| zsexf.com/css/frontend.css?id=2396ffb76e738e465b53 | 188.114.97.1 | 200 OK | 48 kB |
URL GET HTTP/3zsexf.com/css/frontend.css?id=2396ffb76e738e465b53 IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typeASCII text, with very long lines (59910) Hash2396ffb76e738e465b53ef186e625d72 f24009e0bc508c37bfdb8689d48687418350fcf4 91ed54900a14b458b306f4a025070148faeca034de3f9aa9a3a14a13d6c2c4ab
GET /css/frontend.css?id=2396ffb76e738e465b53 HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/VWSh
Cookie: XSRF-TOKEN=eyJpdiI6Ii94RkgwcmdsajJ2SzVrMG5oaFptbHc9PSIsInZhbHVlIjoiLzhIYkgxbTlIc1lQdWlzdUozeTlzcmRjMnhTejdhWGhUeldudWs0ZWlhVFlMRTc0YUdtenhWSWpLUy9mN1lDaTZkdDFOOFdUMWxoaitMUCtMNkxsZU4yZ2ZkN1NscUVTOGllblVsSmdTREZXcFVMQjRERmFDenNPZ3lKWlRSRHYiLCJtYWMiOiIxMmVlZmMyOGFhOTA2MmU4MzU4YjgxNGMwNzE1YTdmYzNmM2YyNDRiMzJjNTJiMDZmMmEzMDdhOTUxZmVhMzk2IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IjdJaUlVUW0yM2NPMWhDMy94OGFRcmc9PSIsInZhbHVlIjoiOXp3a0pJTGlsZ0JJenlOWkVpbXBORWdqdGJNTll3M05jdDNsZWJGL0pjS011aXhCUS82aXk0WjdQbit2Vmg5aXVvUHRVVHVLQ2R6REt2azZlMmphV21STjFFSkVTLzFYQXdwMGtuOUlVN3JQTElJazA0ektzZGZPM3ZDTU5iRGoiLCJtYWMiOiI5MDU0YWQ2MWExN2Y0NzQ1NDEzNTFkZWY5YjViMGFiZWI5OWM3ZjIwZDU3OWIxZjRlZTEyMjBiNjljZTU0ZDNhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:33 GMT
content-type: text/css
last-modified: Wed, 21 Dec 2022 18:47:00 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
cf-cache-status: HIT
age: 349867
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HKHa4gG62bz6YXPQ6rEumlw6XnwobFjCwuLmHZVMuG1uOtb6obWIvd%2B2BEJNjFn8vzaCU9WOYMCsTbxyCrd73Ivsok71AuYELLOS06kHkFe2xjtQlnVVs45rRt4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36b2be9eb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| zsexf.com/img/menu.svg | 188.114.97.1 | 200 OK | 885 B |
IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typeSVG Scalable Vector Graphics image Hashe194fab3eea9f00d5a3814c4df00ac8c 4a9760c8ec110364d025527e26730e78ae0b3ac0 3d3e6705b468cecdd78fb9a1ee6688d60e1d2c1caa0db7baa88db460315dccea
GET /img/menu.svg HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/VWSh
Cookie: XSRF-TOKEN=eyJpdiI6Ii94RkgwcmdsajJ2SzVrMG5oaFptbHc9PSIsInZhbHVlIjoiLzhIYkgxbTlIc1lQdWlzdUozeTlzcmRjMnhTejdhWGhUeldudWs0ZWlhVFlMRTc0YUdtenhWSWpLUy9mN1lDaTZkdDFOOFdUMWxoaitMUCtMNkxsZU4yZ2ZkN1NscUVTOGllblVsSmdTREZXcFVMQjRERmFDenNPZ3lKWlRSRHYiLCJtYWMiOiIxMmVlZmMyOGFhOTA2MmU4MzU4YjgxNGMwNzE1YTdmYzNmM2YyNDRiMzJjNTJiMDZmMmEzMDdhOTUxZmVhMzk2IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IjdJaUlVUW0yM2NPMWhDMy94OGFRcmc9PSIsInZhbHVlIjoiOXp3a0pJTGlsZ0JJenlOWkVpbXBORWdqdGJNTll3M05jdDNsZWJGL0pjS011aXhCUS82aXk0WjdQbit2Vmg5aXVvUHRVVHVLQ2R6REt2azZlMmphV21STjFFSkVTLzFYQXdwMGtuOUlVN3JQTElJazA0ektzZGZPM3ZDTU5iRGoiLCJtYWMiOiI5MDU0YWQ2MWExN2Y0NzQ1NDEzNTFkZWY5YjViMGFiZWI5OWM3ZjIwZDU3OWIxZjRlZTEyMjBiNjljZTU0ZDNhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:33 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Jan 2023 16:39:42 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
cf-cache-status: HIT
age: 341476
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g3pcXurXhiP36lQxIwigyvzNFBaKSrFLgH1kSb%2FTojzDO5j19RNTZpq9kkdrnSc3So8zIBYT%2BQqq3p75ZQJ8rpb4XmGpUsNjdpCASVPt1CITUjh%2BqTa80L9h8o0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36b2bea2b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=UA-197252557-1 | 142.250.74.168 | 200 OK | 75 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=UA-197252557-1 IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hash6113688e16fde2a2daa048b110380c0d 45c19b956a8a8ad9949cab9c8ce2ee67feaa843a b94bac2af52f6569ad255c22497780c411387754579c6afb2a1ae194eb3ed4fd
GET /gtag/js?id=UA-197252557-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 17:29:34 GMT
expires: Sat, 04 May 2024 17:29:34 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74794
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| zsexf.com/img/plane.svg | 188.114.97.1 | 200 OK | 1.9 kB |
IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typeSVG Scalable Vector Graphics image Hash4f25968fc51a5e49dc1ea503d5d60e38 4221937e757eb15329dbc318092c9058044c5f73 d454583aa343d4c8aa4e42c0876b20e60c20c0b89284e4ef0c662d0426c18254
GET /img/plane.svg HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/VWSh
Cookie: XSRF-TOKEN=eyJpdiI6Ii94RkgwcmdsajJ2SzVrMG5oaFptbHc9PSIsInZhbHVlIjoiLzhIYkgxbTlIc1lQdWlzdUozeTlzcmRjMnhTejdhWGhUeldudWs0ZWlhVFlMRTc0YUdtenhWSWpLUy9mN1lDaTZkdDFOOFdUMWxoaitMUCtMNkxsZU4yZ2ZkN1NscUVTOGllblVsSmdTREZXcFVMQjRERmFDenNPZ3lKWlRSRHYiLCJtYWMiOiIxMmVlZmMyOGFhOTA2MmU4MzU4YjgxNGMwNzE1YTdmYzNmM2YyNDRiMzJjNTJiMDZmMmEzMDdhOTUxZmVhMzk2IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IjdJaUlVUW0yM2NPMWhDMy94OGFRcmc9PSIsInZhbHVlIjoiOXp3a0pJTGlsZ0JJenlOWkVpbXBORWdqdGJNTll3M05jdDNsZWJGL0pjS011aXhCUS82aXk0WjdQbit2Vmg5aXVvUHRVVHVLQ2R6REt2azZlMmphV21STjFFSkVTLzFYQXdwMGtuOUlVN3JQTElJazA0ektzZGZPM3ZDTU5iRGoiLCJtYWMiOiI5MDU0YWQ2MWExN2Y0NzQ1NDEzNTFkZWY5YjViMGFiZWI5OWM3ZjIwZDU3OWIxZjRlZTEyMjBiNjljZTU0ZDNhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:33 GMT
content-type: image/svg+xml
last-modified: Fri, 13 Jan 2023 13:29:35 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
cf-cache-status: HIT
age: 341476
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=erYf7nnbboijS999J613oyjp2Uwpycjc%2Bvk9XaBWh3i8GgribvVf%2FzFtGyL%2FjRMyPh%2F%2BH0IaouKf8oxw9%2FGSnqbq9fcmyHudQ%2BFZNVqBOq1eVPLnbpxng0yOjRE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36b2cec6b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 | 216.58.207.227 | 200 OK | 47 kB |
URL GET HTTP/2fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 46704, version 1.0 Hash30a274cd01b6eeb0b082c918b0697f1e 393311bde26b99a4ad935fa55bad1dce7994388b 88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 04:48:52 GMT
expires: Sat, 03 May 2025 04:48:52 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 132042
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| dampedvisored.com/1clkn/34742 | 23.109.170.31 | 200 OK | 26 B |
URL GET HTTP/1.1dampedvisored.com/1clkn/34742 IP23.109.170.31:443
CertificateIssuerLet's Encrypt Subjectdampedvisored.com Fingerprint49:EE:D2:FF:9B:98:5D:77:22:C4:3C:71:12:E6:8E:A0:00:64:2A:E5 ValidityTue, 16 Apr 2024 00:17:35 GMT - Mon, 15 Jul 2024 00:17:34 GMT
File typeASCII text, with no line terminators Hash9082dc37e5e8046929da411544ad071a 41e0e3963ed94e59e8a2f115994c382712411537 b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1clkn/34742 HTTP/1.1
Host: dampedvisored.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 May 2024 17:29:34 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 05-May-2024 17:29:34 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sun, 05-May-2024 17:29:34 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| | 188.114.97.1 | 200 OK | 125 kB |
URL User Request GET HTTP/2IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (58236), with CRLF, LF line terminators Size125 kB (125184 bytes) Hashd9646a68c76aef5a71e0a7e01ddcec54 4b754be5b11231d675d9e66fd98de714464a2f77 74e284fdd3e00e6a2ffad13805105b1b0d28c040e218023a8d1613931fea30f0
GET /VWSh HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InhsZlNiVWlCSWxTRXlJYmdHT1Job3c9PSIsInZhbHVlIjoiV0xyTjR4V1ZXK3MxckhoYWtSc0xpa0VZeTRFTW9JMzVpWmZGQVZES2U5TjJ3QlA2OGV5bnhabjFVOVo3Q3RzSFNlaTI5azZ5UVF3QktPQXFHdit4NTJqNmxVRThhNEFsTWtDYUU2STFhbmZHT0FWTDdhelk1M3hxUEI0VnlqbFciLCJtYWMiOiIwY2Y0ZTgzMGQ3ZWI2ZmJiODQxNzRiNzQyYjViN2JmZDFiZWRhOTQ0OTMyM2Y2OTk3MTBkMDhhNjJlNTRjNGQ0IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6ImZmZFVSQzdqM21mYTJVRk5WbTMzS3c9PSIsInZhbHVlIjoiZzVVUXdkeE94Wmprb1VrcWZ5TE5JTnFGNE5LTm1VdkxOcTFMWUxJZWFkQjR1WkdoaC9JYWFGUFcvaCtSYVVFaTZVN1VlMTc2VENvU3dVcHNsdnA1U3A1Qk1KVXJ1VzJucThQY3FZRWY3Y0FwdkYxYTYyQXRCUkxya3RsNXZNbHAiLCJtYWMiOiI2Y2Q0M2JhNjE5Zjc4OGQ2ZDgwZGQ3YThmNjBlNjZhOGM5YzNmMTY3MWQ3ZDg0ZDUyOGI4MDYwNTZhYTA4N2FjIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6Ii94RkgwcmdsajJ2SzVrMG5oaFptbHc9PSIsInZhbHVlIjoiLzhIYkgxbTlIc1lQdWlzdUozeTlzcmRjMnhTejdhWGhUeldudWs0ZWlhVFlMRTc0YUdtenhWSWpLUy9mN1lDaTZkdDFOOFdUMWxoaitMUCtMNkxsZU4yZ2ZkN1NscUVTOGllblVsSmdTREZXcFVMQjRERmFDenNPZ3lKWlRSRHYiLCJtYWMiOiIxMmVlZmMyOGFhOTA2MmU4MzU4YjgxNGMwNzE1YTdmYzNmM2YyNDRiMzJjNTJiMDZmMmEzMDdhOTUxZmVhMzk2IiwidGFnIjoiIn0%3D; expires=Sat, 11-May-2024 17:29:32 GMT; Max-Age=604800; path=/; samesite=lax
upfiles_session=eyJpdiI6IjdJaUlVUW0yM2NPMWhDMy94OGFRcmc9PSIsInZhbHVlIjoiOXp3a0pJTGlsZ0JJenlOWkVpbXBORWdqdGJNTll3M05jdDNsZWJGL0pjS011aXhCUS82aXk0WjdQbit2Vmg5aXVvUHRVVHVLQ2R6REt2azZlMmphV21STjFFSkVTLzFYQXdwMGtuOUlVN3JQTElJazA0ektzZGZPM3ZDTU5iRGoiLCJtYWMiOiI5MDU0YWQ2MWExN2Y0NzQ1NDEzNTFkZWY5YjViMGFiZWI5OWM3ZjIwZDU3OWIxZjRlZTEyMjBiNjljZTU0ZDNhIiwidGFnIjoiIn0%3D; expires=Sat, 11-May-2024 17:29:32 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wQg30I%2FcrZISCbzVsjGamsMFlKq4uLka0gHzGhN2s%2BjKk08TqZtwORYrj31LX1K895%2BoNdbeHLTcxEqmXYxCJ0FtVhYhNGe3AuI%2BNNBC9U8jOHavzoY32TIKHgs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36a8cc9f0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 28857
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/3fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 228874
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| absentcleannewspapers.com/f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js | 172.240.127.234 | 200 OK | 16 kB |
URL GET HTTP/1.1absentcleannewspapers.com/f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js IP172.240.127.234:443
CertificateIssuerLet's Encrypt Subjectabsentcleannewspapers.com FingerprintA6:E7:75:05:4C:FA:FF:D2:F7:67:61:89:73:1B:66:32:AF:19:2F:7D ValidityTue, 26 Mar 2024 06:03:56 GMT - Mon, 24 Jun 2024 06:03:55 GMT
File typeJavaScript source, ASCII text, with very long lines (44062), with no line terminators Hash6c5ea7ab4c84b7ec47cbd1d70812a747 11412777bbc0592c7bf8f526f8c76fadf56f1939 6a8eb98c9e09c37149da44411fa216609614ec46a284235d3326a80488de91c4
GET /f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js HTTP/1.1
Host: absentcleannewspapers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=0; expires=Tue, 07 May 2024 20:29:34 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2223dab91d45fb83efa8fd0905c155b6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| zsexf.com/images/arrow-down.png?c98e5283a69cb508d054d30256af43c6 | 188.114.97.1 | 200 OK | 208 B |
URL GET HTTP/3zsexf.com/images/arrow-down.png?c98e5283a69cb508d054d30256af43c6 IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typePNG image data, 6 x 12, 8-bit/color RGBA, non-interlaced Hash31f073499665afb237f3294219d2d7c6 c1ada0510e31f661dab66203c15a3d6c8f5468d0 59b7ad6d6f457b624e25d22959edc7c83af2ac52edba32fd6648c97af0d1780c
GET /images/arrow-down.png?c98e5283a69cb508d054d30256af43c6 HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/css/frontend.css?id=2396ffb76e738e465b53
Cookie: XSRF-TOKEN=eyJpdiI6Ii94RkgwcmdsajJ2SzVrMG5oaFptbHc9PSIsInZhbHVlIjoiLzhIYkgxbTlIc1lQdWlzdUozeTlzcmRjMnhTejdhWGhUeldudWs0ZWlhVFlMRTc0YUdtenhWSWpLUy9mN1lDaTZkdDFOOFdUMWxoaitMUCtMNkxsZU4yZ2ZkN1NscUVTOGllblVsSmdTREZXcFVMQjRERmFDenNPZ3lKWlRSRHYiLCJtYWMiOiIxMmVlZmMyOGFhOTA2MmU4MzU4YjgxNGMwNzE1YTdmYzNmM2YyNDRiMzJjNTJiMDZmMmEzMDdhOTUxZmVhMzk2IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IjdJaUlVUW0yM2NPMWhDMy94OGFRcmc9PSIsInZhbHVlIjoiOXp3a0pJTGlsZ0JJenlOWkVpbXBORWdqdGJNTll3M05jdDNsZWJGL0pjS011aXhCUS82aXk0WjdQbit2Vmg5aXVvUHRVVHVLQ2R6REt2azZlMmphV21STjFFSkVTLzFYQXdwMGtuOUlVN3JQTElJazA0ektzZGZPM3ZDTU5iRGoiLCJtYWMiOiI5MDU0YWQ2MWExN2Y0NzQ1NDEzNTFkZWY5YjViMGFiZWI5OWM3ZjIwZDU3OWIxZjRlZTEyMjBiNjljZTU0ZDNhIiwidGFnIjoiIn0%3D; ab=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:34 GMT
content-type: image/png
content-length: 208
last-modified: Fri, 08 Apr 2022 10:55:45 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 335727
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2BaVwAU%2FyuJXBKtpLCjNFKRwmt8c8elwOfXd5zHEVAYcaFbCKjoRwSA%2FvNKqq75SCQyNc5iaw6sw94Bsj64McBxZG9INL0hB1MQl9%2BOWaYOqlLqaME8ZooMhGBs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36b73e07b529-OSL
alt-svc: h3=":443"; ma=86400
|
|
| zsexf.com/js/ads.js | 188.114.97.1 | 200 OK | 47 kB |
IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typeJavaScript source, ASCII text, with very long lines (1491), with no line terminators Hash663675db8bdf037ef8a96ceec4c0eaac 00a32b1173b6c96bf349f6adb7f00e0c6a24faa4 54827120728e3e7d171b392b13b3f5fe2d2ec344d6bdd491c1d44eb2760eecbe
GET /js/ads.js HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/VWSh
Cookie: XSRF-TOKEN=eyJpdiI6Ii94RkgwcmdsajJ2SzVrMG5oaFptbHc9PSIsInZhbHVlIjoiLzhIYkgxbTlIc1lQdWlzdUozeTlzcmRjMnhTejdhWGhUeldudWs0ZWlhVFlMRTc0YUdtenhWSWpLUy9mN1lDaTZkdDFOOFdUMWxoaitMUCtMNkxsZU4yZ2ZkN1NscUVTOGllblVsSmdTREZXcFVMQjRERmFDenNPZ3lKWlRSRHYiLCJtYWMiOiIxMmVlZmMyOGFhOTA2MmU4MzU4YjgxNGMwNzE1YTdmYzNmM2YyNDRiMzJjNTJiMDZmMmEzMDdhOTUxZmVhMzk2IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IjdJaUlVUW0yM2NPMWhDMy94OGFRcmc9PSIsInZhbHVlIjoiOXp3a0pJTGlsZ0JJenlOWkVpbXBORWdqdGJNTll3M05jdDNsZWJGL0pjS011aXhCUS82aXk0WjdQbit2Vmg5aXVvUHRVVHVLQ2R6REt2azZlMmphV21STjFFSkVTLzFYQXdwMGtuOUlVN3JQTElJazA0ektzZGZPM3ZDTU5iRGoiLCJtYWMiOiI5MDU0YWQ2MWExN2Y0NzQ1NDEzNTFkZWY5YjViMGFiZWI5OWM3ZjIwZDU3OWIxZjRlZTEyMjBiNjljZTU0ZDNhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:33 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 08 Apr 2024 13:27:25 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
cf-cache-status: HIT
age: 349867
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WIeFjv%2BVEVoyG2gOoY%2B%2B1f8tTJfVBvK1LnyUHeGEeNX4VVh49EA3L%2BQx0rxCnsxRedYZ4KAmGdzj6oCjiqd34aJsqyqANoBjwl1yYg2bHdcNH82Hs5xQcRalkiI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36b2cec8b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| zsexf.com/js/frontend.js?id=f7e07cec5812d52a9077 | 188.114.97.1 | 200 OK | 285 kB |
URL GET HTTP/3zsexf.com/js/frontend.js?id=f7e07cec5812d52a9077 IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size285 kB (285065 bytes) Hashf7e07cec5812d52a9077a4baf1b4348b 669d6cfda9a2b056cebe7f5a31dfa50d7d73405e 24c59cb722ec2564f9f0ea38d57ebd2c6b66a88485aaa9035f3afd68376d4c87
Analyzer | Verdict | Alert | Public Nextron YARA rules | malware | Unique code from Jetriz, Swid & Jeniva of the Tetris framework |
GET /js/frontend.js?id=f7e07cec5812d52a9077 HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/VWSh
Cookie: XSRF-TOKEN=eyJpdiI6Ii94RkgwcmdsajJ2SzVrMG5oaFptbHc9PSIsInZhbHVlIjoiLzhIYkgxbTlIc1lQdWlzdUozeTlzcmRjMnhTejdhWGhUeldudWs0ZWlhVFlMRTc0YUdtenhWSWpLUy9mN1lDaTZkdDFOOFdUMWxoaitMUCtMNkxsZU4yZ2ZkN1NscUVTOGllblVsSmdTREZXcFVMQjRERmFDenNPZ3lKWlRSRHYiLCJtYWMiOiIxMmVlZmMyOGFhOTA2MmU4MzU4YjgxNGMwNzE1YTdmYzNmM2YyNDRiMzJjNTJiMDZmMmEzMDdhOTUxZmVhMzk2IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IjdJaUlVUW0yM2NPMWhDMy94OGFRcmc9PSIsInZhbHVlIjoiOXp3a0pJTGlsZ0JJenlOWkVpbXBORWdqdGJNTll3M05jdDNsZWJGL0pjS011aXhCUS82aXk0WjdQbit2Vmg5aXVvUHRVVHVLQ2R6REt2azZlMmphV21STjFFSkVTLzFYQXdwMGtuOUlVN3JQTElJazA0ektzZGZPM3ZDTU5iRGoiLCJtYWMiOiI5MDU0YWQ2MWExN2Y0NzQ1NDEzNTFkZWY5YjViMGFiZWI5OWM3ZjIwZDU3OWIxZjRlZTEyMjBiNjljZTU0ZDNhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:33 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 08 Apr 2024 13:27:25 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
cf-cache-status: HIT
age: 349866
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qVanInlQhYLKkicUwxsgkvkQ%2B5IcmrXwnD6%2Fvp%2FcQRuo0owUz6qyMLHCH8Js%2FWbXCu2A%2FuOkFAFXpaWVduDZgS2I%2BwZ6TPN7aFpG0Kv6cxLw%2FyoxQ%2BJ6xknWXPA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36b2cec9b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ocsp.r2m03.amazontrust.com/ | 3.164.222.26 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP3.164.222.26:0
Hash691c3f87e4fe41a736328d3c71e2dbdc fd76f455b38ba18f00a6fb81e3585201eb3c43f6 8ac709de568d48e4c9e64b75afa6cd3fed58e2cf0c21e823af01ab342e6794b9
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 17:29:34 GMT
Last-Modified: Sat, 04 May 2024 16:31:49 GMT
Server: ECAcc (ska/F6D2)
X-Cache: Miss from cloudfront
Via: 1.1 fdf1690573b49f13f7fa6d4ee1abe422.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: va_JJv0pVDVkBVlraRK1--IPbndLDkMqggS8Ozv2kmNblgOMuXaDfw==
Age: 3465
|
|
| proftrafficcounter.com/stats | 18.185.9.67 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.185.9.67:443
CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash50d55194aaae01755c223c21bc8c808f e2b5a4e126f749dd00238ef99245c50bc8fcd541 d975dc472a6b1ca11887df7026bf5a39535531239302e2e7034be873c2f7ff3f
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:34 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://zsexf.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=63d5395a-2b3c-408a-9aae-8a1b1fb623aa:2:1; expires=Tue, 02 May 2034 17:29:34 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| argeredru.info/eEg1R3BXd1Y0TTYmdxYpFQF6FCc+H2AwPjASWQ0mOh1ZLSVJGRMzGRx1BHdCSXgAdFYIIVF6QV47QSYEDTsIdlYRJlMoTV4+CHZeS3wbdEZWfBMyTUluQTcRH3UEYQAMPFl6QU95AX9ES38Cc0RNeQ | 104.21.88.203 | 204 No Content | 0 B |
URL GET HTTP/2argeredru.info/eEg1R3BXd1Y0TTYmdxYpFQF6FCc+H2AwPjASWQ0mOh1ZLSVJGRMzGRx1BHdCSXgAdFYIIVF6QV47QSYEDTsIdlYRJlMoTV4+CHZeS3wbdEZWfBMyTUluQTcRH3UEYQAMPFl6QU95AX9ES38Cc0RNeQ IP104.21.88.203:443
CertificateIssuerGoogle Trust Services LLC Subjectargeredru.info Fingerprint7F:EE:CE:E6:CB:C5:33:BD:30:0A:E8:A1:31:B7:E9:A1:40:CA:32:91 ValidityMon, 01 Apr 2024 07:01:54 GMT - Sun, 30 Jun 2024 07:01:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eEg1R3BXd1Y0TTYmdxYpFQF6FCc+H2AwPjASWQ0mOh1ZLSVJGRMzGRx1BHdCSXgAdFYIIVF6QV47QSYEDTsIdlYRJlMoTV4+CHZeS3wbdEZWfBMyTUluQTcRH3UEYQAMPFl6QU95AX9ES38Cc0RNeQ HTTP/1.1
Host: argeredru.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Sat, 04 May 2024 17:29:34 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W%2Ftw%2FxHbQoOZM9Q8WrwI5YiFvGu8%2BjukzwHefgjXMRtGES25hHVQ4hKQgZQjI6I4LIeQXvRI0d8p%2Fu%2BQvDiuVYp4nd4nw%2FNpAgddmynSdhC6X986l3ggIrHtJleOxfo4iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36b73a0456cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| esumedadele.info/VE52ZWs1LBUIVDVzFEMeJiJLQFkSa0QjD2Z/BBUAMzdOFQo8LQNLCDghAwENJiEYEUU6KwJAWRIlJQ8PExkbDhsDDRFdPT57EywGMBcTAj1nLxodXhEaLwovFzk9NSg/AzsJLTsBJzwFER0BFSk9HD4AERUiNVdfHi8BURIAHxkAPgYMJi4RIB4mDls9FEcJGAM3FVUvOi0kLBEFBRISMTMBAVUEFyA8XSMAPi8pPDcoOiA6PgcRURkDJydAWRIaDFw8MTQVIiYSegcrDDw4NDQpIhxFCjgwCQYnJjMURQNaOwczCzklDCUrMRk3PCgOFS1TVykNIk4zKgxjPEBZEhkRAjgwCRkHOxYERyJaFnYxPTEuGj4CIx0aTi4iAiYcBChtejRWDyUZLhYjMH1PBw44CwAuKiM9ISFecXwwMhwjARUtOQ4sMy9cNTlQDxg7IAZYARgPLypaMzYMKS9sFA4ICg | 54.230.111.118 | 200 OK | 1.2 kB |
URL GET HTTP/2esumedadele.info/VE52ZWs1LBUIVDVzFEMeJiJLQFkSa0QjD2Z/BBUAMzdOFQo8LQNLCDghAwENJiEYEUU6KwJAWRIlJQ8PExkbDhsDDRFdPT57EywGMBcTAj1nLxodXhEaLwovFzk9NSg/AzsJLTsBJzwFER0BFSk9HD4AERUiNVdfHi8BURIAHxkAPgYMJi4RIB4mDls9FEcJGAM3FVUvOi0kLBEFBRISMTMBAVUEFyA8XSMAPi8pPDcoOiA6PgcRURkDJydAWRIaDFw8MTQVIiYSegcrDDw4NDQpIhxFCjgwCQYnJjMURQNaOwczCzklDCUrMRk3PCgOFS1TVykNIk4zKgxjPEBZEhkRAjgwCRkHOxYERyJaFnYxPTEuGj4CIx0aTi4iAiYcBChtejRWDyUZLhYjMH1PBw44CwAuKiM9ISFecXwwMhwjARUtOQ4sMy9cNTlQDxg7IAZYARgPLypaMzYMKS9sFA4ICg IP54.230.111.118:443
CertificateIssuerAmazon Subjectesumedadele.info Fingerprint37:E7:C7:A9:24:1E:D6:05:81:36:F7:90:46:EE:89:05:0F:46:EE:9D ValidityMon, 15 Apr 2024 00:00:00 GMT - Wed, 14 May 2025 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (3049), with no line terminators Hash926c6265a24b24c6a78380d15286ba39 2e93fa1da8916b2ee91dc88669b699f02cf260bc 0500327f168af8e5e45f2ed1a845db942679af415789208f1f182623760faac1
GET /VE52ZWs1LBUIVDVzFEMeJiJLQFkSa0QjD2Z/BBUAMzdOFQo8LQNLCDghAwENJiEYEUU6KwJAWRIlJQ8PExkbDhsDDRFdPT57EywGMBcTAj1nLxodXhEaLwovFzk9NSg/AzsJLTsBJzwFER0BFSk9HD4AERUiNVdfHi8BURIAHxkAPgYMJi4RIB4mDls9FEcJGAM3FVUvOi0kLBEFBRISMTMBAVUEFyA8XSMAPi8pPDcoOiA6PgcRURkDJydAWRIaDFw8MTQVIiYSegcrDDw4NDQpIhxFCjgwCQYnJjMURQNaOwczCzklDCUrMRk3PCgOFS1TVykNIk4zKgxjPEBZEhkRAjgwCRkHOxYERyJaFnYxPTEuGj4CIx0aTi4iAiYcBChtejRWDyUZLhYjMH1PBw44CwAuKiM9ISFecXwwMhwjARUtOQ4sMy9cNTlQDxg7IAZYARgPLypaMzYMKS9sFA4ICg HTTP/1.1
Host: esumedadele.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1204
date: Sat, 04 May 2024 17:29:34 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: whUFj_08Vl-oLb8jI6EEy91pMYZkCQAcbRgdAha5sEh14lXnJQhQNg==
X-Firefox-Spdy: h2
|
|
| live.demand.supply/e/e.js?e=ll&d=328&cs=c&dsReferer=enNleGYuY29tL1ZXU2g= | 104.17.38.115 | 200 OK | 0 B |
URL HEAD HTTP/3live.demand.supply/e/e.js?e=ll&d=328&cs=c&dsReferer=enNleGYuY29tL1ZXU2g= IP104.17.38.115:443
CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /e/e.js?e=ll&d=328&cs=c&dsReferer=enNleGYuY29tL1ZXU2g= HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:34 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
access-control-allow-origin: *
cache-status: "Netlify Edge"; hit
etag: "799cfe824336f1fce20d72fb9944d5d5-ssl"
strict-transport-security: max-age=31536000
x-nf-request-id: 01HWN6NJYED30PAWPTDQKVMGXY
cf-cache-status: HIT
age: 335565
accept-ranges: bytes
set-cookie: __cf_bm=vr3J8XKaHIdzVfE96R0pAbVD89OmtH4JMJbye.W_vlo-1714843774-1.0.1.1-uajOeJzlvHh2VRGjIh47dl8fKBOhb6Nm2nyqeJ4BcVzgHsuT90GoCv7mqsZyPE6awK_zmWYi5dYCXPTVx20qiA; path=/; expires=Sat, 04-May-24 17:59:34 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36b7ca16b4f9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 90 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Hash378920d16db92994673e8e21b1baae16 08a6fc638b2f5f9d14166396fe24ab3b93a9cae7 59ea38523b3fcf99f8ded3720a6f0493ff5cf73e137b6d3e50b5a649ac20bdd9
GET /gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 17:29:34 GMT
expires: Sat, 04 May 2024 17:29:34 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89736
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | 216.58.207.226 | 200 OK | 0 B |
URL HEAD HTTP/2pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP216.58.207.226:443
CertificateIssuerGoogle Trust Services LLC Subject*.g.doubleclick.net Fingerprint09:C3:90:43:D3:09:4E:26:62:79:17:6F:1D:33:E5:FA:DF:77:3E:7B ValidityTue, 16 Apr 2024 03:18:52 GMT - Tue, 09 Jul 2024 03:18:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Sat, 04 May 2024 17:29:34 GMT
expires: Sat, 04 May 2024 17:29:34 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 1349026303419128303
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51523
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube | 173.194.221.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube IP173.194.221.84:443
CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67 ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:c-G3-C8dNlq-aOdVCGL8USw_FHyXAQ:OO6ZVX5NurUJs5QO; Expires=Mon, 04-May-2026 17:29:35 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 17:29:35 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzHuIsXgmVoaIVni2mumCgA7PB325blSO60tTzZ_VhenvdLeRrAaSSQKHpxKnX8ImfqdPJm
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-Bsfv0ogsN0NCachfHEZyJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| d21rpkgy8pahcu.cloudfront.net/kSjdGWmkpWCg8Vj5eImdYegV3alx5ETYoDCwKPCkMMlFoOQYnESwpBiRHezAlC24Jaw4yTQoeURBPKztPPk0iZ1lsWyc0DncRIzQKdwZgOw0oCnJ8HTpYLWcfLEQjIg4rWiQ/Tz9WezcGMF4qNghvBQBvR3oSdGpBMgZ3f1oIEnRqBSNZMyJMeAc+Yl8VAX-J/WggSdGobPBJ1G1B8GXZzTHgHIT8KIVhjaC94B3dqWXsHd39belEvKAwsWD5/WwwOcHRZbEJ7aw | 108.157.217.97 | | 478 B |
URL d21rpkgy8pahcu.cloudfront.net/kSjdGWmkpWCg8Vj5eImdYegV3alx5ETYoDCwKPCkMMlFoOQYnESwpBiRHezAlC24Jaw4yTQoeURBPKztPPk0iZ1lsWyc0DncRIzQKdwZgOw0oCnJ8HTpYLWcfLEQjIg4rWiQ/Tz9WezcGMF4qNghvBQBvR3oSdGpBMgZ3f1oIEnRqBSNZMyJMeAc+Yl8VAX-J/WggSdGobPBJ1G1B8GXZzTHgHIT8KIVhjaC94B3dqWXsHd39belEvKAwsWD5/WwwOcHRZbEJ7aw IP108.157.217.97:0
File typeASCII text, with very long lines (684), with no line terminators Hash92557184958a7275ad2da3ad7e2736ff dda03b493f7facbfb0215713e8114f682773b2e6 b4b616b7f3672bf158e7bb078a7e21e9806250d6be31479ee1ad56cd88561d4c
GET /kSjdGWmkpWCg8Vj5eImdYegV3alx5ETYoDCwKPCkMMlFoOQYnESwpBiRHezAlC24Jaw4yTQoeURBPKztPPk0iZ1lsWyc0DncRIzQKdwZgOw0oCnJ8HTpYLWcfLEQjIg4rWiQ/Tz9WezcGMF4qNghvBQBvR3oSdGpBMgZ3f1oIEnRqBSNZMyJMeAc+Yl8VAX-J/WggSdGobPBJ1G1B8GXZzTHgHIT8KIVhjaC94B3dqWXsHd39belEvKAwsWD5/WwwOcHRZbEJ7aw HTTP/1.1
Host: d21rpkgy8pahcu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://esumedadele.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 478
date: Sat, 04 May 2024 17:29:35 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 009f08cce389af684f28c36891875534.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 9JhE3SmdWjt35FsVbkmgn1tgDryRKQfxvnk8GQnQB_oUaZOxJBUnoA==
X-Firefox-Spdy: h2
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail | 173.194.221.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail IP173.194.221.84:443
CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67 ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:CStzQke7Fx-uGGciM0EjuAQ3QLMcFg:8CpVZRecp5_j2D3A; Expires=Mon, 04-May-2026 17:29:35 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 17:29:35 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQzE6K6KP-Nx6wxtFHCSSLvh0rDMTmTzMfwOtg32K9Om1VYZuQF4ZRHJeg6n9VdNiRgvgKaPXA
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-g4tTmF98yTzNEhtG2u3yZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| argeredru.info/popunder.gif | 104.21.88.203 | 200 OK | 4.2 kB |
URL GET HTTP/3argeredru.info/popunder.gif IP104.21.88.203:443
CertificateIssuerGoogle Trust Services LLC Subjectargeredru.info Fingerprint7F:EE:CE:E6:CB:C5:33:BD:30:0A:E8:A1:31:B7:E9:A1:40:CA:32:91 ValidityMon, 01 Apr 2024 07:01:54 GMT - Sun, 30 Jun 2024 07:01:53 GMT
File typeGIF image data, version 89a, 1 x 1 Hashda0a04921eb9b9ddd41db278dfb13f25 aaab261e1c70550cc67415af0de54666bd1974fe 48fe0d9ade52e3998eb516dd16e9c4e5d1c11893b982830c02d3076ffb5aa09d
GET /popunder.gif HTTP/1.1
Host: argeredru.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:35 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 10269
last-modified: Sat, 04 May 2024 14:38:26 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k3GudrWapgmY4IVlVAgDU1PbQqgcJeRoL5RSBcB35TVh7EtxN8WawjavhtAvhFe2R2U3ZZui5czChlVV1ZlyFhA5F4AJZCVRx8AEHbwIz9kHNpIwiY8MlsO6WE9iCrtV9w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36bc7cabb4f4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| slideaspen.com/sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&psid=CF-3448_0 | 172.240.127.234 | 200 OK | 7.7 kB |
URL GET HTTP/1.1slideaspen.com/sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&psid=CF-3448_0 IP172.240.127.234:443
CertificateIssuerLet's Encrypt Subjectslideaspen.com FingerprintB7:74:ED:51:55:88:04:32:92:6A:E7:94:48:04:F5:63:41:31:BC:FE ValidityMon, 29 Apr 2024 08:11:02 GMT - Sun, 28 Jul 2024 08:11:01 GMT
Hashde58afee483f01e54d25afce57929e86 ed003a63bd09083061466a35f8b2cc2a449b590f 7244a2aaf7d14f1d3b1e3e886472e1efbc4f3d12f0adc12108de7150aa237cf8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&psid=CF-3448_0 HTTP/1.1
Host: slideaspen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:35 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zsexf.com
Access-Control-Allow-Origin: https://zsexf.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22256744; expires=Sun, 05 May 2024 17:29:35 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 17:29:35 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 17:29:35 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 May 2024 17:29:35 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 May 2024 17:29:35 GMT; secure; SameSite=None
slecf348f1f4cb32736ea8b01bdf483d02ac=[5210996,5210997]; expires=Sat, 04 May 2024 17:29:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 10bd69fd3053e192b6913d75d478a2b5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js | 142.250.74.35 | 200 OK | 206 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP142.250.74.35:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeJavaScript source, ASCII text, with very long lines (631) Size206 kB (205803 bytes) Hashe2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:11 GMT
expires: Fri, 02 May 2025 01:56:11 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 228804
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzHuIsXgmVoaIVni2mumCgA7PB325blSO60tTzZ_VhenvdLeRrAaSSQKHpxKnX8ImfqdPJm | 173.194.221.84 | 302 Found | 429 B |
URL GET HTTP/3accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzHuIsXgmVoaIVni2mumCgA7PB325blSO60tTzZ_VhenvdLeRrAaSSQKHpxKnX8ImfqdPJm IP173.194.221.84:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeHTML document, ASCII text, with very long lines (406) Hash14f7644e330fc115e62a8e799740c64e 12ec11756c958b6f02327f32ec0b228ac8ad519f 4f0830d37794561899a501d4b1108ede4c2e7ea0be6a11c12fd9480899254ed3
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzHuIsXgmVoaIVni2mumCgA7PB325blSO60tTzZ_VhenvdLeRrAaSSQKHpxKnX8ImfqdPJm HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:HWTgu3cSGj5uvkUx0bWqaxa1pWdeYA:7O4SO3ypUZE8zoJn;Path=/;Expires=Mon, 04-May-2026 17:29:35 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 17:29:35 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxmpa_3Esapts5N-AZwCyuvTHW8sD4sIkX3p-bJNWlVKB14Fyk-y6pawFcmmeBzfIwhVjFwBg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S738267723%3A1714843775597934&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-YKL0-2LBCIB2GEhSMumg6g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 429
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQzE6K6KP-Nx6wxtFHCSSLvh0rDMTmTzMfwOtg32K9Om1VYZuQF4ZRHJeg6n9VdNiRgvgKaPXA | 173.194.221.84 | 302 Found | 426 B |
URL GET HTTP/3accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQzE6K6KP-Nx6wxtFHCSSLvh0rDMTmTzMfwOtg32K9Om1VYZuQF4ZRHJeg6n9VdNiRgvgKaPXA IP173.194.221.84:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeHTML document, ASCII text, with very long lines (404) Hash1fd79cf9c03d55b1e70346afce2f6ee3 205c6ee9684f214f4a0d7e665bd0a35d3fbb5ab6 7b1d5bc1cdb1bf6bdc61966b58a073dca26cee439234328f12c2cd4adc0227a1
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQzE6K6KP-Nx6wxtFHCSSLvh0rDMTmTzMfwOtg32K9Om1VYZuQF4ZRHJeg6n9VdNiRgvgKaPXA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:uqvs7RUBrndseoZ2HltiPJCZ3XSUzw:l-g-J2jl2pWOK0O7;Path=/;Expires=Mon, 04-May-2026 17:29:35 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 17:29:35 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyx6pUrhIA_3aswSwqWmgxMproSc1G2SAPf2IdeXWeceG11uCc0pO08fODPcc6a7oxfzK9N4w&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1761468548%3A1714843775605754&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-_qYAClpV3c9U0joXqkcIDQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 426
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| slideaspen.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReuzi%2B%2FkwdZ2ZsIc1BQWCfd05OeiXsIZrORYNysG0VBcamuqp6Uqe5qqrqmJ0EwGFj2OHjxItL5JtmwuvjnKrgrkwUPASHjKQdz9CiCsGeZ2eDgg6r3vve9gu%2B9V3f23TlpwNGz5bf0jlSKzs3X%2FdrL7wfB1dqazFyv1mtHt6Pm1ZrpvrYQ1f1Xam8ItqXnGn7g%2B4Ef1FakEYnuzY1JyPzBQlBf8OvNRj2Yb6Jn%2Fout82CpB949J89B8tHsY%2B8yJBsiS79fFnar0PmV66lTtNAGXX70braV6TJDOg0T4yHJji6qoe3pykPo7HAiF7r7b2EsR8T75SHi7OhCJOLuwURnrCAyxPwZlN0hhBpC0iGY3oPkpwRgHDfWkaX3bmhT0u2nLB2zIzL75G%2FIckRmf7%2BMLP12SclebUMrV0idWfSSCrI3hOwMkbtjFDszkOUxWPEZJP%2BVzD1ZQ5YerFulIXk16V3KIWQyhBJ9UOvBjY%2F04BIPLveQ8rMaC4Kg5XNG%2FfYCYyFviTjifkBbSUADP2rDsbG8Poq8D6b6YGYXudnFluzDuJ9hNytY7sEWI%2BK9vYsur1AKgtISlJSglARlQVB2q0OubMNW97iyLg4ufOPCh9VAF519eqiLjsgIqOnD8Go%2FPyeXxvPxNr7cxJY4qyVhs50ESZPFYaMVRoK2Yz%2BIedJsh9xvUAYr719beTVsNtu3fUg7M%2Bl9R45I%2FaUXkcsRmf3qDmJ6DKuOweQlUPcCaFmBblbYyb5zeSKVsM4oW2c6BdcV8uL%2FKLa9fXVOnp9sa32vgGAn5MLATIXcVPhYPiboqLuDW7okB7d0ackP63khU7lDx5vcKGghvK%2FfFNulNnx12fbvv87GxDh88I6wxRrNuMw6lnyzJDkXZkUbJshPq%2FY9Ed90dnPJmczlazevraymuRHWSp0NQeXp9S%2FA5Ig8%2B%2BjDyRe98sEfkGYI4yqkbqpU6mOwfBc2n%2BasJjBqiuPcQ%2BmqgWnE06SSBEpMMY0rWHGyePbjR%2FOLn%2FyJWJw8%2BuspNzB0%2FJrKat%2FeRcfMgBZ7yNIKXVOhqypQ1Yd1%2FxsUuTlZ%2FC2cGGI1M4iVmTmIlVGfT4Y8vhysPKu1wtCn0cJ80GpR0YqbjXYSBZzSRjNqRBENUdhREuWf%2FgMAAP%2F%2FAQAA%2F%2F%2BhYsDrfAQAAA%3D%3D | 172.240.127.234 | 200 OK | 7 B |
URL GET HTTP/1.1slideaspen.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReuzi%2B%2FkwdZ2ZsIc1BQWCfd05OeiXsIZrORYNysG0VBcamuqp6Uqe5qqrqmJ0EwGFj2OHjxItL5JtmwuvjnKrgrkwUPASHjKQdz9CiCsGeZ2eDgg6r3vve9gu%2B9V3f23TlpwNGz5bf0jlSKzs3X%2FdrL7wfB1dqazFyv1mtHt6Pm1ZrpvrYQ1f1Xam8ItqXnGn7g%2B4Ef1FakEYnuzY1JyPzBQlBf8OvNRj2Yb6Jn%2Fout82CpB949J89B8tHsY%2B8yJBsiS79fFnar0PmV66lTtNAGXX70braV6TJDOg0T4yHJji6qoe3pykPo7HAiF7r7b2EsR8T75SHi7OhCJOLuwURnrCAyxPwZlN0hhBpC0iGY3oPkpwRgHDfWkaX3bmhT0u2nLB2zIzL75G%2FIckRmf7%2BMLP12SclebUMrV0idWfSSCrI3hOwMkbtjFDszkOUxWPEZJP%2BVzD1ZQ5YerFulIXk16V3KIWQyhBJ9UOvBjY%2F04BIPLveQ8rMaC4Kg5XNG%2FfYCYyFviTjifkBbSUADP2rDsbG8Poq8D6b6YGYXudnFluzDuJ9hNytY7sEWI%2BK9vYsur1AKgtISlJSglARlQVB2q0OubMNW97iyLg4ufOPCh9VAF519eqiLjsgIqOnD8Go%2FPyeXxvPxNr7cxJY4qyVhs50ESZPFYaMVRoK2Yz%2BIedJsh9xvUAYr719beTVsNtu3fUg7M%2Bl9R45I%2FaUXkcsRmf3qDmJ6DKuOweQlUPcCaFmBblbYyb5zeSKVsM4oW2c6BdcV8uL%2FKLa9fXVOnp9sa32vgGAn5MLATIXcVPhYPiboqLuDW7okB7d0ackP63khU7lDx5vcKGghvK%2FfFNulNnx12fbvv87GxDh88I6wxRrNuMw6lnyzJDkXZkUbJshPq%2FY9Ed90dnPJmczlazevraymuRHWSp0NQeXp9S%2FA5Ig8%2B%2BjDyRe98sEfkGYI4yqkbqpU6mOwfBc2n%2BasJjBqiuPcQ%2BmqgWnE06SSBEpMMY0rWHGyePbjR%2FOLn%2FyJWJw8%2BuspNzB0%2FJrKat%2FeRcfMgBZ7yNIKXVOhqypQ1Yd1%2FxsUuTlZ%2FC2cGGI1M4iVmTmIlVGfT4Y8vhysPKu1wtCn0cJ80GpR0YqbjXYSBZzSRjNqRBENUdhREuWf%2FgMAAP%2F%2FAQAA%2F%2F%2BhYsDrfAQAAA%3D%3D IP172.240.127.234:443
CertificateIssuerLet's Encrypt Subjectslideaspen.com FingerprintB7:74:ED:51:55:88:04:32:92:6A:E7:94:48:04:F5:63:41:31:BC:FE ValidityMon, 29 Apr 2024 08:11:02 GMT - Sun, 28 Jul 2024 08:11:01 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReuzi%2B%2FkwdZ2ZsIc1BQWCfd05OeiXsIZrORYNysG0VBcamuqp6Uqe5qqrqmJ0EwGFj2OHjxItL5JtmwuvjnKrgrkwUPASHjKQdz9CiCsGeZ2eDgg6r3vve9gu%2B9V3f23TlpwNGz5bf0jlSKzs3X%2FdrL7wfB1dqazFyv1mtHt6Pm1ZrpvrYQ1f1Xam8ItqXnGn7g%2B4Ef1FakEYnuzY1JyPzBQlBf8OvNRj2Yb6Jn%2Fout82CpB949J89B8tHsY%2B8yJBsiS79fFnar0PmV66lTtNAGXX70braV6TJDOg0T4yHJji6qoe3pykPo7HAiF7r7b2EsR8T75SHi7OhCJOLuwURnrCAyxPwZlN0hhBpC0iGY3oPkpwRgHDfWkaX3bmhT0u2nLB2zIzL75G%2FIckRmf7%2BMLP12SclebUMrV0idWfSSCrI3hOwMkbtjFDszkOUxWPEZJP%2BVzD1ZQ5YerFulIXk16V3KIWQyhBJ9UOvBjY%2F04BIPLveQ8rMaC4Kg5XNG%2FfYCYyFviTjifkBbSUADP2rDsbG8Poq8D6b6YGYXudnFluzDuJ9hNytY7sEWI%2BK9vYsur1AKgtISlJSglARlQVB2q0OubMNW97iyLg4ufOPCh9VAF519eqiLjsgIqOnD8Go%2FPyeXxvPxNr7cxJY4qyVhs50ESZPFYaMVRoK2Yz%2BIedJsh9xvUAYr719beTVsNtu3fUg7M%2Bl9R45I%2FaUXkcsRmf3qDmJ6DKuOweQlUPcCaFmBblbYyb5zeSKVsM4oW2c6BdcV8uL%2FKLa9fXVOnp9sa32vgGAn5MLATIXcVPhYPiboqLuDW7okB7d0ackP63khU7lDx5vcKGghvK%2FfFNulNnx12fbvv87GxDh88I6wxRrNuMw6lnyzJDkXZkUbJshPq%2FY9Ed90dnPJmczlazevraymuRHWSp0NQeXp9S%2FA5Ig8%2B%2BjDyRe98sEfkGYI4yqkbqpU6mOwfBc2n%2BasJjBqiuPcQ%2BmqgWnE06SSBEpMMY0rWHGyePbjR%2FOLn%2FyJWJw8%2BuspNzB0%2FJrKat%2FeRcfMgBZ7yNIKXVOhqypQ1Yd1%2FxsUuTlZ%2FC2cGGI1M4iVmTmIlVGfT4Y8vhysPKu1wtCn0cJ80GpR0YqbjXYSBZzSRjNqRBENUdhREuWf%2FgMAAP%2F%2FAQAA%2F%2F%2BhYsDrfAQAAA%3D%3D HTTP/1.1
Host: slideaspen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210996,5210997]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:35 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 44965fe65b6f38cfbdf9bb68d6f902b5
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/confetti.gif | 188.114.96.1 | 200 OK | 206 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/confetti.gif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeGIF image data, version 89a, 480 x 360 Size206 kB (206291 bytes) Hash0b33face774f2203446507ce5f075538 1dd3522529bce7739df0687f47f5bc84356698a0 ac345899461d5634d25c47281b10e3c1886abb33019e2ce8140573a79e9f52f2
GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/confetti.gif HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:36 GMT
content-type: image/gif
content-length: 206291
last-modified: Fri, 02 Feb 2024 15:33:57 GMT
etag: "65bd0b65-325d3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 193350
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gupirB7FQY8PrRHmO1gQRSgTLXTOP8hHbQhmChTBPbA8%2FkC832eiH2Xt%2BtVcFG9Cma32rF%2FIdLBEXI6uUP7%2B4PuYM3XWjNgY%2BJZCal2oAJqc92MgMbnhQNNlpHFVHKZsN3Xf9om1Ch%2FV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36c10c5db51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyx6pUrhIA_3aswSwqWmgxMproSc1G2SAPf2IdeXWeceG11uCc0pO08fODPcc6a7oxfzK9N4w&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1761468548%3A1714843775605754&theme=mn&ddm=0 | 173.194.221.84 | 403 Forbidden | 807 B |
URL GET HTTP/3accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyx6pUrhIA_3aswSwqWmgxMproSc1G2SAPf2IdeXWeceG11uCc0pO08fODPcc6a7oxfzK9N4w&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1761468548%3A1714843775605754&theme=mn&ddm=0 IP173.194.221.84:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators Hashe6c623598feb0b7b3674a4a6c414c824 6e68fd581d5d330d62b2fe2611f5ed9136c829f7 869ad1f3a79f4c0e043bcb3f2c0ca10f2d47213c5fcb2b09d8a653fc94edb0db
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyx6pUrhIA_3aswSwqWmgxMproSc1G2SAPf2IdeXWeceG11uCc0pO08fODPcc6a7oxfzK9N4w&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1761468548%3A1714843775605754&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 17:29:35 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-rCbJizLKI-J7nKp0VDFNLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| slideaspen.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=452 | 172.240.127.234 | 200 OK | 0 B |
URL GET HTTP/1.1slideaspen.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=452 IP172.240.127.234:443
CertificateIssuerLet's Encrypt Subjectslideaspen.com FingerprintB7:74:ED:51:55:88:04:32:92:6A:E7:94:48:04:F5:63:41:31:BC:FE ValidityMon, 29 Apr 2024 08:11:02 GMT - Sun, 28 Jul 2024 08:11:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=452 HTTP/1.1
Host: slideaspen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210996,5210997]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| slideaspen.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fjs%2Fscript.js&l=1974&fd=447 | 172.240.127.234 | 200 OK | 0 B |
URL GET HTTP/1.1slideaspen.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fjs%2Fscript.js&l=1974&fd=447 IP172.240.127.234:443
CertificateIssuerLet's Encrypt Subjectslideaspen.com FingerprintB7:74:ED:51:55:88:04:32:92:6A:E7:94:48:04:F5:63:41:31:BC:FE ValidityMon, 29 Apr 2024 08:11:02 GMT - Sun, 28 Jul 2024 08:11:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fjs%2Fscript.js&l=1974&fd=447 HTTP/1.1
Host: slideaspen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210996,5210997]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxmpa_3Esapts5N-AZwCyuvTHW8sD4sIkX3p-bJNWlVKB14Fyk-y6pawFcmmeBzfIwhVjFwBg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S738267723%3A1714843775597934&theme=mn&ddm=0 | 173.194.221.84 | 403 Forbidden | 5.7 kB |
URL GET HTTP/3accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxmpa_3Esapts5N-AZwCyuvTHW8sD4sIkX3p-bJNWlVKB14Fyk-y6pawFcmmeBzfIwhVjFwBg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S738267723%3A1714843775597934&theme=mn&ddm=0 IP173.194.221.84:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typegzip compressed data, max compression Hash6ccd067c23d65693de65bde87c45b5b3 a4acf2baf45797602f4ad5c19b9e880606939970 aa88d3b79fbf99be0ce885c729be4f4346d0304d8ba05d1e4d987a96b2df6da5
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxmpa_3Esapts5N-AZwCyuvTHW8sD4sIkX3p-bJNWlVKB14Fyk-y6pawFcmmeBzfIwhVjFwBg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S738267723%3A1714843775597934&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 17:29:35 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-n8Q-OEI97ntCaSBkq0Jp7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | 216.58.207.226 | 200 OK | 0 B |
URL HEAD HTTP/2pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP216.58.207.226:443
CertificateIssuerGoogle Trust Services LLC Subject*.g.doubleclick.net Fingerprint09:C3:90:43:D3:09:4E:26:62:79:17:6F:1D:33:E5:FA:DF:77:3E:7B ValidityTue, 16 Apr 2024 03:18:52 GMT - Tue, 09 Jul 2024 03:18:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Sat, 04 May 2024 17:29:36 GMT
expires: Sat, 04 May 2024 17:29:36 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 8587412660554099581
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51525
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 28859
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/3fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 228876
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| slideaspen.com/8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js | 172.240.108.68 | 200 OK | 30 kB |
URL GET HTTP/1.1slideaspen.com/8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js IP172.240.108.68:443
CertificateIssuerLet's Encrypt Subjectslideaspen.com FingerprintB7:74:ED:51:55:88:04:32:92:6A:E7:94:48:04:F5:63:41:31:BC:FE ValidityMon, 29 Apr 2024 08:11:02 GMT - Sun, 28 Jul 2024 08:11:01 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashaf3897daa65221aa5e312d32a79d3a03 d81ecfd18d68e498d198cf499aca3bf105964fc1 5a2123a0931638467830b4a5cb01d4fea7dd1c0c8c90dc265f53d4e8cea17293
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js HTTP/1.1
Host: slideaspen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210996,5210997]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e344bf4e950f3b9241779120f383923a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| slideaspen.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2hc1Re%2BL7%2F8Vi6k0p0Is1BQqJP35n%2FsotimkWBsaqMoKJb7702uue%2Fdx73vzpsEwWCgdDm4cSPy8k3SUC3%2B2Qq2Mim4CAgZV1mYpUsRhK5lpsHBA%2Fee853vXPjOOffOnj8jNXh6uvSW2VZa04VmNay8%2FH4UXa6sqtT3K%2F1O63arcblie68ttqrhK5U3JN80C7UwCsMojCrLysrY9BcmJFT2YDGqLobVRq0aNRvo2%2F9i5wM4GkD0zshzUGI8%2Fzi4CMVHSJPvl6TbzE126XriNc2NRU8cvptupqZIkczC2AaI08Pzahh3svwQJj2YyoXp%2FVvI1JgEvzwESw%2FPRYL19qc6mYZMwcQzKHojSD2CoiNwswslTgjABW6sIU3u3TC2oFtPWTphx2T%2Byd9QxZjM%2F34RafLtVa36lXWjfa5M6tCPS6j%2BCKo7QuaPkG%2FPQRVH4PlnUOJXsvBkFWmyv%2Ba0gRLltHelRlDxCFoOQF0APzkqgI8D%2BCxAIk4rPIqidig4DTuLnNdFW7KWCCPajiMaha0OPJ%2FIGyDPBuB6AG53kNkdbKoBrP8ZbqOEEwFcPibB2zvoiRKFJCgcQUEJCkVQ5ARFrzwQ2tVceU9o51l07mvnvl4OTd7dowcm78qUgNoBrCj3sjNyYTKfYP3LDWzK00pcb3TiKG5wVq%2B16y1JOyyMmIgbnboIa5TDqfvXll%2BtNxqd2yGUm5v2vq3GpPrSi8jUmMx%2FdQeMHsHpI3B1AdS%2FAFqUoBslttPvfBYrLZ232lW5SSBMiSz%2FP%2FKtYE%2Bfkeen21rbzSH5MTk3cFsisyU%2BVo8Juvru8JYpyP4tUzjyw1qWq0Rt08km13Oay%2BDrN%2BVWYaxYWXKD%2B6%2FzCTEJH7wjXb5KU6HSriPfXFVCSLtsLJfkpxX3nmQ3vdu46m3qs9Wb15ZXksxK55RJR6Dq5PoX4GpMnn304fSLXvrgDyg7gvUlEj9TqswReLYDl81yzhBYPcMsC1D4cmhrbJbUikDLGaashJPHV05%2F%2FKh55ZM%2FweTxo7%2BeckNLJ6%2BpKvfcXXTtHGi%2BizQp0bMleroE1QM4%2F79hntnjK7%2FVpwam54ZM27l9pq3%2BfDrkyeXh1GmlHoo2k7FsM9loNmLJBWs2Wchjzuqi0%2BHI3ThuZZ%2F%2BAwAA%2F%2F8BAAD%2F%2FyG2FQN8BAAA | 172.240.127.234 | 200 OK | 7 B |
URL GET HTTP/1.1slideaspen.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2hc1Re%2BL7%2F8Vi6k0p0Is1BQqJP35n%2FsotimkWBsaqMoKJb7702uue%2Fdx73vzpsEwWCgdDm4cSPy8k3SUC3%2B2Qq2Mim4CAgZV1mYpUsRhK5lpsHBA%2Fee853vXPjOOffOnj8jNXh6uvSW2VZa04VmNay8%2FH4UXa6sqtT3K%2F1O63arcblie68ttqrhK5U3JN80C7UwCsMojCrLysrY9BcmJFT2YDGqLobVRq0aNRvo2%2F9i5wM4GkD0zshzUGI8%2Fzi4CMVHSJPvl6TbzE126XriNc2NRU8cvptupqZIkczC2AaI08Pzahh3svwQJj2YyoXp%2FVvI1JgEvzwESw%2FPRYL19qc6mYZMwcQzKHojSD2CoiNwswslTgjABW6sIU3u3TC2oFtPWTphx2T%2Byd9QxZjM%2F34RafLtVa36lXWjfa5M6tCPS6j%2BCKo7QuaPkG%2FPQRVH4PlnUOJXsvBkFWmyv%2Ba0gRLltHelRlDxCFoOQF0APzkqgI8D%2BCxAIk4rPIqidig4DTuLnNdFW7KWCCPajiMaha0OPJ%2FIGyDPBuB6AG53kNkdbKoBrP8ZbqOEEwFcPibB2zvoiRKFJCgcQUEJCkVQ5ARFrzwQ2tVceU9o51l07mvnvl4OTd7dowcm78qUgNoBrCj3sjNyYTKfYP3LDWzK00pcb3TiKG5wVq%2B16y1JOyyMmIgbnboIa5TDqfvXll%2BtNxqd2yGUm5v2vq3GpPrSi8jUmMx%2FdQeMHsHpI3B1AdS%2FAFqUoBslttPvfBYrLZ232lW5SSBMiSz%2FP%2FKtYE%2Bfkeen21rbzSH5MTk3cFsisyU%2BVo8Juvru8JYpyP4tUzjyw1qWq0Rt08km13Oay%2BDrN%2BVWYaxYWXKD%2B6%2FzCTEJH7wjXb5KU6HSriPfXFVCSLtsLJfkpxX3nmQ3vdu46m3qs9Wb15ZXksxK55RJR6Dq5PoX4GpMnn304fSLXvrgDyg7gvUlEj9TqswReLYDl81yzhBYPcMsC1D4cmhrbJbUikDLGaashJPHV05%2F%2FKh55ZM%2FweTxo7%2BeckNLJ6%2BpKvfcXXTtHGi%2BizQp0bMleroE1QM4%2F79hntnjK7%2FVpwam54ZM27l9pq3%2BfDrkyeXh1GmlHoo2k7FsM9loNmLJBWs2Wchjzuqi0%2BHI3ThuZZ%2F%2BAwAA%2F%2F8BAAD%2F%2FyG2FQN8BAAA IP172.240.127.234:443
CertificateIssuerLet's Encrypt Subjectslideaspen.com FingerprintB7:74:ED:51:55:88:04:32:92:6A:E7:94:48:04:F5:63:41:31:BC:FE ValidityMon, 29 Apr 2024 08:11:02 GMT - Sun, 28 Jul 2024 08:11:01 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST2hc1Re%2BL7%2F8Vi6k0p0Is1BQqJP35n%2FsotimkWBsaqMoKJb7702uue%2Fdx73vzpsEwWCgdDm4cSPy8k3SUC3%2B2Qq2Mim4CAgZV1mYpUsRhK5lpsHBA%2Fee853vXPjOOffOnj8jNXh6uvSW2VZa04VmNay8%2FH4UXa6sqtT3K%2F1O63arcblie68ttqrhK5U3JN80C7UwCsMojCrLysrY9BcmJFT2YDGqLobVRq0aNRvo2%2F9i5wM4GkD0zshzUGI8%2Fzi4CMVHSJPvl6TbzE126XriNc2NRU8cvptupqZIkczC2AaI08Pzahh3svwQJj2YyoXp%2FVvI1JgEvzwESw%2FPRYL19qc6mYZMwcQzKHojSD2CoiNwswslTgjABW6sIU3u3TC2oFtPWTphx2T%2Byd9QxZjM%2F34RafLtVa36lXWjfa5M6tCPS6j%2BCKo7QuaPkG%2FPQRVH4PlnUOJXsvBkFWmyv%2Ba0gRLltHelRlDxCFoOQF0APzkqgI8D%2BCxAIk4rPIqidig4DTuLnNdFW7KWCCPajiMaha0OPJ%2FIGyDPBuB6AG53kNkdbKoBrP8ZbqOEEwFcPibB2zvoiRKFJCgcQUEJCkVQ5ARFrzwQ2tVceU9o51l07mvnvl4OTd7dowcm78qUgNoBrCj3sjNyYTKfYP3LDWzK00pcb3TiKG5wVq%2B16y1JOyyMmIgbnboIa5TDqfvXll%2BtNxqd2yGUm5v2vq3GpPrSi8jUmMx%2FdQeMHsHpI3B1AdS%2FAFqUoBslttPvfBYrLZ232lW5SSBMiSz%2FP%2FKtYE%2Bfkeen21rbzSH5MTk3cFsisyU%2BVo8Juvru8JYpyP4tUzjyw1qWq0Rt08km13Oay%2BDrN%2BVWYaxYWXKD%2B6%2FzCTEJH7wjXb5KU6HSriPfXFVCSLtsLJfkpxX3nmQ3vdu46m3qs9Wb15ZXksxK55RJR6Dq5PoX4GpMnn304fSLXvrgDyg7gvUlEj9TqswReLYDl81yzhBYPcMsC1D4cmhrbJbUikDLGaashJPHV05%2F%2FKh55ZM%2FweTxo7%2BeckNLJ6%2BpKvfcXXTtHGi%2BizQp0bMleroE1QM4%2F79hntnjK7%2FVpwam54ZM27l9pq3%2BfDrkyeXh1GmlHoo2k7FsM9loNmLJBWs2Wchjzuqi0%2BHI3ThuZZ%2F%2BAwAA%2F%2F8BAAD%2F%2FyG2FQN8BAAA HTTP/1.1
Host: slideaspen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210996,5210997]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cd3d60523d41028367ff705f7f4cb2be
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/close.svg | 188.114.96.1 | 200 OK | 575 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/close.svg IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeSVG Scalable Vector Graphics image Hashb3011bde2653e373d1150594a8bbd06d e47948cdb4d6ecf6257106805e690e3bf0211317 6499ec40e3f2ac55bf1b5c9a2dbbc212adb74114645bccac0373074f98ef8a01
GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:36 GMT
content-type: image/svg+xml
last-modified: Fri, 02 Feb 2024 15:33:55 GMT
etag: W/"65bd0b63-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 193350
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OiSD21AGLiSdNyOVzJRU%2FWAnyO4U4mRMXfNd95Ff05X396L9yd%2FRIMbpl8uervY2P1XW7UTkmAjfzZZiPxVpJWwxiygOlM6TIfauACyFaG4og%2BmGFplcta627N0I%2BpUALuUbMaq8Vm2I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36c10c56b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| unseenreport.com/pxf.gif?uuid=63d5395a-2b3c-408a-9aae-8a1b1fb623aa&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17 | 192.243.59.13 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=63d5395a-2b3c-408a-9aae-8a1b1fb623aa&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=63d5395a-2b3c-408a-9aae-8a1b1fb623aa&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 17:29:37 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1fa1df412b3580f2e4ff94c521d222e9
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| live.demand.supply/up.js | 104.17.38.115 | 200 OK | 5.5 kB |
IP104.17.38.115:443
CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (5703), with no line terminators Hash45050d5dc9d131fc2638587091a7ef65 166051eb127dfb810a7d09feb5ba2df4a01613bc f4925789f31061c3496ec4c7acfc79ed2d6a8f6a1513bdfb4215b83b27794d58
GET /up.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:34 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 87ea36b4b83eb50b-OSL
cf-cache-status: HIT
age: 337
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
etag: W/"dbfb28e408f563c47c5a6f819ef24bd8-ssl-df"
link: <https://live.demand.supply/impl.v17.32.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v17-24-0/enNleGYuY29tLw==>; rel=preload; as=script
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cache-status: "Netlify Edge"; fwd=miss
cf-bgj: minify
cf-polished: origSize=5343
timing-allow-origin: *
x-nf-request-id: 01HWR9N3F30KS67B771J5SPTEE
set-cookie: __cf_bm=jPWiM6lSHAWET_5riH2KGSUgPlJGEjI9C3PR2GH3uZ4-1714843774-1.0.1.1-sQyK7p.mulD4hDgCIjbHGhZeK0KLBZztxqQfn2dyXj52MvZTCnY_gsVbAWQgQIk3xj6rU6HFu01UPOgPbmjhOA; path=/; expires=Sat, 04-May-24 17:59:34 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| live.demand.supply/ds.2.html | 104.17.38.115 | 200 OK | 413 B |
URL GET HTTP/3live.demand.supply/ds.2.html IP104.17.38.115:443
CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (430), with no line terminators Hash68dce237203af5e16657b39e1f2e7b46 8084ece9e2500c1a0731aaf8f33290744b174b9c 8534d0076676e85517a298ded722e84bb64abf655fbc565588f76a7e26ad4680
GET /ds.2.html HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:34 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
cache-status: "Netlify Edge"; hit
strict-transport-security: max-age=31536000
timing-allow-origin: *
x-nf-request-id: 01HWN6NJYJEW7AMPRG1K1C5P4B
cf-cache-status: HIT
age: 341173
set-cookie: __cf_bm=fwv0sbqbWTae3bMUHPDXC0iOeghNANXI8db5iGGB1FQ-1714843774-1.0.1.1-UHckVVumz9d1og.roCoSdyfNiQTe5tYpVunhVCfORj23e7T8wyB7vmn5GjhynHwaSoFJuhHpoIV70hsXLoo_9g; path=/; expires=Sat, 04-May-24 17:59:34 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36b7ba5856cc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| zsexf.com/VWSh?token=eyJpdiI6IjBXaFlHTHUzUk5mVElONjBwcHIzTHc9PSIsInZhbHVlIjoiS09MVHJURmY5enpWRU1sTzVha1NhZz09IiwibWFjIjoiOWQ1N2Y0ZDRmOTgxYTg3ZGZmZDYwNzQwZTM3YTIyOTRkNmNlYjhjZjc3M2NkNDEwM2Q0Y2I4MGRlYmU4YTBmZCIsInRhZyI6IiJ9 | 188.114.97.1 | 302 Found | 314 kB |
URL User Request GET HTTP/2zsexf.com/VWSh?token=eyJpdiI6IjBXaFlHTHUzUk5mVElONjBwcHIzTHc9PSIsInZhbHVlIjoiS09MVHJURmY5enpWRU1sTzVha1NhZz09IiwibWFjIjoiOWQ1N2Y0ZDRmOTgxYTg3ZGZmZDYwNzQwZTM3YTIyOTRkNmNlYjhjZjc3M2NkNDEwM2Q0Y2I4MGRlYmU4YTBmZCIsInRhZyI6IiJ9 IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
Size314 kB (313560 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VWSh?token=eyJpdiI6IjBXaFlHTHUzUk5mVElONjBwcHIzTHc9PSIsInZhbHVlIjoiS09MVHJURmY5enpWRU1sTzVha1NhZz09IiwibWFjIjoiOWQ1N2Y0ZDRmOTgxYTg3ZGZmZDYwNzQwZTM3YTIyOTRkNmNlYjhjZjc3M2NkNDEwM2Q0Y2I4MGRlYmU4YTBmZCIsInRhZyI6IiJ9 HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 04 May 2024 17:29:32 GMT
content-type: text/html; charset=UTF-8
location: https://zsexf.com/VWSh
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6InhsZlNiVWlCSWxTRXlJYmdHT1Job3c9PSIsInZhbHVlIjoiV0xyTjR4V1ZXK3MxckhoYWtSc0xpa0VZeTRFTW9JMzVpWmZGQVZES2U5TjJ3QlA2OGV5bnhabjFVOVo3Q3RzSFNlaTI5azZ5UVF3QktPQXFHdit4NTJqNmxVRThhNEFsTWtDYUU2STFhbmZHT0FWTDdhelk1M3hxUEI0VnlqbFciLCJtYWMiOiIwY2Y0ZTgzMGQ3ZWI2ZmJiODQxNzRiNzQyYjViN2JmZDFiZWRhOTQ0OTMyM2Y2OTk3MTBkMDhhNjJlNTRjNGQ0IiwidGFnIjoiIn0%3D; expires=Sat, 11-May-2024 17:29:32 GMT; Max-Age=604800; path=/; samesite=lax
upfiles_session=eyJpdiI6ImZmZFVSQzdqM21mYTJVRk5WbTMzS3c9PSIsInZhbHVlIjoiZzVVUXdkeE94Wmprb1VrcWZ5TE5JTnFGNE5LTm1VdkxOcTFMWUxJZWFkQjR1WkdoaC9JYWFGUFcvaCtSYVVFaTZVN1VlMTc2VENvU3dVcHNsdnA1U3A1Qk1KVXJ1VzJucThQY3FZRWY3Y0FwdkYxYTYyQXRCUkxya3RsNXZNbHAiLCJtYWMiOiI2Y2Q0M2JhNjE5Zjc4OGQ2ZDgwZGQ3YThmNjBlNjZhOGM5YzNmMTY3MWQ3ZDg0ZDUyOGI4MDYwNTZhYTA4N2FjIiwidGFnIjoiIn0%3D; expires=Sat, 11-May-2024 17:29:32 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u5tgnI0f3FT1b9M%2BLcuG2Ys9%2BrXJD%2ByqwJcdNJYN%2F3xVyEiDXva9rfrcGTFAc5aZLePQKxfsRMV5v1kHQQd1skK%2BmWsJB82I7NMbl1Lf8ao2aWuvQNTves7emW4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36a2bd320b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| zsexf.com/img/faqs-image.svg | 188.114.97.1 | 200 OK | 38 kB |
URL GET HTTP/3zsexf.com/img/faqs-image.svg IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typeSVG Scalable Vector Graphics image Hasha60b7216905928c625ae9592044476cd e70c5be728c7bd1198100337487aafe126834ca3 9a717285429d468fadc4d25179fc6feb49e6335f3af1675fb6be1cb50e7e8322
GET /img/faqs-image.svg HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/VWSh
Cookie: XSRF-TOKEN=eyJpdiI6Ii94RkgwcmdsajJ2SzVrMG5oaFptbHc9PSIsInZhbHVlIjoiLzhIYkgxbTlIc1lQdWlzdUozeTlzcmRjMnhTejdhWGhUeldudWs0ZWlhVFlMRTc0YUdtenhWSWpLUy9mN1lDaTZkdDFOOFdUMWxoaitMUCtMNkxsZU4yZ2ZkN1NscUVTOGllblVsSmdTREZXcFVMQjRERmFDenNPZ3lKWlRSRHYiLCJtYWMiOiIxMmVlZmMyOGFhOTA2MmU4MzU4YjgxNGMwNzE1YTdmYzNmM2YyNDRiMzJjNTJiMDZmMmEzMDdhOTUxZmVhMzk2IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IjdJaUlVUW0yM2NPMWhDMy94OGFRcmc9PSIsInZhbHVlIjoiOXp3a0pJTGlsZ0JJenlOWkVpbXBORWdqdGJNTll3M05jdDNsZWJGL0pjS011aXhCUS82aXk0WjdQbit2Vmg5aXVvUHRVVHVLQ2R6REt2azZlMmphV21STjFFSkVTLzFYQXdwMGtuOUlVN3JQTElJazA0ektzZGZPM3ZDTU5iRGoiLCJtYWMiOiI5MDU0YWQ2MWExN2Y0NzQ1NDEzNTFkZWY5YjViMGFiZWI5OWM3ZjIwZDU3OWIxZjRlZTEyMjBiNjljZTU0ZDNhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:33 GMT
content-type: image/svg+xml
last-modified: Fri, 13 Jan 2023 13:29:35 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
cf-cache-status: HIT
age: 349868
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LsGlNLGKfVHeuK%2FG%2BgY8NPkMxJpSzmJdXZj5GQcgSqXICykPIkK%2BPco8pSkmztSjkjSigQ%2Bzwocc5d4p3BcJro3fdaChQjkEgrDhK8ujX0jgZ6t0%2BHdfmvNDTFg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36b2ceb9b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pogothere.xyz/asd100.bin | 104.21.24.208 | 200 OK | 102 kB |
IP104.21.24.208:443
CertificateIssuerGoogle Trust Services LLC Subjectpogothere.xyz Fingerprint34:D3:33:F8:49:E2:1E:3E:44:A8:5D:74:68:9C:B8:A0:D5:F8:DD:0B ValidityWed, 27 Mar 2024 02:15:30 GMT - Tue, 25 Jun 2024 02:15:29 GMT
Size102 kB (102400 bytes) Hash4c6426ac7ef186464ecbb0d81cbfcb1e 5a6918eebd9d635e8f632e3ef34e3792b1b5ec13 f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:34 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://zsexf.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3987
last-modified: Sat, 04 May 2024 16:23:07 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fcGeVfR5TJuuR1aJIhnpcHr2hGtxjpEnlNARZDSnuOcUAzBWc1htB5asb5i%2F6mbfdczABzNpF%2BJMpvwWvg%2B4Ak6c%2BIEQ9hioVdq32QyVFw9Qe1k41tJ3WIZabaqbuRga"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36b73880712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| downstairsnegotiatebarren.com/sfp.js | 188.114.96.1 | 200 OK | 86 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:34 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: f5945546acb10fb411abb2023d3c9114
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 17:29:34 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zMDNAz4y1x7MtVyv%2BetYzwJ%2FPNHQINIUCSJ7vRcbECUp%2BSvqNH%2FgPoRDxFnMBy8oEE%2BXBLO8uRzxBcwnMop0%2Fp7uKg08Il0zps7hsopnAPBSBxgeocfKr1q61CxktFZSqKcizWvICVHZl8UstUGH7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36b738da7130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/animate.css | 188.114.96.1 | 200 OK | 79 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/animate.css IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash5982c5377696d20476871062646b253f 8bf2c93fa9ccc908f7df0fb7abb911bbac3e4242 4e23a6449e6ef4614f0107cecf5c9eda75d2041c7c71f4a55d45f2a7e75450f4
GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:36 GMT
content-type: text/css
last-modified: Fri, 02 Feb 2024 15:33:52 GMT
etag: W/"65bd0b60-13365"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 185424
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sDeQn%2FmzIxWhW1fBozAdfx4bnmEWj4%2FPMXnTP7JQuXP%2Fw%2BD%2FTtUHjsZwA%2FTcU5uUwRedZ9%2FP3GXe8oCPLTiWgk5Cj2nx8C1VK6ei0yrmOMfeC5xF1dF%2FQdyUOgceS3Aeqtme7Jnahevs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36c0faa256b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| slideaspen.com/pixel/sbs?c=1 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1slideaspen.com/pixel/sbs?c=1 IP172.240.108.68:443
CertificateIssuerLet's Encrypt Subjectslideaspen.com FingerprintB7:74:ED:51:55:88:04:32:92:6A:E7:94:48:04:F5:63:41:31:BC:FE ValidityMon, 29 Apr 2024 08:11:02 GMT - Sun, 28 Jul 2024 08:11:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbs?c=1 HTTP/1.1
Host: slideaspen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210996,5210997]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| pogothere.xyz/ | 104.21.24.208 | 200 OK | 27 B |
IP104.21.24.208:443
CertificateIssuerGoogle Trust Services LLC Subjectpogothere.xyz Fingerprint34:D3:33:F8:49:E2:1E:3E:44:A8:5D:74:68:9C:B8:A0:D5:F8:DD:0B ValidityWed, 27 Mar 2024 02:15:30 GMT - Tue, 25 Jun 2024 02:15:29 GMT
File typeASCII text, with no line terminators Hashf0447aba2b23c4a5b109dd3bff99c973 493347d03cd483f1446198fed7bdc138ada2ca5e 0af6f2a3bacfbc7554494ae26362d772a481523afe8106a7fdd837cd21a1d3ed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:34 GMT
content-type: text/plain
set-cookie: csu=1919537839240931@1@1714843774; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://zsexf.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HUH34XEP2q1iCnYqNvTNuES50s5gPWZfq15szeuIxzgry49EIPLjejzeN2oBjOjHyeH4pojgrIa%2BEyt28lxIHKUMT4L8HUQ0f3WUgMcTktwWfjAS81Jwz4wGBroBXGeE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36b7387d712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| zsexf.com/wp-includes/images/w-logo-blue-white-bg.png | 188.114.97.1 | 200 OK | 4.1 kB |
URL GET HTTP/3zsexf.com/wp-includes/images/w-logo-blue-white-bg.png IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typePNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced Hash000bf649cc8f6bf27cfb04d1bcdcd3c7 d73d2f6d74ec6cdcbae07955592962e77d8ae814 6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zsexf.com/VWSh
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ii94RkgwcmdsajJ2SzVrMG5oaFptbHc9PSIsInZhbHVlIjoiLzhIYkgxbTlIc1lQdWlzdUozeTlzcmRjMnhTejdhWGhUeldudWs0ZWlhVFlMRTc0YUdtenhWSWpLUy9mN1lDaTZkdDFOOFdUMWxoaitMUCtMNkxsZU4yZ2ZkN1NscUVTOGllblVsSmdTREZXcFVMQjRERmFDenNPZ3lKWlRSRHYiLCJtYWMiOiIxMmVlZmMyOGFhOTA2MmU4MzU4YjgxNGMwNzE1YTdmYzNmM2YyNDRiMzJjNTJiMDZmMmEzMDdhOTUxZmVhMzk2IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IjdJaUlVUW0yM2NPMWhDMy94OGFRcmc9PSIsInZhbHVlIjoiOXp3a0pJTGlsZ0JJenlOWkVpbXBORWdqdGJNTll3M05jdDNsZWJGL0pjS011aXhCUS82aXk0WjdQbit2Vmg5aXVvUHRVVHVLQ2R6REt2azZlMmphV21STjFFSkVTLzFYQXdwMGtuOUlVN3JQTElJazA0ektzZGZPM3ZDTU5iRGoiLCJtYWMiOiI5MDU0YWQ2MWExN2Y0NzQ1NDEzNTFkZWY5YjViMGFiZWI5OWM3ZjIwZDU3OWIxZjRlZTEyMjBiNjljZTU0ZDNhIiwidGFnIjoiIn0%3D; ab=2; sb_page_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_onpage_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_main_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_count_f348f1f4cb32736ea8b01bdf483d02ac=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=63d5395a-2b3c-408a-9aae-8a1b1fb623aa%3A2%3A1; _ga_75C4L64NEB=GS1.1.1714843774.1.0.1714843774.0.0.0; _ga=GA1.1.104188175.1714843775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:35 GMT
content-type: image/png
content-length: 4119
last-modified: Tue, 16 Nov 2021 00:04:01 GMT
etag: "1017-5d0dca9a37e40"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5785
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fp2ERQQ3tjRgzS0Dhx1kPfW8U6%2FDhXF7stB01SwOS2%2BLnxJilwKw0AGHNtgeZ1KLU4sgdQGH7FIdGpqaqmfN%2FtWb7QeSimGbvvVSAYxJuSIft4SlfzzEMHWGscg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36bd3892b529-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.106 | 200 OK | 7.0 kB |
URL GET HTTP/3fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.106:443
CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeASCII text, with very long lines (7193), with no line terminators Hash16b49a99486594c0b42d9bd7821deb2c 2fb46e5e86d6b37d4497cc04bfd89b3cb33a276a 3f3540952441e06ef81189cf63d46bac242804e386779dbb0cdd78ed10025c21
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 17:29:36 GMT
date: Sat, 04 May 2024 17:29:36 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit | 142.250.74.131 | 200 OK | 921 B |
URL GET HTTP/2www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit IP142.250.74.131:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc.google.com Fingerprint7C:B7:19:49:C1:10:A7:C1:57:8C:3C:B8:82:CC:C7:26:D1:7F:3A:39 ValidityTue, 16 Apr 2024 03:24:32 GMT - Tue, 09 Jul 2024 03:24:31 GMT
File typeJavaScript source, ASCII text, with very long lines (921), with no line terminators Hashb832740e618479615e7f4ec2d6d18e95 39e2c70fbc1164d6748e0314c36691c42245c53a 66b51ffa06c4662b57b6b492d53318ac5e672cd53f52ce08e2699325eb796414
GET /recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit HTTP/1.1
Host: www.recaptcha.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sat, 04 May 2024 17:29:34 GMT
date: Sat, 04 May 2024 17:29:34 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| zsexf.com/favicon.ico | 188.114.97.1 | 302 Found | 4.1 kB |
IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/VWSh
Cookie: XSRF-TOKEN=eyJpdiI6Ii94RkgwcmdsajJ2SzVrMG5oaFptbHc9PSIsInZhbHVlIjoiLzhIYkgxbTlIc1lQdWlzdUozeTlzcmRjMnhTejdhWGhUeldudWs0ZWlhVFlMRTc0YUdtenhWSWpLUy9mN1lDaTZkdDFOOFdUMWxoaitMUCtMNkxsZU4yZ2ZkN1NscUVTOGllblVsSmdTREZXcFVMQjRERmFDenNPZ3lKWlRSRHYiLCJtYWMiOiIxMmVlZmMyOGFhOTA2MmU4MzU4YjgxNGMwNzE1YTdmYzNmM2YyNDRiMzJjNTJiMDZmMmEzMDdhOTUxZmVhMzk2IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IjdJaUlVUW0yM2NPMWhDMy94OGFRcmc9PSIsInZhbHVlIjoiOXp3a0pJTGlsZ0JJenlOWkVpbXBORWdqdGJNTll3M05jdDNsZWJGL0pjS011aXhCUS82aXk0WjdQbit2Vmg5aXVvUHRVVHVLQ2R6REt2azZlMmphV21STjFFSkVTLzFYQXdwMGtuOUlVN3JQTElJazA0ektzZGZPM3ZDTU5iRGoiLCJtYWMiOiI5MDU0YWQ2MWExN2Y0NzQ1NDEzNTFkZWY5YjViMGFiZWI5OWM3ZjIwZDU3OWIxZjRlZTEyMjBiNjljZTU0ZDNhIiwidGFnIjoiIn0%3D; ab=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Sat, 04 May 2024 17:29:35 GMT
content-type: text/html; charset=UTF-8
location: https://zsexf.com/wp-includes/images/w-logo-blue-white-bg.png
x-powered-by: PHP/8.2.15
cf-edge-cache: cache,platform=wordpress
link: <https://zsexf.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UJr9Not92D%2BUMtsjI853NHMufiQKHI6%2Fw6al22zGQdFMk%2Fv6j4GnERKSErwd1HVmJkLujGY6lunjzetVJ4j3MYbnBUx%2BluNIi%2B6X%2F9RV21hhI1FrQ69Kd64zR9E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36b91955b529-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap | 142.250.74.106 | 200 OK | 19 kB |
URL GET HTTP/2fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap IP142.250.74.106:443
CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
Hashe9214a1167aa27518bc869450a50706d b5790e68611559bccd7a422ab3b63d4a9fa50c80 d2c53adf35264dffc9fb93e79e489fb00a10883c98108f57c0413a3c286fb4da
GET /css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 17:29:34 GMT
date: Sat, 04 May 2024 17:29:34 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15920, version 1.0 Hash3a44e06eb954b96aa043227f3534189d 23cef6993ddb2b2979e8e7647fc3763694e2ba7d b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:03:54 GMT
expires: Fri, 02 May 2025 02:03:54 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 228340
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| live.demand.supply/impl.v17.32.0.js | 104.17.38.115 | 200 OK | 91 kB |
URL GET HTTP/3live.demand.supply/impl.v17.32.0.js IP104.17.38.115:443
CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (23282) Hash3501fe52a8aeb0dc9b89aa1c12ea6e5a b6221b443437b86f096112d2ec77fab1975fd811 b77415363ffad60ce3f975e393d3ef44a47d8bddbec2f0a2f9f0e9587dd5c501
GET /impl.v17.32.0.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: __cf_bm=jPWiM6lSHAWET_5riH2KGSUgPlJGEjI9C3PR2GH3uZ4-1714843774-1.0.1.1-sQyK7p.mulD4hDgCIjbHGhZeK0KLBZztxqQfn2dyXj52MvZTCnY_gsVbAWQgQIk3xj6rU6HFu01UPOgPbmjhOA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:34 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=91396
access-control-allow-origin: *
cache-status: "Netlify Edge"; fwd=miss
etag: W/"b0ea5d9194ab3fdb131dbfcf767a3676-ssl-df"
strict-transport-security: max-age=31536000
timing-allow-origin: *
vary: Accept-Encoding
x-nf-request-id: 01HWAW44Z8KJM1G27JKQDGSW4N
cf-cache-status: HIT
age: 349923
server: cloudflare
cf-ray: 87ea36b7aa4556cc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live.demand.supply/p4/v17-24-0/enNleGYuY29tL1ZXU2g= | 104.17.38.115 | 200 OK | 156 B |
URL GET HTTP/3live.demand.supply/p4/v17-24-0/enNleGYuY29tL1ZXU2g= IP104.17.38.115:443
CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with no line terminators Hashab3db78294876480edccd2b9ffe2259b 7690642b47fcef4e5be8e8c10d83633267eb02df fb94b462f27f138f78bc2f58584c8e4377ea23828ec4bf2de9a76b624419b6d0
GET /p4/v17-24-0/enNleGYuY29tL1ZXU2g= HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: __cf_bm=jPWiM6lSHAWET_5riH2KGSUgPlJGEjI9C3PR2GH3uZ4-1714843774-1.0.1.1-sQyK7p.mulD4hDgCIjbHGhZeK0KLBZztxqQfn2dyXj52MvZTCnY_gsVbAWQgQIk3xj6rU6HFu01UPOgPbmjhOA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:34 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36b7ba5556cc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| slideaspen.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Findex.html&l=1421&fd=37 | 172.240.127.234 | 200 OK | 0 B |
URL GET HTTP/1.1slideaspen.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Findex.html&l=1421&fd=37 IP172.240.127.234:443
CertificateIssuerLet's Encrypt Subjectslideaspen.com FingerprintB7:74:ED:51:55:88:04:32:92:6A:E7:94:48:04:F5:63:41:31:BC:FE ValidityMon, 29 Apr 2024 08:11:02 GMT - Sun, 28 Jul 2024 08:11:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Findex.html&l=1421&fd=37 HTTP/1.1
Host: slideaspen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210996,5210997]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/style.css | 188.114.96.1 | 200 OK | 3.8 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/style.css IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeASCII text, with very long lines (4044), with no line terminators Hash56323b184b25c2b57812aa5b912181f9 afb759e4336deb21dfbb748697d2c822016f9a46 27a79b182eea9d8c755427f7529af66162dd9dc5c9fa7151ec99a1990bca2c97
GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:36 GMT
content-type: text/css
last-modified: Thu, 02 May 2024 09:25:09 GMT
etag: W/"66335bf5-eed"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 185424
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JSY4K12h%2BOAJfd5MWAs4QkbNDNH6ZhZka0OBYA5i%2FpiO31A7oJH5G1k0Wci8EqRnluybeBk2X1JnganqKfFCOu2FpwKkNl0l6peQyiUD0VrrXm822RXCg5vBg0tx7yFFKTNuj4Q4BQiJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36c0faba56b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/js/script.js | 188.114.96.1 | 200 OK | 2.0 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/js/script.js IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeUnicode text, UTF-8 text, with very long lines (2089), with no line terminators Hashe4c03f54a0a78634b5e2f23f1eec9018 7353e6fae5f14418a944ff8d6b6994c0932ce2f3 551e623132d553bed7d021b1cf20583cef3af7b8c34ccaf0fc54ac66ad672562
GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:36 GMT
content-type: application/javascript
last-modified: Thu, 02 May 2024 09:29:09 GMT
etag: W/"66335ce5-7bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 185424
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IA1N%2Bz%2FC7HlJfUEvjVO2Vs3lTYAgR%2BdssQ3rzFq%2BKRzccxCtMTBpW0mZJGgxTfYu2nWUnAEUrqdzFtmouj3G%2BlyWAiFQDpvBR8S9hf%2BBBXgXjK3c7V9a3yF0%2Bm4h6U3cvWPhQUBJ2hBs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36c10ad156b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| slideaspen.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fstyle.css&l=3821&fd=451 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1slideaspen.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fstyle.css&l=3821&fd=451 IP172.240.108.68:443
CertificateIssuerLet's Encrypt Subjectslideaspen.com FingerprintB7:74:ED:51:55:88:04:32:92:6A:E7:94:48:04:F5:63:41:31:BC:FE ValidityMon, 29 Apr 2024 08:11:02 GMT - Sun, 28 Jul 2024 08:11:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fstyle.css&l=3821&fd=451 HTTP/1.1
Host: slideaspen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Cookie: u_pl=22256744; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210996,5210997]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| zsexf.com/img/logo.svg | 188.114.97.1 | 200 OK | 22 kB |
IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectzsexf.com Fingerprint46:D3:31:F2:27:B9:5A:89:69:67:FF:A5:05:C2:C0:F9:17:6B:08:21 ValidityMon, 29 Apr 2024 13:39:34 GMT - Sun, 28 Jul 2024 13:39:33 GMT
File typeSVG Scalable Vector Graphics image Hash1e28749acbd90e7e99a883c1890327cd 638b4525d3f0ed776db136ca1025a8961f46c9e0 d526da1f4d4af45cefd2a0d140abec2beddc3150d13c47d3de893eaa278a369d
GET /img/logo.svg HTTP/1.1
Host: zsexf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/VWSh
Cookie: XSRF-TOKEN=eyJpdiI6Ii94RkgwcmdsajJ2SzVrMG5oaFptbHc9PSIsInZhbHVlIjoiLzhIYkgxbTlIc1lQdWlzdUozeTlzcmRjMnhTejdhWGhUeldudWs0ZWlhVFlMRTc0YUdtenhWSWpLUy9mN1lDaTZkdDFOOFdUMWxoaitMUCtMNkxsZU4yZ2ZkN1NscUVTOGllblVsSmdTREZXcFVMQjRERmFDenNPZ3lKWlRSRHYiLCJtYWMiOiIxMmVlZmMyOGFhOTA2MmU4MzU4YjgxNGMwNzE1YTdmYzNmM2YyNDRiMzJjNTJiMDZmMmEzMDdhOTUxZmVhMzk2IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IjdJaUlVUW0yM2NPMWhDMy94OGFRcmc9PSIsInZhbHVlIjoiOXp3a0pJTGlsZ0JJenlOWkVpbXBORWdqdGJNTll3M05jdDNsZWJGL0pjS011aXhCUS82aXk0WjdQbit2Vmg5aXVvUHRVVHVLQ2R6REt2azZlMmphV21STjFFSkVTLzFYQXdwMGtuOUlVN3JQTElJazA0ektzZGZPM3ZDTU5iRGoiLCJtYWMiOiI5MDU0YWQ2MWExN2Y0NzQ1NDEzNTFkZWY5YjViMGFiZWI5OWM3ZjIwZDU3OWIxZjRlZTEyMjBiNjljZTU0ZDNhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:33 GMT
content-type: image/svg+xml
last-modified: Fri, 08 Apr 2022 10:55:45 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
cf-cache-status: HIT
age: 335727
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6GYWAMGzyZThxIPZ%2B48N5ug3yKgafxT93EhDYet%2BmG3YRIjLKvcFqc9gr4HhhTPsNFtEjngSW1RqvTuEqGa%2BbAiiujG90ljXE14rZfO0mUF4rEMYSfmlQoGgbW8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36b2bea0b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdn.yourwebbars.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/index.html | 104.26.6.19 | 200 OK | 1.4 kB |
URL GET HTTP/2cdn.yourwebbars.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/index.html IP104.26.6.19:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint84:82:6E:35:03:D4:C4:FC:BA:08:CD:C8:E6:A3:97:A9:20:2F:F5:49 ValiditySun, 23 Jul 2023 00:00:00 GMT - Mon, 22 Jul 2024 23:59:59 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (1503), with no line terminators Hash5bbc7454e20606860b6ef3c9ef609e1c abeb6a396c5c197acf200e0f49e966bc68871f84 d264e4eec1faa09a8fc8058009d6a04e67132d9caaa7e7ccc0a4a327410b52df
GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zsexf.com
DNT: 1
Connection: keep-alive
Referer: https://zsexf.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:35 GMT
content-type: text/html
last-modified: Thu, 02 May 2024 09:30:16 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 94433
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2B5M7uu92uW9vbig%2BG24Tq0aiKjApTn2jPgZDfXVSl1Mn7cwsduKG7cNG5tWnOAYb%2FYC7ou3%2BwXkPFoxHn1xKVCCAHoROd0bFeB0%2B71Vy7OTxmfEHZZB1xmBPJX5ABQwnysV11s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36be1e5456bf-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/logo.svg | 188.114.96.1 | 200 OK | 3.2 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/logo.svg IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeSVG Scalable Vector Graphics image Hash910a470c87e6907732caefbe1b43f25c 709f3846db3c983a502d081a17c95404c545141c c1912c86d189996a4995f3c142f73f88150fd922a203f914e1a17992f07a2db5
GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/logo.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:36 GMT
content-type: image/svg+xml
last-modified: Thu, 02 May 2024 09:24:12 GMT
etag: W/"66335bbc-c87"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 193350
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zZDwmBCR2mPVh1eLVxN5gbYlw72geg2Scl8VNM0Y0Phiv5KaKJ604Vf0FK6mnroPOfpNVQFaf0%2B4zeykiNalahLqPBOWLjOTe4sEVPBmeGb0CP8d82%2FKmb4e7CeEAEoacGT4AcMpaeDH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36c0fc4db51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|