:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66%2FMaPnt2rF0fw8uoUIlHDVcISyef7uzezzPqFfwpLOId0fV5vQgG45lYDQTkho%2BqtNvL2spisr9NIzmVOaIcCKTWVghSdMHicFqsci%2F5VYaUowtv%2BPmOTEVoHJn7SZ2gWpQl7ya"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881caa56692156bd-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tally.so/_next/static/chunks/9402-0d895e200dcc4ec3.js

188.114.97.1

200 OK

13 kB

URL GET HTTP/3
tally.so/_next/static/chunks/9402-0d895e200dcc4ec3.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
JavaScript source, ASCII text, with very long lines (13189), with no line terminators
Size
13 kB (13189 bytes)
Hash
11bff21b1b0d5ad23663d9c1a422f346
044bb716c64e9f2689a32d614f96ff2200598861
def262ec678db4751efe0b47175c606e420c2ef77c8aa9d6cd9debdab9e0ba91

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/9402-0d895e200dcc4ec3.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 08:26:23 GMT
etag: W/"3385-18f0f368798"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 878884
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SvZ5H1c7HL6lispmBqtxd3FngNIIrmbMSbk4PXylVXQxFR9D9GiftNzSgvSIkci3HtS2ydTFddEnSKKBP9Acj3gvQd610ctiEBC4NfFNQqZ9ez3FWBADIEOjHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5bcf490b4d-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/notion.svg

188.114.96.1

200 OK

877 B

URL GET HTTP/3
xf0.me/notion.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
SVG Scalable Vector Graphics image
Size
877 B (877 bytes)
Hash
02c4fd75326effdfad8edab7359d806c
58903da96b83e85a54da0dbf985fa00fdce2e0dc
130953b0ac2b5718b7886e63cb1b72b1c3323f4ed345ed6dab69136e31d61b1c

HTTP Headers

GET /notion.svg HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"fe8dc6168ea732c8c77c53a6a79bfdba"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2FP8lmapruAWO0VFzOYUJpQVytQo79pwen6R0DapBBzyM2kTXGC9IUolZBPR9208sEGubxhWk6NIN73WNhvAPRy9U6a5eIAjVH4TZaN9PYtglPfOzaL5zlc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 881caa54dbafb4f3-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Poppins:wght@300;500&display=swap

142.250.74.106

200 OK

1.6 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Poppins:wght@300;500&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1614), with no line terminators
Size
1.6 kB (1578 bytes)
Hash
ee90111deadc99520ae0743cc8cbdfcf
2102eda9e10eed4652ede152ecc31fb197dc6fb1
d631491a5c0f4503d16ac70bbf6601ce61ae3c361fec6d95e3de1d44066644b9

HTTP Headers

GET /css2?family=Poppins:wght@300;500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 20:26:38 GMT
date: Fri, 10 May 2024 20:26:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

tally.so/_next/static/chunks/webpack-d9db3c465b3cf931.js

188.114.97.1

200 OK

19 kB

URL GET HTTP/3
tally.so/_next/static/chunks/webpack-d9db3c465b3cf931.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
JavaScript source, ASCII text, with very long lines (18637), with no line terminators
Size
19 kB (18637 bytes)
Hash
bff479cff154610edef4f0b444b887f0
cdc3ba90cfda99087a6c3d77853f0e3495f4e9bc
a7356c740f25f8797eea8a807c917e64e488a24062dc4204a78bf9b4cecd4982

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/webpack-d9db3c465b3cf931.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 10 May 2024 14:26:35 GMT
etag: W/"48cd-18f62e60d78"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 21308
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DMfGbhAKS%2BkmT7gLALHqnWMKI3YzWkFYDs3UWgXqmWb03AhAZnFJdl7ivhXrQydTDKsvEOmOUojUNQgWrrkZ1y%2BdxujzZLCu%2B782aSnAS37ei1cKTPBKIBs2mw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5b9f200b4d-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/7621-df73cfe9fad20d06.js

188.114.97.1

200 OK

14 kB

URL GET HTTP/3
tally.so/_next/static/chunks/7621-df73cfe9fad20d06.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
JavaScript source, ASCII text, with very long lines (14453), with no line terminators
Size
14 kB (14453 bytes)
Hash
d6437cc767c044124da05bbc3261fd44
6ee9da9420d292966f72e209561d39288719a5b6
8885446126c8c4e06328fafecb2f35e7d056d71fb1851c3bd21b6aad621ebc02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/7621-df73cfe9fad20d06.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 08:26:23 GMT
etag: W/"3875-18f0f368798"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 870473
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5cRVS0QDP731oBkOHMiB8NPRm7%2BdMXbmrt5INR05q1ZCZxkNaX1Qif6rVOHLXHVPrA0u%2BuFb8purEORoi1xD3hah9oWNYXOhJgeBRi09MYSRqyamfYtLhibf9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5bbf430b4d-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/6464-9409142de250ca50.js

188.114.97.1

200 OK

58 kB

URL GET HTTP/3
tally.so/_next/static/chunks/6464-9409142de250ca50.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type

Size
58 kB (57919 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/6464-9409142de250ca50.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 07 May 2024 13:54:35 GMT
etag: W/"e23f-18f5355ad78"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 282437
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XMKfVM8PaJKhyeCzb7FPJ68uGuiISoLhiUffG7kKRq%2BS8%2BXmxsiPJL106kZTPt2TmszP8fUXnFj%2F2Rw9uYLzNYnK14NJTfgSDgNKFbCnXzkCyZ0LI%2FYTyi3CSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5bdf540b4d-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/

188.114.96.1

200 OK

98 kB

URL User Request GET HTTP/2
xf0.me/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type

Size
98 kB (97652 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:26:37 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nE3ms9rHucTT%2FaoyfJbp%2Br8HNQPGOTR2cm8IU9UovW8nWKFniTDdYEvdrxClwiemo2M5Xl6rbYyO92Y9xP9I47vG5Ni8BwZx4I%2BGIDGuaodkMDYVbU1cwyU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 881caa507bacb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tally.so/_next/static/chunks/8318.5cc791f16c8e5589.js

188.114.97.1

200 OK

4.7 kB

URL GET HTTP/3
tally.so/_next/static/chunks/8318.5cc791f16c8e5589.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (4872), with no line terminators
Size
4.7 kB (4696 bytes)
Hash
0d82ee2166735cf6e43d3d166a811c0f
50537ba839fa835d4eea03dae7f87a70641447f6
0fe8537062aef57c18dffc0dfac432864c1665bb7e6499d86c60d4c08483d46e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/8318.5cc791f16c8e5589.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 08:26:23 GMT
etag: W/"1258-18f0f368798"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 878883
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ujBTNT10yr5NES5J2MeRRR8AcWgzyvkUgUsXR2n4C0ufhja5QFcPHlmXwyh6%2BzHGDqObirH6N1OZphQlMTgwfOrDA%2BzGbDdhtAWlsbf6hO4AdjGG6sqhVyDULQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5d989e0b4d-OSL
alt-svc: h3=":443"; ma=86400

plausible.io/api/event

194.242.11.186

202 Accepted

2 B

URL POST HTTP/2
plausible.io/api/event
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerLet's Encrypt
Subjectplausible.io
FingerprintAD:0F:7D:DD:AB:46:B3:42:B1:97:57:A4:EB:88:19:D6:08:6A:AD:65
ValidityTue, 23 Apr 2024 07:08:31 GMT - Mon, 22 Jul 2024 07:08:30 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /api/event HTTP/1.1
Host: plausible.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 167
Origin: https://tally.so
DNT: 1
Connection: keep-alive
Referer: https://tally.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 202 Accepted
date: Fri, 10 May 2024 20:26:39 GMT
content-type: text/plain; charset=utf-8
content-length: 2
server: BunnyCDN-NO1-830
cdn-pullzone: 682664
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cdn-requestcountrycode: NO
access-control-allow-credentials: true
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000
cache-control: must-revalidate, max-age=0, private
application: 10.0.0.3
permissions-policy: interest-cohort=()
x-request-id: F846eQ3Au_JntakOYmsQ
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 202
cdn-cachedat: 05/10/2024 20:26:39
cdn-edgestorageid: 830
cdn-requestid: 48540df0221a32347589d1c704f34fab
X-Firefox-Spdy: h2

xf0.me/65ef2b0b5d919685.css

188.114.96.1

200 OK

605 kB

URL GET HTTP/3
xf0.me/65ef2b0b5d919685.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
ASCII text, with very long lines (65203)
Size
605 kB (605122 bytes)
Hash
ff57e21d2f425e946a6ff1e2a453848e
9e14c31c37e255be52edaa43705781e3c20d9f49
9892c5da636f508bdef3f854056618ea437caf14bb502f83954ef03fbd7a549e

HTTP Headers

GET /65ef2b0b5d919685.css HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"36a12ba4fb2bc797d1f9f9b29812f23f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3jTIorPcQAikIPIeiJundMVNSEaos1peeRN5SsRWEdjpVQvQk3RkQ5FCT3Z3o7XgZ1xRE7hkyEUPFdWUBFJxvZb37%2FahYOu43eJxMw1jGEdpGHUSIGC7XCE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 881caa54cb89b4f3-OSL
alt-svc: h3=":443"; ma=86400

o407628.ingest.sentry.io/api/5277002/envelope/?sentry_key=c17ee4982b124541ae255c0c2f93d48f&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.80.0

34.120.195.249

200 OK

2 B

URL POST HTTP/2
o407628.ingest.sentry.io/api/5277002/envelope/?sentry_key=c17ee4982b124541ae255c0c2f93d48f&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.80.0
IP
34.120.195.249:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerDigiCert Inc
Subjectingest.sentry.io
Fingerprint60:82:0B:58:64:CD:37:FD:3F:C0:84:4F:0B:69:CF:58:05:15:97:9A
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

POST /api/5277002/envelope/?sentry_key=c17ee4982b124541ae255c0c2f93d48f&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.80.0 HTTP/1.1
Host: o407628.ingest.sentry.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tally.so/
Content-Type: text/plain;charset=UTF-8
Content-Length: 448
Origin: https://tally.so
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/json
content-length: 2
access-control-allow-origin: *
vary: origin,access-control-request-method,access-control-request-headers
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/comfortaa/v45/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4VrMDrMfIA.woff2

216.58.207.227

200 OK

14 kB

URL GET HTTP/2
fonts.gstatic.com/s/comfortaa/v45/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4VrMDrMfIA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13876, version 1.0
Size
14 kB (13876 bytes)
Hash
5dfb950063bc50674e6fa2d253e35dca
dd29cf85f06ab010f99a0b822b085a748eedaa66
69baf07cacf1bac2b8daa8454b821c704446341bb188b49a346907803134fdcf

HTTP Headers

GET /s/comfortaa/v45/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4VrMDrMfIA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xf0.me
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13876
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 02:34:47 GMT
expires: Sat, 10 May 2025 02:34:47 GMT
cache-control: public, max-age=31536000
age: 64311
last-modified: Thu, 24 Aug 2023 20:50:20 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

tally.so/_next/static/chunks/60-dfa3f4dad8f6725c.js

188.114.97.1

200 OK

87 kB

URL GET HTTP/3
tally.so/_next/static/chunks/60-dfa3f4dad8f6725c.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type

Size
87 kB (87292 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/60-dfa3f4dad8f6725c.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 07 May 2024 13:54:35 GMT
etag: W/"154fc-18f5355ad78"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 282437
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6q0FD0F7zwbvFWirFgwkAgbtog6qW2YtVNDQldwxJbGchFSTzi97xlp6F%2Fzc3fClxo8MDc1Y90%2BIgg9tqB%2FLGhgWbXj23Y3fdkbeRExZz6v1Bykb77ARcIi5dw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5bbf3e0b4d-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/github.svg

188.114.96.1

200 OK

2.0 kB

URL GET HTTP/3
xf0.me/github.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
SVG XML document
Size
2.0 kB (2012 bytes)
Hash
4d3a736e6847db04db0ae36eb1f15110
b66d7e5072d3e4f95b38f41fc6ef3f490fbcb582
d04b8b926adc7778a10b4e4abbbe9a198988fd8c60cc7e8156e7b4f617a60366

HTTP Headers

GET /github.svg HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"e36bf8e7ebc25a16cc3d9afb16e6de0e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OY0TE7E0t%2FcN%2FQl6GHCTeacsj%2Bff8uj%2F0It8o%2F%2FqTbY7Ed%2F0e0vHlqUXVw1xBvPZoAuJoa3q4ub2whxsEEQPmWtPDP1sWAUERzNXxCHzqAQo4nWmVwdguCU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 881caa54cb9bb4f3-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/7251.8c652d7c649d4c86.js

188.114.97.1

200 OK

3.0 kB

URL GET HTTP/3
tally.so/_next/static/chunks/7251.8c652d7c649d4c86.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
JavaScript source, ASCII text, with very long lines (3088), with no line terminators
Size
3.0 kB (3019 bytes)
Hash
97062350a3a018b649212bc8df5dba73
2a51e76f4206a17c4fd327262117d72154d49b3e
49b4fff0a7f242e66284621ba0c0c549a29c4425f17070799da5a40f34ebccd8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/7251.8c652d7c649d4c86.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 08:26:23 GMT
etag: W/"bcb-18f0f368798"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 874776
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bmRKLnw3UMQNTD6TUmRVTPODOoRq%2Fq8ZcJj0gVZYvgBnPLhJV2asA%2FO3KbAm%2BvY%2BXRXWYuEqYFwURqHQeXxhwrzG1NdvyNhFdsaR2X%2B5td1JriAGjuqIa6oqWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5d88910b4d-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/8789-9ee76d50b5e95a37.js

188.114.97.1

200 OK

28 kB

URL GET HTTP/3
tally.so/_next/static/chunks/8789-9ee76d50b5e95a37.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type

Size
28 kB (28362 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/8789-9ee76d50b5e95a37.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 07 May 2024 13:54:35 GMT
etag: W/"6eca-18f5355ad78"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 282423
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uD7Hq1xvYe69WjGeki3QjIFzbfzFAsTvFMxNXmhxnw8QXNPtKIeJtkhq3u7CbURRlKvLt7KVzG%2B11ERmyrobdJ6pJJIayWcRwhsl3wTeqBVt59kMAh7cJiR02w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5bef690b4d-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/d-Jui6R-ZIYIYmtzQio1O/_buildManifest.js

188.114.97.1

200 OK

7.4 kB

URL GET HTTP/3
tally.so/_next/static/d-Jui6R-ZIYIYmtzQio1O/_buildManifest.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
ASCII text, with very long lines (7748), with no line terminators
Size
7.4 kB (7382 bytes)
Hash
2051601b439a8f33d84c947785422685
2c2dad62f5961d743737f09e62d8187d12151632
bf2ddafa70bac8f6fb542d66b4d1b4c948574441baf95585c5d5d0429b7ed109

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/d-Jui6R-ZIYIYmtzQio1O/_buildManifest.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 10 May 2024 14:26:35 GMT
etag: W/"1cd6-18f62e60d78"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 21293
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VcBNHO6TkNah%2B0SihGVdpcwg36qa%2FjoLOpQU%2BPaJgShmvAeQHBmYzAzljTlcrWpvUSHiZMD55VMZQTalfKvLG7i7jXuT8Fd8sgC7yM0RyJ3VUf45n9ysOvBHlg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5bef730b4d-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Comfortaa:wght@500&display=swap

142.250.74.106

200 OK

2.2 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Comfortaa:wght@500&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (2285), with no line terminators
Size
2.2 kB (2231 bytes)
Hash
05320213941ad5eacbe2bdb6f0d92283
7a1c5eac22dd30920dd3cf6ed7e2ddc28153e659
09a07446c0d57a2459c604634828233aa7f1dd18f72ed9c88085c276b408e65c

HTTP Headers

GET /css2?family=Comfortaa:wght@500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 20:26:38 GMT
date: Fri, 10 May 2024 20:26:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

tally.so/_next/static/css/35ecd37bad39778a.css

188.114.97.1

200 OK

6.3 kB

URL GET HTTP/3
tally.so/_next/static/css/35ecd37bad39778a.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
ASCII text, with very long lines (6294), with no line terminators
Size
6.3 kB (6270 bytes)
Hash
7e50ce3f0c1164309c9a72152c8e19ea
aff1940757fba3ce47c6178190b346c606c8106f
94494d9d864d861e5b0aa1e7c1aaf2ae20f2e823e6c29f8a52d9fb2a0a3a1ae4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/css/35ecd37bad39778a.css HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 08:26:23 GMT
etag: W/"187e-18f0f368798"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 864889
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ba%2FoIltW7DjXVCj%2Ftcd8NL1QZTADzKkyFBJjk5NhGA6%2FkqglC1D3q3lASljbnGdJsDO3q23Xp9pq0aXB8Lg2bW8%2BnNJPiNZWeWFZvdreLqI54B6AlEraZ4gnLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5b3ec70b4d-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/8391-a5a30af02358c8f8.js

188.114.97.1

200 OK

12 kB

URL GET HTTP/3
tally.so/_next/static/chunks/8391-a5a30af02358c8f8.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type

Size
12 kB (11900 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/8391-a5a30af02358c8f8.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 01 May 2024 12:26:42 GMT
etag: W/"2e7c-18f341f0fd0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 806147
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zf2VTcD0xwC1GpCMcjsji8aHuYuOyMcRFV2Na19jsbiXLbuAgmHzNYaEa8FXrjTBNr0kvpX4HOxTC%2Br30Obwa26biYDlmEksIEtkRwkM3yMcafvFqck2GUTFeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5bcf4d0b4d-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/2595-553c7e250cfe9afd.js

188.114.97.1

200 OK

30 kB

URL GET HTTP/3
tally.so/_next/static/chunks/2595-553c7e250cfe9afd.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
JavaScript source, ASCII text, with very long lines (30304), with no line terminators
Size
30 kB (30304 bytes)
Hash
6f9fb27599a81dffe70110cf0a4e0aca
5efc866fadfd665ebd7b493c4a5316e915591364
f778dc00778e295e7b30b99a22d8fe99e64a65bb1a85f1e6b8713e4484fa954b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2595-553c7e250cfe9afd.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 08:26:23 GMT
etag: W/"7660-18f0f368798"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 878917
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XmlXAtkLVqG7xydIeXyybSxCDF8LHBnf6XMuvi4QmyQgO0%2B50mUU24xKm8pgQ0i0PB9ZMaRPTYSH1f7%2BXQc3HgbkTK5RkEknmu%2F%2Br7%2BKptqQbfVPaiH37NCBPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5bcf510b4d-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/bugNoti.svg

188.114.96.1

200 OK

1.2 kB

URL GET HTTP/3
xf0.me/bugNoti.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1150 bytes)
Hash
1874d25795be0f0ca52ebe678efd2d6d
4c59761dc8f94400f9e8d16689aa5937befb23a0
fb7afeb322d73b9b93477f44db41705126750d006fea0e4af688cf30f35ce42f

HTTP Headers

GET /bugNoti.svg HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"a9bbac4f1fbb79af5c1da4c784ba03a6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mhgstk2RBAgspIZuXRf4ZKLNzc4DC3yhcIyzukJlGXnqfAJmcuHldRLTNjzkzlLBUlqFn2rMP6gOKLGlrx4JxkcV3zQCW4tuRyuVBzorvkwa%2FfHQ9ALEj2M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 881caa54dbbab4f3-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/pages/embed/%5Bid%5D-0079320d2db817f0.js

188.114.97.1

200 OK

975 B

URL GET HTTP/3
tally.so/_next/static/chunks/pages/embed/%5Bid%5D-0079320d2db817f0.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
ASCII text, with very long lines (987), with no line terminators
Size
975 B (975 bytes)
Hash
6eeafd422d7f4d5097bf5acc3c8c7c5e
c5553406e84aa3bead05241a242cdb65fc933823
5e0ce413f4844831985ffb34c5de5c864ea19c14553a483dba76e7a8b83179bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/embed/%5Bid%5D-0079320d2db817f0.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 07 May 2024 13:54:35 GMT
etag: W/"3cf-18f5355ad78"
vary: Accept-Encoding
x-cloud-trace-context: 62e68d1c1465cc7b04358b181b617d4a
cf-cache-status: HIT
age: 282422
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0%2FgDC1LV0Oouszc5W3M%2FEiHL8%2FvDv%2F65G14EEsRsjgpmtnkA2q8oCUm5NciJTGEhicHJsWFAvdLWXvN%2FHvX%2Bz4Ow%2F7rnqA9rgxgnB6GSW0QcaqSMDyvfJ0UMqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5bef720b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

xf0.me/coffe2.svg

188.114.96.1

200 OK

1.7 kB

URL GET HTTP/3
xf0.me/coffe2.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
SVG Scalable Vector Graphics image
Size
1.7 kB (1690 bytes)
Hash
7dfc151ac30d69dbeeaea2e98293952d
5c7ac0961ececd742652276944f69eeb70b3dcba
107775ed1005599eb6c534ca76d86b7a3ea23e8fc93bf9219e9ff9650fb98200

HTTP Headers

GET /coffe2.svg HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"45ed935e289831560ec10e6ab0c01417"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jarg8atovJgW606yPG3aMA0wt5y9n6%2BuIjVXbjpY%2BiE8tgWXrbsCIcxDeVmJIQzDl5gXrI9OaknwpFBhTWbx%2FbAXtR2JXVuEhc%2Fw5uc3UQl007oY9aH2e6g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 881caa54ebc9b4f3-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/198-a66de611c8fa52cb.js

188.114.97.1

200 OK

19 kB

URL GET HTTP/3
tally.so/_next/static/chunks/198-a66de611c8fa52cb.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
JavaScript source, ASCII text, with very long lines (10227)
Size
19 kB (19323 bytes)
Hash
f9f1fe2b45037a13e10b1401513c1eb9
e80892169b593e7a95430b970f57681dc75945d3
888f722340f1f1813db10c9428c93e5c97b1b260706b26b050b035809c1a33e3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/198-a66de611c8fa52cb.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 08:26:23 GMT
etag: W/"4b7b-18f0f368798"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 870473
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WYQKviRI9blozeVAJqRsbhp9wRPLwAjXXN9sI6g6cVZEZHNzaSf38eFCsUv8eXxA0Fg1zXOChGQo8pSm55UFGuN7J035l7zzJiNz%2Bs63eHvHHBpUSStXKbIL6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5baf2d0b4d-OSL
alt-svc: h3=":443"; ma=86400

tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1

188.114.97.1

200 OK

37 kB

URL GET HTTP/2
tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type

Size
37 kB (37176 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1 HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iPoIvz2ggN3cYS5iuPMaqx%2BA369jKtCvPROrUZINmbOFOELaBTon2xZKXc5AEX%2BG2vHLIBRVWmS0xxMDcUhLlChArrwGWriX%2BXC5I%2FXUzv%2FH%2BjLyRDZlxqsqYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa586e655685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xf0.me/email.svg

188.114.96.1

200 OK

728 B

URL GET HTTP/3
xf0.me/email.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
SVG XML document
Size
728 B (728 bytes)
Hash
be1925ffdc7c6d37c1fe9fd498bdcd52
4d5868bdc1ef7bb7558d465ef4f4f50ae4d68c67
a5ee5ea1cadef097a02f6d72d022063ab90b58bb0e3fc315c900da33481d73cb

HTTP Headers

GET /email.svg HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"58e5f702a5a91cef7d67935f1940f980"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dNSLA5XKPh4JWPQzi4vYgF1am6OQl6J1UGDSnr7mE0Dw2KEOvx65zp1DbDsMPXSeOxzP84y9sy0L9ZFy5JG9KlNRiQtpSqLpmb0yFF6aDavw46smhmiZsP4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 881caa54dbbdb4f3-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/skull.svg

188.114.96.1

200 OK

5.3 kB

URL GET HTTP/3
xf0.me/skull.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
SVG XML document
Size
5.3 kB (5334 bytes)
Hash
71a9a19bf7fdea3a44aeb515055406a4
bfac13bd45cff1e29739b43ca0fcc1e0e45a191e
011a0daaac2d6d9b38c71b88f47d8c0f1b3a10d8cd1e60f2596daf6d356bb6d5

HTTP Headers

GET /skull.svg HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"9995ade7b3328572b4df6b6128b0bb0e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q4K2ElHMkMAh0aLosUVxWlGhFTt5xH4ro2HTHbNoT9tD0RA%2BV2PFVxFAy%2BbbiSQsQdfNK7PitfLxwbX%2FBjhgXMPaQ64apocib1TJ6dZ3frUXyUJ%2Fa0K89Us%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 881caa54ebc5b4f3-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/youtube.svg

188.114.96.1

200 OK

764 B

URL GET HTTP/3
xf0.me/youtube.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
SVG Scalable Vector Graphics image
Size
764 B (764 bytes)
Hash
d05e7145224154715987292a3a7d10a3
ef8db8e8fe5023488770ede8c9e0764d43cd31ac
c434da6e102a167a91db7841dd84011694b3a13ad9026a91b42971b0535f9ba1

HTTP Headers

GET /youtube.svg HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"39b625e576e371ce0e7d34ba68e85b64"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SsPM%2BPUCc1xS7MT1jj%2FMGG6jlL%2B9SFLegCd%2BO6eub%2BvPimP0GrEtJfZSSe8AAFshnRInzB7bBGu%2BJMcd09B92u8bS1n4Ocz6W3HEzEw8PyiBaPvrtgwth6A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 881caa54dba6b4f3-OSL
alt-svc: h3=":443"; ma=86400

xf0.me/alert-svgrepo-com.svg

188.114.96.1

200 OK

1.2 kB

URL GET HTTP/3
xf0.me/alert-svgrepo-com.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xf0.me/
Certificate
IssuerGoogle Trust Services LLC
Subjectxf0.me
Fingerprint5E:25:42:8C:FA:D7:54:3C:18:80:43:A6:E8:DA:00:62:98:0D:E3:5E
ValidityFri, 05 Apr 2024 14:08:47 GMT - Thu, 04 Jul 2024 14:08:46 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1167 bytes)
Hash
5931cb9f996cf170039fc3958ad2a19a
83b6242dccd5590a4c18e8c5540d1b097bbddbbd
653d93bb93a7dc346f2f4a8f0683ea149207b585ef5ac5d6976aa47133ae9576

HTTP Headers

GET /alert-svgrepo-com.svg HTTP/1.1
Host: xf0.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xf0.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:38 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"5e387562ed3356bbcfa24d48f24fbcf2"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lf%2BZ5UsQEx1xTqbSSj%2FNTO08iMOG%2B0FnCwT6JULyMOG5clY5ChXtAUjKL6bIIRCfy85%2BR%2FW6Uuh5jBMz93R%2F%2Bu1FNVIr41KUVb6SOo6NmtOAXjfDB0034vQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 881caa54dbaab4f3-OSL
alt-svc: h3=":443"; ma=86400

tally.so/_next/static/chunks/framework-314c182fa7e2bf37.js

188.114.97.1

200 OK

141 kB

URL GET HTTP/3
tally.so/_next/static/chunks/framework-314c182fa7e2bf37.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Certificate
IssuerGoogle Trust Services LLC
Subjecttally.so
Fingerprint53:0A:04:22:C1:00:28:BE:81:A3:86:0F:27:E7:F0:7C:34:72:94:86
ValidityTue, 23 Apr 2024 21:02:13 GMT - Mon, 22 Jul 2024 21:02:12 GMT

File type
JavaScript source, ASCII text, with very long lines (65200)
Size
141 kB (141007 bytes)
Hash
ca12f319f3862c6aa595ce4c0e8eb4d4
be9bdde9d64cd7d08615070413a7726ae17ddc90
fff0bdb3f70b85b820a949503a24610fb007cf4582f1e67f4835a14de511d50f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/framework-314c182fa7e2bf37.js HTTP/1.1
Host: tally.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tally.so/embed/meMYPk?alignLeft=1&hideTitle=1&transparentBackground=1&dynamicHeight=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 20:26:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 08:26:23 GMT
etag: W/"226cf-18f0f368798"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 870473
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LV3%2Fs3p7z1sZzJT9MSGuh0mB4Gz9zGdaGCPHQr1xaVtN18oEu8maaXnu9wROJhNGEfvJ7tRkH5uS2nypDuLKDgrVTdnGCy4x5v0b3xsL1BoKMFF4T1x0wPsRhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881caa5b9f230b4d-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML