Report - track.fodirs.com/7c3defef-72ba-4485-a5f2-985f8b6d3740?creative_id=&campaign_id=641299&domain=manysex.com&price=$%2073.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla/5.0%20(Macintosh;%20U;%20Intel%20Mac%20OS%20X%2010_7_1%20rv:4.0;%20en-US)%20AppleWebKit/533.8.3%20(KHTML,%20like%20Gecko)%20Version/4.0%20Safari/533.8.3&web_push_id=&sub

Report Overview

Submitted URL
track.fodirs.com/7c3defef-72ba-4485-a5f2-985f8b6d3740?creative_id=&campaign_id=641299&domain=manysex.com&price=$%2073.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla/5.0%20(Macintosh;%20U;%20Intel%20Mac%20OS%20X%2010_7_1%20rv:4.0;%20en-US)%20AppleWebKit/533.8.3%20(KHTML,%20like%20Gecko)%20Version/4.0%20Safari/533.8.3&web_push_id=&sub_days=
IP
18.193.146.82
ASN
#16509 AMAZON-02
Submitted
2023-07-25 04:58:24
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
56

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gexind.xyz	unknown	unknown	2023-07-03	2023-07-25	36 kB	368 kB	164.90.204.4
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-07-24	2.0 kB	4.2 kB	142.250.74.3
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-07-24	1.1 kB	7.4 kB	142.250.74.67
translate.googleapis.com	1005	2005-01-25	2012-05-31	2023-07-24	1.7 kB	79 kB	216.58.211.10
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-07-24	449 B	4.2 kB	216.58.207.227
translate-pa.googleapis.com	1620	2005-01-25	2021-11-04	2023-07-24	526 B	2.3 kB	216.58.211.10
translate.google.com	1156	1997-09-15	2012-05-30	2023-07-24	446 B	88 kB	142.250.74.110
track.fodirs.com	unknown	2023-04-24	2023-04-24	2023-06-24	836 B	2.0 kB	18.193.146.82

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed
2023-07-25	medium	gexind.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	gexind.xyz/1Sh/landings/209605/1618996856/js/jquery.min6b42.js	87 kB	2023-03-07	2024-07-27
Pretty URL gexind.xyz/1Sh/landings/209605/1618996856/js/jquery.min6b42.js IP 164.90.204.4 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-07-27 01:23:33 Times Seen127317 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	gexind.xyz/1Sh/landings/209605/1618996856/js/js.cockie.min6b42.js	2.2 kB	2023-03-07	2024-07-27
Pretty URL gexind.xyz/1Sh/landings/209605/1618996856/js/js.cockie.min6b42.js IP 164.90.204.4 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:48 Last Seen2024-07-27 01:36:02 Times Seen762 Hash c9e9a54501fc6f6e8918b2c0f2a53981 3d530e6c830ccba6284e79c7245bb45d6f4f2197 491fdee141835401d29318ca584ac3e91a38c92d8694f26d90883bfc324ca454 Loading...

	gexind.xyz/1Sh/landings/209605/1618996856/js/translate6b42.js	1.2 kB	2023-03-07	2024-07-27
Pretty URL gexind.xyz/1Sh/landings/209605/1618996856/js/translate6b42.js IP 164.90.204.4 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:48 Last Seen2024-07-27 01:36:02 Times Seen833 Hash fcd546809170dd574eb37b989529f69a 2e227e144e3b4bd68064354d8a7fbc61125f624c 350baff99bbd3db6cdb8d741bc7f75fa333489ad5dcc641e2cfa0e11130e1920 Loading...

	gexind.xyz/1Sh/landings/209605/1618996856/js/interactive6b42.js	11 kB	2023-05-21	2023-09-10
Pretty URL gexind.xyz/1Sh/landings/209605/1618996856/js/interactive6b42.js IP 164.90.204.4 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-21 23:11:48 Last Seen2023-09-10 21:30:35 Times Seen5 Hash bb095e37cfd0a294021b3319e4d9c3d3 833f8570d12f6610c95354bff402c17c001e1589 9608b4961f81c8ac63d4222b83fa5452fc944eb66aba5e689c5738209319fe48 Loading...

	translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.w1r0dWuv2vk.O/d=1/exm=el_conf/ed=1/rs=AN8SPfrZpvoriJzjeLAGB4FmsXL0wWKPEA/m=el_main	217 kB	2023-07-24	2023-07-25
Pretty URL translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.w1r0dWuv2vk.O/d=1/exm=el_conf/ed=1/rs=AN8SPfrZpvoriJzjeLAGB4FmsXL0wWKPEA/m=el_main IP 216.58.211.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-24 21:53:31 Last Seen2023-07-25 22:03:16 Times Seen52 Hash be83d6b25a465336b3459ef42786a5e0 d7ac824a19da1841793f20be234dfd7f2738611f 02b2910e37e09614d954064833bbfddb7c0b8932e2546e59d29534c3b4ab8d90 Loading...

	gexind.xyz/1Sh/landings/209605/1618996856/js/main6b42.js	870 B	2023-03-07	2024-07-07
Pretty URL gexind.xyz/1Sh/landings/209605/1618996856/js/main6b42.js IP 164.90.204.4 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:41 Last Seen2024-07-07 10:03:04 Times Seen206 Hash f3d1a3ef75bc5fb650046e4046059020 e6fd3e861b9433207fa570140a008b3eccfecdae 4958d4f4f54691bc9324b844b5b94f2667b9e54d66ac3b0623d547cca2d6d7c9 Loading...

	gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=	509 B	2023-05-21	2023-11-05
Pretty URL gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days= IP 164.90.204.4 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-21 23:11:48 Last Seen2023-11-05 19:01:56 Times Seen6 Hash 39340ed980e518e463acdc15cbaf9838 ac99cd17ade64ca462572e738d0268412e92c5d1 c9152c86ec89b25480ded5b0ca68299feb51f8e51b7a32e321171e65d8dd5645 Loading...

	gexind.xyz/_/translate_http/_/js/k=translate_http.tr.no.w1r0dWuv2vk.O/d=1/rs=AN8SPfrZpvoriJzjeLAGB4FmsXL0wWKPEA/m=el_conf	87 kB	2023-07-25	2023-07-25
Pretty URL gexind.xyz/_/translate_http/_/js/k=translate_http.tr.no.w1r0dWuv2vk.O/d=1/rs=AN8SPfrZpvoriJzjeLAGB4FmsXL0wWKPEA/m=el_conf IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-25 06:27:59 Last Seen2023-07-25 06:58:31 Times Seen6 Hash 3c77706e518c4c252027fab91d601429 2ccc18eaa9f5ca701a1315e1184de905c1c69bc8 bfd05375b61beb035d19ff536752536ca4b7aa5b3c9a79e464ded89fcdcbc574 Loading...

HTTP Transactions (43)

URL IP Response Size

track.fodirs.com/7c3defef-72ba-4485-a5f2-985f8b6d3740?creative_id=&campaign_id=641299&domain=manysex.com&price=$%2073.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla/5.0%20(Macintosh;%20U;%20Intel%20Mac%20OS%20X%2010_7_1%20rv:4.0;%20en-US)%20AppleWebKit/533.8.3%20(KHTML,%20like%20Gecko)%20Version/4.0%20Safari/533.8.3&web_push_id=&sub_days=

18.193.146.82

302 Found

0 B

URL User Request GET HTTP/2
track.fodirs.com/7c3defef-72ba-4485-a5f2-985f8b6d3740?creative_id=&campaign_id=641299&domain=manysex.com&price=$%2073.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla/5.0%20(Macintosh;%20U;%20Intel%20Mac%20OS%20X%2010_7_1%20rv:4.0;%20en-US)%20AppleWebKit/533.8.3%20(KHTML,%20like%20Gecko)%20Version/4.0%20Safari/533.8.3&web_push_id=&sub_days=
IP
18.193.146.82:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjecttrack.fodirs.com
FingerprintBA:08:E0:8F:F8:42:24:0D:77:F6:E4:F1:A6:3C:FD:0C:52:17:D9:37
ValidityFri, 23 Jun 2023 05:50:42 GMT - Thu, 21 Sep 2023 05:50:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /7c3defef-72ba-4485-a5f2-985f8b6d3740?creative_id=&campaign_id=641299&domain=manysex.com&price=$%2073.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla/5.0%20(Macintosh;%20U;%20Intel%20Mac%20OS%20X%2010_7_1%20rv:4.0;%20en-US)%20AppleWebKit/533.8.3%20(KHTML,%20like%20Gecko)%20Version/4.0%20Safari/533.8.3&web_push_id=&sub_days= HTTP/1.1
Host: track.fodirs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Tue, 25 Jul 2023 04:58:05 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
pragma: no-cache
set-cookie: 7c3defef-72ba-4485-a5f2-985f8b6d3740-v4=1UJRcxCrGNih2XtvxHXW8gOyHGZBVFXBuiatlskYZYk; Max-Age=86400; Expires=Wed, 26-Jul-2023 04:58:05 GMT; Domain=track.fodirs.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=5JcfbaRFbvLDvoJd4HhI6OqMTtdQdLCIbHFhiiiUmgfbyg0mxLwdmherkvzJwmeAqucOYN1cy0vzc1bYJmpUCDrHK0Rsj_qliGPmVw9Kn_Durzfx2T3QugtuYxIo0ibFxPM5dzX1RM6ymk1JoRlKz622xN-Qv_E_vCfO_qGm6WhtF_TCG6IG5XoHIrtVT2hNQ8UOKUSfEt9QX_rKEBEIXwpgsJYsHb-7krJ1qcwZFRHou5WQVa89xePlr2tr2VEoymJVmW7V6ownWF5CIdsU1cTNdlYWH4coe8d3V4o51Bvs-K6_YCqSbv07RuNnpMRw3PBPBCNZ7lHlzoMhjgKLyhKs_Heh7vgCVVoIM9j4jvddUbPEym8RH2tJ2Ct3LZP0vqx3n02F4MV_ocotC7BURg4hE54DQw27Me5fs8OseCAflQogp14idC11D8wydNKn8DbJmg-uAHruSbSZDzoTLd2P1Q22U_cSs6ARG9Rc_KE; Max-Age=86400; Expires=Wed, 26-Jul-2023 04:58:05 GMT; Domain=track.fodirs.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

gexind.xyz/1Sh/landings/209605/1618996856/js/main6b42.js

164.90.204.4

200 OK

870 B

URL GET HTTP/2
gexind.xyz/1Sh/landings/209605/1618996856/js/main6b42.js
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
ASCII text
Size
870 B (870 bytes)
Hash
f3d1a3ef75bc5fb650046e4046059020
e6fd3e861b9433207fa570140a008b3eccfecdae
4958d4f4f54691bc9324b844b5b94f2667b9e54d66ac3b0623d547cca2d6d7c9

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/landings/209605/1618996856/js/main6b42.js HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: application/javascript
content-length: 870
last-modified: Wed, 16 Nov 2022 15:40:44 GMT
etag: "6375047c-366"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/avira-white.png

164.90.204.4

200 OK

59 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/avira-white.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced\012- data
Size
59 kB (59078 bytes)
Hash
15cac20be8d4fdd074e21a4a52604d2f
fd4c43583bec2c7bfae3cb9feb2699abbc50c578
d4ad291dfcf93d75db62260b5ba53ddda1f2a9c855a3019cf7ae52c3cd936739

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/avira-white.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 59078
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-e6c6"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/logo.jpg

164.90.204.4

200 OK

16 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/logo.jpg
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (15758 bytes)
Hash
dcbaba5ccd82fe6d02fd206a21683030
228eb47edeee4c4e17a564ff065174d9cdb221cf
bb32a46a1eb78c4ce7504b42c1b4b7d1cc615bbb901ce6fae0fc77acc7e8dcb2

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/logo.jpg HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/jpeg
content-length: 15758
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-3d8e"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/icons.png

164.90.204.4

200 OK

1.9 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/icons.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 124 x 22, 8-bit/color RGB, non-interlaced\012- data
Size
1.9 kB (1932 bytes)
Hash
32fded5a952e60a48a879e414c590f24
834e44460475c20ce9f4c801a4ccf53130749af3
d712d6bf38edf55c605c2a568ce2de1caae95d26b00c02c4f9a1eed6f370d76e

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/icons.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 1932
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-78c"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/menu1.png

164.90.204.4

200 OK

1.9 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/menu1.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 36 x 36, 8-bit/color RGB, non-interlaced\012- data
Size
1.9 kB (1920 bytes)
Hash
b2b98941a9fe6bbcb6745989b3289b1e
5fb8fce5934af6d3426a37eb58b9846fa80ead39
d9efcb7b0f632cb3d2650c0c676b3c758f00c52f5d1cc5e7963dd456aaa03833

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/menu1.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 1920
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-780"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/menu2.png

164.90.204.4

200 OK

1.7 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/menu2.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 36 x 36, 8-bit/color RGB, non-interlaced\012- data
Size
1.7 kB (1665 bytes)
Hash
bc32798c28d2145f979848809ba5f858
7bc0276cd56bf6463113a9c5d33ea9aacbdb5f51
7319ffc0fdb40740b07f1a286348fa0f29676127996481b6310f3dd7f322d4ee

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/menu2.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 1665
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-681"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/menu3.png

164.90.204.4

200 OK

1.5 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/menu3.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 36 x 36, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1483 bytes)
Hash
860d945f4bba4b150b4c6300bdd87527
4c3f11a2902bf437bb578871f7e27625f0ae6504
bdca8ddc4aaf7200e8c215c5eedeae489626d9df23313578ac0cfe45854ea0c8

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/menu3.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 1483
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-5cb"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/menu4.png

164.90.204.4

200 OK

1.8 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/menu4.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 36 x 36, 8-bit/color RGB, non-interlaced\012- data
Size
1.8 kB (1812 bytes)
Hash
7af58322b67083908a8519d74471f47d
256a9119feb235759cf98f211bc6398f58c4ee43
bfab83c5a6c9c62450668ba960527fc9b17ed316a52436f0f63fd1eedcd45a3d

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/menu4.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 1812
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-714"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/check.png

164.90.204.4

200 OK

1.9 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/check.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 35 x 34, 8-bit/color RGB, non-interlaced\012- data
Size
1.9 kB (1946 bytes)
Hash
1eab4e4fb7a147352b0027c0e4df1fe6
99e621180265541383f5c081cd6f7c77b7d21e0d
a66a5ce08b112086075a336e9f18d5cea683143b552a50641971ef00d3895207

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/check.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 1946
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-79a"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/icon1.png

164.90.204.4

200 OK

5.9 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/icon1.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 139 x 130, 8-bit/color RGB, non-interlaced\012- data
Size
5.9 kB (5928 bytes)
Hash
fa6582524d715994e9d9036eca9b034b
06cce1b23faba93959df12a9eccaa3d6f51341ce
cf05a371ab1261c3e1f2785e26c95cc5869b37de15c9d48206e78a58894a0cdc

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/icon1.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 5928
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-1728"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/info.png

164.90.204.4

200 OK

1.5 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/info.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 23 x 20, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1545 bytes)
Hash
7f7b44979afb15dfdc18e7d754c6d0f5
7426889578a3a6f20f620611f7ea8d4dadaf3b87
cb2eff4a1cf5f187eda87e71d6039f24af63844617a7f890070b9afd5c965a33

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/info.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 1545
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-609"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/icon2.png

164.90.204.4

200 OK

4.9 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/icon2.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 152 x 121, 8-bit/color RGB, non-interlaced\012- data
Size
4.9 kB (4856 bytes)
Hash
a0f86853c68b824dd5c15b0fae66fdfe
0c8ba75f1370ba3c10a309be4c1c96a5067c6098
f58fdb3b3ba6dc0943458179df29efb7201b84ff2edbf03d9ad5cb26c4e52917

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/icon2.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 4856
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-12f8"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/icon3.png

164.90.204.4

200 OK

5.9 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/icon3.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 137 x 131, 8-bit/color RGB, non-interlaced\012- data
Size
5.9 kB (5904 bytes)
Hash
8a07f71c9d0642e8b94bd2b9687c768f
fb2f6f1a6a421101a4b10c315f340d0565709abf
e77edd6c132664f48fb66468de2e1b5068d61e9f04e03d6a51668b14d00af0ed

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/icon3.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 5904
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-1710"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/icon-white.png

164.90.204.4

200 OK

2.4 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/icon-white.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 33 x 42, 8-bit/color RGBA, non-interlaced\012- data
Size
2.4 kB (2350 bytes)
Hash
f3714f02899353cb6c3b4dc7d223f74b
b5772266a87d7a8d8b5fd5fdaa34b0afcaf8c72c
8973d8cb17f938356a1421bc1e12eabc48a98231d2ebaf3fca0c04e60ed4f40e

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/icon-white.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 2350
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-92e"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/landings/209605/1618996856/images/cross.gif

164.90.204.4

200 OK

211 B

URL GET HTTP/2
gexind.xyz/1Sh/landings/209605/1618996856/images/cross.gif
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
GIF image data, version 89a, 29 x 29\012- data
Size
211 B (211 bytes)
Hash
45b0c8a1e52d91e8cf84eaf75ebca9a9
0e358b8571f9062dedfacd0c31d54179270153cd
4e635bdab7a300d0ccb5aac26b4610a07ee1b33643578c1a4308e677d7eb595d

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/landings/209605/1618996856/images/cross.gif HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/gif
content-length: 211
last-modified: Wed, 16 Nov 2022 15:40:44 GMT
etag: "6375047c-d3"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/landings/209605/1618996856/images/win_min.png

164.90.204.4

200 OK

128 B

URL GET HTTP/2
gexind.xyz/1Sh/landings/209605/1618996856/images/win_min.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Size
128 B (128 bytes)
Hash
0bb86caf792dd7d24731c18cd37bb68e
dda1e433a0eaf785b2aa2c6214d5e48cb82a3a25
2ac27821ba64d645f36e2ad197492d30c11b10a032cc474554679555f4604622

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/landings/209605/1618996856/images/win_min.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 128
last-modified: Wed, 16 Nov 2022 15:40:44 GMT
etag: "6375047c-80"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/landings/209605/1618996856/images/win_cls.png

164.90.204.4

200 OK

293 B

URL GET HTTP/2
gexind.xyz/1Sh/landings/209605/1618996856/images/win_cls.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Size
293 B (293 bytes)
Hash
9eb68d2ce05c151bda542a7a6356e22c
baeeefe4a7ac657c10a5f081841015de1bcf90dd
2d2b7040bc32b397c3c60d800de9aa7d86404f1874862eba61bdaa21f1523eb7

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/landings/209605/1618996856/images/win_cls.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 293
last-modified: Wed, 16 Nov 2022 15:40:44 GMT
etag: "6375047c-125"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/landings/209605/1618996856/images/ico_tray1.gif

164.90.204.4

200 OK

69 B

URL GET HTTP/2
gexind.xyz/1Sh/landings/209605/1618996856/images/ico_tray1.gif
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
GIF image data, version 89a, 16 x 16\012- data
Size
69 B (69 bytes)
Hash
3ae573d079dcd1d2da4086f2c0c72c45
e7c9dabec81379373476ed23168dcecb9b8c56aa
9cce08ab28e94790cf78c87e37f8690acbc6c535e4b43ae7b38506b94538e107

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/landings/209605/1618996856/images/ico_tray1.gif HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/gif
content-length: 69
last-modified: Wed, 16 Nov 2022 15:40:44 GMT
etag: "6375047c-45"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/landings/209605/1618996856/images/ico_tray2.gif

164.90.204.4

200 OK

377 B

URL GET HTTP/2
gexind.xyz/1Sh/landings/209605/1618996856/images/ico_tray2.gif
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
GIF image data, version 89a, 16 x 16\012- data
Size
377 B (377 bytes)
Hash
c10bdec858cb0cf9e6cc5865d5925746
697c095ed5509e5a5af0c5ebf2380662aeffc531
b65b47a79e32335d9ca35ff59c6975d2b5808f84da0db88d11ce777b33e72ad9

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/landings/209605/1618996856/images/ico_tray2.gif HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/gif
content-length: 377
last-modified: Wed, 16 Nov 2022 15:40:44 GMT
etag: "6375047c-179"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/landings/209605/1618996856/images/ico_tray3.gif

164.90.204.4

200 OK

234 B

URL GET HTTP/2
gexind.xyz/1Sh/landings/209605/1618996856/images/ico_tray3.gif
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
GIF image data, version 89a, 16 x 16\012- data
Size
234 B (234 bytes)
Hash
9ce99ec458daf212f9812a90f3fadd13
9e3041bc91b79a17b52e0fbb6c2d0e2f905d98a1
b0d335401c9fd5fac9991ec92edaf7865ff3a491ebe390120936c69796c3b753

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/landings/209605/1618996856/images/ico_tray3.gif HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/gif
content-length: 234
last-modified: Wed, 16 Nov 2022 15:40:44 GMT
etag: "6375047c-ea"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/landings/209605/1618996856/js/interactive6b42.js

164.90.204.4

200 OK

39 kB

URL GET HTTP/2
gexind.xyz/1Sh/landings/209605/1618996856/js/interactive6b42.js
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
gzip compressed data, from Unix\012- data
Size
39 kB (38590 bytes)
Hash
95706ad075e57597af44cbbb6c3d77fa
833a7757336cdafcec9e943ca0088d7928ba8a3d
7da47a8bf90b0eab441ec005faaf8424e2348fa41300dd44dda098d5ddc7d2db

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/landings/209605/1618996856/js/interactive6b42.js HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: application/javascript
last-modified: Fri, 21 Apr 2023 11:36:38 GMT
vary: Accept-Encoding
etag: W/"64427546-29dc"
content-encoding: gzip
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/avira-white.png

164.90.204.4

200 OK

59 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/avira-white.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced\012- data
Size
59 kB (59078 bytes)
Hash
15cac20be8d4fdd074e21a4a52604d2f
fd4c43583bec2c7bfae3cb9feb2699abbc50c578
d4ad291dfcf93d75db62260b5ba53ddda1f2a9c855a3019cf7ae52c3cd936739

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/avira-white.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 59078
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-e6c6"
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3fedfb2e42b134b492abc29fad3dec63
9a0b4a1110b9fbdad9159e9fa4fa665fe6a617af
a13f19cfbfe75a4665b0ab1d1c4609cbc310d949602947f638e8418c919d21a1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Jul 2023 04:58:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3fedfb2e42b134b492abc29fad3dec63
9a0b4a1110b9fbdad9159e9fa4fa665fe6a617af
a13f19cfbfe75a4665b0ab1d1c4609cbc310d949602947f638e8418c919d21a1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Jul 2023 04:58:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
87065e366313f67bf60db97e75c79555
b6d13ca1f4d0e2ffc262dd582063751d4f64a730
618d03e57dd48ea7f3826893bc460c3343323941cbfb99b99d1946551cad811e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Jul 2023 04:58:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/d=0/rs=AN8SPfrtPftKEg7PtUwWauRCo_c976LPSg/m=el_main_css

142.250.74.67

200 OK

4.0 kB

URL GET HTTP/2
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/d=0/rs=AN8SPfrtPftKEg7PtUwWauRCo_c976LPSg/m=el_main_css
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:3F:CA:7A:FE:77:59:2F:CF:86:70:50:3D:DE:2B:D1:95:8F:4C:BC
ValidityMon, 03 Jul 2023 08:23:57 GMT - Mon, 25 Sep 2023 08:23:56 GMT

File type
ASCII text, with very long lines (20367), with no line terminators
Size
4.0 kB (3984 bytes)
Hash
72d3a735ccca1027f6b3afba2c93e3a7
67f8eff8d17334c59c28fc1753bf451527c7490d
c8c845f55e2346b89894ce0df8185ee182359e096bf29987d5cf1f8a7391bef1

HTTP Headers

GET /_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/d=0/rs=AN8SPfrtPftKEg7PtUwWauRCo_c976LPSg/m=el_main_css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3984
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 24 Jul 2023 17:29:03 GMT
expires: Tue, 23 Jul 2024 17:29:03 GMT
cache-control: public, max-age=31536000
age: 41344
last-modified: Sat, 15 Jul 2023 01:09:03 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
87065e366313f67bf60db97e75c79555
b6d13ca1f4d0e2ffc262dd582063751d4f64a730
618d03e57dd48ea7f3826893bc460c3343323941cbfb99b99d1946551cad811e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Jul 2023 04:58:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
990b23435d3a3ecc3d909b22f1b96362
c0a7e80613ff7fc3c718e80cbc5de056bc19a58e
d78eeae503a424a5d40c66c160bda8f2592d8ac4487cadad9a4890ed9af612d5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Jul 2023 04:58:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.w1r0dWuv2vk.O/d=1/exm=el_conf/ed=1/rs=AN8SPfrZpvoriJzjeLAGB4FmsXL0wWKPEA/m=el_main

216.58.211.10

200 OK

76 kB

URL GET HTTP/2
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.w1r0dWuv2vk.O/d=1/exm=el_conf/ed=1/rs=AN8SPfrZpvoriJzjeLAGB4FmsXL0wWKPEA/m=el_main
IP
216.58.211.10:443
ASN
#15169 GOOGLE

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9F:64:95:63:87:E7:5A:5D:04:FA:BA:12:50:7F:B9:E6:23:4C:32:69
ValidityMon, 03 Jul 2023 08:23:58 GMT - Mon, 25 Sep 2023 08:23:57 GMT

File type
ASCII text, with very long lines (1566)
Size
76 kB (76471 bytes)
Hash
be83d6b25a465336b3459ef42786a5e0
d7ac824a19da1841793f20be234dfd7f2738611f
02b2910e37e09614d954064833bbfddb7c0b8932e2546e59d29534c3b4ab8d90

HTTP Headers

GET /_/translate_http/_/js/k=translate_http.tr.no.w1r0dWuv2vk.O/d=1/exm=el_conf/ed=1/rs=AN8SPfrZpvoriJzjeLAGB4FmsXL0wWKPEA/m=el_main HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 76471
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 24 Jul 2023 18:49:53 GMT
expires: Tue, 23 Jul 2024 18:49:53 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 21 Jul 2023 23:10:01 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 36494
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
990b23435d3a3ecc3d909b22f1b96362
c0a7e80613ff7fc3c718e80cbc5de056bc19a58e
d78eeae503a424a5d40c66c160bda8f2592d8ac4487cadad9a4890ed9af612d5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Jul 2023 04:58:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.67

200 OK

1.8 kB

URL GET HTTP/3
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:3F:CA:7A:FE:77:59:2F:CF:86:70:50:3D:DE:2B:D1:95:8F:4C:BC
ValidityMon, 03 Jul 2023 08:23:57 GMT - Mon, 25 Sep 2023 08:23:56 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/d=0/rs=AN8SPfrtPftKEg7PtUwWauRCo_c976LPSg/m=el_main_css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Jul 2023 15:39:26 GMT
expires: Sun, 21 Jul 2024 15:39:26 GMT
cache-control: public, max-age=31536000
age: 220721
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

216.58.207.227

200 OK

3.3 kB

URL GET HTTP/2
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:3F:CA:7A:FE:77:59:2F:CF:86:70:50:3D:DE:2B:D1:95:8F:4C:BC
ValidityMon, 03 Jul 2023 08:23:57 GMT - Mon, 25 Sep 2023 08:23:56 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (6225), with no line terminators
Size
3.3 kB (3340 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 24 Jul 2023 20:26:00 GMT
expires: Tue, 23 Jul 2024 20:26:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 30727
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback

216.58.211.10

1.4 kB

URL
translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback
IP
216.58.211.10:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text
Size
1.4 kB (1392 bytes)
Hash
a3eefe14b1b4698460d992bd1673a26b
a2fca6ebb00b8bdcca3eda88654d02d2c165b9c4
87514750a90cd70dd22c8673cfa80d804ef55840bd0755950af2118d8d218067

HTTP Headers

GET /v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback HTTP/1.1
Host: translate-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Tue, 25 Jul 2023 04:58:07 GMT
server: ESF
cache-control: private
content-length: 1392
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=511=C17Th7vHDqtCYES-oZhaGE3mQ5drnNt6JZDmAxTnSMTqvjoDV6umh48BxHDPET_oedOk8I1jpPIw1wt1HHjPqxkBuiTfCscrBostiUXldh8bW_JNkxjECIzuMj4_keyNLeifUl2kVGr1lnDxYARXvatyMd1-IhAvr8KttaGUjkY; expires=Wed, 24-Jan-2024 04:58:07 GMT; path=/; domain=.translate-pa.googleapis.com; HttpOnly
CONSENT=PENDING+610; expires=Thu, 24-Jul-2025 04:58:07 GMT; path=/; domain=.googleapis.com; Secure
expires: Tue, 25 Jul 2023 04:58:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

216.58.211.10

200 OK

0 B

URL OPTIONS HTTP/3
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
216.58.211.10:443
ASN
#15169 GOOGLE

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9F:64:95:63:87:E7:5A:5D:04:FA:BA:12:50:7F:B9:E6:23:4C:32:69
ValidityMon, 03 Jul 2023 08:23:58 GMT - Mon, 25 Sep 2023 08:23:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-encoding,content-type,x-goog-authuser
Referer: https://gexind.xyz/
Origin: https://gexind.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: https://gexind.xyz
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,content-encoding,content-type,x-goog-authuser,origin
content-type: text/plain; charset=UTF-8
date: Tue, 25 Jul 2023 04:58:17 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+652; expires=Thu, 24-Jul-2025 04:58:17 GMT; path=/; domain=.googleapis.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 25 Jul 2023 04:58:17 GMT
cache-control: private

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

216.58.211.10

200 OK

131 B

URL OPTIONS HTTP/3
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
216.58.211.10:443
ASN
#15169 GOOGLE

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9F:64:95:63:87:E7:5A:5D:04:FA:BA:12:50:7F:B9:E6:23:4C:32:69
ValidityMon, 03 Jul 2023 08:23:58 GMT - Mon, 25 Sep 2023 08:23:57 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
131 B (131 bytes)
Hash
ca0b7e866005f6774d284b9f438ebfd2
53644f5ee3640189bdb223473ba6a2d46606c556
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

HTTP Headers

POST /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-AuthUser: 0
Content-Encoding: gzip
Content-Type: application/binary
Content-Length: 316
Origin: https://gexind.xyz
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: https://gexind.xyz
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Tue, 25 Jul 2023 04:58:17 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+688; expires=Thu, 24-Jul-2025 04:58:17 GMT; path=/; domain=.googleapis.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 25 Jul 2023 04:58:17 GMT

translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

142.250.74.110

200 OK

87 kB

URL GET HTTP/2
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
IP
142.250.74.110:443
ASN
#15169 GOOGLE

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint88:3A:16:13:A0:10:B6:19:DC:DA:DA:BA:25:7D:F9:3F:DD:EE:C2:B1
ValidityMon, 03 Jul 2023 08:19:15 GMT - Mon, 25 Sep 2023 08:19:14 GMT

File type
ASCII text, with very long lines (2726)
Size
87 kB (87148 bytes)
Hash
3c77706e518c4c252027fab91d601429
2ccc18eaa9f5ca701a1315e1184de905c1c69bc8
bfd05375b61beb035d19ff536752536ca4b7aa5b3c9a79e464ded89fcdcbc574

HTTP Headers

GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 25 Jul 2023 04:58:06 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+105; expires=Thu, 24-Jul-2025 04:58:06 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

gexind.xyz/1Sh/landings/209605/1618996856/js/translate6b42.js

164.90.204.4

200 OK

1.2 kB

URL GET HTTP/2
gexind.xyz/1Sh/landings/209605/1618996856/js/translate6b42.js
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
ASCII text, with very long lines (1223), with no line terminators
Size
1.2 kB (1157 bytes)
Hash
00d68d5fcbe959205761ae2eb92bda5a
e70670eba70fd9428d8ee7d8acacea623bd72d4f
994454fb2f960994c4f0721e63734138eb06498b18f1236e39d4c66de579b054

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/landings/209605/1618996856/js/translate6b42.js HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: application/javascript
last-modified: Wed, 16 Nov 2022 15:40:46 GMT
vary: Accept-Encoding
etag: W/"6375047e-485"
content-encoding: gzip
X-Firefox-Spdy: h2

gexind.xyz/1Sh/img/globe-alpha.png

164.90.204.4

200 OK

36 kB

URL GET HTTP/2
gexind.xyz/1Sh/img/globe-alpha.png
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x860, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
36 kB (35670 bytes)
Hash
568e089f59867948afa6685924507f18
f53c14257743c858f817b9233748444c24c3b6f8
16f7f871d2f26b47f061d3c77ae4ef13ec076671bed3ecafe44ccb3640af45e1

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/img/globe-alpha.png HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/landings/209605/1618996856/css/style6b426b42.css?1618996856
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: image/png
content-length: 35670
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-8b56"
accept-ranges: bytes
X-Firefox-Spdy: h2

gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=

164.90.204.4

200 OK

13 kB

URL User Request GET HTTP/2
gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type

Size
13 kB (12561 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days= HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:05 GMT
content-type: text/html
last-modified: Tue, 25 Apr 2023 14:35:54 GMT
vary: Accept-Encoding
etag: W/"6447e54a-3111"
content-encoding: gzip
X-Firefox-Spdy: h2

gexind.xyz/1Sh/landings/209605/1618996856/css/style6b426b42.css?1618996856

164.90.204.4

200 OK

18 kB

URL GET HTTP/2
gexind.xyz/1Sh/landings/209605/1618996856/css/style6b426b42.css?1618996856
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
ASCII text
Size
18 kB (17554 bytes)
Hash
ae3dff730755241dddb0411dfb12ecdc
150f9644b73917f95fdfa05651a0e7a68180fdab
26e87e96a3a488425e5535ebf0f0bfe70cc231f0590a650a8c35ac5fe8296bec

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/landings/209605/1618996856/css/style6b426b42.css?1618996856 HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: text/css
last-modified: Fri, 21 Apr 2023 11:38:06 GMT
vary: Accept-Encoding
etag: W/"6442759e-4492"
content-encoding: gzip
X-Firefox-Spdy: h2

gexind.xyz/1Sh/landings/209605/1618996856/js/jquery.min6b42.js

164.90.204.4

200 OK

87 kB

URL GET HTTP/2
gexind.xyz/1Sh/landings/209605/1618996856/js/jquery.min6b42.js
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
ASCII text, with very long lines (65451)
Size
87 kB (86927 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/landings/209605/1618996856/js/jquery.min6b42.js HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: application/javascript
last-modified: Wed, 16 Nov 2022 15:40:44 GMT
vary: Accept-Encoding
etag: W/"6375047c-1538f"
content-encoding: gzip
X-Firefox-Spdy: h2

gexind.xyz/1Sh/landings/209605/1618996856/js/js.cockie.min6b42.js

164.90.204.4

200 OK

2.2 kB

URL GET HTTP/2
gexind.xyz/1Sh/landings/209605/1618996856/js/js.cockie.min6b42.js
IP
164.90.204.4:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Certificate
IssuerLet's Encrypt
Subjectgexind.xyz
Fingerprint04:9E:46:22:3A:29:4D:15:19:A7:3C:42:1D:7B:E8:7E:64:48:1C:A7
ValidityMon, 03 Jul 2023 09:46:20 GMT - Sun, 01 Oct 2023 09:46:19 GMT

File type
ASCII text, with very long lines (2304), with no line terminators
Size
2.2 kB (2198 bytes)
Hash
79218c8e4d6b9589da61b4daddd1d721
c8bdf2b44db9327ac24f0d02e2aa0bfc69097ab5
db4e31aaf6f2022d9cd8c052537ee237b0b69cd49ab27d6d29913bf401b1ea5a

Detections

Analyzer	Verdict	Alert
quad9	malicious	Sinkholed

HTTP Headers

GET /1Sh/landings/209605/1618996856/js/js.cockie.min6b42.js HTTP/1.1
Host: gexind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gexind.xyz/1Sh/988.html?cep=hVVHNYuQIb4-efnsGGVMJ_KMfyiKqikj-4UEF2v8JnuNvfre-nNlNQddEp3f-hCez4YBhzU0ywz3J8Amnx6FBpRz18pSHa1M811_hcxc7kAvAQ1r0e5AFVWWy_c89g3jsvliN9ClPvIPHrwvjBQUvdVwZ3tVUyvt4rquZ9PB_Q37DMN2XPYQJ0Erdzan8gEqsRTXR73S1RUdrRuYXNmSIZQ1OiZKz-6E-Pmm4rA7CDgvLOFElg4wIC7OU9Rvgs4aG0N0p86nXdpc2wvTP-Dr-dp48g-8xTd2BeJPDmi1rm34ZktB5rP5_43Qw5hRosiEqB_uqE-dGEkKMOIO3UAk3gQmE7J75VbzLWJceK6tpmXC80i273R0kw8WEAU5CDUOrZJGyBGCpGGNIKdfdNW_87P8pd-R60Py2Ag_0cYbIeTQrvs8URzqmAhhaRn74nkDc9a8b8z6kiEwUVJ8hwKHmPNh7V-rIOU9RhJaAj7Lwac&lptoken=16c690812651284a859f&creative_id=&campaign_id=641299&domain=manysex.com&price=%24+73.48&clickid=f1bb7984-1c3e-3fda-8b76-843ff484b126&web_push_creative_id=&deviceua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X+10_7_1+rv%3A4.0%3B+en-US%29+AppleWebKit%2F533.8.3+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Safari%2F533.8.3&web_push_id=&sub_days=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 25 Jul 2023 04:58:06 GMT
content-type: application/javascript
last-modified: Wed, 16 Nov 2022 15:40:44 GMT
vary: Accept-Encoding
etag: W/"6375047c-896"
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by