| | 188.114.96.1 | 200 OK | 10 kB |
URL User Request GET HTTP/3IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectefhjd.com Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT
Hash2911e88ec3d03551b51e0ffacc8971da 7d8a45ec269517ddc4ce112a5ac292e087711b3e 3af1b7bff51063e1b779e8b6ce8e92057a8a5c3fc0d746ce02554479966e2130
GET /xixmLepm HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 08 May 2024 02:01:34 GMT
content-type: text/html; charset=UTF-8
location: https://upfiles.com/xixmLepm
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IlVjd0xrWG1ReDJMTEdIdytJdEhFaWc9PSIsInZhbHVlIjoiMnVJREtLMjhKT0VkMDREaXcwWHd1OHRUTjVnSlp0T3I4VmhCMEdMV1VjQ1g0bHJidFdlTE4zNFpGTXVidFdUUllhUlhrZEF1TklhSGk4eEN4VDJsbjRLSElCYUdJQmQ0UDZVU2tPUW5vYktCYVV5c1hSaVdENE5BdXVtUXdWTzciLCJtYWMiOiJhM2M2Mjg3NGVkNDQ1ZGViZWVmOThkZWQ3M2ZlYjJlYjJhODIyZjJjMDZkNGMyZjRlNGJhZDViN2UxOGI2MTNiIiwidGFnIjoiIn0%3D; expires=Wed, 15-May-2024 02:01:34 GMT; Max-Age=604800; path=/; samesite=lax
upfiles_session=eyJpdiI6Ik12bERiNWczZDNlQi93aEV0SUxvb3c9PSIsInZhbHVlIjoicFJjYXJuOUtMcUdaeHV4T3ZPWmNScnl1d21oZWcyNGJHVXoyTnlYL2ltYy9idnA1enM0S0szVlNNZEpRcTI0M3dMVTNXNjdocjJ0NU5GMm1ia2VNeGJKWUUxdE9qTFBkRUR6aHlmZDlZSHBpbXQyUGpaZCthWTdQZzZEaUQyc2QiLCJtYWMiOiI1MzhiODBmOGJiYWRmMzk3NWJjM2MxYzc0OTFlNjY2YTRmNmE3MGEzM2NiYjY2ODIyMzIzMzY2MjMzZGRmNzAyIiwidGFnIjoiIn0%3D; expires=Wed, 15-May-2024 02:01:34 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xvUKSHLQb7xylzUYfHcgmdGJdNvj5T6Y%2FfFm8%2FhddpolFaT9VedxEJOl3FvqgYEjxcL61ZrPVADUyu17MEH5Q%2BECk864JOEC4fa4VQ4ZnBW0iF8NyeBkx%2FNAdEk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805dccf7ed2b505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| efhjd.com/ | 188.114.97.1 | | 167 B |
IP188.114.97.1:0
CertificateIssuerLet's Encrypt Subjectefhjd.com Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash0104c301c5e02bd6148b8703d19b3a73 7436e0b4b1f8c222c38069890b75fa2baf9ca620 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
GET / HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Wed, 08 May 2024 02:01:36 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 03:01:36 GMT
Location: https://efhjd.com/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BTMzCYNX6qr5srkT0eAoXNfXEhVkx%2FScBtEXKhqWgexl9RYRmHDkyRAYZ2CzqNOuD0LqeSgjZhiJMyVNY7vVvkrLO9FU39LXfce3nUfWZDdzEhq4kyarNtV1UMs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8805dce1fa04569c-OSL
alt-svc: h2=":443"; ma=60
|
|
| efhjd.com/css/frontend.css?id=2396ffb76e738e465b53 | 188.114.96.1 | 200 OK | 48 kB |
URL GET HTTP/3efhjd.com/css/frontend.css?id=2396ffb76e738e465b53 IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectefhjd.com Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT
File typeASCII text, with very long lines (59910) Hash2396ffb76e738e465b53ef186e625d72 f24009e0bc508c37bfdb8689d48687418350fcf4 91ed54900a14b458b306f4a025070148faeca034de3f9aa9a3a14a13d6c2c4ab
GET /css/frontend.css?id=2396ffb76e738e465b53 HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/xixmLepm
Cookie: XSRF-TOKEN=eyJpdiI6IjhzaUg1MUZOUmRadFlBelVFaS9kY1E9PSIsInZhbHVlIjoiSWZMVGJkWUlmeG1ZQVlxeW44RlBMUHdMRldkU3g4OVVwM2Vnbi9GU0lOZkRRalZrT0w1Y1B5Q1Z6WG96dmlybXdyMXVwbGQ2N0QzdzdZWFNhVTBhZTRUUDJHYlEzbVg4L2JYT0l0bjBRY1FCeHptQnpuUmxiaXpmQTl5VDJwWDEiLCJtYWMiOiIxMmU2MzZiYTIyOWIzN2ViNmEwZGIxNGFmZDczNDBjNzhjMDY5ZWJhZmNkMjczZmQ4ZTEwMjQ5MWNkMTk1MzM5IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IktaMWs2b2piNDhjYkRpdzNaZE5JMFE9PSIsInZhbHVlIjoidTgrYmtZZ2tCY0pITVMyYjZ1dXYwa0tDZjk3cmQvSzl6TEY3YWsxM2JXU1k3WmlIZFczSjBidVhVQ2lRb0VUZkNXVzA2TDlEVjVPZjhNRXpoam5xeWNQdS9YZE9wMlJqcE1Ya3JJSXhBbWxRWjkzNGw4TFp1U2RPVWN0eFY3OUciLCJtYWMiOiI2NjYzYTJkMThmNjg5YjM2ZWI2NTc0MWEwYmNjODFiNWUxYWU2ZTgxNTRhMjg4ZDcyZTM3ZGRhOGVlMDE2NjgxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:38 GMT
content-type: text/css
last-modified: Wed, 21 Dec 2022 18:47:00 GMT
vary: Accept-Encoding
etag: W/"63a354a4-3f918"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 1209
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fghkym%2FwsrLX%2BdOnAq%2BrWCFkFiSP7CXsy6SO8r0EfAmL6GccnSmxFlAamHpQhbm9l%2FSUJKthr5RF%2BXLIis2Vm4KWVB%2BiQ%2FJAaZsdithxF8U0dlAqX1mh6XscAKw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805dcee5f650b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 172.67.71.221 | 302 Found | 76 kB |
URL User Request GET HTTP/2IP172.67.71.221:443
CertificateIssuerGoogle Trust Services LLC Subjectupfiles.com FingerprintA1:6E:9A:DD:09:B8:21:98:B4:6B:5E:DD:B5:3B:58:87:1C:89:61:C6 ValidityFri, 26 Apr 2024 02:44:01 GMT - Thu, 25 Jul 2024 02:44:00 GMT
Hash244213fc6285bba5a6aff07752087b3e 2789adba9fb46d9cb1361dbf5534804525304e90 f5e66247d38bfe21216727afe2d86282bc85f8879063177dadf901d61899f644
GET /xixmLepm HTTP/1.1
Host: upfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 08 May 2024 02:01:35 GMT
content-type: text/html; charset=UTF-8
location: https://efhjd.com/xixmLepm?token=eyJpdiI6IlRzZnlvcHhTZEV0ay9Gb1FZeCtCM0E9PSIsInZhbHVlIjoiTUtyTU5KMEErSkVHNVNweWNGVEk2Zz09IiwibWFjIjoiOTI4MDgxODQ1NDQzYmJiY2M3ODBiN2U1NGI5YmE0NjE1ZDFjNzNlMTJiNzBmOWMxNWIwZjM3ZWZiNzU4OGVkMSIsInRhZyI6IiJ9
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6ImhUblR6WTFOV0VRRGd4MGJUQ0R5bWc9PSIsInZhbHVlIjoidWh2RlpuemlSZmFrR2FqUE1KbWZxL25Ea01XMkJuTllGcDZoeDIrNEdpeUROS3pNb0FaZklJOG5VUy90UnZtNmdRZjNUa01IbmtRZ29NbFFuM0JZeTZFcC9mbVlRa0ZtcCt5RUR0UEViemZDeDExY0FlYTZES2Zmb0xuKzltT1QiLCJtYWMiOiJkMDc4MzViYjAzZDdhMzI4OGZjZjRjNDZjMTE1ZGRlNGU5YjkxZDZiYjYyYTdhZTI5MjA2ODQwODJiYTdjMGFkIiwidGFnIjoiIn0%3D; expires=Wed, 15-May-2024 02:01:35 GMT; Max-Age=604800; path=/; samesite=lax
upfiles_session=eyJpdiI6Ik1KRGRObUVvZVpXZ21zVUpZV1g1YXc9PSIsInZhbHVlIjoiay8vMWxBZHVya24wT2t4dExiMXVXN1VLeFlpMXpZeGtkWFRUVG80ZnpTWi9zVy9yQjdxaG9WdXQzV3FUZlVNSVVnM0lmTGdtVEpyeVNkTVFQd3hJRm5kOGp3dWR3RXV1ZTBLcE85a1VCbkhra1hVbzRGaEpFejc4eS9zZ1g1ckMiLCJtYWMiOiI4ODhmNThiZjkwN2E2YmE2Njk1MjcxM2E3OTZkOTM4NzUwZDU5MTdhNTI0ZTdiYmYzNDhkMTcxZmM3MDA1OTIwIiwidGFnIjoiIn0%3D; expires=Wed, 15-May-2024 02:01:35 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KcBV%2BX9PZyNtQZnr24wA%2BPFwakhjjK8dTcJ45murco4P2II17uQ%2B1yJkZpIIpEFdo5eQwSK3XYSJODwWUKYe92wnlTLVwROVXf7JIAuyNgt2cUEBgWUCc31z3O3R"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805dcd5c92a569b-OSL
X-Firefox-Spdy: h2
|
|
| dampedvisored.com/1clkn/34742 | 23.109.170.113 | 200 OK | 26 B |
URL GET HTTP/1.1dampedvisored.com/1clkn/34742 IP23.109.170.113:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectdampedvisored.com Fingerprint49:EE:D2:FF:9B:98:5D:77:22:C4:3C:71:12:E6:8E:A0:00:64:2A:E5 ValidityTue, 16 Apr 2024 00:17:35 GMT - Mon, 15 Jul 2024 00:17:34 GMT
File typeASCII text, with no line terminators Hash9082dc37e5e8046929da411544ad071a 41e0e3963ed94e59e8a2f115994c382712411537 b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1clkn/34742 HTTP/1.1
Host: dampedvisored.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 May 2024 02:01:38 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Thu, 09-May-2024 02:01:38 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Thu, 09-May-2024 02:01:38 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| efhjd.com/img/menu.svg | 188.114.96.1 | 200 OK | 16 kB |
IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectefhjd.com Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT
File typeSVG Scalable Vector Graphics image Hashe194fab3eea9f00d5a3814c4df00ac8c 4a9760c8ec110364d025527e26730e78ae0b3ac0 3d3e6705b468cecdd78fb9a1ee6688d60e1d2c1caa0db7baa88db460315dccea
GET /img/menu.svg HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/xixmLepm
Cookie: XSRF-TOKEN=eyJpdiI6IjhzaUg1MUZOUmRadFlBelVFaS9kY1E9PSIsInZhbHVlIjoiSWZMVGJkWUlmeG1ZQVlxeW44RlBMUHdMRldkU3g4OVVwM2Vnbi9GU0lOZkRRalZrT0w1Y1B5Q1Z6WG96dmlybXdyMXVwbGQ2N0QzdzdZWFNhVTBhZTRUUDJHYlEzbVg4L2JYT0l0bjBRY1FCeHptQnpuUmxiaXpmQTl5VDJwWDEiLCJtYWMiOiIxMmU2MzZiYTIyOWIzN2ViNmEwZGIxNGFmZDczNDBjNzhjMDY5ZWJhZmNkMjczZmQ4ZTEwMjQ5MWNkMTk1MzM5IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IktaMWs2b2piNDhjYkRpdzNaZE5JMFE9PSIsInZhbHVlIjoidTgrYmtZZ2tCY0pITVMyYjZ1dXYwa0tDZjk3cmQvSzl6TEY3YWsxM2JXU1k3WmlIZFczSjBidVhVQ2lRb0VUZkNXVzA2TDlEVjVPZjhNRXpoam5xeWNQdS9YZE9wMlJqcE1Ya3JJSXhBbWxRWjkzNGw4TFp1U2RPVWN0eFY3OUciLCJtYWMiOiI2NjYzYTJkMThmNjg5YjM2ZWI2NTc0MWEwYmNjODFiNWUxYWU2ZTgxNTRhMjg4ZDcyZTM3ZGRhOGVlMDE2NjgxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:38 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Jan 2023 16:39:42 GMT
vary: Accept-Encoding
etag: W/"63d009ce-72e"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 1207
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gbeyKT5RdhUNe6Eg7iQPK46GHsYgI6ZhOq9rZrkN%2FITygrgHFTbONR65RPz%2FuJ5r0%2FyoZZBLEQeJfTNqgfW4WEFt4By%2FpTT5QXIv7QdN4Hl%2BDdPQ3dJGvmaY7Gc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805dcee5f670b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 | 142.250.74.163 | 200 OK | 47 kB |
URL GET HTTP/2fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 IP142.250.74.163:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 46704, version 1.0 Hash30a274cd01b6eeb0b082c918b0697f1e 393311bde26b99a4ad935fa55bad1dce7994388b 88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 14:44:38 GMT
expires: Fri, 02 May 2025 14:44:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 472620
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 | 142.250.74.163 | 200 OK | 47 kB |
URL GET HTTP/2fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 IP142.250.74.163:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 46704, version 1.0 Hash30a274cd01b6eeb0b082c918b0697f1e 393311bde26b99a4ad935fa55bad1dce7994388b 88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 14:44:38 GMT
expires: Fri, 02 May 2025 14:44:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 472620
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| efhjd.com/img/plane.svg | 188.114.96.1 | 200 OK | 16 kB |
IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectefhjd.com Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT
File typeSVG Scalable Vector Graphics image Hash4f25968fc51a5e49dc1ea503d5d60e38 4221937e757eb15329dbc318092c9058044c5f73 d454583aa343d4c8aa4e42c0876b20e60c20c0b89284e4ef0c662d0426c18254
GET /img/plane.svg HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/xixmLepm
Cookie: XSRF-TOKEN=eyJpdiI6IjhzaUg1MUZOUmRadFlBelVFaS9kY1E9PSIsInZhbHVlIjoiSWZMVGJkWUlmeG1ZQVlxeW44RlBMUHdMRldkU3g4OVVwM2Vnbi9GU0lOZkRRalZrT0w1Y1B5Q1Z6WG96dmlybXdyMXVwbGQ2N0QzdzdZWFNhVTBhZTRUUDJHYlEzbVg4L2JYT0l0bjBRY1FCeHptQnpuUmxiaXpmQTl5VDJwWDEiLCJtYWMiOiIxMmU2MzZiYTIyOWIzN2ViNmEwZGIxNGFmZDczNDBjNzhjMDY5ZWJhZmNkMjczZmQ4ZTEwMjQ5MWNkMTk1MzM5IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IktaMWs2b2piNDhjYkRpdzNaZE5JMFE9PSIsInZhbHVlIjoidTgrYmtZZ2tCY0pITVMyYjZ1dXYwa0tDZjk3cmQvSzl6TEY3YWsxM2JXU1k3WmlIZFczSjBidVhVQ2lRb0VUZkNXVzA2TDlEVjVPZjhNRXpoam5xeWNQdS9YZE9wMlJqcE1Ya3JJSXhBbWxRWjkzNGw4TFp1U2RPVWN0eFY3OUciLCJtYWMiOiI2NjYzYTJkMThmNjg5YjM2ZWI2NTc0MWEwYmNjODFiNWUxYWU2ZTgxNTRhMjg4ZDcyZTM3ZGRhOGVlMDE2NjgxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:38 GMT
content-type: image/svg+xml
last-modified: Fri, 13 Jan 2023 13:29:35 GMT
vary: Accept-Encoding
etag: W/"63c15cbf-2ac"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 1332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dv5LYYsDNegwh6twYm%2FM6TTYo7GMdZ1R%2FIRgC6I5Hek53A4xJso68CkiC%2F%2BfvX2LA%2BkbPGsFA9tXLfWxwtxT0iYIKiqpLaKTTZDaPhoWLwlspC6ibmzC%2BcvBl%2FE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805dcee5f6a0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live.demand.supply/e/e.js?e=ll&d=267&cs=c&dsReferer=ZWZoamQuY29tL3hpeG1MZXBt | 104.17.39.115 | 200 OK | 0 B |
URL HEAD HTTP/3live.demand.supply/e/e.js?e=ll&d=267&cs=c&dsReferer=ZWZoamQuY29tL3hpeG1MZXBt IP104.17.39.115:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /e/e.js?e=ll&d=267&cs=c&dsReferer=ZWZoamQuY29tL3hpeG1MZXBt HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:39 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
access-control-allow-origin: *
cache-status: "Netlify Edge"; hit
etag: "799cfe824336f1fce20d72fb9944d5d5-ssl"
strict-transport-security: max-age=31536000
x-nf-request-id: 01HXA01JHEASGPH8KA401K40XA
cf-cache-status: HIT
age: 32312
accept-ranges: bytes
set-cookie: __cf_bm=qydRKvGSOCCPNhSTWvxeWs8WTwttbtSCV82MAnQKYd0-1715133699-1.0.1.1-8bhb2uuuuyjNoIMnMPaiy5ROSy5NPNjiu0U6f2rrc55HEg_LMolamhkKG3Gm3mXJjk.NM7qfD6ez_53Ta6jv5Q; path=/; expires=Wed, 08-May-24 02:31:39 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcf28e4eb50b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| absentcleannewspapers.com/f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js | 172.240.127.234 | 200 OK | 16 kB |
URL GET HTTP/1.1absentcleannewspapers.com/f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js IP172.240.127.234:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectabsentcleannewspapers.com FingerprintA6:E7:75:05:4C:FA:FF:D2:F7:67:61:89:73:1B:66:32:AF:19:2F:7D ValidityTue, 26 Mar 2024 06:03:56 GMT - Mon, 24 Jun 2024 06:03:55 GMT
File typeJavaScript source, ASCII text, with very long lines (44083), with no line terminators Hash56908c56fdb0c940b7562bfe91ee5187 394f225db1da1105eee796edb8f5d72add833b10 a967b733dca7fac903b3876190b74aad5707f150e801d1ed92785e3e89a8299e
GET /f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js HTTP/1.1
Host: absentcleannewspapers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 02:01:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 906cbc1b9602895d70b8f1dc99d1fdf2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| efhjd.com/images/arrow-down.png?c98e5283a69cb508d054d30256af43c6 | 188.114.96.1 | 200 OK | 208 B |
URL GET HTTP/3efhjd.com/images/arrow-down.png?c98e5283a69cb508d054d30256af43c6 IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectefhjd.com Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT
File typePNG image data, 6 x 12, 8-bit/color RGBA, non-interlaced Hash31f073499665afb237f3294219d2d7c6 c1ada0510e31f661dab66203c15a3d6c8f5468d0 59b7ad6d6f457b624e25d22959edc7c83af2ac52edba32fd6648c97af0d1780c
GET /images/arrow-down.png?c98e5283a69cb508d054d30256af43c6 HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/css/frontend.css?id=2396ffb76e738e465b53
Cookie: XSRF-TOKEN=eyJpdiI6IjhzaUg1MUZOUmRadFlBelVFaS9kY1E9PSIsInZhbHVlIjoiSWZMVGJkWUlmeG1ZQVlxeW44RlBMUHdMRldkU3g4OVVwM2Vnbi9GU0lOZkRRalZrT0w1Y1B5Q1Z6WG96dmlybXdyMXVwbGQ2N0QzdzdZWFNhVTBhZTRUUDJHYlEzbVg4L2JYT0l0bjBRY1FCeHptQnpuUmxiaXpmQTl5VDJwWDEiLCJtYWMiOiIxMmU2MzZiYTIyOWIzN2ViNmEwZGIxNGFmZDczNDBjNzhjMDY5ZWJhZmNkMjczZmQ4ZTEwMjQ5MWNkMTk1MzM5IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IktaMWs2b2piNDhjYkRpdzNaZE5JMFE9PSIsInZhbHVlIjoidTgrYmtZZ2tCY0pITVMyYjZ1dXYwa0tDZjk3cmQvSzl6TEY3YWsxM2JXU1k3WmlIZFczSjBidVhVQ2lRb0VUZkNXVzA2TDlEVjVPZjhNRXpoam5xeWNQdS9YZE9wMlJqcE1Ya3JJSXhBbWxRWjkzNGw4TFp1U2RPVWN0eFY3OUciLCJtYWMiOiI2NjYzYTJkMThmNjg5YjM2ZWI2NTc0MWEwYmNjODFiNWUxYWU2ZTgxNTRhMjg4ZDcyZTM3ZGRhOGVlMDE2NjgxIiwidGFnIjoiIn0%3D; ab=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:39 GMT
content-type: image/png
content-length: 208
last-modified: Fri, 08 Apr 2022 10:55:45 GMT
etag: "625014b1-d0"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 5717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7eg2svndgkF4Vw6NKCHSQzguSRpRwajCuf587WTK2%2B4FWcjgbN3Dxx3ui7ARRnbwlJ2tiPCaSgWatpFd5Uvm2sLLAUPxZh1C62dK6stVm%2BqUMSBGhWfMKqkalwc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcf458a70b4d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 | 142.250.74.163 | 200 OK | 47 kB |
URL GET HTTP/2fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 IP142.250.74.163:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 46704, version 1.0 Hash30a274cd01b6eeb0b082c918b0697f1e 393311bde26b99a4ad935fa55bad1dce7994388b 88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 14:44:38 GMT
expires: Fri, 02 May 2025 14:44:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 472621
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 | 142.250.74.163 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 IP142.250.74.163:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15920, version 1.0 Hash3a44e06eb954b96aa043227f3534189d 23cef6993ddb2b2979e8e7647fc3763694e2ba7d b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:49:11 GMT
expires: Fri, 02 May 2025 01:49:11 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 519148
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash3a1e61864f6877260287982fa7e36085 6d426b2327915af4f120ff6b18ebd20ed03c2a2b 9ee2ee3f0b60937becb4aa057c348332dd277e32b268f5c0ea260c0d2a2af498
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 08 May 2024 02:01:39 GMT
Last-Modified: Wed, 08 May 2024 02:01:37 GMT
Server: ECAcc (amb/6AA6)
X-Cache: Miss from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 04CkxvfPSVs6SrYM9weoWHcJWZqPSa_T7xdnr8K503u4DhFMoOmZzg==
Age: 2
|
|
| rswhowishedto.info/NnZydmQZSREFWWwgKBcxbiARLDN4GiMaNl4UHxoqYxsoGT5dJ1QCDVJLQ0ZWB0ZHRUJGHxZLVRAFBhcQQwVPR0JfGBQZWRAAT0dKBUJcRVIYQlQDWQdQBgYFUUtDUBRCAh5LVQFHR0dXBUBLT1UDQg | 172.67.145.116 | 204 No Content | 0 B |
URL GET HTTP/2rswhowishedto.info/NnZydmQZSREFWWwgKBcxbiARLDN4GiMaNl4UHxoqYxsoGT5dJ1QCDVJLQ0ZWB0ZHRUJGHxZLVRAFBhcQQwVPR0JfGBQZWRAAT0dKBUJcRVIYQlQDWQdQBgYFUUtDUBRCAh5LVQFHR0dXBUBLT1UDQg IP172.67.145.116:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectrswhowishedto.info Fingerprint4E:37:EC:9E:24:62:7C:24:1C:D4:51:00:35:42:0A:CF:FC:62:C6:D7 ValidityMon, 01 Apr 2024 06:59:08 GMT - Sun, 30 Jun 2024 06:59:07 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NnZydmQZSREFWWwgKBcxbiARLDN4GiMaNl4UHxoqYxsoGT5dJ1QCDVJLQ0ZWB0ZHRUJGHxZLVRAFBhcQQwVPR0JfGBQZWRAAT0dKBUJcRVIYQlQDWQdQBgYFUUtDUBRCAh5LVQFHR0dXBUBLT1UDQg HTTP/1.1
Host: rswhowishedto.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Wed, 08 May 2024 02:01:39 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jjV0ZmWhj6qGDz%2FUFMmw%2BfhyVM0%2FiitIbz%2FuI5drEb%2Bc6uEKBzSCLFuT4QOs4ZG35wkDEToixJf6PbFXuezkP7fodAl0hgO5zxAqlR8ntswmZ7%2BPb%2B%2FddiX7EpOofiIwFJIEEOc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805dcf42cf8b4fa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| live.demand.supply/p4/v17-24-0/ZWZoamQuY29tL3hpeG1MZXBt | 104.17.39.115 | 200 OK | 132 B |
URL GET HTTP/3live.demand.supply/p4/v17-24-0/ZWZoamQuY29tL3hpeG1MZXBt IP104.17.39.115:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with no line terminators Hashab3db78294876480edccd2b9ffe2259b 7690642b47fcef4e5be8e8c10d83633267eb02df fb94b462f27f138f78bc2f58584c8e4377ea23828ec4bf2de9a76b624419b6d0
GET /p4/v17-24-0/ZWZoamQuY29tL3hpeG1MZXBt HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: __cf_bm=luRRC5kdO22kcQq6zgbq1IxLX_GNVOtDQoOfwtnqyRg-1715133698-1.0.1.1-AoDUuC01GYG8tX.f_EGglbTr9SPXDdu_7kYWPMB2ZiuiIWAWTO6XcVu4iYYW6IIMdtBJsnPeIoI_gXg1ukeSiw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:39 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcf27e5e56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| gdecording.info/bkZKRTkPJCkoBg97KGNMHCp3YAsoY3gDXRwjcnRVFDYzdUpZN2QmVQEzLiNLASg+a1cLMm93fyscAgdXCxN6DXEZLSwmUS8cC3VrVhAPD249HiIdbwYlBg54JAgLLQECAiIXcykvAw9vCXYBDF4BBx0iTV4NDyZuPhd+NnEoDyIEUicDAhcIGRAMHHUpBQcBbTsDKQxOCggcKQEdBwgPWDoRORR4LyEZJns/DQgtSkt0DAdOPwQLPHctBBsffCcHOQ59BhMiB284EBp2USUXDw91CBM9DG8FLiUTQyQFGXYJJwEbLnQgEwwGbxkAexBQVxQeElE2CyFocyIgGBx+Py0lCGE7HAAWbjwEGylaCw0LJlstADJgCygPIQ9hPQ57EGg4IgMkfzQHCxd4S3QMBGs3DwsSUTkIJnBpN3cYEnwFFHJjUx0pJDUEHH8GckgqBQIpDDYJ | 3.164.240.54 | 200 OK | 1.2 kB |
URL GET HTTP/2gdecording.info/bkZKRTkPJCkoBg97KGNMHCp3YAsoY3gDXRwjcnRVFDYzdUpZN2QmVQEzLiNLASg+a1cLMm93fyscAgdXCxN6DXEZLSwmUS8cC3VrVhAPD249HiIdbwYlBg54JAgLLQECAiIXcykvAw9vCXYBDF4BBx0iTV4NDyZuPhd+NnEoDyIEUicDAhcIGRAMHHUpBQcBbTsDKQxOCggcKQEdBwgPWDoRORR4LyEZJns/DQgtSkt0DAdOPwQLPHctBBsffCcHOQ59BhMiB284EBp2USUXDw91CBM9DG8FLiUTQyQFGXYJJwEbLnQgEwwGbxkAexBQVxQeElE2CyFocyIgGBx+Py0lCGE7HAAWbjwEGylaCw0LJlstADJgCygPIQ9hPQ57EGg4IgMkfzQHCxd4S3QMBGs3DwsSUTkIJnBpN3cYEnwFFHJjUx0pJDUEHH8GckgqBQIpDDYJ IP3.164.240.54:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerAmazon Subjectgdecording.info FingerprintE8:E5:B0:7B:03:CA:61:A8:E1:DE:26:D8:50:E1:18:3C:F7:70:D0:99 ValidityMon, 15 Apr 2024 00:00:00 GMT - Wed, 14 May 2025 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (3038), with no line terminators Hashe635d5b87a267bc65e761ff903a0c9a1 046706364f4ea3498a08732ae83a5e8fa1c90630 e636d324330e9b80172b1ea16c96e274f06e76945a747fb5ade5866485f58854
GET /bkZKRTkPJCkoBg97KGNMHCp3YAsoY3gDXRwjcnRVFDYzdUpZN2QmVQEzLiNLASg+a1cLMm93fyscAgdXCxN6DXEZLSwmUS8cC3VrVhAPD249HiIdbwYlBg54JAgLLQECAiIXcykvAw9vCXYBDF4BBx0iTV4NDyZuPhd+NnEoDyIEUicDAhcIGRAMHHUpBQcBbTsDKQxOCggcKQEdBwgPWDoRORR4LyEZJns/DQgtSkt0DAdOPwQLPHctBBsffCcHOQ59BhMiB284EBp2USUXDw91CBM9DG8FLiUTQyQFGXYJJwEbLnQgEwwGbxkAexBQVxQeElE2CyFocyIgGBx+Py0lCGE7HAAWbjwEGylaCw0LJlstADJgCygPIQ9hPQ57EGg4IgMkfzQHCxd4S3QMBGs3DwsSUTkIJnBpN3cYEnwFFHJjUx0pJDUEHH8GckgqBQIpDDYJ HTTP/1.1
Host: gdecording.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1190
date: Wed, 08 May 2024 02:01:39 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 a22ad523898ca1a66b4560cbe5984662.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: f_Ywli7-xszuQ8hI3KOhwo12ocri-FH8cn_xc3zI9F7q4-DtlVeNVA==
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 90 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Hash221883fdb8dc722b85d163c7d497ce78 b3f5aa6321e91ae682204e0fe3168ed106a25a18 792fd68a969de867e24a893fc2599d5fb6672ceb24cd20b58bc4ec022d042b28
GET /gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 02:01:39 GMT
expires: Wed, 08 May 2024 02:01:39 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89737
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hash5991db4ffbfc4b57b0f99a35a0e6a3d0 1b74b56ddc178de4587ef8898436cff19cc2c66b 17904ae58c5cfd605b9b96ef28a59c0b158141c0d69922267a677ff041ca24d9
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 May 2024 02:01:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hash5991db4ffbfc4b57b0f99a35a0e6a3d0 1b74b56ddc178de4587ef8898436cff19cc2c66b 17904ae58c5cfd605b9b96ef28a59c0b158141c0d69922267a677ff041ca24d9
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 May 2024 02:01:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| pogothere.xyz/ | 188.114.96.1 | 200 OK | 499 B |
IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subjectpogothere.xyz Fingerprint34:D3:33:F8:49:E2:1E:3E:44:A8:5D:74:68:9C:B8:A0:D5:F8:DD:0B ValidityWed, 27 Mar 2024 02:15:30 GMT - Tue, 25 Jun 2024 02:15:29 GMT
File typeASCII text, with no line terminators Hash66f8359d3de885f76a5bf0f9b07a541a 9ed5b765e8885e66335e5b88740483dd5865c28b f089db68d83b673d79046dd46f637956c02e57b719e01889e7ac57cee2f85653
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 02:01:39 GMT
content-type: text/plain
set-cookie: csu=100216082852772@1@1715133699; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://efhjd.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B7H8rF8b63r%2FtO5BFJWRfQ1zdcA58xfQDIORVemufA2zeD4FPtOp6ceEryIRF1qLjcxaEM5cD3F4EqmpEsl3T63cWwfAa6Gbk0ZlBRLrw3LT%2B60t7dkMU4V15PlqKLGu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805dcf3f9b70b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | 142.250.74.34 | 200 OK | 0 B |
URL HEAD HTTP/2pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP142.250.74.34:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subject*.g.doubleclick.net Fingerprint09:C3:90:43:D3:09:4E:26:62:79:17:6F:1D:33:E5:FA:DF:77:3E:7B ValidityTue, 16 Apr 2024 03:18:52 GMT - Tue, 09 Jul 2024 03:18:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Wed, 08 May 2024 02:01:39 GMT
expires: Wed, 08 May 2024 02:01:39 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 456409109393129864
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51691
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail | 74.125.131.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail IP74.125.131.84:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services Subjectaccounts.google.com Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:u9Y1RxS4r7SpF1oOlVQvStUGfpGnEQ:1xr0oQ8Q2rgI-GMS; Expires=Fri, 08-May-2026 02:01:39 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 08 May 2024 02:01:39 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwvjU0rrAp8GD6jhNZx9Ng1M91g99g72bc7GCfrIINLTb-3pLdD1IrK4PMMHNs4w3k4TeoSCw
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'nonce-NPZeMd75bxSxkpDzKeppSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube | 74.125.131.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube IP74.125.131.84:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services Subjectaccounts.google.com Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:oRnes9q-6Ly8pGKPrXDwoB5q1kc5AQ:GAVJvQjtJJZyTgCx; Expires=Fri, 08-May-2026 02:01:39 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 08 May 2024 02:01:39 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQy_5rHjojafwZkQ0yHkPyxmejiwMNtwm4fmHKX7cWcwwWVI7Ua6OZozokNoiMS0fNjdrjudYA
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-ZIvnZmTMafqeKKoe4mPnSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| pogothere.xyz/asd100.bin | 188.114.96.1 | 200 OK | 102 kB |
IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subjectpogothere.xyz Fingerprint34:D3:33:F8:49:E2:1E:3E:44:A8:5D:74:68:9C:B8:A0:D5:F8:DD:0B ValidityWed, 27 Mar 2024 02:15:30 GMT - Tue, 25 Jun 2024 02:15:29 GMT
Size102 kB (102458 bytes) Hash2e96d549342dbddc6004b6ea9e0819ab 4645c882a026a788884794cb0353cea0be82ac75 e3d71be6a7a2321afc5ec18a13286b8c2bfe6559baba29212c593da483d7c81d
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 02:01:39 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://efhjd.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1208
last-modified: Wed, 08 May 2024 01:41:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u9E7zdprebZpQ%2FNeWIWsHF17XH%2FIXD1yOV0TgTAVCzOfDywdi42qYTRZs24J2RVYsEZzTQ7rDcHiEdIlIjtYn6ZCUl9Y4TY5gJptVPZEcP3Al3C1nrO79kchoJyQCpLd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcf3e9b40b06-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hashd59e53e22f3681f080bc6a493b7508a1 50ec966f62f5efce0a5fbea8917c5c5b025eaccf cffc1da003262cd2907f76fb611cccac521441669302d10fae3aeb0c9a81c181
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 May 2024 02:01:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| dre81lzpy0s7q.cloudfront.net/EZHBneU0HHwkfchAZA0R8VEJWSXhXVhcLKAJNAh8lDhRJGiIJVg0KIgoAWgt0KEcWPQ4sHFIhAkIEHR1wVFYLGCMDTUEcIwdNVl8sABJaTWsQAAgScBQKBhs/BwQBAyNCBQZEIAsKDhUhBVVVP3hKQEJLfUwIVkhoVzJCS30IGQkMNUFCVwF1Ui9RTWhXMk-JLfRYGQkoMXUZJSWRBQlceKAcbCFx/IkJXSH1UQVdIaFZAARA/ARYIAWhWNl5PY1RWEkR8 | 54.230.241.209 | | 479 B |
URL dre81lzpy0s7q.cloudfront.net/EZHBneU0HHwkfchAZA0R8VEJWSXhXVhcLKAJNAh8lDhRJGiIJVg0KIgoAWgt0KEcWPQ4sHFIhAkIEHR1wVFYLGCMDTUEcIwdNVl8sABJaTWsQAAgScBQKBhs/BwQBAyNCBQZEIAsKDhUhBVVVP3hKQEJLfUwIVkhoVzJCS30IGQkMNUFCVwF1Ui9RTWhXMk-JLfRYGQkoMXUZJSWRBQlceKAcbCFx/IkJXSH1UQVdIaFZAARA/ARYIAWhWNl5PY1RWEkR8 IP54.230.241.209:0
File typeASCII text, with very long lines (688), with no line terminators Hash86189679fc924132ac62947ebf646222 fbbf51e6dcf0df1d5107676f8ae93700f0336c08 9a59a21dd6964981ce84db9afdc6e70ed0af4f202edeeb80909cfd4ed2d8dba0
GET /EZHBneU0HHwkfchAZA0R8VEJWSXhXVhcLKAJNAh8lDhRJGiIJVg0KIgoAWgt0KEcWPQ4sHFIhAkIEHR1wVFYLGCMDTUEcIwdNVl8sABJaTWsQAAgScBQKBhs/BwQBAyNCBQZEIAsKDhUhBVVVP3hKQEJLfUwIVkhoVzJCS30IGQkMNUFCVwF1Ui9RTWhXMk-JLfRYGQkoMXUZJSWRBQlceKAcbCFx/IkJXSH1UQVdIaFZAARA/ARYIAWhWNl5PY1RWEkR8 HTTP/1.1
Host: dre81lzpy0s7q.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gdecording.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 479
date: Wed, 08 May 2024 02:01:39 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: gX8-CsNt5ND2lyMYgUXxvV8G6McITjXwba9wI4lVj7Q4-Nd-AnvHUQ==
X-Firefox-Spdy: h2
|
|
| efhjd.com/favicon.ico | 188.114.96.1 | 302 Found | 4.1 kB |
IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectefhjd.com Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT
File typePNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced Hash000bf649cc8f6bf27cfb04d1bcdcd3c7 d73d2f6d74ec6cdcbae07955592962e77d8ae814 6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
GET /favicon.ico HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/xixmLepm
Cookie: XSRF-TOKEN=eyJpdiI6IjhzaUg1MUZOUmRadFlBelVFaS9kY1E9PSIsInZhbHVlIjoiSWZMVGJkWUlmeG1ZQVlxeW44RlBMUHdMRldkU3g4OVVwM2Vnbi9GU0lOZkRRalZrT0w1Y1B5Q1Z6WG96dmlybXdyMXVwbGQ2N0QzdzdZWFNhVTBhZTRUUDJHYlEzbVg4L2JYT0l0bjBRY1FCeHptQnpuUmxiaXpmQTl5VDJwWDEiLCJtYWMiOiIxMmU2MzZiYTIyOWIzN2ViNmEwZGIxNGFmZDczNDBjNzhjMDY5ZWJhZmNkMjczZmQ4ZTEwMjQ5MWNkMTk1MzM5IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IktaMWs2b2piNDhjYkRpdzNaZE5JMFE9PSIsInZhbHVlIjoidTgrYmtZZ2tCY0pITVMyYjZ1dXYwa0tDZjk3cmQvSzl6TEY3YWsxM2JXU1k3WmlIZFczSjBidVhVQ2lRb0VUZkNXVzA2TDlEVjVPZjhNRXpoam5xeWNQdS9YZE9wMlJqcE1Ya3JJSXhBbWxRWjkzNGw4TFp1U2RPVWN0eFY3OUciLCJtYWMiOiI2NjYzYTJkMThmNjg5YjM2ZWI2NTc0MWEwYmNjODFiNWUxYWU2ZTgxNTRhMjg4ZDcyZTM3ZGRhOGVlMDE2NjgxIiwidGFnIjoiIn0%3D; ab=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Wed, 08 May 2024 02:01:39 GMT
content-type: text/html; charset=UTF-8
location: https://efhjd.com/wp-includes/images/w-logo-blue-white-bg.png
x-powered-by: PHP/8.2.15
cf-edge-cache: cache,platform=wordpress
link: <https://efhjd.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
strict-transport-security: max-age=31536000
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3jStVRPn0TZqDJ3JT23SG6Wn0TV0pkYUqxFWM5DWL991RkOtnXh3M3xbv5W7kON1%2BMP1mhdymVurwhnCAb8I80igvN3brKft9cEsVntdAfVoDmNCgGhHy1k1vxE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcf739370b4d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwvjU0rrAp8GD6jhNZx9Ng1M91g99g72bc7GCfrIINLTb-3pLdD1IrK4PMMHNs4w3k4TeoSCw | 74.125.131.84 | 302 Found | 424 B |
URL GET HTTP/3accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwvjU0rrAp8GD6jhNZx9Ng1M91g99g72bc7GCfrIINLTb-3pLdD1IrK4PMMHNs4w3k4TeoSCw IP74.125.131.84:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services Subject*.google.com Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT
File typeHTML document, ASCII text, with very long lines (402) Hasha71d0a20c018eefcfb65c7b70011fcfb 272716c169d3b7cee8848a6643d80d026a600012 980e53b0e6805db24d00e5207ca72cd2f219ac57c263b6cff30fae37c00a5247
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwvjU0rrAp8GD6jhNZx9Ng1M91g99g72bc7GCfrIINLTb-3pLdD1IrK4PMMHNs4w3k4TeoSCw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:00HdYKrWSRdHQe5ymXoKSTXFydskiw:xKg1uQQ3pl9VtIKI;Path=/;Expires=Fri, 08-May-2026 02:01:39 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 08 May 2024 02:01:39 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwqgcICYQvRGI1Y9X4th6yKQ61LYB_tainl9MiSLYFZgLg_5ICKurNJIit9fl0eGQDMVwo6aQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-49860393%3A1715133699928881&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-Akt-_XpP5BdZniLa1AhKzg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 424
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQy_5rHjojafwZkQ0yHkPyxmejiwMNtwm4fmHKX7cWcwwWVI7Ua6OZozokNoiMS0fNjdrjudYA | 74.125.131.84 | 302 Found | 430 B |
URL GET HTTP/3accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQy_5rHjojafwZkQ0yHkPyxmejiwMNtwm4fmHKX7cWcwwWVI7Ua6OZozokNoiMS0fNjdrjudYA IP74.125.131.84:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services Subject*.google.com Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT
File typeHTML document, ASCII text, with very long lines (408) Hash038f2f053ee0603f682885ae611b48ad d31e58805aa74b0e87e8b174685f6301a4005d4d b4b1c0459dd12d749fc33a37b4dcc98c8d2a0560ea59e8b2d7f7a40036fcf4da
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQy_5rHjojafwZkQ0yHkPyxmejiwMNtwm4fmHKX7cWcwwWVI7Ua6OZozokNoiMS0fNjdrjudYA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:RgdIdWUOU3MBayHYgSbtv6OtMDlueQ:TxasVOfMdnLSQCJw;Path=/;Expires=Fri, 08-May-2026 02:01:39 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 08 May 2024 02:01:39 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzsq37UXH0Zi7zYpYvlihLmQ6HyugCU4fb_3AebI5R6rGnC6MKaeMYii0kbqtlfIRRy3BSvFg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1005997251%3A1715133699934419&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-fVPinz6wRRK9nQ_EZUqJLg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 430
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js | 142.250.74.35 | 200 OK | 204 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js IP142.250.74.35:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeJavaScript source, ASCII text, with very long lines (632) Size204 kB (204445 bytes) Hashadd520996e437bff5d081315da187fbf 2e489fe16f3712bf36df00b03a8a5af8fa8d4b42 922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4
GET /recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 204445
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 16:12:34 GMT
expires: Tue, 06 May 2025 16:12:34 GMT
cache-control: public, max-age=31536000
last-modified: Sun, 05 May 2024 20:00:16 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 121745
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| foreignassertive.com/sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&uuid=09e4972b-aaad-401c-971f-ca41c615f705%3A2%3A1 | 192.243.61.225 | 200 OK | 7.2 kB |
URL GET HTTP/1.1foreignassertive.com/sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&uuid=09e4972b-aaad-401c-971f-ca41c615f705%3A2%3A1 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectforeignassertive.com Fingerprint9A:B3:69:C5:67:69:19:46:E5:C5:C8:02:A4:05:AA:94:E8:B3:BC:21 ValidityMon, 06 May 2024 08:06:31 GMT - Sun, 04 Aug 2024 08:06:30 GMT
Hash285198317d7c254714f5b60ce3dad79d 25e15ad752b5f7851888fc08ac9ece79209c3c47 8c183a782baf10fa5117e2bd5ea22ce75919c3c83d00b801cc784be372acdf3a
GET /sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&uuid=09e4972b-aaad-401c-971f-ca41c615f705%3A2%3A1 HTTP/1.1
Host: foreignassertive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 02:01:40 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://efhjd.com
Access-Control-Allow-Origin: https://efhjd.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22256744; expires=Thu, 09 May 2024 02:01:40 GMT; secure; SameSite=None
uid_id2=09e4972b-aaad-401c-971f-ca41c615f705:2:1; expires=Wed, 15 May 2024 02:01:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 May 2024 02:01:40 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 May 2024 02:01:40 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 09 May 2024 02:01:40 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 09 May 2024 02:01:40 GMT; secure; SameSite=None
slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]; expires=Wed, 08 May 2024 02:01:45 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 448b6324e2029d5c13f7b17e563e1eda
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | 142.250.74.34 | 200 OK | 0 B |
URL HEAD HTTP/2pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP142.250.74.34:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subject*.g.doubleclick.net Fingerprint09:C3:90:43:D3:09:4E:26:62:79:17:6F:1D:33:E5:FA:DF:77:3E:7B ValidityTue, 16 Apr 2024 03:18:52 GMT - Tue, 09 Jul 2024 03:18:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Wed, 08 May 2024 02:01:40 GMT
expires: Wed, 08 May 2024 02:01:40 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 15278419172635388470
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51692
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| foreignassertive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReu3t%2Fm9DtIJIogwhwiKGRnu3tme2aSw2JMVoJrNiSKgoJUV1XPVra6q6nqmp5dEIKBkOOgh1xEer%2FZZFGDf%2B4aw2xAcCCw42nB7EEQvAs5y4xLFt%2Bh3nv1fQVffe%2Fd2naHJISjBxfe0VtSKbq4VPdrr30QBOdqqzJz%2FVq%2FHX0cNc%2FVTO9sJ6r7r9feEmxDL4Z%2B4PuBH9RWpBGJ7i9OQcj8fieod%2Fx6M6wHS030zX976zxY6oH3DsnzkHwy%2F8g7BclGyNLvLwi7Uej8zMXUKVpogx7ffS%2FbyHSZIT0uE%2BMhyXaP2NB2f%2BUBdHZ3Jhe694wYywnxfnmAONs9Eom4tzPTGSuIDDH%2FP8reCEKNIOkITN%2BE5PsEYByX15Cl9y5rU9LNf1E6RSdk%2FunfkOWEzD85hSz99ryS%2Fdo1rVwhdWbRTyrI%2FgiyO0Lu9lBszUGWe2DFp5D8MVl8uoos3VmzSkPyg9N%2BRzQ7rTBeoJTyhaYfsIVOK0gWGG0GLAqWkpa%2FNDNIyhFkMoISA1A7B2c9OOnBJR5c7iHlBzUWBEHL54z67Q5jDd4SccT9gLaSgAZ%2B1IZj0z8MUOQDMDUAMzeQmxvYkAMY9xB2vYLlHmxB0OMVSkFQWoKSEpSSoCwIyl51lysb2uoeV9bFwVEOj3KjGuqiu03v6qIrMgJqBjC82s4Pycmpgd61L9axIQ5qSaPZToKkyeJG2GpEgrZjP4h50mw3uB9SBisrSDsHaj1syQmpv3oauZyQ%2BS9vIaZ7sGoPTJ4Eda%2BAlhXoeoWt7DuXJ1IJ64yydaZTcF0hL06g2PS21SF5eTbFtZsWgo2Xf3%2Fhxb829z8BMxVyU%2BG6fETQVbeHV3VJdq7q0pIf1vJCpnKLTid8raCFOPH122Kz1IZfumAHX73BpsC0vP%2BusMUqzbjMupZ8c15yLsyKNkyQny7Z90V8xdn1885kLl%2B98ubKpTQ3wlqpsxGo3L94B0xOyHM%2FfzRb3TMf%2FglpRjCuQurG5Cgg9R5YfgM2Hy8%2FfjiOfr2zDqsJjDrmxLmH0lVDE8bHl0oSKHHc07iCFePlP%2BZf%2Brz48Tpi8cyOoaHT11RW2%2FY2umYOtLiJLK3QMxV6qgJVA1j3v2GRm%2FHyb41ZIFZzw1iZuZ1YGfXZzOTpUcDKg1qr0fBp1FkKWi0qWnEzbCdRwCkNm1EYRbSBwk6Ss0%2Fm%2FwEAAP%2F%2FAQAA%2F%2F8ApCS0lAQAAA%3D%3D | 192.243.61.225 | 200 OK | 7 B |
URL GET HTTP/1.1foreignassertive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReu3t%2Fm9DtIJIogwhwiKGRnu3tme2aSw2JMVoJrNiSKgoJUV1XPVra6q6nqmp5dEIKBkOOgh1xEer%2FZZFGDf%2B4aw2xAcCCw42nB7EEQvAs5y4xLFt%2Bh3nv1fQVffe%2Fd2naHJISjBxfe0VtSKbq4VPdrr30QBOdqqzJz%2FVq%2FHX0cNc%2FVTO9sJ6r7r9feEmxDL4Z%2B4PuBH9RWpBGJ7i9OQcj8fieod%2Fx6M6wHS030zX976zxY6oH3DsnzkHwy%2F8g7BclGyNLvLwi7Uej8zMXUKVpogx7ffS%2FbyHSZIT0uE%2BMhyXaP2NB2f%2BUBdHZ3Jhe694wYywnxfnmAONs9Eom4tzPTGSuIDDH%2FP8reCEKNIOkITN%2BE5PsEYByX15Cl9y5rU9LNf1E6RSdk%2FunfkOWEzD85hSz99ryS%2Fdo1rVwhdWbRTyrI%2FgiyO0Lu9lBszUGWe2DFp5D8MVl8uoos3VmzSkPyg9N%2BRzQ7rTBeoJTyhaYfsIVOK0gWGG0GLAqWkpa%2FNDNIyhFkMoISA1A7B2c9OOnBJR5c7iHlBzUWBEHL54z67Q5jDd4SccT9gLaSgAZ%2B1IZj0z8MUOQDMDUAMzeQmxvYkAMY9xB2vYLlHmxB0OMVSkFQWoKSEpSSoCwIyl51lysb2uoeV9bFwVEOj3KjGuqiu03v6qIrMgJqBjC82s4Pycmpgd61L9axIQ5qSaPZToKkyeJG2GpEgrZjP4h50mw3uB9SBisrSDsHaj1syQmpv3oauZyQ%2BS9vIaZ7sGoPTJ4Eda%2BAlhXoeoWt7DuXJ1IJ64yydaZTcF0hL06g2PS21SF5eTbFtZsWgo2Xf3%2Fhxb829z8BMxVyU%2BG6fETQVbeHV3VJdq7q0pIf1vJCpnKLTid8raCFOPH122Kz1IZfumAHX73BpsC0vP%2BusMUqzbjMupZ8c15yLsyKNkyQny7Z90V8xdn1885kLl%2B98ubKpTQ3wlqpsxGo3L94B0xOyHM%2FfzRb3TMf%2FglpRjCuQurG5Cgg9R5YfgM2Hy8%2FfjiOfr2zDqsJjDrmxLmH0lVDE8bHl0oSKHHc07iCFePlP%2BZf%2Brz48Tpi8cyOoaHT11RW2%2FY2umYOtLiJLK3QMxV6qgJVA1j3v2GRm%2FHyb41ZIFZzw1iZuZ1YGfXZzOTpUcDKg1qr0fBp1FkKWi0qWnEzbCdRwCkNm1EYRbSBwk6Ss0%2Fm%2FwEAAP%2F%2FAQAA%2F%2F8ApCS0lAQAAA%3D%3D IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectforeignassertive.com Fingerprint9A:B3:69:C5:67:69:19:46:E5:C5:C8:02:A4:05:AA:94:E8:B3:BC:21 ValidityMon, 06 May 2024 08:06:31 GMT - Sun, 04 Aug 2024 08:06:30 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReu3t%2Fm9DtIJIogwhwiKGRnu3tme2aSw2JMVoJrNiSKgoJUV1XPVra6q6nqmp5dEIKBkOOgh1xEer%2FZZFGDf%2B4aw2xAcCCw42nB7EEQvAs5y4xLFt%2Bh3nv1fQVffe%2Fd2naHJISjBxfe0VtSKbq4VPdrr30QBOdqqzJz%2FVq%2FHX0cNc%2FVTO9sJ6r7r9feEmxDL4Z%2B4PuBH9RWpBGJ7i9OQcj8fieod%2Fx6M6wHS030zX976zxY6oH3DsnzkHwy%2F8g7BclGyNLvLwi7Uej8zMXUKVpogx7ffS%2FbyHSZIT0uE%2BMhyXaP2NB2f%2BUBdHZ3Jhe694wYywnxfnmAONs9Eom4tzPTGSuIDDH%2FP8reCEKNIOkITN%2BE5PsEYByX15Cl9y5rU9LNf1E6RSdk%2FunfkOWEzD85hSz99ryS%2Fdo1rVwhdWbRTyrI%2FgiyO0Lu9lBszUGWe2DFp5D8MVl8uoos3VmzSkPyg9N%2BRzQ7rTBeoJTyhaYfsIVOK0gWGG0GLAqWkpa%2FNDNIyhFkMoISA1A7B2c9OOnBJR5c7iHlBzUWBEHL54z67Q5jDd4SccT9gLaSgAZ%2B1IZj0z8MUOQDMDUAMzeQmxvYkAMY9xB2vYLlHmxB0OMVSkFQWoKSEpSSoCwIyl51lysb2uoeV9bFwVEOj3KjGuqiu03v6qIrMgJqBjC82s4Pycmpgd61L9axIQ5qSaPZToKkyeJG2GpEgrZjP4h50mw3uB9SBisrSDsHaj1syQmpv3oauZyQ%2BS9vIaZ7sGoPTJ4Eda%2BAlhXoeoWt7DuXJ1IJ64yydaZTcF0hL06g2PS21SF5eTbFtZsWgo2Xf3%2Fhxb829z8BMxVyU%2BG6fETQVbeHV3VJdq7q0pIf1vJCpnKLTid8raCFOPH122Kz1IZfumAHX73BpsC0vP%2BusMUqzbjMupZ8c15yLsyKNkyQny7Z90V8xdn1885kLl%2B98ubKpTQ3wlqpsxGo3L94B0xOyHM%2FfzRb3TMf%2FglpRjCuQurG5Cgg9R5YfgM2Hy8%2FfjiOfr2zDqsJjDrmxLmH0lVDE8bHl0oSKHHc07iCFePlP%2BZf%2Brz48Tpi8cyOoaHT11RW2%2FY2umYOtLiJLK3QMxV6qgJVA1j3v2GRm%2FHyb41ZIFZzw1iZuZ1YGfXZzOTpUcDKg1qr0fBp1FkKWi0qWnEzbCdRwCkNm1EYRbSBwk6Ss0%2Fm%2FwEAAP%2F%2FAQAA%2F%2F8ApCS0lAQAAA%3D%3D HTTP/1.1
Host: foreignassertive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: u_pl=22256744; uid_id2=09e4972b-aaad-401c-971f-ca41c615f705:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 02:01:40 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c147d656784a1784e14a09ed150319bf
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| foreignassertive.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Findex.html&l=1444&fd=105 | 192.243.61.225 | 200 OK | 0 B |
URL GET HTTP/1.1foreignassertive.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Findex.html&l=1444&fd=105 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectforeignassertive.com Fingerprint9A:B3:69:C5:67:69:19:46:E5:C5:C8:02:A4:05:AA:94:E8:B3:BC:21 ValidityMon, 06 May 2024 08:06:31 GMT - Sun, 04 Aug 2024 08:06:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Findex.html&l=1444&fd=105 HTTP/1.1
Host: foreignassertive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: u_pl=22256744; uid_id2=09e4972b-aaad-401c-971f-ca41c615f705:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 02:01:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/css/style.css | 188.114.96.1 | 200 OK | 207 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/css/style.css IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Size207 kB (207310 bytes) Hashaf19abbabe1a862a20cb0e0a3ef31c7e efcc04c4011905e4f013adae56ea928dc47ac7ef 8a72b4d48ce36805c492e3927213e1327c8d924544a595527da9955fd8916e19
GET /sb/notifications/gambling/default/android-btn/8/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 02:01:40 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: W/"65aa8644-d14"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 31135
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F3kYtpMJJg748PebU2zwok1kOdzgUj3N%2BBiaSy1QmxZlDtJcOUTBXc3QY0W%2FRQzcGVn%2FGSpPHCqzBhqfNe4D7p%2FAJCHx2%2FRoCs5UNdbQQEFMn4bN5n90nX49aWtrRu50ok4E%2FhsQUfSB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcfdcfda56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| efhjd.com/img/logo.svg | 188.114.96.1 | 200 OK | 44 kB |
IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectefhjd.com Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT
File typeSVG Scalable Vector Graphics image Hash1e28749acbd90e7e99a883c1890327cd 638b4525d3f0ed776db136ca1025a8961f46c9e0 d526da1f4d4af45cefd2a0d140abec2beddc3150d13c47d3de893eaa278a369d
GET /img/logo.svg HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/xixmLepm
Cookie: XSRF-TOKEN=eyJpdiI6IjhzaUg1MUZOUmRadFlBelVFaS9kY1E9PSIsInZhbHVlIjoiSWZMVGJkWUlmeG1ZQVlxeW44RlBMUHdMRldkU3g4OVVwM2Vnbi9GU0lOZkRRalZrT0w1Y1B5Q1Z6WG96dmlybXdyMXVwbGQ2N0QzdzdZWFNhVTBhZTRUUDJHYlEzbVg4L2JYT0l0bjBRY1FCeHptQnpuUmxiaXpmQTl5VDJwWDEiLCJtYWMiOiIxMmU2MzZiYTIyOWIzN2ViNmEwZGIxNGFmZDczNDBjNzhjMDY5ZWJhZmNkMjczZmQ4ZTEwMjQ5MWNkMTk1MzM5IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IktaMWs2b2piNDhjYkRpdzNaZE5JMFE9PSIsInZhbHVlIjoidTgrYmtZZ2tCY0pITVMyYjZ1dXYwa0tDZjk3cmQvSzl6TEY3YWsxM2JXU1k3WmlIZFczSjBidVhVQ2lRb0VUZkNXVzA2TDlEVjVPZjhNRXpoam5xeWNQdS9YZE9wMlJqcE1Ya3JJSXhBbWxRWjkzNGw4TFp1U2RPVWN0eFY3OUciLCJtYWMiOiI2NjYzYTJkMThmNjg5YjM2ZWI2NTc0MWEwYmNjODFiNWUxYWU2ZTgxNTRhMjg4ZDcyZTM3ZGRhOGVlMDE2NjgxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:38 GMT
content-type: image/svg+xml
last-modified: Fri, 08 Apr 2022 10:55:45 GMT
vary: Accept-Encoding
etag: W/"625014b1-56e8"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 1209
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hgrGRAizuZiPlqDdal93lflkDSDVXpXW71AMuG5528KTCPETrlHJ1OAiAlDOB%2FrEO3f0H5JFVkgJU8ZeR8DrKEf2jxQLPONmR7DbsSRkdnrvDCaUmB8z2hysfW4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805dcee5f660b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| foreignassertive.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fanimate.css&l=78693&fd=44 | 192.243.61.225 | 200 OK | 0 B |
URL GET HTTP/1.1foreignassertive.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fanimate.css&l=78693&fd=44 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectforeignassertive.com Fingerprint9A:B3:69:C5:67:69:19:46:E5:C5:C8:02:A4:05:AA:94:E8:B3:BC:21 ValidityMon, 06 May 2024 08:06:31 GMT - Sun, 04 Aug 2024 08:06:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fanimate.css&l=78693&fd=44 HTTP/1.1
Host: foreignassertive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: u_pl=22256744; uid_id2=09e4972b-aaad-401c-971f-ca41c615f705:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 02:01:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| foreignassertive.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fstyle.css&l=3348&fd=47 | 192.243.61.225 | 200 OK | 0 B |
URL GET HTTP/1.1foreignassertive.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fstyle.css&l=3348&fd=47 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectforeignassertive.com Fingerprint9A:B3:69:C5:67:69:19:46:E5:C5:C8:02:A4:05:AA:94:E8:B3:BC:21 ValidityMon, 06 May 2024 08:06:31 GMT - Sun, 04 Aug 2024 08:06:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fstyle.css&l=3348&fd=47 HTTP/1.1
Host: foreignassertive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: u_pl=22256744; uid_id2=09e4972b-aaad-401c-971f-ca41c615f705:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 02:01:41 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 142.250.74.163 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP142.250.74.163:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 06:08:19 GMT
expires: Sat, 03 May 2025 06:08:19 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 417202
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 142.250.74.163 | 200 OK | 16 kB |
URL GET HTTP/3fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP142.250.74.163:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 May 2024 10:46:32 GMT
expires: Wed, 07 May 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 54909
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| cdn.yourwebbars.com/sb/notifications/gambling/default/android-btn/8/index.html | 104.26.7.19 | 200 OK | 480 B |
URL GET HTTP/2cdn.yourwebbars.com/sb/notifications/gambling/default/android-btn/8/index.html IP104.26.7.19:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint84:82:6E:35:03:D4:C4:FC:BA:08:CD:C8:E6:A3:97:A9:20:2F:F5:49 ValiditySun, 23 Jul 2023 00:00:00 GMT - Mon, 22 Jul 2024 23:59:59 GMT
File typeHTML document, ASCII text Hash988cd00695890a395de736ef1f43180a fc35045adb5a0bb89e9150574db517cffb44b0c9 100f83963832c14a85c4d7095f0279b0962b83ee6323481ece9b1b2b39515036
GET /sb/notifications/gambling/default/android-btn/8/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 02:01:40 GMT
content-type: text/html
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 30006
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7vvJvNX2%2B4u%2BM7gJn84sXFuZ7gzNsWz0mGH4eOSjLKjvpp1%2Bg0H3cLINzh7wuWz5kmE3aiatbCLSpoVrxaz1MPXwfsI9X7eMQoXf2UR79OgbtNTH7XVi5GqPE8bOxJPPI672QzQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcfc999b56b5-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit | 142.250.74.67 | 200 OK | 588 B |
URL GET HTTP/2www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit IP142.250.74.67:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subjectmisc.google.com Fingerprint7C:B7:19:49:C1:10:A7:C1:57:8C:3C:B8:82:CC:C7:26:D1:7F:3A:39 ValidityTue, 16 Apr 2024 03:24:32 GMT - Tue, 09 Jul 2024 03:24:31 GMT
File typeJavaScript source, ASCII text, with very long lines (921), with no line terminators Hash0739bacc61dff1ef28b3f4633b3903dc 119b6f313c950e5f33800ad7f6c454091af8e248 99a35328f70daed10075b6fdcfd8a2c7876c3d53902c2d459a005a2f765c93ce
GET /recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit HTTP/1.1
Host: www.recaptcha.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Wed, 08 May 2024 02:01:39 GMT
date: Wed, 08 May 2024 02:01:39 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| foreignassertive.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2hc1Re%2BL7909VtIpYogwiwqKDST9%2Bb%2FtItgbSPF2JRWUVCQ%2B%2B8lt7nv3ce9786bBIRioXQ56KIbkZdv0ga1%2BGevtUwKggOFjKuAzUIQ3Atdy4yhwbO455z7fRe%2B%2B51za9sfkho8PbjwjtlSWtPFZjWsvPZBFJ2rrKjU9yv9TuvjVuNcxfbOdlvV8PXKW5JvmMVaGIVhFEaVZWVlbPqLUxAqu9%2BNqt2w2qhVo2YDffvf3vkAjgYQvUPyPJSYzD8KTkHxEdLk%2BwvSbeQmO3Mx8ZrmxqIndt9LN1JTpEiOy9gGiNPdIzaM219%2BAJPencmF6T0jMjUhwS8PwNLdI5FgvZ2ZTqYhUzDxfxS9EaQeQdERuLkJJfYJwAUuryJN7l02tqCb%2F6J0ik7I%2FNO%2FoYoJmX9yCmny7Xmt%2BpVrRvtcmdShH5dQ%2FRHU2giZ30O%2BNQdV7IHnn0KJx2Tx6QrSZGfVaQMlDk6HXdnotmtsgVIqFhphxBe67She4LQR8VbUjNthc2aQUiOoeAQtB6BuDt4F8CqAjwP4LEAiDio8iqJ2KDgNO13O66ItWUuEEW3HEY3CVgeeT%2F8wQJ4NwPUA3N5AZm9gQw1g%2FUO49RJOBHA5QU%2BUKCRB4QgKSlAogiInKHrlXaFdzZX3hHaeRUe5dpTr5dDka9v0rsnXZEpA7QBWlNvZITk5NTC49sU6NuRBJa43OnEUNzir19r1lqQdFkZMxI1OXYQ1yuFUCeXmQF2ALTUh1VdPI1MTMv%2FlLTC6B6f3wNVJUP8KaFGCrpfYSr%2FzWay0dN5qV%2BUmgTAlsvwE8s1gWx%2BSl2dTXL3pIPl46fcXXvxrc%2F8TcFsisyWuq0cEa%2Fr28KopyM5VUzjyw2qWq0Rt0emEr%2BU0lye%2BfltuFsaKSxfc4Ks3%2BBSYlvfflS5foalQ6Zoj35xXQki7bCyX5KdL7n3Jrni3ft7b1GcrV95cvpRkVjqnTDoCVfsX74CrCXnu549mq3vmwz%2Bh7AjWl0j8mBwFlNkDz27AZeOlxw%2FHrV%2FvrMMZAquPOSwLUPhyaGvs%2BFIrAi2Pe8pKODle%2BmP%2Bpc%2FzH6%2BDyWd2DC2dvqaq3Ha3sWbnQPObSJMSPVuip0tQPYDz%2FxvmmR0v%2FVafBZieGzJt53aYtvqzmcnTI4dTB5V6KNpMxrLNZKPZiCUXrNlkIY85q4tOhyN3k%2Fjsk%2Fl%2FAAAA%2F%2F8BAAD%2F%2F4Bw8VyUBAAA | 192.243.61.225 | 200 OK | 7 B |
URL GET HTTP/1.1foreignassertive.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2hc1Re%2BL7909VtIpYogwiwqKDST9%2Bb%2FtItgbSPF2JRWUVCQ%2B%2B8lt7nv3ce9786bBIRioXQ56KIbkZdv0ga1%2BGevtUwKggOFjKuAzUIQ3Atdy4yhwbO455z7fRe%2B%2B51za9sfkho8PbjwjtlSWtPFZjWsvPZBFJ2rrKjU9yv9TuvjVuNcxfbOdlvV8PXKW5JvmMVaGIVhFEaVZWVlbPqLUxAqu9%2BNqt2w2qhVo2YDffvf3vkAjgYQvUPyPJSYzD8KTkHxEdLk%2BwvSbeQmO3Mx8ZrmxqIndt9LN1JTpEiOy9gGiNPdIzaM219%2BAJPencmF6T0jMjUhwS8PwNLdI5FgvZ2ZTqYhUzDxfxS9EaQeQdERuLkJJfYJwAUuryJN7l02tqCb%2F6J0ik7I%2FNO%2FoYoJmX9yCmny7Xmt%2BpVrRvtcmdShH5dQ%2FRHU2giZ30O%2BNQdV7IHnn0KJx2Tx6QrSZGfVaQMlDk6HXdnotmtsgVIqFhphxBe67She4LQR8VbUjNthc2aQUiOoeAQtB6BuDt4F8CqAjwP4LEAiDio8iqJ2KDgNO13O66ItWUuEEW3HEY3CVgeeT%2F8wQJ4NwPUA3N5AZm9gQw1g%2FUO49RJOBHA5QU%2BUKCRB4QgKSlAogiInKHrlXaFdzZX3hHaeRUe5dpTr5dDka9v0rsnXZEpA7QBWlNvZITk5NTC49sU6NuRBJa43OnEUNzir19r1lqQdFkZMxI1OXYQ1yuFUCeXmQF2ALTUh1VdPI1MTMv%2FlLTC6B6f3wNVJUP8KaFGCrpfYSr%2FzWay0dN5qV%2BUmgTAlsvwE8s1gWx%2BSl2dTXL3pIPl46fcXXvxrc%2F8TcFsisyWuq0cEa%2Fr28KopyM5VUzjyw2qWq0Rt0emEr%2BU0lye%2BfltuFsaKSxfc4Ks3%2BBSYlvfflS5foalQ6Zoj35xXQki7bCyX5KdL7n3Jrni3ft7b1GcrV95cvpRkVjqnTDoCVfsX74CrCXnu549mq3vmwz%2Bh7AjWl0j8mBwFlNkDz27AZeOlxw%2FHrV%2FvrMMZAquPOSwLUPhyaGvs%2BFIrAi2Pe8pKODle%2BmP%2Bpc%2FzH6%2BDyWd2DC2dvqaq3Ha3sWbnQPObSJMSPVuip0tQPYDz%2FxvmmR0v%2FVafBZieGzJt53aYtvqzmcnTI4dTB5V6KNpMxrLNZKPZiCUXrNlkIY85q4tOhyN3k%2Fjsk%2Fl%2FAAAA%2F%2F8BAAD%2F%2F4Bw8VyUBAAA IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectforeignassertive.com Fingerprint9A:B3:69:C5:67:69:19:46:E5:C5:C8:02:A4:05:AA:94:E8:B3:BC:21 ValidityMon, 06 May 2024 08:06:31 GMT - Sun, 04 Aug 2024 08:06:30 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST2hc1Re%2BL7909VtIpYogwiwqKDST9%2Bb%2FtItgbSPF2JRWUVCQ%2B%2B8lt7nv3ce9786bBIRioXQ56KIbkZdv0ga1%2BGevtUwKggOFjKuAzUIQ3Atdy4yhwbO455z7fRe%2B%2B51za9sfkho8PbjwjtlSWtPFZjWsvPZBFJ2rrKjU9yv9TuvjVuNcxfbOdlvV8PXKW5JvmMVaGIVhFEaVZWVlbPqLUxAqu9%2BNqt2w2qhVo2YDffvf3vkAjgYQvUPyPJSYzD8KTkHxEdLk%2BwvSbeQmO3Mx8ZrmxqIndt9LN1JTpEiOy9gGiNPdIzaM219%2BAJPencmF6T0jMjUhwS8PwNLdI5FgvZ2ZTqYhUzDxfxS9EaQeQdERuLkJJfYJwAUuryJN7l02tqCb%2F6J0ik7I%2FNO%2FoYoJmX9yCmny7Xmt%2BpVrRvtcmdShH5dQ%2FRHU2giZ30O%2BNQdV7IHnn0KJx2Tx6QrSZGfVaQMlDk6HXdnotmtsgVIqFhphxBe67She4LQR8VbUjNthc2aQUiOoeAQtB6BuDt4F8CqAjwP4LEAiDio8iqJ2KDgNO13O66ItWUuEEW3HEY3CVgeeT%2F8wQJ4NwPUA3N5AZm9gQw1g%2FUO49RJOBHA5QU%2BUKCRB4QgKSlAogiInKHrlXaFdzZX3hHaeRUe5dpTr5dDka9v0rsnXZEpA7QBWlNvZITk5NTC49sU6NuRBJa43OnEUNzir19r1lqQdFkZMxI1OXYQ1yuFUCeXmQF2ALTUh1VdPI1MTMv%2FlLTC6B6f3wNVJUP8KaFGCrpfYSr%2FzWay0dN5qV%2BUmgTAlsvwE8s1gWx%2BSl2dTXL3pIPl46fcXXvxrc%2F8TcFsisyWuq0cEa%2Fr28KopyM5VUzjyw2qWq0Rt0emEr%2BU0lye%2BfltuFsaKSxfc4Ks3%2BBSYlvfflS5foalQ6Zoj35xXQki7bCyX5KdL7n3Jrni3ft7b1GcrV95cvpRkVjqnTDoCVfsX74CrCXnu549mq3vmwz%2Bh7AjWl0j8mBwFlNkDz27AZeOlxw%2FHrV%2FvrMMZAquPOSwLUPhyaGvs%2BFIrAi2Pe8pKODle%2BmP%2Bpc%2FzH6%2BDyWd2DC2dvqaq3Ha3sWbnQPObSJMSPVuip0tQPYDz%2FxvmmR0v%2FVafBZieGzJt53aYtvqzmcnTI4dTB5V6KNpMxrLNZKPZiCUXrNlkIY85q4tOhyN3k%2Fjsk%2Fl%2FAAAA%2F%2F8BAAD%2F%2F4Bw8VyUBAAA HTTP/1.1
Host: foreignassertive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: u_pl=22256744; uid_id2=09e4972b-aaad-401c-971f-ca41c615f705:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 02:01:41 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 45f81171730957fde5365d6b09d34871
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.106 | 200 OK | 31 kB |
URL GET HTTP/3fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.106:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeJavaScript source, ASCII text, with very long lines (58532) Hash857398a9ffb676cef6578c8faefb623b c8ef59560191f83dbfc07249ffe293327caa41db 5ce5b0b679a7aebc25cb36726310ce6feb2232a08dbc07441a871e4bd67e2d49
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 02:01:40 GMT
date: Wed, 08 May 2024 02:01:40 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/css/animate.css | 188.114.96.1 | 200 OK | 4.9 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/css/animate.css IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash49a38187f94418e173e4bcc50c96dc4b b64e899d0c6bbb13e6f63e191b77b3eb5e5a6293 92db03d6a48c8756e15b1b2ffb9d1ea5aae5e2d9a706b630f93f73e3debbb3b0
GET /sb/notifications/gambling/default/android-btn/8/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 02:01:40 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: W/"65aa8644-13365"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 31135
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JPxYS16ro3rPMZNCOVAjfiAR7ueBXrrb7iKkLi52TkqK6wOnnYNDTTf3ecI4uoJTcWJ%2FVqiCYnJp0DTjhQuKNDwI%2BgEwJdFSrlRtxAiqipkmyEmLp9Rpl233k8VFC1EFvBYbCYGEVjmc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcfdcfd656c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/close.svg | 188.114.96.1 | 200 OK | 1.3 kB |
URL GET HTTP/3cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/close.svg IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeSVG Scalable Vector Graphics image Hash24937fd159a21f2e91207d5788e86c70 1b07e0334cc16c5cd659de56314bd2188e3a82f9 b38a482faa1471a520d231f954412ee0293b0401610af1392038be206dc51b8a
GET /sb/notifications/gambling/default/android-btn/8/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:40 GMT
content-type: image/svg+xml
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: W/"65aa8644-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 635684
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2M%2Bh7Bh9AdcKL6Dat3RNu2fA6EpCjpfXkzAQ3O%2F8GnycJy6SEXt5esFyyKE33lv%2BR7Imw3mksqYaKTFwLWyah6fvhFaU4N45VojveLDmyMwFQxeyLNcsVKSZ8AxTRD%2FBl3XU5wER4LJH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcfeaa5a712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| efhjd.com/xixmLepm?token=eyJpdiI6IlRzZnlvcHhTZEV0ay9Gb1FZeCtCM0E9PSIsInZhbHVlIjoiTUtyTU5KMEErSkVHNVNweWNGVEk2Zz09IiwibWFjIjoiOTI4MDgxODQ1NDQzYmJiY2M3ODBiN2U1NGI5YmE0NjE1ZDFjNzNlMTJiNzBmOWMxNWIwZjM3ZWZiNzU4OGVkMSIsInRhZyI6IiJ9 | 188.114.96.1 | 302 Found | 311 kB |
URL User Request GET HTTP/3efhjd.com/xixmLepm?token=eyJpdiI6IlRzZnlvcHhTZEV0ay9Gb1FZeCtCM0E9PSIsInZhbHVlIjoiTUtyTU5KMEErSkVHNVNweWNGVEk2Zz09IiwibWFjIjoiOTI4MDgxODQ1NDQzYmJiY2M3ODBiN2U1NGI5YmE0NjE1ZDFjNzNlMTJiNzBmOWMxNWIwZjM3ZWZiNzU4OGVkMSIsInRhZyI6IiJ9 IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectefhjd.com Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT
Size311 kB (310990 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xixmLepm?token=eyJpdiI6IlRzZnlvcHhTZEV0ay9Gb1FZeCtCM0E9PSIsInZhbHVlIjoiTUtyTU5KMEErSkVHNVNweWNGVEk2Zz09IiwibWFjIjoiOTI4MDgxODQ1NDQzYmJiY2M3ODBiN2U1NGI5YmE0NjE1ZDFjNzNlMTJiNzBmOWMxNWIwZjM3ZWZiNzU4OGVkMSIsInRhZyI6IiJ9 HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlVjd0xrWG1ReDJMTEdIdytJdEhFaWc9PSIsInZhbHVlIjoiMnVJREtLMjhKT0VkMDREaXcwWHd1OHRUTjVnSlp0T3I4VmhCMEdMV1VjQ1g0bHJidFdlTE4zNFpGTXVidFdUUllhUlhrZEF1TklhSGk4eEN4VDJsbjRLSElCYUdJQmQ0UDZVU2tPUW5vYktCYVV5c1hSaVdENE5BdXVtUXdWTzciLCJtYWMiOiJhM2M2Mjg3NGVkNDQ1ZGViZWVmOThkZWQ3M2ZlYjJlYjJhODIyZjJjMDZkNGMyZjRlNGJhZDViN2UxOGI2MTNiIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6Ik12bERiNWczZDNlQi93aEV0SUxvb3c9PSIsInZhbHVlIjoicFJjYXJuOUtMcUdaeHV4T3ZPWmNScnl1d21oZWcyNGJHVXoyTnlYL2ltYy9idnA1enM0S0szVlNNZEpRcTI0M3dMVTNXNjdocjJ0NU5GMm1ia2VNeGJKWUUxdE9qTFBkRUR6aHlmZDlZSHBpbXQyUGpaZCthWTdQZzZEaUQyc2QiLCJtYWMiOiI1MzhiODBmOGJiYWRmMzk3NWJjM2MxYzc0OTFlNjY2YTRmNmE3MGEzM2NiYjY2ODIyMzIzMzY2MjMzZGRmNzAyIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Wed, 08 May 2024 02:01:36 GMT
content-type: text/html; charset=UTF-8
location: https://efhjd.com/xixmLepm
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IjRCRUVLN3QvRGk3eC9oWXpNTlZLbmc9PSIsInZhbHVlIjoiYUNBTng0SGpNUnpjWndLNXl0YVVRaGFOb09kZ3FBUklYVVNXRUpVb1lSckcyaEI2Y24rQ3NiOEc4TXRISjdFeTBKL0NSNW5TMWVLcmNEVDlhdWJvZkkzSFhsV2FwY3FjQU1oQ01tVUtyUURPNWVqQUNFNmlscWJxdUFRMnZ6UC8iLCJtYWMiOiJjYWY1YmM0OTM3MDIwYjQ1YTAwN2U1Njk0ZGQwODdjZjJjMzYzOWJhMzU2YmNhOTg4NGFmOTFiZjg0YTc2MzhiIiwidGFnIjoiIn0%3D; expires=Wed, 15-May-2024 02:01:36 GMT; Max-Age=604800; path=/; samesite=lax
upfiles_session=eyJpdiI6IkYwZkhqeEdvZWs1Yy9oKzZKSS8yOGc9PSIsInZhbHVlIjoieGFZZ0Z5TjdhZW9xVEViQ1p2V2IyNzd0dm1oQUROL1dlQ3pqaTNkK21DY3p6OVFjS3hTWnBRWG4rNjB2bkJidllrSHhpS0pkMnFIcTltOE8xMDBWT2k2NHJmd3BQLzlhSmZNMGdzWmpCK3d6MmNjTTlMbmtWcEx0VmR0VlZLU2UiLCJtYWMiOiI4N2JlYWY2NDgwYzU5OGQ2MDc1ZTc0NjVmYWY0NmJkNGY1NjkyNTg0Zjc3YTgxOTA4NTViMGM0NzI2Y2UzYmIyIiwidGFnIjoiIn0%3D; expires=Wed, 15-May-2024 02:01:36 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LQsR2OrT5Ph6HGlYBaVUOP9RuBuD2RfM1LDWjb0RG6sfePuii5nQzmaOkENGi5ppbjVSBM68myNdK3guzeLIMG6iNVJAJbyzqLO0uY10bV%2FN6ID2P3YpWT9pqRw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805dcdbfb330b4d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/js/script.js | 188.114.96.1 | 200 OK | 9.5 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/js/script.js IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeUnicode text, UTF-8 text, with very long lines (8821), with no line terminators Hashd0707ac5d95047febbb8f131cc7a9af4 65021f149e99900eeaf7d298d2303160872b43f3 3e2e7ab351d401339df520fbd7ce4f177643dca01cad22bf59dd4b3e14853810
GET /sb/notifications/gambling/default/android-btn/8/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 02:01:40 GMT
content-type: application/javascript
last-modified: Tue, 20 Feb 2024 10:37:31 GMT
etag: W/"65d480eb-24fa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 31135
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OqsvsIHVfRo847Asr%2F6o6rHMWiAjRTOECvnfwrfFxcR%2BGtIqAMIIkb7BItmoz9uywrKbG7nv2KkZvcFdaWPD18X%2BY%2FWA4yGgw5ynhopdMomqm1biXXhx0gOUR5P1ZYgXaWdqusBT4JGv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcfdcfd856c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| foreignassertive.com/8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js | 172.240.253.132 | 200 OK | 84 kB |
URL GET HTTP/1.1foreignassertive.com/8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js IP172.240.253.132:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectforeignassertive.com Fingerprint9A:B3:69:C5:67:69:19:46:E5:C5:C8:02:A4:05:AA:94:E8:B3:BC:21 ValidityMon, 06 May 2024 08:06:31 GMT - Sun, 04 Aug 2024 08:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash026f2263095f46250fa9446ef3db3bd7 9f62ea0bfb5dbbe6591d34893481424e56c52ada 18321251161b6a430fa9dadc7b83d6b35f9422d9df21953fae1fe3fd5a369708
GET /8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js HTTP/1.1
Host: foreignassertive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: u_pl=22256744; uid_id2=09e4972b-aaad-401c-971f-ca41c615f705:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 02:01:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1de2603df6c7d0efd044a497ce20653b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| proftrafficcounter.com/stats | 52.58.212.182 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP52.58.212.182:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash896fe704544afdd3ead1af907b4c69bc 47c37b95f39465c73bbc2e96fd3a02026b5204fb 2d24ccabca5030cc5090f28eefc13aad6ee90c541f8130614b3ca0df9879b738
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 02:01:39 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://efhjd.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=09e4972b-aaad-401c-971f-ca41c615f705:2:1; expires=Sat, 06 May 2034 02:01:39 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwqgcICYQvRGI1Y9X4th6yKQ61LYB_tainl9MiSLYFZgLg_5ICKurNJIit9fl0eGQDMVwo6aQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-49860393%3A1715133699928881&theme=mn&ddm=0 | 74.125.131.84 | 403 Forbidden | 0 B |
URL GET HTTP/3accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwqgcICYQvRGI1Y9X4th6yKQ61LYB_tainl9MiSLYFZgLg_5ICKurNJIit9fl0eGQDMVwo6aQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-49860393%3A1715133699928881&theme=mn&ddm=0 IP74.125.131.84:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services Subject*.google.com Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwqgcICYQvRGI1Y9X4th6yKQ61LYB_tainl9MiSLYFZgLg_5ICKurNJIit9fl0eGQDMVwo6aQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-49860393%3A1715133699928881&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 08 May 2024 02:01:40 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-J_CXTLb5ogUGrIa82ToApQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/confetti.gif | 188.114.96.1 | 200 OK | 206 kB |
URL GET HTTP/3cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/confetti.gif IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeGIF image data, version 89a, 480 x 360 Size206 kB (206291 bytes) Hash0b33face774f2203446507ce5f075538 1dd3522529bce7739df0687f47f5bc84356698a0 ac345899461d5634d25c47281b10e3c1886abb33019e2ce8140573a79e9f52f2
GET /sb/notifications/gambling/default/android-btn/8/img/confetti.gif HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:40 GMT
content-type: image/gif
content-length: 206291
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: "65aa8644-325d3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 631327
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iizA%2FpnNElJMDBeUC3Nto%2BoH1kRG1lb3GUfaKnd7hKTM7o6kZZye8%2FI0fwQHlM4TctDVp4bNFNIwXxLyctvAO%2BYg8Y9nGRRg5chjcXy%2Fn5OLRqD4n2LvRM7Xz2DIBvvCEun50YMJpe93"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcfeaa5b712e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| foreignassertive.com/pixel/sbs?c=1 | 172.240.253.132 | 200 OK | 0 B |
URL GET HTTP/1.1foreignassertive.com/pixel/sbs?c=1 IP172.240.253.132:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectforeignassertive.com Fingerprint9A:B3:69:C5:67:69:19:46:E5:C5:C8:02:A4:05:AA:94:E8:B3:BC:21 ValidityMon, 06 May 2024 08:06:31 GMT - Sun, 04 Aug 2024 08:06:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbs?c=1 HTTP/1.1
Host: foreignassertive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: u_pl=22256744; uid_id2=09e4972b-aaad-401c-971f-ca41c615f705:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 02:01:41 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| unseenreport.com/pxf.gif?uuid=09e4972b-aaad-401c-971f-ca41c615f705&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2 | 192.243.59.20 | 200 OK | 0 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=09e4972b-aaad-401c-971f-ca41c615f705&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2 IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=09e4972b-aaad-401c-971f-ca41c615f705&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 May 2024 02:01:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0eeb084ee860537b6c8f727b90ab7ff3
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| live.demand.supply/up.js | 104.17.39.115 | 200 OK | 5.5 kB |
IP104.17.39.115:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (5703), with no line terminators Hash4dbdd1d02fa2974c6d032095854dcaec 002d18b1d103b5386d709b2fa1c47a2acc7e5ec0 4e085a6b8ec0e5878a8f4e132569e27de49a03469d640b8f33913fba813ab4f5
GET /up.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 02:01:38 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 8805dcf0cf3856ba-OSL
cf-cache-status: HIT
age: 487
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
etag: W/"dbfb28e408f563c47c5a6f819ef24bd8-ssl-df"
link: <https://live.demand.supply/impl.v17.32.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v17-24-0/ZWZoamQuY29tLw==>; rel=preload; as=script
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cache-status: "Netlify Edge"; fwd=miss
cf-bgj: minify
cf-polished: origSize=5343
timing-allow-origin: *
x-nf-request-id: 01HWR9N3F30KS67B771J5SPTEE
set-cookie: __cf_bm=luRRC5kdO22kcQq6zgbq1IxLX_GNVOtDQoOfwtnqyRg-1715133698-1.0.1.1-AoDUuC01GYG8tX.f_EGglbTr9SPXDdu_7kYWPMB2ZiuiIWAWTO6XcVu4iYYW6IIMdtBJsnPeIoI_gXg1ukeSiw; path=/; expires=Wed, 08-May-24 02:31:38 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| efhjd.com/js/ads.js | 188.114.96.1 | 200 OK | 1.5 kB |
IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectefhjd.com Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT
File typeJavaScript source, ASCII text, with very long lines (1498), with no line terminators Hash4c46340e14f18a67fee668d9cf5f82d5 d0aa271a10e51424f6e5d1e0c6a8f40fc2216cd8 0eda9e41ed0b8d1f8bfa8c520ba784b53bca48a8536fb24e41dc1d0fe3c18c1d
GET /js/ads.js HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/xixmLepm
Cookie: XSRF-TOKEN=eyJpdiI6IjhzaUg1MUZOUmRadFlBelVFaS9kY1E9PSIsInZhbHVlIjoiSWZMVGJkWUlmeG1ZQVlxeW44RlBMUHdMRldkU3g4OVVwM2Vnbi9GU0lOZkRRalZrT0w1Y1B5Q1Z6WG96dmlybXdyMXVwbGQ2N0QzdzdZWFNhVTBhZTRUUDJHYlEzbVg4L2JYT0l0bjBRY1FCeHptQnpuUmxiaXpmQTl5VDJwWDEiLCJtYWMiOiIxMmU2MzZiYTIyOWIzN2ViNmEwZGIxNGFmZDczNDBjNzhjMDY5ZWJhZmNkMjczZmQ4ZTEwMjQ5MWNkMTk1MzM5IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IktaMWs2b2piNDhjYkRpdzNaZE5JMFE9PSIsInZhbHVlIjoidTgrYmtZZ2tCY0pITVMyYjZ1dXYwa0tDZjk3cmQvSzl6TEY3YWsxM2JXU1k3WmlIZFczSjBidVhVQ2lRb0VUZkNXVzA2TDlEVjVPZjhNRXpoam5xeWNQdS9YZE9wMlJqcE1Ya3JJSXhBbWxRWjkzNGw4TFp1U2RPVWN0eFY3OUciLCJtYWMiOiI2NjYzYTJkMThmNjg5YjM2ZWI2NTc0MWEwYmNjODFiNWUxYWU2ZTgxNTRhMjg4ZDcyZTM3ZGRhOGVlMDE2NjgxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:38 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 08 Apr 2024 13:27:25 GMT
vary: Accept-Encoding
etag: W/"6613f0bd-5d3"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 1209
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=noJfKb7Cz184upIZotu5N3T%2FvGCc07a7miC%2FL10bXcoVv0x8OHHmahVe3Mjt%2BqjYUGe%2FnHe2nN%2Bi4U5xXOB5OcrAmOA8EyGGTlKDBzHBRx1n%2Fz%2FOMESE5n32WQQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805dcee5f6b0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| downstairsnegotiatebarren.com/sfp.js | 104.21.35.227 | 200 OK | 86 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP104.21.35.227:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 02:01:39 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: c61e75450a61fe8eb47450721d5903a6
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 08 May 2024 02:01:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8m6VaeP6%2Bzef2%2FAn16%2FQfFFkYx8W525%2BprO%2Fm0B8piaGVF2R81YeHgmj4ckxOupNXdVcWDwt4KSyRruzTleqHGTb0tr0lh0rAuvhp5ao50tIr4vC%2BwbH95DB6tEEkP3iAOit2Ak4OF5dQmsEXsV%2Fjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcf3c8050afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| foreignassertive.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fjs%2Fscript.js&l=7986&fd=34 | 172.240.253.132 | 200 OK | 0 B |
URL GET HTTP/1.1foreignassertive.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fjs%2Fscript.js&l=7986&fd=34 IP172.240.253.132:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectforeignassertive.com Fingerprint9A:B3:69:C5:67:69:19:46:E5:C5:C8:02:A4:05:AA:94:E8:B3:BC:21 ValidityMon, 06 May 2024 08:06:31 GMT - Sun, 04 Aug 2024 08:06:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fjs%2Fscript.js&l=7986&fd=34 HTTP/1.1
Host: foreignassertive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: u_pl=22256744; uid_id2=09e4972b-aaad-401c-971f-ca41c615f705:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 02:01:41 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/bonus-stars-6593305-5446274.mp4 | 188.114.96.1 | 206 Partial Content | 34 kB |
URL GET HTTP/3cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/bonus-stars-6593305-5446274.mp4 IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003] Hash69e52ff16a779d8ab66a1156cc50ab23 27f8897a2acc3bcfd319c267d137aaa4650fb3c5 2048e8325f6d17e0fefb2226c4191a9e300c562f2bc46543ac616d49ff971d61
GET /sb/notifications/gambling/default/android-btn/8/img/bonus-stars-6593305-5446274.mp4 HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 206 Partial Content
date: Wed, 08 May 2024 02:01:40 GMT
content-type: video/mp4
content-length: 34238
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: "65aa8644-85be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 631318
content-range: bytes 0-34237/34238
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cdJr9%2BiBXsTFdvhErHwuWBJNB7%2FNKh0HiyT1AhzUxy1FVAQk%2BOOXxezVa2AqjIUP4Hta4bFilTPnky816PSFyH%2BI9cxfIZQX%2FdG2X3iTH0GAZa6S9W19sbQTfEy7PJ3jxsFcjA3oo32j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcfeea6d712e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| efhjd.com/js/frontend.js?id=f7e07cec5812d52a9077 | 188.114.96.1 | 200 OK | 981 kB |
URL GET HTTP/3efhjd.com/js/frontend.js?id=f7e07cec5812d52a9077 IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectefhjd.com Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT
Size981 kB (980867 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/frontend.js?id=f7e07cec5812d52a9077 HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/xixmLepm
Cookie: XSRF-TOKEN=eyJpdiI6IjhzaUg1MUZOUmRadFlBelVFaS9kY1E9PSIsInZhbHVlIjoiSWZMVGJkWUlmeG1ZQVlxeW44RlBMUHdMRldkU3g4OVVwM2Vnbi9GU0lOZkRRalZrT0w1Y1B5Q1Z6WG96dmlybXdyMXVwbGQ2N0QzdzdZWFNhVTBhZTRUUDJHYlEzbVg4L2JYT0l0bjBRY1FCeHptQnpuUmxiaXpmQTl5VDJwWDEiLCJtYWMiOiIxMmU2MzZiYTIyOWIzN2ViNmEwZGIxNGFmZDczNDBjNzhjMDY5ZWJhZmNkMjczZmQ4ZTEwMjQ5MWNkMTk1MzM5IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IktaMWs2b2piNDhjYkRpdzNaZE5JMFE9PSIsInZhbHVlIjoidTgrYmtZZ2tCY0pITVMyYjZ1dXYwa0tDZjk3cmQvSzl6TEY3YWsxM2JXU1k3WmlIZFczSjBidVhVQ2lRb0VUZkNXVzA2TDlEVjVPZjhNRXpoam5xeWNQdS9YZE9wMlJqcE1Ya3JJSXhBbWxRWjkzNGw4TFp1U2RPVWN0eFY3OUciLCJtYWMiOiI2NjYzYTJkMThmNjg5YjM2ZWI2NTc0MWEwYmNjODFiNWUxYWU2ZTgxNTRhMjg4ZDcyZTM3ZGRhOGVlMDE2NjgxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:38 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 08 Apr 2024 13:27:25 GMT
vary: Accept-Encoding
etag: W/"6613f0bd-ef783"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 1209
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MufoNOt%2BQufGYJ4Mc%2BYIK6nInDDrsTD2gvgLkOJ2dTxSYaNamQROf8y%2Bv2GJ3LwoNoh97hKbO4ynFy9KyU93CHp%2BzQGlQxeqICVP6Pgw8PO8Z74%2Bw2ewOPRcnUg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805dcee6f6c0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| rswhowishedto.info/popunder.gif | 0.0.0.0 | | 0 B |
URL GET rswhowishedto.info/popunder.gif IP0.0.0.0:0
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectrswhowishedto.info Fingerprint4E:37:EC:9E:24:62:7C:24:1C:D4:51:00:35:42:0A:CF:FC:62:C6:D7 ValidityMon, 01 Apr 2024 06:59:08 GMT - Sun, 30 Jun 2024 06:59:07 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: rswhowishedto.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:39 GMT
content-type: image/gif
content-length: 58
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
content-encoding: gzip
cf-cache-status: HIT
age: 116442
last-modified: Mon, 06 May 2024 17:40:57 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B3vQplMOAHD3NWnWARUmQ0rboeNl2UKPcwj5hs4021ajXk1tB04qcPJ9rkeVB98fyMEadHohVNTtNVE%2Fwat3mVFYGxB6aN2LL5o0AWZZv1jdeyA9qqMhIwpSY1CuQU3QmzSj5%2Bg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcf7aa1b568a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=UA-197252557-1 | 142.250.74.168 | 200 OK | 208 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=UA-197252557-1 IP142.250.74.168:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Size208 kB (207562 bytes) Hash4ebcaa594981850bd97bd26d9bf27502 5054f41cc860a9d4c25407ab1c33a8933746a902 2b05c6a4bf2ba5951f9a3174e67c76af24ad73df2e693446a8f35bd7b36aca95
GET /gtag/js?id=UA-197252557-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 02:01:38 GMT
expires: Wed, 08 May 2024 02:01:38 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 May 2024 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74753
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| efhjd.com/wp-includes/images/w-logo-blue-white-bg.png | 188.114.96.1 | 200 OK | 4.1 kB |
URL GET HTTP/3efhjd.com/wp-includes/images/w-logo-blue-white-bg.png IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectefhjd.com Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT
File typePNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced Hash000bf649cc8f6bf27cfb04d1bcdcd3c7 d73d2f6d74ec6cdcbae07955592962e77d8ae814 6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/xixmLepm
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjhzaUg1MUZOUmRadFlBelVFaS9kY1E9PSIsInZhbHVlIjoiSWZMVGJkWUlmeG1ZQVlxeW44RlBMUHdMRldkU3g4OVVwM2Vnbi9GU0lOZkRRalZrT0w1Y1B5Q1Z6WG96dmlybXdyMXVwbGQ2N0QzdzdZWFNhVTBhZTRUUDJHYlEzbVg4L2JYT0l0bjBRY1FCeHptQnpuUmxiaXpmQTl5VDJwWDEiLCJtYWMiOiIxMmU2MzZiYTIyOWIzN2ViNmEwZGIxNGFmZDczNDBjNzhjMDY5ZWJhZmNkMjczZmQ4ZTEwMjQ5MWNkMTk1MzM5IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IktaMWs2b2piNDhjYkRpdzNaZE5JMFE9PSIsInZhbHVlIjoidTgrYmtZZ2tCY0pITVMyYjZ1dXYwa0tDZjk3cmQvSzl6TEY3YWsxM2JXU1k3WmlIZFczSjBidVhVQ2lRb0VUZkNXVzA2TDlEVjVPZjhNRXpoam5xeWNQdS9YZE9wMlJqcE1Ya3JJSXhBbWxRWjkzNGw4TFp1U2RPVWN0eFY3OUciLCJtYWMiOiI2NjYzYTJkMThmNjg5YjM2ZWI2NTc0MWEwYmNjODFiNWUxYWU2ZTgxNTRhMjg4ZDcyZTM3ZGRhOGVlMDE2NjgxIiwidGFnIjoiIn0%3D; ab=2; dom3ic8zudi28v8lr6fgphwffqoz0j6c=09e4972b-aaad-401c-971f-ca41c615f705%3A2%3A1; sb_page_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_onpage_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_main_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_count_f348f1f4cb32736ea8b01bdf483d02ac=1; _ga_75C4L64NEB=GS1.1.1715133699.1.0.1715133699.0.0.0; _ga=GA1.1.274604576.1715133700
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:39 GMT
content-type: image/png
content-length: 4119
last-modified: Mon, 15 Nov 2021 19:04:00 GMT
etag: "1017-5d0d878b20800"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 1960
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eg2w3JIrYQC8nZYh%2B7xcudmzSsevwjATWXFTW52zYhAuiilTwT9ZE8IAEKDgy3aI9fKTNkovLgPIpOZd3YJk9ZPdYU%2FixQsYbUhMvUwAu5QoR2FcAyVpiaO8NnQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcf8699d0b4d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzsq37UXH0Zi7zYpYvlihLmQ6HyugCU4fb_3AebI5R6rGnC6MKaeMYii0kbqtlfIRRy3BSvFg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1005997251%3A1715133699934419&theme=mn&ddm=0 | 74.125.131.84 | 403 Forbidden | 0 B |
URL GET HTTP/3accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzsq37UXH0Zi7zYpYvlihLmQ6HyugCU4fb_3AebI5R6rGnC6MKaeMYii0kbqtlfIRRy3BSvFg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1005997251%3A1715133699934419&theme=mn&ddm=0 IP74.125.131.84:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services Subject*.google.com Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzsq37UXH0Zi7zYpYvlihLmQ6HyugCU4fb_3AebI5R6rGnC6MKaeMYii0kbqtlfIRRy3BSvFg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1005997251%3A1715133699934419&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 08 May 2024 02:01:40 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-FB8FDX-UPwj7T-fnREmkTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| live.demand.supply/ds.2.html | 104.17.39.115 | 200 OK | 413 B |
URL GET HTTP/3live.demand.supply/ds.2.html IP104.17.39.115:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (430), with no line terminators Hash68dce237203af5e16657b39e1f2e7b46 8084ece9e2500c1a0731aaf8f33290744b174b9c 8534d0076676e85517a298ded722e84bb64abf655fbc565588f76a7e26ad4680
GET /ds.2.html HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:39 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
cache-status: "Netlify Edge"; hit
strict-transport-security: max-age=31536000
timing-allow-origin: *
x-nf-request-id: 01HXA01JR3DNMTF0MR1W33XTN7
cf-cache-status: HIT
age: 32312
set-cookie: __cf_bm=5PM2Ge8PdaLhNgBshCR_WztcihUs_slj2iVpQI7NVzo-1715133699-1.0.1.1-510MupubBXZGa3MxlikFLeAT3RmQZJHh20tQ9LINU8O_Djy4NNBwB_kQVmxZCLFnAmjoIIAwMr1BSe7FgrkIJg; path=/; expires=Wed, 08-May-24 02:31:39 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805dcf27e6056c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| efhjd.com/img/faqs-image.svg | 188.114.96.1 | 200 OK | 38 kB |
URL GET HTTP/3efhjd.com/img/faqs-image.svg IP188.114.96.1:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerLet's Encrypt Subjectefhjd.com Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT
File typeSVG Scalable Vector Graphics image Hasha60b7216905928c625ae9592044476cd e70c5be728c7bd1198100337487aafe126834ca3 9a717285429d468fadc4d25179fc6feb49e6335f3af1675fb6be1cb50e7e8322
GET /img/faqs-image.svg HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/xixmLepm
Cookie: XSRF-TOKEN=eyJpdiI6IjhzaUg1MUZOUmRadFlBelVFaS9kY1E9PSIsInZhbHVlIjoiSWZMVGJkWUlmeG1ZQVlxeW44RlBMUHdMRldkU3g4OVVwM2Vnbi9GU0lOZkRRalZrT0w1Y1B5Q1Z6WG96dmlybXdyMXVwbGQ2N0QzdzdZWFNhVTBhZTRUUDJHYlEzbVg4L2JYT0l0bjBRY1FCeHptQnpuUmxiaXpmQTl5VDJwWDEiLCJtYWMiOiIxMmU2MzZiYTIyOWIzN2ViNmEwZGIxNGFmZDczNDBjNzhjMDY5ZWJhZmNkMjczZmQ4ZTEwMjQ5MWNkMTk1MzM5IiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IktaMWs2b2piNDhjYkRpdzNaZE5JMFE9PSIsInZhbHVlIjoidTgrYmtZZ2tCY0pITVMyYjZ1dXYwa0tDZjk3cmQvSzl6TEY3YWsxM2JXU1k3WmlIZFczSjBidVhVQ2lRb0VUZkNXVzA2TDlEVjVPZjhNRXpoam5xeWNQdS9YZE9wMlJqcE1Ya3JJSXhBbWxRWjkzNGw4TFp1U2RPVWN0eFY3OUciLCJtYWMiOiI2NjYzYTJkMThmNjg5YjM2ZWI2NTc0MWEwYmNjODFiNWUxYWU2ZTgxNTRhMjg4ZDcyZTM3ZGRhOGVlMDE2NjgxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:38 GMT
content-type: image/svg+xml
last-modified: Fri, 13 Jan 2023 13:29:35 GMT
vary: Accept-Encoding
etag: W/"63c15cbf-95fb"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 1961
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lu9aUFyCTUnc%2F87gJJIwASo6AlNLwvYat2QfJYlwBQdgHvGtXkEDAMyZAcUZqPNE0YHhQRn7z2wFnIjizpWazWD%2BJRmUrq8tvnVeyuXw5ApkJlO0tHiRn1L%2BwNA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805dcee5f690b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap | 142.250.74.106 | 200 OK | 19 kB |
URL GET HTTP/2fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap IP142.250.74.106:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
Hashe9214a1167aa27518bc869450a50706d b5790e68611559bccd7a422ab3b63d4a9fa50c80 d2c53adf35264dffc9fb93e79e489fb00a10883c98108f57c0413a3c286fb4da
GET /css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 02:01:38 GMT
date: Wed, 08 May 2024 02:01:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| live.demand.supply/impl.v17.32.0.js | 104.17.39.115 | 200 OK | 91 kB |
URL GET HTTP/3live.demand.supply/impl.v17.32.0.js IP104.17.39.115:443
Requested byhttps://efhjd.com/xixmLepm CertificateIssuerCloudflare, Inc. Subjectdemand.supply Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (23282) Hash3501fe52a8aeb0dc9b89aa1c12ea6e5a b6221b443437b86f096112d2ec77fab1975fd811 b77415363ffad60ce3f975e393d3ef44a47d8bddbec2f0a2f9f0e9587dd5c501
GET /impl.v17.32.0.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: __cf_bm=luRRC5kdO22kcQq6zgbq1IxLX_GNVOtDQoOfwtnqyRg-1715133698-1.0.1.1-AoDUuC01GYG8tX.f_EGglbTr9SPXDdu_7kYWPMB2ZiuiIWAWTO6XcVu4iYYW6IIMdtBJsnPeIoI_gXg1ukeSiw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 02:01:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=91396
access-control-allow-origin: *
cache-status: "Netlify Edge"; fwd=miss
etag: W/"b0ea5d9194ab3fdb131dbfcf767a3676-ssl-df"
strict-transport-security: max-age=31536000
timing-allow-origin: *
vary: Accept-Encoding
x-nf-request-id: 01HWAW44Z8KJM1G27JKQDGSW4N
cf-cache-status: HIT
age: 639848
server: cloudflare
cf-ray: 8805dcf27e5b56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|