sxmeta.investmsft.top Open in urlscan Pro
94.237.99.137 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sxmeta.investmsft.top/
Effective URL:
https://sxmeta.investmsft.top/
Submission: On January 20 via automatic, source openphish (January 20th 2025, 2:29:58 am UTC) — Scanned from FI

Summary HTTP 24 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 24 HTTP transactions. The main IP is 94.237.99.137, located in Finland and belongs to UPCLOUD UpCloud Ltd, FI. The main domain is sxmeta.investmsft.top.
TLS certificate: Issued by E6 on January 19th 2025. Valid for: 3 months.

This is the only time sxmeta.investmsft.top was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	94.237.99.137 94.237.99.137	202053 (UPCLOUD U...) (UPCLOUD UpCloud Ltd)
6	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.217.16.202 172.217.16.202	15169 (GOOGLE) (GOOGLE)
2	157.240.0.6 157.240.0.6	32934 (FACEBOOK) (FACEBOOK)
3	142.250.184.227 142.250.184.227	15169 (GOOGLE) (GOOGLE)
1	3.122.218.248 3.122.218.248	16509 (AMAZON-02) (AMAZON-02)
2	157.240.0.35 157.240.0.35	32934 (FACEBOOK) (FACEBOOK)
24	7

9 94.237.99.137 (Finland)

ASN202053 (UPCLOUD UpCloud Ltd, FI)
PTR: 94-237-99-137.de-fra1.upcloud.host

sxmeta.investmsft.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.184.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.122.218.248 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-218-248.eu-central-1.compute.amazonaws.com

getyourapi.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.0.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	investmsft.top sxmeta.investmsft.top	53 KB
6	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 218	178 KB
3	gstatic.com fonts.gstatic.com	94 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	78 KB
1	getyourapi.site getyourapi.site	558 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	1 KB
24	7

	Domain	Requested by
9	sxmeta.investmsft.top	sxmeta.investmsft.top
6	cdnjs.cloudflare.com	sxmeta.investmsft.top cdnjs.cloudflare.com
3	fonts.gstatic.com	fonts.googleapis.com
2	www.facebook.com	sxmeta.investmsft.top
2	connect.facebook.net	sxmeta.investmsft.top connect.facebook.net
1	getyourapi.site	cdnjs.cloudflare.com
1	fonts.googleapis.com	sxmeta.investmsft.top
24	7

This site contains no links.

Subject Issuer	Validity	Valid
sxmeta.investmsft.top E6	`2025-01-19` - `2025-04-19`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
upload.video.google.com WR2	`2024-12-09` - `2025-03-03`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-10-29` - `2025-01-27`	3 months	crt.sh
*.gstatic.com WR2	`2024-12-09` - `2025-03-03`	3 months	crt.sh
getyourapi.site E6	`2024-12-04` - `2025-03-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sxmeta.investmsft.top/
Frame ID: DF294549A586D030195D5FADA6EDD2DE
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

META

Page URL History Show full URLs

http://sxmeta.investmsft.top/ HTTP 307
https://sxmeta.investmsft.top/ Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

406 kB
Transfer

1117 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sxmeta.investmsft.top/ HTTP 307
https://sxmeta.investmsft.top/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
sxmeta.investmsft.top/
Redirect Chain

http://sxmeta.investmsft.top/
https://sxmeta.investmsft.top/

29 KB
6 KB

674ms
277ms

Document
text/html

94.237.99.137
UPCLOUD UpCloud Ltd

General

Check archive.org

Show headers Download Go to

Full URL: https://sxmeta.investmsft.top/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.237.99.137 , Finland, ASN202053 (UPCLOUD UpCloud Ltd, FI),
Reverse DNS: 94-237-99-137.de-fra1.upcloud.host
Software: openresty /
Resource Hash: 51ba2bc03adc78db6991d06c7f35999974d8b8fef120e009791b8e0845e6a506

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 20 Jan 2025 02:29:52 GMT
server: openresty
vary: Accept-Encoding Accept-Encoding Accept-Encoding

Redirect headers

Location: https://sxmeta.investmsft.top/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 style.css
sxmeta.investmsft.top/land/css/ 27 KB
5 KB 197ms
197ms Stylesheet
text/css 94.237.99.137
UPCLOUD UpCloud Ltd

General

Check archive.org

Show headers Download Go to

Full URL: https://sxmeta.investmsft.top/land/css/style.css
Requested by: Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.237.99.137 , Finland, ASN202053 (UPCLOUD UpCloud Ltd, FI),
Reverse DNS: 94-237-99-137.de-fra1.upcloud.host
Software: openresty /
Resource Hash: f8c26f5343aa7f7c9d518dab280693eeb843c4d46878071ff56f06299f093c1a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

content-encoding: gzip
date: Mon, 20 Jan 2025 02:29:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: openresty

GET
H2 200 form.css
sxmeta.investmsft.top/land/css/ 6 KB
2 KB 291ms
291ms Stylesheet
text/css 94.237.99.137
UPCLOUD UpCloud Ltd

General

Check archive.org

Show headers Download Go to

Full URL: https://sxmeta.investmsft.top/land/css/form.css
Requested by: Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.237.99.137 , Finland, ASN202053 (UPCLOUD UpCloud Ltd, FI),
Reverse DNS: 94-237-99-137.de-fra1.upcloud.host
Software: openresty /
Resource Hash: 9d0281fb0bd3de9065b6c16d2d36df812320d8e483cdb17fd3cd41a2fb5796d4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

content-encoding: gzip
date: Mon, 20 Jan 2025 02:29:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: openresty

GET
H2 200 about-mob.webp
sxmeta.investmsft.top/land/img/ 16 KB
16 KB 273ms
272ms Image
image/webp 94.237.99.137
UPCLOUD UpCloud Ltd

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sxmeta.investmsft.top/land/img/about-mob.webp
Requested by: Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.237.99.137 , Finland, ASN202053 (UPCLOUD UpCloud Ltd, FI),
Reverse DNS: 94-237-99-137.de-fra1.upcloud.host
Software: openresty /
Resource Hash: 11d5d8d7b396a9021755bee0f1916e14148c6669049700c105b5c00472a2b183

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

date: Mon, 20 Jan 2025 02:29:52 GMT
content-type: image/webp
vary: Accept-Encoding
server: openresty

GET
H2 200 info.webp
sxmeta.investmsft.top/land/img/ 7 KB
7 KB 209ms
209ms Image
image/webp 94.237.99.137
UPCLOUD UpCloud Ltd

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sxmeta.investmsft.top/land/img/info.webp
Requested by: Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.237.99.137 , Finland, ASN202053 (UPCLOUD UpCloud Ltd, FI),
Reverse DNS: 94-237-99-137.de-fra1.upcloud.host
Software: openresty /
Resource Hash: 8fe5975fdcb59a716bf4aa283d4857f5d9ca5521fd005648722d8c0e4507235f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

date: Mon, 20 Jan 2025 02:29:52 GMT
content-type: image/webp
vary: Accept-Encoding
server: openresty

GET
H2 200 meta-header-avatar.webp
sxmeta.investmsft.top/land/img/ 742 B
822 B 168ms
168ms Image
image/webp 94.237.99.137
UPCLOUD UpCloud Ltd

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sxmeta.investmsft.top/land/img/meta-header-avatar.webp
Requested by: Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.237.99.137 , Finland, ASN202053 (UPCLOUD UpCloud Ltd, FI),
Reverse DNS: 94-237-99-137.de-fra1.upcloud.host
Software: openresty /
Resource Hash: 3ca147b37baf3e735ac8937549ceced700190506a6f9d7b42c7bc3fee494b6c9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

date: Mon, 20 Jan 2025 02:29:52 GMT
content-type: image/webp
vary: Accept-Encoding
server: openresty

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/ 85 KB
27 KB 738ms
185ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js

Requested by

Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "64ed75bb-6b36"
age: 76512
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wUY361O5IsiOYaPVofoGeDmdAbQpQU6wg%2BKHpWoBnTVsQVPs8f6xU420oCGDmEgl1z0Yf7ei1pbbjjcTqDBLUwccgH6iN7CrVPkBCZ%2FhovxyiwXuQBIWsV0p3HzIFXUpbNHoyhq9"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 10 Jan 2026 02:29:53 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 02:29:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 04:36:11 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 904ba3b1be407100-HEL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27446
server: cloudflare

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 594ms
156ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "603e8adc-15d9d"
age: 2332378
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LcG6errJaZ9o2jDQoo3ecQBAyzMWuysqcoKbrEK10lFehgJToBAf3vf7bfMKb8xcUeWYMxKu7luq45eDl2grfCpj103CksUPyxzoh0OQM76t0yYkJCGI0RCpo%2FHTX7clQ%2FTLuzS4"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 10 Jan 2026 02:29:53 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 02:29:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 904ba3b1be427100-HEL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27938
server: cloudflare

GET
H2 200 main.js Show response
sxmeta.investmsft.top/land/js/ 25 KB
4 KB 160ms
160ms Script
application/javascript 94.237.99.137
UPCLOUD UpCloud Ltd

General

Check archive.org

Show headers Download Go to

Full URL: https://sxmeta.investmsft.top/land/js/main.js
Requested by: Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.237.99.137 , Finland, ASN202053 (UPCLOUD UpCloud Ltd, FI),
Reverse DNS: 94-237-99-137.de-fra1.upcloud.host
Software: openresty /
Resource Hash: fbcb889a55ff09f8c95f15c417e81f0d366664d24322bcf787308bc160ad6241

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

content-encoding: gzip
date: Mon, 20 Jan 2025 02:29:53 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: openresty

GET
H2 200 intlTelInput.css
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/css/ 24 KB
2 KB 140ms
139ms Stylesheet
text/css 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/css/intlTelInput.css

Requested by

Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9ae063d7bf400c91d4056a69889903b54205f2efd6cb224d6041eca58b92cca

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "65a3eb4d-85b"
age: 351364
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=053iy4id9o7%2FV8KW0qKbjD9kdVjB1jMC8uyMrX60oxkyY0asvgthJrKF23glsAwFWHMh3asFGpY6NruBha2pWnPvJI%2FzAHyhclc584yQdea2RK409jDOArOVNf%2BqfCFEocBhyv95"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 10 Jan 2026 02:29:53 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 02:29:53 GMT
content-type: text/css; charset=utf-8
last-modified: Sun, 14 Jan 2024 14:10:21 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 904ba3b2fef17100-HEL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2139
server: cloudflare

GET
H2 200 intlTelInput.min.js Show response
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/ 30 KB
9 KB 167ms
167ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/intlTelInput.min.js

Requested by

Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54bc983ea406933001939caacb25ec98a9f633b8f2d54aa5ca3180948d6fe389

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "65a3eb4d-223d"
age: 334329
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SYpr2Rw7Ww2HpQAChtZGYzW4i1hTCJ70y8SZCHnZ17f69%2FYp1xemmPIfPyPbIYa3cj9xMjTo%2BNViC8TEmukm9Y%2FCP1HYGTrrmOdn8vBPRkgUMh40GyWxKVPdifiYsMyQwVIGPfEs"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 10 Jan 2026 02:29:53 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 02:29:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 14 Jan 2024 14:10:21 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 904ba3b33f097100-HEL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 8765
server: cloudflare

GET
H2 200 css2
fonts.googleapis.com/ 6 KB
1 KB 879ms
249ms Stylesheet
text/css 172.217.16.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Ubuntu:wght@400;500;700&display=swap

Requested by

Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/land/css/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f10.1e100.net

Software

ESF /

Resource Hash

fbde9640f7bead77cc29df5c627f30d711f18e9f3d28456072a530b90c21c233

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 20 Jan 2025 02:29:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 20 Jan 2025 02:29:53 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 20 Jan 2025 00:46:53 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 240 KB
63 KB 813ms
227ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

a02acce44f2c6df068972d20e54f5b2632f994db79a2ed7f907fd378033411ef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-mUvVAUOS' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 02:29:54 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-mUvVAUOS' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=63, rtx=0, c=13, mss=1392, tbw=2965, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: iLTJSlVAUraPPi3e9iGXtvqnkagSncuHZXZSR/ds3aHCleKnJCjUbuDIU2oBogsI9EvP1Fd0cEQ9b9qOk9nSyg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62391
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 4iCv6KVjbNBYlgoCxCvjsGyN.woff2
fonts.gstatic.com/s/ubuntu/v20/ 29 KB
30 KB 848ms
236ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Ubuntu:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://sxmeta.investmsft.top
Referer: https://fonts.googleapis.com/

Response headers

age: 495605
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 14 Jan 2026 08:49:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 14 Jan 2025 08:49:49 GMT
last-modified: Wed, 27 Apr 2022 17:05:11 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 29752
x-xss-protection: 0
server: sffe

GET
H2 200 4iCv6KVjbNBYlgoCjC3jsGyN.woff2
fonts.gstatic.com/s/ubuntu/v20/ 30 KB
30 KB 934ms
322ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCjC3jsGyN.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Ubuntu:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

e8e147e15907f25cad69b2bcf060213efad4ed04e0d36374715cbca17b2afc1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://sxmeta.investmsft.top
Referer: https://fonts.googleapis.com/

Response headers

age: 495413
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 14 Jan 2026 08:53:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 14 Jan 2025 08:53:01 GMT
last-modified: Wed, 27 Apr 2022 16:04:03 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30480
x-xss-protection: 0
server: sffe

GET
H2 200 4iCs6KVjbNBYlgoKfw72.woff2
fonts.gstatic.com/s/ubuntu/v20/ 34 KB
34 KB 979ms
368ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Ubuntu:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://sxmeta.investmsft.top
Referer: https://fonts.googleapis.com/

Response headers

age: 481617
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 14 Jan 2026 12:42:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 14 Jan 2025 12:42:57 GMT
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34852
x-xss-protection: 0
server: sffe

GET
H2 200 logo.webp
sxmeta.investmsft.top/land/img/ 4 KB
4 KB 224ms
223ms Image
image/webp 94.237.99.137
UPCLOUD UpCloud Ltd

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sxmeta.investmsft.top/land/img/logo.webp
Requested by: Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.237.99.137 , Finland, ASN202053 (UPCLOUD UpCloud Ltd, FI),
Reverse DNS: 94-237-99-137.de-fra1.upcloud.host
Software: openresty /
Resource Hash: 49c8be1fae5b2fc2c05f0f01f002ae843418472f15303981db2e762431202e60

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

date: Mon, 20 Jan 2025 02:29:53 GMT
content-type: image/webp
vary: Accept-Encoding
server: openresty

GET
H2 200 geolocation Show response
getyourapi.site/api/ 148 B
558 B 500ms
155ms XHR
application/json 3.122.218.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://getyourapi.site/api/geolocation
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.122.218.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-218-248.eu-central-1.compute.amazonaws.com
Software: openresty / Express
Resource Hash: 30b1e91591b17e967b4e2e345fe5e033e024960e0617ded3e2d3c77f271f675a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://sxmeta.investmsft.top/

Response headers

access-control-max-age: 600
x-request-id: e3a44a0f-f0a5-454f-ba6b-53205cfa9e74
access-control-expose-headers: content-type, authorization, x-request-id
etag: W/"94-kYWb0njU10cVIePZkzsm3XyYVOM"
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://sxmeta.investmsft.top
content-length: 148
date: Mon, 20 Jan 2025 02:29:54 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
server: openresty
access-control-allow-headers: origin, content-type, accept, authorization

GET
H2 200 flags.png
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/img/ 66 KB
66 KB 140ms
139ms Image
image/png 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/img/flags.png?1

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/css/intlTelInput.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3af394920236bdcab19b5514b8f67e06b194e29017368d6a9d83d598947f203b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/css/intlTelInput.css

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "65a3eb4d-1062f"
age: 1402064
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WFPoMuRADhuX5weg5j%2FKrOeFGA9UfEy0HtLuc1Gw4iQqu%2BOv7YuNnmGuuFLkVmmkmjZmdYzy6Vkq1ovV6kb%2FIIulOqjAIMWNYDOtimOy6q6f2YLQUNYY0xMVIprYoPs%2BnpakPOTw"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 10 Jan 2026 02:29:54 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 02:29:54 GMT
content-type: image/png; charset=utf-8
last-modified: Sun, 14 Jan 2024 14:10:21 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 904ba3b90a907100-HEL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 67119
server: cloudflare

GET
H2 200 982638743716736 Show response
connect.facebook.net/signals/config/ 69 KB
14 KB 220ms
220ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/982638743716736?v=2.9.180&r=stable&domain=sxmeta.investmsft.top&hme=1b2b48fb279bc2e2881583cc2153b57f55e340ed882b2c5394167c8bc992d930&ex_m=70%2C122%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C174%2C177%2C189%2C185%2C186%2C188%2C29%2C101%2C53%2C77%2C187%2C169%2C172%2C182%2C183%2C190%2C132%2C41%2C192%2C193%2C34%2C144%2C15%2C50%2C198%2C197%2C134%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C170%2C173%2C141%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

3ee30dc8033e8a9f2a433dbc6d4a09dc6211ee60ad155196dfb2bd4159e1a21f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-9sLWUHUb' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 02:29:54 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-9sLWUHUb' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=72, rtx=0, c=60, mss=1392, tbw=68049, tp=-1, tpl=-1, uplat=64, ullat=0
pragma: public
x-fb-debug: qTrlfjN0QDrKLZ/xl/54A/88CH08btynOPrRu30/+8IbGl6NZOtNLdAfgim1hWcULwazVDvErruND5bFjpgiMw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 /
www.facebook.com/tr/ 0
269 B 878ms
221ms Image
text/plain 157.240.0.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=982638743716736&ev=PageView&dl=https%3A%2F%2Fsxmeta.investmsft.top%2F&rl=&if=false&ts=1737340194951&sw=1600&sh=1200&v=2.9.180&r=stable&ec=0&o=12318&fbp=fb.1.1737340194950.894600315343990281&ler=empty&cdl=API_unavailable&it=1737340194700&coo=false&rqm=GET

Requested by

Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=76, rtx=0, c=10, mss=1392, tbw=2970, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Mon, 20 Jan 2025 02:29:55 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 1057ms
401ms Image
image/png 157.240.0.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=982638743716736&ev=PageView&dl=https%3A%2F%2Fsxmeta.investmsft.top%2F&rl=&if=false&ts=1737340194951&sw=1600&sh=1200&v=2.9.180&r=stable&ec=0&o=12318&fbp=fb.1.1737340194950.894600315343990281&ler=empty&cdl=API_unavailable&it=1737340194700&coo=false&rqm=FGET

Requested by

Host: sxmeta.investmsft.top
URL: https://sxmeta.investmsft.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7461819321068277661"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 02:29:55 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: urwcDwSgEgcyz+mwR9IFRkVkBZ534reYk9sSsL9t2z4OJl8ZVsRnLuU+ATRyyODfg1dkUzTHvZUW8A8oq1fkIQ==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7461819321068277661", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=77, rtx=0, c=10, mss=1392, tbw=3283, tp=-1, tpl=-1, uplat=164, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 utils.min.js Show response
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/ 244 KB
45 KB 130ms
130ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/utils.min.js

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/intlTelInput.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b35c83e4dc3713230edfbda43508fb2fb92d8e07c4189f19d201ba199ef810a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "65a3eb4d-b3dd"
age: 520249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BF4JJCphSNwqHOsuUGBqxcHsrutG%2FlSoU%2BzuyqT0FFEH2YbASIVvfgZ%2Fs3CVZo5hJxr4tJFlxLeR%2FFqgpLx1MJ3TZYCxhuE9kzceGEVCnuzGthycgUganhrFmu%2BWqB7PYAUF%2F2W7"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 10 Jan 2026 02:29:56 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 02:29:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 14 Jan 2024 14:10:21 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 904ba3c17fe67100-HEL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 46045
server: cloudflare

GET
H2 200 favicon.ico
sxmeta.investmsft.top/ 61 KB
8 KB 626ms
626ms Other
image/x-icon 94.237.99.137
UPCLOUD UpCloud Ltd

General

Check archive.org

Show headers Download Go to

Full URL: https://sxmeta.investmsft.top/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.237.99.137 , Finland, ASN202053 (UPCLOUD UpCloud Ltd, FI),
Reverse DNS: 94-237-99-137.de-fra1.upcloud.host
Software: openresty /
Resource Hash: fd2edcd46cc80ef42492216067dfd1e7481e8f9ffd965e9492449ca557f66e9a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://sxmeta.investmsft.top/

Response headers

content-encoding: gzip
date: Mon, 20 Jan 2025 02:29:56 GMT
content-type: image/x-icon
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: openresty

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.investmsft.top/	1970-01-21 04:45:16	Name: _fbp Value: fb.1.1737340194950.894600315343990281

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
getyourapi.site
sxmeta.investmsft.top
www.facebook.com
104.17.25.14
142.250.184.227
157.240.0.35
157.240.0.6
172.217.16.202
3.122.218.248
94.237.99.137
11d5d8d7b396a9021755bee0f1916e14148c6669049700c105b5c00472a2b183
30b1e91591b17e967b4e2e345fe5e033e024960e0617ded3e2d3c77f271f675a
3af394920236bdcab19b5514b8f67e06b194e29017368d6a9d83d598947f203b
3ca147b37baf3e735ac8937549ceced700190506a6f9d7b42c7bc3fee494b6c9
3ee30dc8033e8a9f2a433dbc6d4a09dc6211ee60ad155196dfb2bd4159e1a21f
49c8be1fae5b2fc2c05f0f01f002ae843418472f15303981db2e762431202e60
51ba2bc03adc78db6991d06c7f35999974d8b8fef120e009791b8e0845e6a506
54bc983ea406933001939caacb25ec98a9f633b8f2d54aa5ca3180948d6fe389
7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
8fe5975fdcb59a716bf4aa283d4857f5d9ca5521fd005648722d8c0e4507235f
9d0281fb0bd3de9065b6c16d2d36df812320d8e483cdb17fd3cd41a2fb5796d4
a02acce44f2c6df068972d20e54f5b2632f994db79a2ed7f907fd378033411ef
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b35c83e4dc3713230edfbda43508fb2fb92d8e07c4189f19d201ba199ef810a2
c9ae063d7bf400c91d4056a69889903b54205f2efd6cb224d6041eca58b92cca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8e147e15907f25cad69b2bcf060213efad4ed04e0d36374715cbca17b2afc1c
f8c26f5343aa7f7c9d518dab280693eeb843c4d46878071ff56f06299f093c1a
fbcb889a55ff09f8c95f15c417e81f0d366664d24322bcf787308bc160ad6241
fbde9640f7bead77cc29df5c627f30d711f18e9f3d28456072a530b90c21c233
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
fd2edcd46cc80ef42492216067dfd1e7481e8f9ffd965e9492449ca557f66e9a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

sxmeta.investmsft.top Open in urlscan Pro 94.237.99.137 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

24 Requests

100 %HTTPS

0 %IPv6

7 Domains

7 Subdomains

7 IPs

4 Countries

406 kBTransfer

1117 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

1 Cookies

Indicators

sxmeta.investmsft.top Open in urlscan Pro
94.237.99.137 Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

406 kB
Transfer

1117 kB
Size

1
Cookies

24 HTTP transactions
0 data transactions