exe.io/qC3yIaW
104.26.3.103301 Moved Permanently 0 B IP 104.26.3.103:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /qC3yIaW HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 01 Dec 2022 05:05:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 01 Dec 2022 06:05:45 GMT
Location: https://exe.io/qC3yIaW
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w8H7%2Byjlyk8gm7ib%2B12Y6Jh0VWw3h7RH2qFE9diDw7khBX5lFZUbLBF43sNH6FSqMK0isUw%2BiruumuCtwwyr3n2QSORJtLYa%2BEoQhlaS0YYn3jskGgyfTA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77294a2359d1b521-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3285
Expires: Thu, 01 Dec 2022 06:00:30 GMT
Date: Thu, 01 Dec 2022 05:05:45 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f3cf023c797da81728c0ac84c8759331
fa07c5e39e4b0741ea484101cccb2202acea9d9c
5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3238
Cache-Control: max-age=109172
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:45 GMT
Etag: "638730f7-1d7"
Expires: Fri, 02 Dec 2022 11:25:17 GMT
Last-Modified: Wed, 30 Nov 2022 10:31:19 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6294
Expires: Thu, 01 Dec 2022 06:50:39 GMT
Date: Thu, 01 Dec 2022 05:05:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 04:18:07 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2858
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: cqv1P0MEK4mFUBqHPIRl7BoMNE7f9mUHiXPT4MVRofZwUCuj0HGxCtBWEBY8TXXZKGTul4WkpSE=
x-amz-request-id: 8NEHAV6RGXGZRPXB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 04:45:31 GMT
age: 1214
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 64ea2ff0ffb1602b7df144d12aa88eb4
0af83ebb0d7de232e227dcd882393067c590e578
dd89b95c5c6d731e9fce7482f2ddaa33b7e214b7ef76f82bc28bb5a03179e03c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4655
Cache-Control: max-age=148366
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:45 GMT
Etag: "6387c488-117"
Expires: Fri, 02 Dec 2022 22:18:31 GMT
Last-Modified: Wed, 30 Nov 2022 21:00:56 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 279
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 05:05:45 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
exe.io/qC3yIaW
172.67.71.40302 Found 279 B IP 172.67.71.40:0
Hash 64ea2ff0ffb1602b7df144d12aa88eb4
0af83ebb0d7de232e227dcd882393067c590e578
dd89b95c5c6d731e9fce7482f2ddaa33b7e214b7ef76f82bc28bb5a03179e03c
GET /qC3yIaW HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Thu, 01 Dec 2022 05:05:45 GMT
content-type: text/html; charset=UTF-8
location: https://exee.app/qC3yIaW
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=cb60d07a0c4cbc63b8a8f7e34e5e2e87; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yq%2FSzJbuL1IXp994HKva6Xt0JeBnj5Q9Ch82Rb7g7zKZqsJTu8tG5sHGrnz8dX2DIo2NjiH3nNZV%2BrdMkXckcT75iiwO2HkbwFee%2Bl5yildmGAj4qjzhPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294a25aa0f0b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6ceeaacc057357874e835d7a0a57fbcd
cfd542716217961e5ec11a447be33eceb8821198
6e4d160f5b74a8bd387a17e85b9f7b347e704b66c99d23d68ebfa78e8b852000
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6E4D160F5B74A8BD387A17E85B9F7B347E704B66C99D23D68EBFA78E8B852000"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13392
Expires: Thu, 01 Dec 2022 08:48:58 GMT
Date: Thu, 01 Dec 2022 05:05:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 04:08:56 GMT
cache-control: public,max-age=3600
age: 3410
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6ceeaacc057357874e835d7a0a57fbcd
cfd542716217961e5ec11a447be33eceb8821198
6e4d160f5b74a8bd387a17e85b9f7b347e704b66c99d23d68ebfa78e8b852000
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6E4D160F5B74A8BD387A17E85B9F7B347E704B66C99D23D68EBFA78E8B852000"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13392
Expires: Thu, 01 Dec 2022 08:48:58 GMT
Date: Thu, 01 Dec 2022 05:05:46 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3519a58310eefa01756f0440e2acd7dd
50153382830684a6abb653dc7b4e41d7c7e386b5
5f321e771fa62d9f794339006752655316cdb6e8d69bc23e1d0e3c8bc526f12e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cfdd00e67ee6ca21712b867eb5288ab6
b61d5d6ec3b7ad71619e13e32c87f2d01871b88a
f740cac6dfedc1bf0f82efb10dac4f6ffb22f9bb5d4a9b68a4cd971dd2f65793
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3234
Cache-Control: max-age=104099
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:46 GMT
Etag: "63871d2b-1d7"
Expires: Fri, 02 Dec 2022 10:00:45 GMT
Last-Modified: Wed, 30 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
www.googletagmanager.com/gtag/js?id=UA-135952122-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 12d05c678e8ade2e038548fdc9b6f56f
90147d11d40d3945e3f88b320ceaebbd82b670c2
85a444f0a884717b551cd6736303155028ccb3e0a15e2b591cc30f2b97a3dbec
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Dec 2022 05:05:46 GMT
expires: Thu, 01 Dec 2022 05:05:46 GMT
cache-control: private, max-age=900
last-modified: Thu, 01 Dec 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43583
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3519a58310eefa01756f0440e2acd7dd
50153382830684a6abb653dc7b4e41d7c7e386b5
5f321e771fa62d9f794339006752655316cdb6e8d69bc23e1d0e3c8bc526f12e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3254f7c878d1f52f6503bf5b5b01b8fa
9061a49e98763ce6261db1792944ddd73a63ae03
ec1dace4e9720c35cdaecc0b552c805852d307eedbd02c06e9f3642facd4b3d3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EC1DACE4E9720C35CDAECC0B552C805852D307EEDBD02C06E9F3642FACD4B3D3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1957
Expires: Thu, 01 Dec 2022 05:38:23 GMT
Date: Thu, 01 Dec 2022 05:05:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1941107888656c44ed84e98b515dd264
ea75e4a99ec553cf0539ab866b8174b9d01b91e4
1304be24714e48fb3996f6229bfbf0188ac7ad2292ecb5ebca5600005dffab1d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1304BE24714E48FB3996F6229BFBF0188AC7AD2292ECB5EBCA5600005DFFAB1D"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4976
Expires: Thu, 01 Dec 2022 06:28:42 GMT
Date: Thu, 01 Dec 2022 05:05:46 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c0fe3ea3107148f5b0eb2714d6980799
637361c3605324a34d270bec2f66c575f9a9fd3e
2e0e575bf950a0e4a55cbfb8c17840142f12cfdd8645a97943950ef8e9b40b4a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 461
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:46 GMT
Last-Modified: Thu, 01 Dec 2022 04:58:05 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 371e1a91b277ea6b99865901e26e9c2c
da1bba6e7a9e26b725524131964454448c1219e5
56ff8d7d40b8123cb152871da4de01f03daa0c56bd7e0de655a74fad3fe1c570
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "56FF8D7D40B8123CB152871DA4DE01F03DAA0C56BD7E0DE655A74FAD3FE1C570"
Last-Modified: Wed, 30 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8063
Expires: Thu, 01 Dec 2022 07:20:09 GMT
Date: Thu, 01 Dec 2022 05:05:46 GMT
Connection: keep-alive
fn.deulspoorn.com/1clkn/29529
23.109.87.55200 OK 26 B URL HTTP/1.1 fn.deulspoorn.com/1clkn/29529
IP 23.109.87.55:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: fn.deulspoorn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Dec 2022 05:05:46 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Fri, 02-Dec-2022 05:05:46 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Fri, 02-Dec-2022 05:05:46 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4fadc3debd5f5de20f763d29e2b84196
4bdc95e8b50718b858dfe94e28f8071402f53e06
6917aedc9d16cc4dea35ed5fffff8a28bf5e75118f7444f350076773b58e9b4e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6917AEDC9D16CC4DEA35ED5FFFFF8A28BF5E75118F7444F350076773B58E9B4E"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1072
Expires: Thu, 01 Dec 2022 05:23:38 GMT
Date: Thu, 01 Dec 2022 05:05:46 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4db6adb68d974d4a5343eda081abb131
542d171f9aefecdd8b6b4eb8070f4a063ee90a62
5822f506962c5b9c376cd4da49a074f37740776b4871bb6745c4453c359e27f3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5822F506962C5B9C376CD4DA49A074F37740776B4871BB6745C4453C359E27F3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20145
Expires: Thu, 01 Dec 2022 10:41:31 GMT
Date: Thu, 01 Dec 2022 05:05:46 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c46da6bfb7c44896d7fd5eb8e8e1f00
6023f44329436f9b6942b31ad02c805c4001b3c3
a14f4d068457340a839d1988a3f11faefe54909aaba87a98633a001e53819d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A14F4D068457340A839D1988A3F11FAEFE54909AABA87A98633A001E53819D49"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18804
Expires: Thu, 01 Dec 2022 10:19:10 GMT
Date: Thu, 01 Dec 2022 05:05:46 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c46da6bfb7c44896d7fd5eb8e8e1f00
6023f44329436f9b6942b31ad02c805c4001b3c3
a14f4d068457340a839d1988a3f11faefe54909aaba87a98633a001e53819d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A14F4D068457340A839D1988A3F11FAEFE54909AABA87A98633A001E53819D49"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18804
Expires: Thu, 01 Dec 2022 10:19:10 GMT
Date: Thu, 01 Dec 2022 05:05:46 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c0fe3ea3107148f5b0eb2714d6980799
637361c3605324a34d270bec2f66c575f9a9fd3e
2e0e575bf950a0e4a55cbfb8c17840142f12cfdd8645a97943950ef8e9b40b4a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 461
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:46 GMT
Last-Modified: Thu, 01 Dec 2022 04:58:05 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 279
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
216.58.207.227200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:56:05 GMT
expires: Tue, 28 Nov 2023 18:56:05 GMT
cache-control: public, max-age=31536000
age: 209381
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:52:41 GMT
expires: Tue, 28 Nov 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 209585
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
terialnevitiesini.com/utx?cb=HihFuZyTipbs&top=exee.app&tid=822524
54.230.111.63204 No Content 0 B URL HTTP/2 terialnevitiesini.com/utx?cb=HihFuZyTipbs&top=exee.app&tid=822524
IP 54.230.111.63:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=HihFuZyTipbs&top=exee.app&tid=822524 HTTP/1.1
Host: terialnevitiesini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 05:05:46 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 01 Dec 2022 05:06:46 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lpzhAZAMlVersGf10cA1f_R-fu9ByotcfrXn2_DMlcbyQ_-HTDhewg==
X-Firefox-Spdy: h2
terialnevitiesini.com/eHlnVncZGwQ7SBlEBXACChVac0U+XFUQE0sNX2EYFxZXYE5PCV94FBQWEjIRChYJIlkWHBNzRT5AAwEPSyMMEyA5AQwXER88IRNGDEw2AE4+LC8UIzoeNhw7Dy81FAAbNy0URz40CT1SSjspEj0ePiUHMy0rLmEyLj8vBzRILCY+NRojHxc0Pj8TISIPSTMUPwA7NDE+MB8lMTM8KF8iMClINAA2HDg2PRM8GlcAMjk4XyAyKTQmECAqMT8UHCsjIjIUKhU9ICUtFSIcMCoxPxc2KDVXGC4tFTISIj5MLx4ZHDs0AyYTIyIyFDorJT0lEUggABkqGz8QWk09BGYiNDwAAwY/EgsQPjA3IQ4iHC4EEyEcLAsEDz0OMhA2ARoGEDEyLCVmJRsoDD4PLQELHSEPXw0lGBYJWiYWNCgWJCNAMj8TTiEYCA
54.230.111.63200 OK 1.2 kB URL HTTP/2 terialnevitiesini.com/eHlnVncZGwQ7SBlEBXACChVac0U+XFUQE0sNX2EYFxZXYE5PCV94FBQWEjIRChYJIlkWHBNzRT5AAwEPSyMMEyA5AQwXER88IRNGDEw2AE4+LC8UIzoeNhw7Dy81FAAbNy0URz40CT1SSjspEj0ePiUHMy0rLmEyLj8vBzRILCY+NRojHxc0Pj8TISIPSTMUPwA7NDE+MB8lMTM8KF8iMClINAA2HDg2PRM8GlcAMjk4XyAyKTQmECAqMT8UHCsjIjIUKhU9ICUtFSIcMCoxPxc2KDVXGC4tFTISIj5MLx4ZHDs0AyYTIyIyFDorJT0lEUggABkqGz8QWk09BGYiNDwAAwY/EgsQPjA3IQ4iHC4EEyEcLAsEDz0OMhA2ARoGEDEyLCVmJRsoDD4PLQELHSEPXw0lGBYJWiYWNCgWJCNAMj8TTiEYCA
IP 54.230.111.63:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3028), with no line terminators
Hash c730a82005bafbebcf86d709d0992eca
0f570e34e41aca84ab8616fa3e83f1f4dca860c3
b572bca54f62031af247f77f9fbdeee3ba3d444fca7212d7cff3a99bf134edb7
GET /eHlnVncZGwQ7SBlEBXACChVac0U+XFUQE0sNX2EYFxZXYE5PCV94FBQWEjIRChYJIlkWHBNzRT5AAwEPSyMMEyA5AQwXER88IRNGDEw2AE4+LC8UIzoeNhw7Dy81FAAbNy0URz40CT1SSjspEj0ePiUHMy0rLmEyLj8vBzRILCY+NRojHxc0Pj8TISIPSTMUPwA7NDE+MB8lMTM8KF8iMClINAA2HDg2PRM8GlcAMjk4XyAyKTQmECAqMT8UHCsjIjIUKhU9ICUtFSIcMCoxPxc2KDVXGC4tFTISIj5MLx4ZHDs0AyYTIyIyFDorJT0lEUggABkqGz8QWk09BGYiNDwAAwY/EgsQPjA3IQ4iHC4EEyEcLAsEDz0OMhA2ARoGEDEyLCVmJRsoDD4PLQELHSEPXw0lGBYJWiYWNCgWJCNAMj8TTiEYCA HTTP/1.1
Host: terialnevitiesini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1177
date: Thu, 01 Dec 2022 05:05:46 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 01-3CKYTbxJDllBB7d8uU3V0I6QSJyDil7w3PX0ZQVzh6IVjrppw3w==
X-Firefox-Spdy: h2
terialnevitiesini.com/utx?cb=Y3fvWDMGZTwh&top=exee.app&tid=889494
54.230.111.63204 No Content 0 B URL HTTP/2 terialnevitiesini.com/utx?cb=Y3fvWDMGZTwh&top=exee.app&tid=889494
IP 54.230.111.63:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=Y3fvWDMGZTwh&top=exee.app&tid=889494 HTTP/1.1
Host: terialnevitiesini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 05:05:46 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 01 Dec 2022 05:06:46 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4_9IC9OA1-hFQnjjijNhxXDdzsUFhsRLKkRBeNkh0Yq_VC0zso2lPg==
X-Firefox-Spdy: h2
terialnevitiesini.com/bWZkWHEMBAc1TgxbBn4EHwpZfUMrQ1YeFV4SXG8eAglUbkhaFlx2EgEJETwXHwkKLF8DAxB9QytWNx0nLjIKHQMmDxM3JQcRFxIfIywBNhVeACEOBCEcITA5Fw5QEjABJCUiEiYlITMZNBw9aDc1MFUCMiQ3LjE7SFQiOTM8Cy42SEhUIg4IBg4tED8rBA4dCCQ0FGk9FDcUHjJVDC8ySQw2VhVCIVYTNDoHAQoQIjwNPmsGXgAzLAgMVipsEzkzChAIGhcqDEA4AwoNAiIKNm4VNShBajM1VQw/EjweMT0fOFcuIEhIVCY7JglfKWpAXgUOAjkLISYgNSs0UjwlQCdQDjkeIwdrRCg8Cg4DDFYqbDgEBRAfGAkBBxkZKQMsCggLDSZsFSoCXAkiWRUpGwI1LB5pHwsiAG0VNQIDCSZZEQJrSUsMFzcfHVsCH0EmFCweSQQ
54.230.111.63200 OK 1.2 kB URL HTTP/2 terialnevitiesini.com/bWZkWHEMBAc1TgxbBn4EHwpZfUMrQ1YeFV4SXG8eAglUbkhaFlx2EgEJETwXHwkKLF8DAxB9QytWNx0nLjIKHQMmDxM3JQcRFxIfIywBNhVeACEOBCEcITA5Fw5QEjABJCUiEiYlITMZNBw9aDc1MFUCMiQ3LjE7SFQiOTM8Cy42SEhUIg4IBg4tED8rBA4dCCQ0FGk9FDcUHjJVDC8ySQw2VhVCIVYTNDoHAQoQIjwNPmsGXgAzLAgMVipsEzkzChAIGhcqDEA4AwoNAiIKNm4VNShBajM1VQw/EjweMT0fOFcuIEhIVCY7JglfKWpAXgUOAjkLISYgNSs0UjwlQCdQDjkeIwdrRCg8Cg4DDFYqbDgEBRAfGAkBBxkZKQMsCggLDSZsFSoCXAkiWRUpGwI1LB5pHwsiAG0VNQIDCSZZEQJrSUsMFzcfHVsCH0EmFCweSQQ
IP 54.230.111.63:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash c8bdb6a01ca38820476913da9a7ddb53
646f5cdff0216b49863820b86dea3a1899f13eec
deff6673bad9da495619225eaca169f89f50476254b5ddb4cae0b324a7f9291e
GET /bWZkWHEMBAc1TgxbBn4EHwpZfUMrQ1YeFV4SXG8eAglUbkhaFlx2EgEJETwXHwkKLF8DAxB9QytWNx0nLjIKHQMmDxM3JQcRFxIfIywBNhVeACEOBCEcITA5Fw5QEjABJCUiEiYlITMZNBw9aDc1MFUCMiQ3LjE7SFQiOTM8Cy42SEhUIg4IBg4tED8rBA4dCCQ0FGk9FDcUHjJVDC8ySQw2VhVCIVYTNDoHAQoQIjwNPmsGXgAzLAgMVipsEzkzChAIGhcqDEA4AwoNAiIKNm4VNShBajM1VQw/EjweMT0fOFcuIEhIVCY7JglfKWpAXgUOAjkLISYgNSs0UjwlQCdQDjkeIwdrRCg8Cg4DDFYqbDgEBRAfGAkBBxkZKQMsCggLDSZsFSoCXAkiWRUpGwI1LB5pHwsiAG0VNQIDCSZZEQJrSUsMFzcfHVsCH0EmFCweSQQ HTTP/1.1
Host: terialnevitiesini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1185
date: Thu, 01 Dec 2022 05:05:46 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LEzqCHDNyHEGiQyFhKzyeFvhlVBrHsbWVchKj82APwxwPOTsdOxSkg==
X-Firefox-Spdy: h2
terialnevitiesini.com/SEdhNjEpJQJbDil6AxBEOitcEwMOYlNwVXszWQFeJyhRAAh/N1kYUiQoFFJXOigPQh8mIhUTAw4wNnN7HQgmewYEExFTaQswE3twHiU4fkUvBjdSFHoFKnVVEAMyXhR6AS4GeBwINWdJHhZREwMOATUHVB8vDld1GnM5f1gSNyJzZHgOG0ZXEClVWH4kMwRXZhl2OXd3JCMPfHwNPQJGUB4OJ2ZIKz05UUI4DDJ7VA4tDRMDDgg3VWsFFFUCZh0dEHR2DRA0BQA/HSN3ZAUUFkFnMBYTbAMRDiVlSSYdBl5iKQAZXXkeBgBsAxEOJ3J0Ox4GTnYpMCNOciQKBlJ2ZQYFY3M4KTtRVhoLDFJfLRErWVV7KChlX3kwO3AJDwgYXQYAESRTUg8WK2MDID07d10PJg9/SB0VJA97DDMgZFwnAjtnWR8jD3xIHBFURhciNA5YQXUoG0ZQPiIMWFYfLgcPcxAe
54.230.111.63200 OK 1.2 kB URL HTTP/2 terialnevitiesini.com/SEdhNjEpJQJbDil6AxBEOitcEwMOYlNwVXszWQFeJyhRAAh/N1kYUiQoFFJXOigPQh8mIhUTAw4wNnN7HQgmewYEExFTaQswE3twHiU4fkUvBjdSFHoFKnVVEAMyXhR6AS4GeBwINWdJHhZREwMOATUHVB8vDld1GnM5f1gSNyJzZHgOG0ZXEClVWH4kMwRXZhl2OXd3JCMPfHwNPQJGUB4OJ2ZIKz05UUI4DDJ7VA4tDRMDDgg3VWsFFFUCZh0dEHR2DRA0BQA/HSN3ZAUUFkFnMBYTbAMRDiVlSSYdBl5iKQAZXXkeBgBsAxEOJ3J0Ox4GTnYpMCNOciQKBlJ2ZQYFY3M4KTtRVhoLDFJfLRErWVV7KChlX3kwO3AJDwgYXQYAESRTUg8WK2MDID07d10PJg9/SB0VJA97DDMgZFwnAjtnWR8jD3xIHBFURhciNA5YQXUoG0ZQPiIMWFYfLgcPcxAe
IP 54.230.111.63:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3051), with no line terminators
Hash 0de4c282730f130dd203eb63de32ef5a
e909c940cf17ad91025084ab6d529c289f846ab0
f781cdfef0940972235d1f2227ef380789246fa0e06c43042e6bc3231eeb8730
GET /SEdhNjEpJQJbDil6AxBEOitcEwMOYlNwVXszWQFeJyhRAAh/N1kYUiQoFFJXOigPQh8mIhUTAw4wNnN7HQgmewYEExFTaQswE3twHiU4fkUvBjdSFHoFKnVVEAMyXhR6AS4GeBwINWdJHhZREwMOATUHVB8vDld1GnM5f1gSNyJzZHgOG0ZXEClVWH4kMwRXZhl2OXd3JCMPfHwNPQJGUB4OJ2ZIKz05UUI4DDJ7VA4tDRMDDgg3VWsFFFUCZh0dEHR2DRA0BQA/HSN3ZAUUFkFnMBYTbAMRDiVlSSYdBl5iKQAZXXkeBgBsAxEOJ3J0Ox4GTnYpMCNOciQKBlJ2ZQYFY3M4KTtRVhoLDFJfLRErWVV7KChlX3kwO3AJDwgYXQYAESRTUg8WK2MDID07d10PJg9/SB0VJA97DDMgZFwnAjtnWR8jD3xIHBFURhciNA5YQXUoG0ZQPiIMWFYfLgcPcxAe HTTP/1.1
Host: terialnevitiesini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1200
date: Thu, 01 Dec 2022 05:05:46 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XD14SBIq68gkWZ4DpW5ZiolFykuNIUbCY_TsRsiChu0Ba_Yx1uqFmw==
X-Firefox-Spdy: h2
labortiontrifee.com/dTIzaVBaDVAabSQCW1kFMmBLDwUjX2UxClAAcTgHM2dQITg7aGU8dgFbV1RoRwAGW2RTQloNbUQUQB0xAUdAVGFTW10PP0gURVRhWwEHR2NEHAJPJUgDFR0gFFUOWHYFRkcFbUQEBVBoQgMCXWVEBQo
172.67.217.19204 No Content 0 B URL HTTP/2 labortiontrifee.com/dTIzaVBaDVAabSQCW1kFMmBLDwUjX2UxClAAcTgHM2dQITg7aGU8dgFbV1RoRwAGW2RTQloNbUQUQB0xAUdAVGFTW10PP0gURVRhWwEHR2NEHAJPJUgDFR0gFFUOWHYFRkcFbUQEBVBoQgMCXWVEBQo
IP 172.67.217.19:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dTIzaVBaDVAabSQCW1kFMmBLDwUjX2UxClAAcTgHM2dQITg7aGU8dgFbV1RoRwAGW2RTQloNbUQUQB0xAUdAVGFTW10PP0gURVRhWwEHR2NEHAJPJUgDFR0gFFUOWHYFRkcFbUQEBVBoQgMCXWVEBQo HTTP/1.1
Host: labortiontrifee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 05:05:46 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2Bn1OYRiTDDB8I1CZMBObX5bmZpseYiEk2RGsVsunO%2FuvEewE9nxEl6thxtuQ7UayReIUJLctFrZf%2BFXL4C4MMckU3weQCrE%2FPVKpU%2FWFLcAVZMzGSztH0MhuC24nAFrtKWzESGf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294a2acf390b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
labortiontrifee.com/TGx0ZkljUxcVdBopPVcfIT4dAz4oASELH3woMyweLiQtIhAaJVISIChRTF5weFVAQDklCElXbz8YFRI8P1FFQCAiChtbbzpRRUh6eEJHV2d9SgFbeGoYBAcucV1SFj04AElXf3pVTFF4fVhBVHh6
172.67.217.19204 No Content 0 B URL HTTP/2 labortiontrifee.com/TGx0ZkljUxcVdBopPVcfIT4dAz4oASELH3woMyweLiQtIhAaJVISIChRTF5weFVAQDklCElXbz8YFRI8P1FFQCAiChtbbzpRRUh6eEJHV2d9SgFbeGoYBAcucV1SFj04AElXf3pVTFF4fVhBVHh6
IP 172.67.217.19:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TGx0ZkljUxcVdBopPVcfIT4dAz4oASELH3woMyweLiQtIhAaJVISIChRTF5weFVAQDklCElXbz8YFRI8P1FFQCAiChtbbzpRRUh6eEJHV2d9SgFbeGoYBAcucV1SFj04AElXf3pVTFF4fVhBVHh6 HTTP/1.1
Host: labortiontrifee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 05:05:46 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HtxDxGtsCIjR5x62pXSitspqXpfUW58uRK8Gv2N0xAjPxFISw3TTJFWt63xGU6zbOZplsjJTCGwf4Q9xPjCs2g1%2F6KavUeqonHytoXWFJANRoL9Z0Ky3kRLP7TwL85j%2Ff1V1KuDO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294a2adf3d0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
labortiontrifee.com/ZmV3MDRJWhRDCQUzIVhjDDMxaXIgCjZlYhIwMHlzNDI9ZFURNFFEXQJYTwQHVFNGFkQPAUoBDEAWA1FAExZKARIPCxFfCUATSgEaVktFHgZAEEoBEhIVFlcJV0MHREAKWEYGAl9dQAEFUlBFAwQ
172.67.217.19204 No Content 0 B URL HTTP/2 labortiontrifee.com/ZmV3MDRJWhRDCQUzIVhjDDMxaXIgCjZlYhIwMHlzNDI9ZFURNFFEXQJYTwQHVFNGFkQPAUoBDEAWA1FAExZKARIPCxFfCUATSgEaVktFHgZAEEoBEhIVFlcJV0MHREAKWEYGAl9dQAEFUlBFAwQ
IP 172.67.217.19:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZmV3MDRJWhRDCQUzIVhjDDMxaXIgCjZlYhIwMHlzNDI9ZFURNFFEXQJYTwQHVFNGFkQPAUoBDEAWA1FAExZKARIPCxFfCUATSgEaVktFHgZAEEoBEhIVFlcJV0MHREAKWEYGAl9dQAEFUlBFAwQ HTTP/1.1
Host: labortiontrifee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 05:05:46 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3dHDi0Mpb7nq0wpKhn7oZOrSJ4jB3Zp%2B66C%2FN9RZGO%2Bo6%2BQLy%2FgLAUKenXJ9oC9nD2w4Lm2NWcuNsJN1MxNjawTBLrmhY8av8oYpy4EfaB%2FbMHcQAoItI0%2FAdV4RJ%2FmRIzsWHqwo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294a2adf3e0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
34.214.236.46101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.236.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jvTuyIfUYafffDjpvl8YBA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SYpHJ5hwvUCwWDkytEw0UB/ERiY=
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 371e1a91b277ea6b99865901e26e9c2c
da1bba6e7a9e26b725524131964454448c1219e5
56ff8d7d40b8123cb152871da4de01f03daa0c56bd7e0de655a74fad3fe1c570
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "56FF8D7D40B8123CB152871DA4DE01F03DAA0C56BD7E0DE655A74FAD3FE1C570"
Last-Modified: Wed, 30 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8063
Expires: Thu, 01 Dec 2022 07:20:09 GMT
Date: Thu, 01 Dec 2022 05:05:46 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c46da6bfb7c44896d7fd5eb8e8e1f00
6023f44329436f9b6942b31ad02c805c4001b3c3
a14f4d068457340a839d1988a3f11faefe54909aaba87a98633a001e53819d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A14F4D068457340A839D1988A3F11FAEFE54909AABA87A98633A001E53819D49"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18804
Expires: Thu, 01 Dec 2022 10:19:10 GMT
Date: Thu, 01 Dec 2022 05:05:46 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 1d7846e2a7294173c85271c0da130678
102a56df28bfb864653439cf703e0d8ca45f23cf
2774004fdfb065b1b02763317038c875bbadcf79fb05b6979c220c1a129ed04c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:05:46 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 04:52:36 GMT
Expires: Mon, 05 Dec 2022 04:52:35 GMT
Etag: "102a56df28bfb864653439cf703e0d8ca45f23cf"
Cache-Control: max-age=344208,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77294a2b9963b50c-OSL
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
173.233.139.164200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP 173.233.139.164:0
File type ASCII text, with very long lines (37174), with no line terminators
Hash 643abe7a5449d38e54d0fd3ffbdd2934
5be0f076595d4a55390412c2eab049b43fadfde8
9caabf17e654f64ec032319309f33a2c2450970259afd15f568fc414ca33748a
Analyzer Verdict Alert quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 05:05:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 21eccb5165d5892f760182350efa8c0e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 635eba2ec841f80118a858a94bb84ff5
591895548f1f166a16c790740656cb194d0f7760
d2e62fd34b70872cb8f68cd1fdae7f1476019968f63accab24e4d822933c07ff
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11817
Expires: Thu, 01 Dec 2022 08:22:43 GMT
Date: Thu, 01 Dec 2022 05:05:46 GMT
Connection: keep-alive
d3t87ooo0697p8.cloudfront.net/9dWx3ZkEWAxkAfgEFE1t5QV9FUHBTBgQJLwVRBwcNJB0FMnk+NDJfGBQDURI7EVFHQC0UAhBbZxACFFtwUw0TBHxBSgIHfBgDDQ8tGQ1SVAdAQkdDc0VEAA8vEQMAFWRHXBkSZEdcRlZvRUlEJGRHXAAPL0NYUlUDUF5HHndBSUQkZEdcBRBkRi1GVnRbXF-5Dc0ULEgUqGklFIHNFXUdWcEVdUlRxEwUFAycaFFJUB0RcQkhxUxlKVw
143.204.42.128200 OK 198 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/9dWx3ZkEWAxkAfgEFE1t5QV9FUHBTBgQJLwVRBwcNJB0FMnk+NDJfGBQDURI7EVFHQC0UAhBbZxACFFtwUw0TBHxBSgIHfBgDDQ8tGQ1SVAdAQkdDc0VEAA8vEQMAFWRHXBkSZEdcRlZvRUlEJGRHXAAPL0NYUlUDUF5HHndBSUQkZEdcBRBkRi1GVnRbXF-5Dc0ULEgUqGklFIHNFXUdWcEVdUlRxEwUFAycaFFJUB0RcQkhxUxlKVw
IP 143.204.42.128:0
File type ASCII text, with no line terminators
Hash 01afe8512cbca364b4d48f4382fd96e9
a80c83e39d8d31cc4fa1503d3b83bab9e64df164
901c92aa438576959b3722a264d84f864d1929574195ec027dbd0a3cb5b61e7e
GET /9dWx3ZkEWAxkAfgEFE1t5QV9FUHBTBgQJLwVRBwcNJB0FMnk+NDJfGBQDURI7EVFHQC0UAhBbZxACFFtwUw0TBHxBSgIHfBgDDQ8tGQ1SVAdAQkdDc0VEAA8vEQMAFWRHXBkSZEdcRlZvRUlEJGRHXAAPL0NYUlUDUF5HHndBSUQkZEdcBRBkRi1GVnRbXF-5Dc0ULEgUqGklFIHNFXUdWcEVdUlRxEwUFAycaFFJUB0RcQkhxUxlKVw HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://terialnevitiesini.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 198
date: Thu, 01 Dec 2022 05:05:47 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DTXF5erIA_WVUDVisES0E9MXzID_x-ojk1hb6OEJixhgu4Z8Chau_g==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/wWEJUOGM7LTpeXCwrMAVbYHtgAVd+KCdXDSh/O0ITOTQxVQ0/FT1eWhoaDR4XIiZpCEU0IzpfXn4nOlteaWQ1XAFldnJMEzcpaVIFPyczXgspKSMeFjl/OVcZMS44WUZqBGEWU31wZBAUMSwwVxQrZ2YIDSxnZghSaGxkHVAaZ2YIFDEsYgxGawBxClMgdG-AdUBpnZggRLmdneVJod3oISn1wZF8GOyk7HVEecGQJU2hzZAlGanIyURE9JDtARmoEZQhWdnJyTV5p
143.204.42.128200 OK 639 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/wWEJUOGM7LTpeXCwrMAVbYHtgAVd+KCdXDSh/O0ITOTQxVQ0/FT1eWhoaDR4XIiZpCEU0IzpfXn4nOlteaWQ1XAFldnJMEzcpaVIFPyczXgspKSMeFjl/OVcZMS44WUZqBGEWU31wZBAUMSwwVxQrZ2YIDSxnZghSaGxkHVAaZ2YIFDEsYgxGawBxClMgdG-AdUBpnZggRLmdneVJod3oISn1wZF8GOyk7HVEecGQJU2hzZAlGanIyURE9JDtARmoEZQhWdnJyTV5p
IP 143.204.42.128:0
File type ASCII text, with very long lines (888), with no line terminators
Hash 90d81066050fcd4d84ff6c395516f9b5
fe96355c317f9a10ad99bb18fdfcdb5128053d30
2ac1b1a42af8d7ef8a090b849470920d72353402e80786be8e2f25d317a6ddc9
GET /wWEJUOGM7LTpeXCwrMAVbYHtgAVd+KCdXDSh/O0ITOTQxVQ0/FT1eWhoaDR4XIiZpCEU0IzpfXn4nOlteaWQ1XAFldnJMEzcpaVIFPyczXgspKSMeFjl/OVcZMS44WUZqBGEWU31wZBAUMSwwVxQrZ2YIDSxnZghSaGxkHVAaZ2YIFDEsYgxGawBxClMgdG-AdUBpnZggRLmdneVJod3oISn1wZF8GOyk7HVEecGQJU2hzZAlGanIyURE9JDtARmoEZQhWdnJyTV5p HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://terialnevitiesini.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 639
date: Thu, 01 Dec 2022 05:05:47 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wxFksWnIXQwHxw1zFvj_SHxoQYfSe1_VRDArOhkuJKi_aDSIuSxMpQ==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/0SEVCTnErKiwoTjwsJnNJend3fEVuLzEhHzh4JAlBAzcKCEkhYzY0FXV1ZCIQJiJ/aBQmJn9/VykhIHNFbjEyIRp1LyQpFC8jKj8aP2M3L0wlKjgnHSQkZ3w3fWtya0N4bTUnHywqNT1UenUsOlR6dXN+X3hgcQxUenU1Jx9+cWd9M213cjZHfGBxDFR6dT-A4VHsEc35EZnVra0N4IictGidgcAhDeHRyfkB4dGd8QS4sMCsXJz1nfDd5dXdgQW4wf38
143.204.42.128200 OK 508 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/0SEVCTnErKiwoTjwsJnNJend3fEVuLzEhHzh4JAlBAzcKCEkhYzY0FXV1ZCIQJiJ/aBQmJn9/VykhIHNFbjEyIRp1LyQpFC8jKj8aP2M3L0wlKjgnHSQkZ3w3fWtya0N4bTUnHywqNT1UenUsOlR6dXN+X3hgcQxUenU1Jx9+cWd9M213cjZHfGBxDFR6dT-A4VHsEc35EZnVra0N4IictGidgcAhDeHRyfkB4dGd8QS4sMCsXJz1nfDd5dXdgQW4wf38
IP 143.204.42.128:0
File type ASCII text, with very long lines (713), with no line terminators
Hash 85d6d8a9b409685a3bfb8e0d7a6a3513
51c998e4c583dfcff185904c23f68eda64223ede
bef17db1b8df38dd91cd2c078eb8f193654e759bb6c571366bd7d932de3d0bed
GET /0SEVCTnErKiwoTjwsJnNJend3fEVuLzEhHzh4JAlBAzcKCEkhYzY0FXV1ZCIQJiJ/aBQmJn9/VykhIHNFbjEyIRp1LyQpFC8jKj8aP2M3L0wlKjgnHSQkZ3w3fWtya0N4bTUnHywqNT1UenUsOlR6dXN+X3hgcQxUenU1Jx9+cWd9M213cjZHfGBxDFR6dT-A4VHsEc35EZnVra0N4IictGidgcAhDeHRyfkB4dGd8QS4sMCsXJz1nfDd5dXdgQW4wf38 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://terialnevitiesini.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 508
date: Thu, 01 Dec 2022 05:05:47 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: S0-hSU2xf6E7UiYlOlj90vjXwUa_vOZ56S0v6fbrFS-Bzwhvxqa6DA==
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 819f953b0edd066d30cf5847c5564d3c
12f3ea06c2a617db03caa556e37c1cb106d44f93
9794d926ccf993a8cd760c76077cf94f5b270633aff450e45934a5c8fd52d62d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=119812
Date: Thu, 01 Dec 2022 05:05:47 GMT
Etag: "63875b15-1d7"
Expires: Fri, 02 Dec 2022 14:22:39 GMT
Last-Modified: Wed, 30 Nov 2022 13:31:01 GMT
Server: ECS (bsa/EB18)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NZwBfXhbzUjgVdHd_C2aCfRWChnM9BDeI0CpTphFneoqcien3CAbwg==
Age: 3098
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 19b80a71a969eb1653f9851c5b8c817b
2a3a0d2d8024d5c14bb55bd7c9deb733262d82c6
65ad49c20655deb663808a9fd88509a632a31b25b88d99a16067ca7ab745705b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65AD49C20655DEB663808A9FD88509A632A31B25B88D99A16067CA7AB745705B"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3883
Expires: Thu, 01 Dec 2022 06:10:30 GMT
Date: Thu, 01 Dec 2022 05:05:47 GMT
Connection: keep-alive
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 4967cc5736e0fcfc330ae4fc1672612d
c9d26700f52ec3fb6a841a1e13052a039368f362
6fbc05b1ed644b5c4754ce7a7ea21afc0af8ec47b915154d4b52abd725284944
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:47 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=57510a9b-c194-4540-a3e2-d29766a63708:2:1; expires=Sun, 28 Nov 2032 05:05:47 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 635eba2ec841f80118a858a94bb84ff5
591895548f1f166a16c790740656cb194d0f7760
d2e62fd34b70872cb8f68cd1fdae7f1476019968f63accab24e4d822933c07ff
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11816
Expires: Thu, 01 Dec 2022 08:22:43 GMT
Date: Thu, 01 Dec 2022 05:05:47 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1601a7c8a96ebe5b2af6fe1abcb6b90b
fb19f5121052f37c9cef4640791964583618560c
893364204eb010f01c891762b80db20df137be75ecb85fa4e22dbc68143b53fb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6534
Cache-Control: max-age=145584
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:47 GMT
Etag: "6387b255-1d7"
Expires: Fri, 02 Dec 2022 21:32:11 GMT
Last-Modified: Wed, 30 Nov 2022 19:43:17 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 01 Dec 2022 04:41:08 GMT
expires: Thu, 01 Dec 2022 06:41:08 GMT
cache-control: public, max-age=7200
age: 1479
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 4432410517c3bfe647c21ff3759d9edf
48412b84d329f63a66928a41dc80a712f3ce435f
4fbe6cc6b92672eec639058715e590f819c225fdc5e8e0f1a49ab482bf1f2cb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 4432410517c3bfe647c21ff3759d9edf
48412b84d329f63a66928a41dc80a712f3ce435f
4fbe6cc6b92672eec639058715e590f819c225fdc5e8e0f1a49ab482bf1f2cb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
imasdk.googleapis.com/js/sdkloader/ima3.js
216.58.207.234200 OK 127 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/ima3.js
IP 216.58.207.234:0
File type ASCII text, with very long lines (2791)
Size 127 kB (126620 bytes)
Hash f641dae66d812e803cbfc91d689e2ea8
96372a7ba661528d13bc774536d04ab3e03b82d6
e78b718ac77697fbb92e88ac394141adc4e016830eb04d53279238cbcd65435b
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 126620
date: Thu, 01 Dec 2022 05:05:47 GMT
expires: Thu, 01 Dec 2022 05:05:47 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
specialistinsensitive.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
173.233.139.164200 OK 29 kB URL HTTP/1.1 specialistinsensitive.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
IP 173.233.139.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 6a3a86422ba6a14ff687e1ed44cd17fd
a2e530ac882d3e941b76307528ddcb02f4b7aa11
6da8465899e777d7202782d705c2cea60e7daf1392941b7fbfc9d02c8e080017
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/ed/da/e3edda287db626ee1ba52321f203a61e.js HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 05:05:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7ec6597f3baf00478bfa0dd7e68b79c6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash 09b2788776f8658d8b8e21be50bdba8a
b68e7095299e814d521cd6f3d5ce700c414d4f27
aa4097585730afa0329e18a2ed9cef74ebbfa5d920f0a407e611c162b6961336
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 01 Dec 2022 05:05:47 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S956545826%3A1669871147422785&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsUeVHYljLhesRsUHvt-YUJBj4qjqoa1KU6uyqQKl9EEK5FCvwmDm8XJo7i19QnZYguIFBnIg
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-HDqbc9thuk6BDCOawT0Z2w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:gNe9OCTxZ2EADe8VGjqre7qttfl3tQ:6l5NXRxmfNrp4Ig5;Path=/;Expires=Sat, 30-Nov-2024 05:05:47 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 103 kB IP 172.64.172.27:0
Size 103 kB (102872 bytes)
Hash a79e43125cbaac7ebc166faaa2e0a244
4c4113eca465582cde5b1470d81f8a93a8c9c9e0
6755101a57c81b332a803987302ec7c98856259e923707c1631b0524aba07293
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:46 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3704
last-modified: Thu, 01 Dec 2022 04:04:02 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EnBZJNit2HY6JR%2F2t%2FgJ4wzK90I%2FiSX%2By2IvofaDxwdEY%2FVD8WuJVgiQzgYjnZH7GM7%2Fyq1zGWfmCnLn4l3zFsC2cmy%2Bz5mnn5TBw0jmirDAhpsfymuWoEE5zEDs6BfA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294a2b3cc9f3e7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
specialistinsensitive.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=57510a9b-c194-4540-a3e2-d29766a63708%3A2%3A1
173.233.139.164200 OK 4.3 kB URL HTTP/1.1 specialistinsensitive.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=57510a9b-c194-4540-a3e2-d29766a63708%3A2%3A1
IP 173.233.139.164:0
File type JSON data\012- , ASCII text, with very long lines (5971), with no line terminators
Hash fac0fe3a86502ee1715baeb3c22e6faa
4a49b49591855930bb8dcaff7f4c524d39043bc8
f86dc33ed4bebe8999a4bf62fffc8204fd72eb8db125e4ac0aa8f6d83b698d54
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=57510a9b-c194-4540-a3e2-d29766a63708%3A2%3A1 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 05:05:47 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://exee.app
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Fri, 02 Dec 2022 05:05:47 GMT; secure; SameSite=None
uid_id2=57510a9b-c194-4540-a3e2-d29766a63708:2:1; expires=Thu, 08 Dec 2022 05:05:47 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 02 Dec 2022 05:05:47 GMT; secure; SameSite=None
uncs=1; expires=Fri, 02 Dec 2022 05:05:47 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 02 Dec 2022 05:05:47 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 02 Dec 2022 05:05:47 GMT; secure; SameSite=None
slecf585f65c6c65123b95dd09be324de3bb=[3789938]; expires=Thu, 01 Dec 2022 05:05:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c67d639caa598660fb972e88337ddd84
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1601a7c8a96ebe5b2af6fe1abcb6b90b
fb19f5121052f37c9cef4640791964583618560c
893364204eb010f01c891762b80db20df137be75ecb85fa4e22dbc68143b53fb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6534
Cache-Control: max-age=145584
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:47 GMT
Etag: "6387b255-1d7"
Expires: Fri, 02 Dec 2022 21:32:11 GMT
Last-Modified: Wed, 30 Nov 2022 19:43:17 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1f14eb894f1cf354b1825d0f04732f98
f72dd175495052a4246f731fbb25e6a762b6c5dc
bb74dd1099c874ae2477c154d95bee8e26cd39729ddffcdd69995e12110f3491
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB74DD1099C874AE2477C154D95BEE8E26CD39729DDFFCDD69995E12110F3491"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11287
Expires: Thu, 01 Dec 2022 08:13:54 GMT
Date: Thu, 01 Dec 2022 05:05:47 GMT
Connection: keep-alive
accounts.google.com/v3/signin/identifier?dsh=S-569806760%3A1669871147380983&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAv7u1xHgZjfPH8J6jVtK-lD4Wx7W1Kjv71PzliGgd3rP4R0kE9EVYwwTcK3uCenVgrrvkrVmA
142.250.74.109403 Forbidden 843 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-569806760%3A1669871147380983&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAv7u1xHgZjfPH8J6jVtK-lD4Wx7W1Kjv71PzliGgd3rP4R0kE9EVYwwTcK3uCenVgrrvkrVmA
IP 142.250.74.109:0
Hash fa06bb25fe21b6ad1ab4700f3eb615b6
9b83f32af8baa3fdf7848f3ece1d407084499c51
97eda471d92bc7c932d3e9c82799749d223cf4897df87e44fee1b4ddda5cda3a
GET /v3/signin/identifier?dsh=S-569806760%3A1669871147380983&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAv7u1xHgZjfPH8J6jVtK-lD4Wx7W1Kjv71PzliGgd3rP4R0kE9EVYwwTcK3uCenVgrrvkrVmA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 01 Dec 2022 05:05:47 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-Z4aikhaHeoLCzg6VpIoIeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
whiskerssituationdisturb.com/pixel/purst?dl=0&th=0&sc=0&rs=1977&rd=1977&fd=504&bv=22.10.v.10&tmpl=136
192.243.59.13200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/purst?dl=0&th=0&sc=0&rs=1977&rd=1977&fd=504&bv=22.10.v.10&tmpl=136
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1977&rd=1977&fd=504&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 01 Dec 2022 05:05:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 533f66ef53706466ce20dc9aebf11812
0c0d713d538eb224deeb9241917a117205f16cb2
8ce7b68022c847b59b9a132ada3a75eea73bb57bae4683901c8df08fa255ba79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3341
Expires: Thu, 01 Dec 2022 06:01:29 GMT
Date: Thu, 01 Dec 2022 05:05:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3341
Expires: Thu, 01 Dec 2022 06:01:29 GMT
Date: Thu, 01 Dec 2022 05:05:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3341
Expires: Thu, 01 Dec 2022 06:01:29 GMT
Date: Thu, 01 Dec 2022 05:05:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3341
Expires: Thu, 01 Dec 2022 06:01:29 GMT
Date: Thu, 01 Dec 2022 05:05:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3341
Expires: Thu, 01 Dec 2022 06:01:29 GMT
Date: Thu, 01 Dec 2022 05:05:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b8802d5080eb35e4052ef31cf7658650
1e78566f2e69268c5f753fb49112ab07aae3eccf
9c96906ee1dea353198c9069fa7e42b100e4fa766e5be8e4d8db036033961086
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4409
x-amzn-requestid: cb422842-e955-4749-8b2a-3c028a09c20f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz7XEE2IAMFY3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd15-3c4d1a6d4d542e81179ea8ba;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: zYLCQ4DUQtMklG-T-ATot22PDIUMjnN1wpVkoHBh4Oa3TAyNzTv86g==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:49:45 GMT
age: 26163
etag: "1e78566f2e69268c5f753fb49112ab07aae3eccf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1df312f-7c86-4a62-be1e-1a72c9b2d228.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1df312f-7c86-4a62-be1e-1a72c9b2d228.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 72735620afafb0d8d91b6d83cf292298
9de2fd7c375e92fd60444dc677cf09428393eff3
9dd40d4adf9e3dacb962cc6e1bd00d38473125567eb2b57eef643be972dfe69f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1df312f-7c86-4a62-be1e-1a72c9b2d228.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8660
x-amzn-requestid: 9474178d-c342-498a-996d-1ef3b804f1a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cWh0hEx_oAMFjmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6385b01c-33e27513010fdec8627942be;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 07:09:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4R5jPnETZnbrWCUXoWvq3FTs_NOJMQWCaHbK321P4qqRgv05JtR1kA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 07:18:56 GMT
age: 78412
etag: "9de2fd7c375e92fd60444dc677cf09428393eff3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 291127b670135b42b6e9687aa2a13237
99b5ef2d6a4d1a1251a06d9d9f989b01d089a8d1
49b082a738bcd15a0bb4e9f96a180797ffcfa368977ac1927df882a0343664d3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10437
x-amzn-requestid: 2a8183c4-47ec-42bb-8e67-3e742dc3750c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb0YpEeooAMFfvg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cdd0-2014fd4d49dcd4087bf1db4d;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:40:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Q9y5-OF59ODaZRd9YFFdM2rIH0bYYyIT40rCwr8cBwBQd0GOqtNobg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:08:51 GMT
age: 25017
etag: "99b5ef2d6a4d1a1251a06d9d9f989b01d089a8d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: 52b09ca3-705b-4c86-9f56-172637553f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7TVG58oAMFQTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c15-4577a47243ad190672f8ac89;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Y0-NAp2LMMG5TjQQ9ENHwDyKXLObKTYqzPPOWvZhs7Y9WJIC6LoblQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 08:50:17 GMT
age: 72931
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02cf22ee-ded9-4b9d-b5d8-ee6690ac9f45.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02cf22ee-ded9-4b9d-b5d8-ee6690ac9f45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f07f254d44ff2fb86ee22cee39ef3eb0
0660a548a491d4a58ca2246f094f0553437c3f61
859b2416d638b1dc91ff563800517124b38d45b4c5db99e21539c1700829dbe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02cf22ee-ded9-4b9d-b5d8-ee6690ac9f45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10985
x-amzn-requestid: ef9e5eb9-b7b3-41e9-9837-a5979ab35d94
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cV91OFzsoAMFcew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63857687-53b152c0027d26e52383e27e;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 03:03:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: F_ZBWwAOPbEjvMD1ChrgN9QYUyyFYdtRT6CcX6gviowmeinPRgVtnA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 04:19:21 GMT
age: 2787
etag: "0660a548a491d4a58ca2246f094f0553437c3f61"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bbca075-74f3-4647-8b00-66430fff5397.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bbca075-74f3-4647-8b00-66430fff5397.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70afa08b7d0b64772b90ae190689e6c1
527cf32104041423176fadd3cfc2120fe63f6bfc
31ebf9decb53b8180922c4b10d0427aba95a802246a5ced8ec368d814a33b843
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bbca075-74f3-4647-8b00-66430fff5397.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9993
x-amzn-requestid: 7d7febbc-2bdf-44e9-9727-9c56b5bcb138
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1VNFZiIAMFV-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cf54-1f89231026a9b5c467324134;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:47:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Zc0QAEb9prX_ZBUYuD-407TwT2ATljy_OTmUNq31I9udG16Dx3JWtw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:00:48 GMT
age: 25500
etag: "527cf32104041423176fadd3cfc2120fe63f6bfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
142.250.74.34200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP 142.250.74.34:0
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 04:43:07 GMT
expires: Thu, 01 Dec 2022 05:43:07 GMT
cache-control: public, max-age=3600
age: 1361
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
specialistinsensitive.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSzYscVRfGb03mfRe6UclGQWkkC7%2Bmp6qrq7vLLKJjjARjEpJItt6v6rmZW3WLe6u6OgNKMBCybHHjsubpyQzGIGavRHrcyICQVpBGMv%2BAG0HIwpX0TMPgWdQ5p35ncZ7n3Dtb5QHxUdLZ5Y%2FMptKarkZNv%2FHadZUJU7nGxWuNwG%2F6pxvXVdZpn24M5x87eDvwo6b%2FeuMDyTfMassPfD%2Fwg8Y5ZWVihquHFCp%2FEAfN2G%2B2W80gamNo%2F9u70oOjHsTggLwAJab%2FW%2F%2F5IRSfIEu%2FOyvdRmHyt95PS00LYzEQux9nG5mpMqTHZWI9JNnuYhrGTQn5agkm210ogBlszxWAqSnxfg%2FAst3FmmCDe0ebMg2ZgYlnUQ0mkHoCRSfg5jaUeEwALnDxErJ056KxFb15ROmcTsny07%2BhqilZfnISWfrtmlbDxlWjy0KZzGGY1FDDCVR%2FgrzcQ7HpQVV74MXnUOIXsvr0ArJ0%2B5LTBkrMTkXdKPBpzFZ4ELdX2lHbX6GhbK2IVtztdGgn7Pq9Q4uUmkAlE2g5AnVLKJ2HUnkoEw9l7iEVswaN4sT3uwlLwrDX5pyHIedRryMiEbZ7iY%2BSzzWMUOQjcD0Ct7eQ21vYUCPY8ke49RpOeHAFwUDUqCRB5QgqSlApgqogqAb1PaFdy9U7QruSBYvcWuSwHpuiv0XvmaIvM7KVH5Dn58Z5z90%2FiQ05ayRRL0o6Ee%2FwThS0QhZHQvgxk2GrLWTIGJyqodwSqPOwqabkxKd%2FIldTsrS2Ckb34PQeuHoVtHwZtBp3Wz7o%2Brjd87GZ7cihbCoDYWrkxTKKm96WPiAvHp4u%2Fs1C8v133viy%2BP7GZ%2F%2BA2xq5rXFD%2FUTQ13fHV0xFtq%2BYypGHl%2FJCpWqTzs96taCFXL7%2FobxZGSvOn3Wjr9%2FlczAvH1yTrrhAM6GyviPfrCkhpD1nLJfkh%2FPuumSXS7e%2BVtqszC9cfu%2Fc%2BTS30jllsgmoevzJI3A1Jc%2Bkdw4f7Ct%2F3IGyE9iyRlruk0VAmT3w%2FBZcvn9m9v9TT1ZfquEMgdXHMyz3UJX12LbY8U%2BtCLQ87imr4eSxBUzuP%2FrriG25u%2BhbD7S4jSytMbA1BroG1SO48sS4yO3%2BmV%2FDwwDT3php620zbfUXR9Y6NWvIKPET6bckS2KWdKkv4qQdMxoHsssiGqBwU3638%2Ba%2FAAAA%2F%2F8BAAD%2F%2F%2B2KC%2FyIBAAA
173.233.139.164200 OK 7 B URL HTTP/1.1 specialistinsensitive.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSzYscVRfGb03mfRe6UclGQWkkC7%2Bmp6qrq7vLLKJjjARjEpJItt6v6rmZW3WLe6u6OgNKMBCybHHjsubpyQzGIGavRHrcyICQVpBGMv%2BAG0HIwpX0TMPgWdQ5p35ncZ7n3Dtb5QHxUdLZ5Y%2FMptKarkZNv%2FHadZUJU7nGxWuNwG%2F6pxvXVdZpn24M5x87eDvwo6b%2FeuMDyTfMassPfD%2Fwg8Y5ZWVihquHFCp%2FEAfN2G%2B2W80gamNo%2F9u70oOjHsTggLwAJab%2FW%2F%2F5IRSfIEu%2FOyvdRmHyt95PS00LYzEQux9nG5mpMqTHZWI9JNnuYhrGTQn5agkm210ogBlszxWAqSnxfg%2FAst3FmmCDe0ebMg2ZgYlnUQ0mkHoCRSfg5jaUeEwALnDxErJ056KxFb15ROmcTsny07%2BhqilZfnISWfrtmlbDxlWjy0KZzGGY1FDDCVR%2FgrzcQ7HpQVV74MXnUOIXsvr0ArJ0%2B5LTBkrMTkXdKPBpzFZ4ELdX2lHbX6GhbK2IVtztdGgn7Pq9Q4uUmkAlE2g5AnVLKJ2HUnkoEw9l7iEVswaN4sT3uwlLwrDX5pyHIedRryMiEbZ7iY%2BSzzWMUOQjcD0Ct7eQ21vYUCPY8ke49RpOeHAFwUDUqCRB5QgqSlApgqogqAb1PaFdy9U7QruSBYvcWuSwHpuiv0XvmaIvM7KVH5Dn58Z5z90%2FiQ05ayRRL0o6Ee%2FwThS0QhZHQvgxk2GrLWTIGJyqodwSqPOwqabkxKd%2FIldTsrS2Ckb34PQeuHoVtHwZtBp3Wz7o%2Brjd87GZ7cihbCoDYWrkxTKKm96WPiAvHp4u%2Fs1C8v133viy%2BP7GZ%2F%2BA2xq5rXFD%2FUTQ13fHV0xFtq%2BYypGHl%2FJCpWqTzs96taCFXL7%2FobxZGSvOn3Wjr9%2FlczAvH1yTrrhAM6GyviPfrCkhpD1nLJfkh%2FPuumSXS7e%2BVtqszC9cfu%2Fc%2BTS30jllsgmoevzJI3A1Jc%2Bkdw4f7Ct%2F3IGyE9iyRlruk0VAmT3w%2FBZcvn9m9v9TT1ZfquEMgdXHMyz3UJX12LbY8U%2BtCLQ87imr4eSxBUzuP%2FrriG25u%2BhbD7S4jSytMbA1BroG1SO48sS4yO3%2BmV%2FDwwDT3php620zbfUXR9Y6NWvIKPET6bckS2KWdKkv4qQdMxoHsssiGqBwU3638%2Ba%2FAAAA%2F%2F8BAAD%2F%2F%2B2KC%2FyIBAAA
IP 173.233.139.164:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSzYscVRfGb03mfRe6UclGQWkkC7%2Bmp6qrq7vLLKJjjARjEpJItt6v6rmZW3WLe6u6OgNKMBCybHHjsubpyQzGIGavRHrcyICQVpBGMv%2BAG0HIwpX0TMPgWdQ5p35ncZ7n3Dtb5QHxUdLZ5Y%2FMptKarkZNv%2FHadZUJU7nGxWuNwG%2F6pxvXVdZpn24M5x87eDvwo6b%2FeuMDyTfMassPfD%2Fwg8Y5ZWVihquHFCp%2FEAfN2G%2B2W80gamNo%2F9u70oOjHsTggLwAJab%2FW%2F%2F5IRSfIEu%2FOyvdRmHyt95PS00LYzEQux9nG5mpMqTHZWI9JNnuYhrGTQn5agkm210ogBlszxWAqSnxfg%2FAst3FmmCDe0ebMg2ZgYlnUQ0mkHoCRSfg5jaUeEwALnDxErJ056KxFb15ROmcTsny07%2BhqilZfnISWfrtmlbDxlWjy0KZzGGY1FDDCVR%2FgrzcQ7HpQVV74MXnUOIXsvr0ArJ0%2B5LTBkrMTkXdKPBpzFZ4ELdX2lHbX6GhbK2IVtztdGgn7Pq9Q4uUmkAlE2g5AnVLKJ2HUnkoEw9l7iEVswaN4sT3uwlLwrDX5pyHIedRryMiEbZ7iY%2BSzzWMUOQjcD0Ct7eQ21vYUCPY8ke49RpOeHAFwUDUqCRB5QgqSlApgqogqAb1PaFdy9U7QruSBYvcWuSwHpuiv0XvmaIvM7KVH5Dn58Z5z90%2FiQ05ayRRL0o6Ee%2FwThS0QhZHQvgxk2GrLWTIGJyqodwSqPOwqabkxKd%2FIldTsrS2Ckb34PQeuHoVtHwZtBp3Wz7o%2Brjd87GZ7cihbCoDYWrkxTKKm96WPiAvHp4u%2Fs1C8v133viy%2BP7GZ%2F%2BA2xq5rXFD%2FUTQ13fHV0xFtq%2BYypGHl%2FJCpWqTzs96taCFXL7%2FobxZGSvOn3Wjr9%2FlczAvH1yTrrhAM6GyviPfrCkhpD1nLJfkh%2FPuumSXS7e%2BVtqszC9cfu%2Fc%2BTS30jllsgmoevzJI3A1Jc%2Bkdw4f7Ct%2F3IGyE9iyRlruk0VAmT3w%2FBZcvn9m9v9TT1ZfquEMgdXHMyz3UJX12LbY8U%2BtCLQ87imr4eSxBUzuP%2FrriG25u%2BhbD7S4jSytMbA1BroG1SO48sS4yO3%2BmV%2FDwwDT3php620zbfUXR9Y6NWvIKPET6bckS2KWdKkv4qQdMxoHsssiGqBwU3638%2Ba%2FAAAA%2F%2F8BAAD%2F%2F%2B2KC%2FyIBAAA HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=57510a9b-c194-4540-a3e2-d29766a63708:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 05:05:48 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3bc271678630262e5a2f38955860bd7d
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 38bb14620de55e1982559251c0ebeac9
2a0778a21ec60d9f3cfdf4d5772123a4149729d1
ada2027e8be54e2bb79d0a88473871db54ba9f329a0034cac5413d80d80af1a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADA2027E8BE54E2BB79D0A88473871DB54BA9F329A0034CAC5413D80D80AF1A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7587
Expires: Thu, 01 Dec 2022 07:12:15 GMT
Date: Thu, 01 Dec 2022 05:05:48 GMT
Connection: keep-alive
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 021d5c60ebd8309c2d8e6bebb77487b1
698578f16536e885c17d95f3f9adbe22c68a825f
0d5472f3d5438142cafd2ed580f29a28143255d8f81679fd08a64bf5f813f595
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 01 Dec 2022 05:05:48 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 01 Dec 2022 03:54:16 GMT
Expires: Fri, 02 Dec 2022 03:54:16 GMT
ETag: "698578f16536e885c17d95f3f9adbe22c68a825f"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
15.235.114.204204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP 15.235.114.204:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 05:05:48 GMT
Connection: keep-alive
Expires: Fri, 01 Dec 2023 05:05:48 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3c22f6742a681063615a548ae5fbc532
631eaaad4049c5b6f54eb2b4e127b77240868636
a8e170fec241ad3ec9acc075fa8d7ce2184d129bf69f5ace3e7229aa3bfd59c7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A8E170FEC241AD3EC9ACC075FA8D7CE2184D129BF69F5ACE3E7229AA3BFD59C7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7997
Expires: Thu, 01 Dec 2022 07:19:05 GMT
Date: Thu, 01 Dec 2022 05:05:48 GMT
Connection: keep-alive
cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
45.133.44.4200 OK 447 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 69dac4ff153c6f3d4ac2052f464fe121
69206b5461f92b875778a9d155472a3114b8bb07
c4b34692c0069e15cd48c41da9a66236e058e3f50bec4ca4298e377999ac8a8f
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/games/nutaku/multi/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:48 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 15 Sep 2022 10:38:26 GMT
etag: W/"632300a2-514"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 01 Dec 2022 06:05:48 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
15.235.114.204200 OK 58 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
IP 15.235.114.204:0
File type PNG image data, 320 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash cf8ffcaf217375cf9bb01c612300b25a
5d033771d013ab4364a83c6302b473c6f64ff722
2b14b918bb31b4672d92b0287ed00c91c74e5d315759da2deb6028b0b4e9f909
GET /media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 05:05:48 GMT
Content-Type: image/png
Content-Length: 57775
Last-Modified: Fri, 01 Apr 2022 10:50:46 GMT
Connection: keep-alive
ETag: "6246d906-e1af"
Expires: Fri, 01 Dec 2023 05:05:48 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
15.235.114.204200 OK 7.6 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP 15.235.114.204:0
Hash 328c6e3376b5f6a768ef9e2e60edc0c7
f8d239b58fe8c4674b2a74d17b0eeb7adbda5128
5326fa8f8372b7cd25ad24264f49a19cc9807b39113af68b63a30188b02778db
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 05:05:48 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d37-bf80"
Expires: Fri, 01 Dec 2023 05:05:48 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
172.64.108.13200 OK 54 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
IP 172.64.108.13:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash 9058d37681b73ff2d864f66f2d5021f7
bff63fa802bec941b9bbe90b0d82a1aab2f370dc
2edcc29c8ec836a9d68ee81c3270f865a957a24cef99d3753b58304abf7a5973
GET /sb/notifications/games/nutaku/multi/2/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:48 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Aug 2022 08:55:17 GMT
etag: W/"62fdfe75-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1350727
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TbHP6cXCp%2BH%2F0llKaIJGPGVjEDGEIb8BzGiZUKE7tz5OQ2F8SPTH1n%2FLK%2BwlvSttlyFoJCHxcJLJyDvFOXGfnqJ3cwLQMXwEgUfYN0xUpEDCOnI2kjmCYKwDH92J11lvtIm4gkPmp%2FY0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294a3708818873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3c22f6742a681063615a548ae5fbc532
631eaaad4049c5b6f54eb2b4e127b77240868636
a8e170fec241ad3ec9acc075fa8d7ce2184d129bf69f5ace3e7229aa3bfd59c7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A8E170FEC241AD3EC9ACC075FA8D7CE2184D129BF69F5ACE3E7229AA3BFD59C7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7997
Expires: Thu, 01 Dec 2022 07:19:05 GMT
Date: Thu, 01 Dec 2022 05:05:48 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
172.64.108.13200 OK 322 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
IP 172.64.108.13:0
File type PNG image data, 729 x 331, 8-bit/color RGBA, non-interlaced\012- data
Size 322 kB (322399 bytes)
Hash 47b7ae41a98644de6d46d58a0e51a793
b0f736609af3c0b3214ee52cc9f0798dcc972df6
b2ad5bf8fc066203168fbceb53b7df6012e8897be344b240e94105af1b4ba0f2
GET /sb/notifications/games/nutaku/multi/2/img/girls.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:48 GMT
content-type: image/png
content-length: 322399
last-modified: Wed, 07 Sep 2022 14:37:32 GMT
etag: "6318acac-4eb5f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1350727
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2BF%2FAEg4K9H8SfW8HW2r3jjajKmppoZjv4%2FmUPj%2F73akO%2Fc8WU%2FU%2B4%2FQMdr3IeJr4r4zyItr2aS43qSGSqQ8igCPmO3ZvY38CH7gnyKkGBEZSjc2Zm1BuG9b8yodNGyHMOpbXBxIDAAB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294a3708838873-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 920992c4818e7d17517e3dfef67a22c1
407b7e56fbb4faacca123af367b6cfdf0b7b2d99
527197c1e55e0b319d64e59070906d60084827233a6d7498cf63145ab665c424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
172.64.108.13200 OK 19 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
IP 172.64.108.13:0
Hash 09356a9ceaee6d49ac0108afe95f78f4
b35114550240258e7763691d63654e92060d7d88
ccfc6809c1fb163787df3e436200299d51af3586128e24784ddb13c73d2e0637
GET /sb/notifications/games/nutaku/multi/2/css/styles.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:48 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 08:03:32 GMT
etag: W/"632ac554-2c89"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 292
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0TD7KqAO32ktFQNM1tbaWV6BAyAAsafjBgHUIDLo1O9jNZEiiP9JPDAtwWA%2Fdf4J7QvUHiBQBdFWmPvlicqQpqUVONO1lX2In0vlhdxYdtX4qkV%2FOoHwyhriXC%2BULnKIF2RWpjCn56SO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294a36c8488873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 920992c4818e7d17517e3dfef67a22c1
407b7e56fbb4faacca123af367b6cfdf0b7b2d99
527197c1e55e0b319d64e59070906d60084827233a6d7498cf63145ab665c424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=116
173.233.139.164200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=116
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=116 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=57510a9b-c194-4540-a3e2-d29766a63708:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 05:05:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
15.235.114.204204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP 15.235.114.204:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 05:05:48 GMT
Connection: keep-alive
Expires: Fri, 01 Dec 2023 05:05:48 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=125
173.233.139.164200 OK 672 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=125
IP 173.233.139.164:0
Hash b76137b02c5ec9384f2a139032b39a56
e75a4bb507d40890fe5492fbff40222040e5beac
acc811a532918114c65c58c2b732dd5a2cb92038094fc5988234c9921b903207
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=125 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=57510a9b-c194-4540-a3e2-d29766a63708:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 05:05:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/fonts/Mister-London-Sans.woff2
172.64.108.13200 OK 7.7 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/fonts/Mister-London-Sans.woff2
IP 172.64.108.13:0
File type Web Open Font Format (Version 2), TrueType, length 7664, version 1.0\012- data
Hash e41b02c342b94148fdd5e14fb41dcb4a
9d8415fc8df42aa67fa5a6d15d07f58265535cc0
d857f01d0c6fd46a16bf82acf8f6f76e7710524972ef7f88a926a0d97cadca0b
GET /sb/notifications/games/nutaku/multi/2/fonts/Mister-London-Sans.woff2 HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:49 GMT
content-type: application/octet-stream
content-length: 7664
last-modified: Thu, 15 Sep 2022 10:33:29 GMT
etag: "6322ff79-1df0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 834643
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vCfl4ohPOloe7OMz4YKAQm2kgYvV7uUtx%2BU6YfN9XkOaR8fFy8uDwHHe%2FQJqm%2Bx8lIkVSDuVxRXKOuPcQRUHQmzRmKguK%2BhXuLaZYPTfn3t85gESCi5FLWiFSLqoNydMSiADOJYO4ZFK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294a39aad88873-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
specialistinsensitive.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSzYscVRfGb03mfRe6UclGQWkkC7%2Bmuz77wyyiY4wEYxKSSLbeuvdWz83cqlvcW9XVGVCCgTDLFjcua56eD4xBzF6J9LiRASGtII1k%2FgE3gpCFK%2BmZhsGzqHNO%2Fc7iPM%2B597bKQ%2BKipLOrH%2BkNqRRtRU238dpNmXFd2cblGw3PbbpnGzdl1g7PNobzjxm87blR03298YFg67rlu57req7XuCCNSPSwdUQh8wc9r9lzm6Hf9KIQQ%2FPf3pYOLHXAB4fkBUg%2B%2Fd%2Fazw8h2QRZ%2Bt15YdcLnb%2F1floqWmiDAd%2F7OFvPdJUhPSkT4yDJ9hbT0HZKyFdL0NneQgH0YHuuALGcEud3D3G2t1gT8WDneNNYQWSI%2BbOoBhMINYGkEzB9F5I%2FJgDjuHwFWbp7WZuK3j6mdE6nZPnp35DVlCw%2FOY0s%2FXZVyWHjulZlIXVmMUxqyOEEsj9BXu6j2HAgq32w4nNI%2FgtpPb2ELN2%2BYpWG5LMzUSfyXNqLV5jXC1fCKHRXaCD8Fe73Ou02bQcdt3tkkZQTyGQCJUagdgmldVBKB2XioMwdpHzWoFEvcd1OEidB0A0ZY0HAWNRt84gHYTdxUbK5hhGKfASmRmDmDnJzB%2BtyBFP%2BCLtWw3IHtiAY8BqVIKgsQUUJKklQFQTVoN7hyvq23uXKlrG3yP4iB%2FVYF%2F0tuqOLvsjIVn5Inp8b5zx3%2FzTWxayRRN0oaUeszdqR5wdxL%2BLc7cUi8EMugjiGlTWkXQK1DjbklJz69E%2FkckqWVluI6T6s2geTr4KWL4NW447vgq6Nw66LjWxXDEVTanBdIy%2BWUdx2ttQhefHodL3fDAQ7eOeNL4vvb332D5ipkZsat%2BRPBH21Ob6mK7J9TVeWPLySFzKVG3R%2B1usFLcTy%2FQ%2FF7UobfvG8HX39LpuDefnghrDFJZpxmfUt%2BWZVci7MBW2YID9ctDdFfLW0a6ulycr80tX3LlxMcyOslTqbgMrHnzwCk1PyTHrv6MG%2B8sc9SDOBKWuk5QFZBKTeB8vvwOYH52b%2FP%2FOk9VINqwmMOpmJcwdVWY%2BNH5%2F8VJJAiZOexjWsOLEgFgeP%2FjpmW3YTfeOAFneRpTUGpsZA1aBqBFueGhe5OTj3a3AUiJUzjpVxtmNl1BfH1lo5a0ReKLpxt8M4jwXjXscPuoHr%2BpyHnZ7weijslG223%2FwXAAD%2F%2FwEAAP%2F%2F%2BYKFGogEAAA%3D
173.233.139.164200 OK 7 B URL HTTP/1.1 specialistinsensitive.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSzYscVRfGb03mfRe6UclGQWkkC7%2Bmuz77wyyiY4wEYxKSSLbeuvdWz83cqlvcW9XVGVCCgTDLFjcua56eD4xBzF6J9LiRASGtII1k%2FgE3gpCFK%2BmZhsGzqHNO%2Fc7iPM%2B597bKQ%2BKipLOrH%2BkNqRRtRU238dpNmXFd2cblGw3PbbpnGzdl1g7PNobzjxm87blR03298YFg67rlu57req7XuCCNSPSwdUQh8wc9r9lzm6Hf9KIQQ%2FPf3pYOLHXAB4fkBUg%2B%2Fd%2Fazw8h2QRZ%2Bt15YdcLnb%2F1floqWmiDAd%2F7OFvPdJUhPSkT4yDJ9hbT0HZKyFdL0NneQgH0YHuuALGcEud3D3G2t1gT8WDneNNYQWSI%2BbOoBhMINYGkEzB9F5I%2FJgDjuHwFWbp7WZuK3j6mdE6nZPnp35DVlCw%2FOY0s%2FXZVyWHjulZlIXVmMUxqyOEEsj9BXu6j2HAgq32w4nNI%2FgtpPb2ELN2%2BYpWG5LMzUSfyXNqLV5jXC1fCKHRXaCD8Fe73Ou02bQcdt3tkkZQTyGQCJUagdgmldVBKB2XioMwdpHzWoFEvcd1OEidB0A0ZY0HAWNRt84gHYTdxUbK5hhGKfASmRmDmDnJzB%2BtyBFP%2BCLtWw3IHtiAY8BqVIKgsQUUJKklQFQTVoN7hyvq23uXKlrG3yP4iB%2FVYF%2F0tuqOLvsjIVn5Inp8b5zx3%2FzTWxayRRN0oaUeszdqR5wdxL%2BLc7cUi8EMugjiGlTWkXQK1DjbklJz69E%2FkckqWVluI6T6s2geTr4KWL4NW447vgq6Nw66LjWxXDEVTanBdIy%2BWUdx2ttQhefHodL3fDAQ7eOeNL4vvb332D5ipkZsat%2BRPBH21Ob6mK7J9TVeWPLySFzKVG3R%2B1usFLcTy%2FQ%2FF7UobfvG8HX39LpuDefnghrDFJZpxmfUt%2BWZVci7MBW2YID9ctDdFfLW0a6ulycr80tX3LlxMcyOslTqbgMrHnzwCk1PyTHrv6MG%2B8sc9SDOBKWuk5QFZBKTeB8vvwOYH52b%2FP%2FOk9VINqwmMOpmJcwdVWY%2BNH5%2F8VJJAiZOexjWsOLEgFgeP%2FjpmW3YTfeOAFneRpTUGpsZA1aBqBFueGhe5OTj3a3AUiJUzjpVxtmNl1BfH1lo5a0ReKLpxt8M4jwXjXscPuoHr%2BpyHnZ7weijslG223%2FwXAAD%2F%2FwEAAP%2F%2F%2BYKFGogEAAA%3D
IP 173.233.139.164:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSzYscVRfGb03mfRe6UclGQWkkC7%2Bmuz77wyyiY4wEYxKSSLbeuvdWz83cqlvcW9XVGVCCgTDLFjcua56eD4xBzF6J9LiRASGtII1k%2FgE3gpCFK%2BmZhsGzqHNO%2Fc7iPM%2B597bKQ%2BKipLOrH%2BkNqRRtRU238dpNmXFd2cblGw3PbbpnGzdl1g7PNobzjxm87blR03298YFg67rlu57req7XuCCNSPSwdUQh8wc9r9lzm6Hf9KIQQ%2FPf3pYOLHXAB4fkBUg%2B%2Fd%2Fazw8h2QRZ%2Bt15YdcLnb%2F1floqWmiDAd%2F7OFvPdJUhPSkT4yDJ9hbT0HZKyFdL0NneQgH0YHuuALGcEud3D3G2t1gT8WDneNNYQWSI%2BbOoBhMINYGkEzB9F5I%2FJgDjuHwFWbp7WZuK3j6mdE6nZPnp35DVlCw%2FOY0s%2FXZVyWHjulZlIXVmMUxqyOEEsj9BXu6j2HAgq32w4nNI%2FgtpPb2ELN2%2BYpWG5LMzUSfyXNqLV5jXC1fCKHRXaCD8Fe73Ou02bQcdt3tkkZQTyGQCJUagdgmldVBKB2XioMwdpHzWoFEvcd1OEidB0A0ZY0HAWNRt84gHYTdxUbK5hhGKfASmRmDmDnJzB%2BtyBFP%2BCLtWw3IHtiAY8BqVIKgsQUUJKklQFQTVoN7hyvq23uXKlrG3yP4iB%2FVYF%2F0tuqOLvsjIVn5Inp8b5zx3%2FzTWxayRRN0oaUeszdqR5wdxL%2BLc7cUi8EMugjiGlTWkXQK1DjbklJz69E%2FkckqWVluI6T6s2geTr4KWL4NW447vgq6Nw66LjWxXDEVTanBdIy%2BWUdx2ttQhefHodL3fDAQ7eOeNL4vvb332D5ipkZsat%2BRPBH21Ob6mK7J9TVeWPLySFzKVG3R%2B1usFLcTy%2FQ%2FF7UobfvG8HX39LpuDefnghrDFJZpxmfUt%2BWZVci7MBW2YID9ctDdFfLW0a6ulycr80tX3LlxMcyOslTqbgMrHnzwCk1PyTHrv6MG%2B8sc9SDOBKWuk5QFZBKTeB8vvwOYH52b%2FP%2FOk9VINqwmMOpmJcwdVWY%2BNH5%2F8VJJAiZOexjWsOLEgFgeP%2FjpmW3YTfeOAFneRpTUGpsZA1aBqBFueGhe5OTj3a3AUiJUzjpVxtmNl1BfH1lo5a0ReKLpxt8M4jwXjXscPuoHr%2BpyHnZ7weijslG223%2FwXAAD%2F%2FwEAAP%2F%2F%2BYKFGogEAAA%3D HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=57510a9b-c194-4540-a3e2-d29766a63708:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 05:05:49 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 09556c8f52005de67e0f0e85a5e04ef8
Strict-Transport-Security: max-age=0; includeSubdomains
specialistinsensitive.com/pixel/sbs?c=1
173.233.139.164200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbs?c=1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=57510a9b-c194-4540-a3e2-d29766a63708:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 05:05:49 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=42
173.233.139.164200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=42
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=42 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=57510a9b-c194-4540-a3e2-d29766a63708:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 05:05:49 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dd71cb59bfd5e31191d61da63fec244a
998886e4743fc393838dbee7a6632d392e268e73
54672c525e2462ddbb2e84b80945daede2e13469b8817d636dc12d5bb0b3bc47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54672C525E2462DDBB2E84B80945DAEDE2E13469B8817D636DC12D5BB0B3BC47"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=435
Expires: Thu, 01 Dec 2022 05:13:04 GMT
Date: Thu, 01 Dec 2022 05:05:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dd71cb59bfd5e31191d61da63fec244a
998886e4743fc393838dbee7a6632d392e268e73
54672c525e2462ddbb2e84b80945daede2e13469b8817d636dc12d5bb0b3bc47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54672C525E2462DDBB2E84B80945DAEDE2E13469B8817D636DC12D5BB0B3BC47"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=435
Expires: Thu, 01 Dec 2022 05:13:04 GMT
Date: Thu, 01 Dec 2022 05:05:49 GMT
Connection: keep-alive
adservice.google.com/adsid/integrator.js?domain=exee.app
142.250.74.2200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP 142.250.74.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 01 Dec 2022 05:05:49 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=57510a9b-c194-4540-a3e2-d29766a63708&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=57510a9b-c194-4540-a3e2-d29766a63708&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=57510a9b-c194-4540-a3e2-d29766a63708&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 01 Dec 2022 05:05:49 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5692eb419ae912bb872ae8fe93acc59a
Strict-Transport-Security: max-age=0; includeSubdomains
www.youtube.com/iframe_api
142.250.74.174200 OK 524 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.174:0
File type ASCII text, with very long lines (509)
Hash d13c2ed6ca402a4f549c21d086dd033e
4e8d57484fd78518bdb542e2b6471d4792dea9ae
1fbec510aa29ad6b531396be129d557912e6aa6ee509bd03c07b0fcefb487091
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Thu, 01 Dec 2022 05:05:48 GMT
date: Thu, 01 Dec 2022 05:05:48 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=sXH3aCnGmgs; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=iawK5sGN_3w; Domain=.youtube.com; Expires=Tue, 30-May-2023 05:05:48 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+671; expires=Sat, 30-Nov-2024 05:05:47 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
15.235.114.204206 Partial Content 454 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP 15.235.114.204:0
Size 454 kB (453832 bytes)
Hash b2fa66eb6fbe5a86875597aafd72688e
3f3ffb07d91b34dcbaa886bbbb50c59ab33767c8
f2985ff1aa24da33cb50632ba0daed5632c90cd761f6a53c56084988c4ae4cc2
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-453831
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 05:05:49 GMT
Content-Type: video/mp2t
Content-Length: 453832
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Connection: keep-alive
ETag: "62e47d37-cce09a8"
Expires: Fri, 01 Dec 2023 05:05:49 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-453831/214829480
pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FqC3yIaW&tfcd=0&npa=0&correlator=3334130651231774&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FqC3yIaW&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F2de1e123-e4c9-424d-8e56-3ddb7ecb1f32&sid=43E0FF23-1AA4-4898-B2A4-43BC26CD9FF7&nel=0&eid=44748969%2C44765701&dlt=1669871144937&idt=2074&dt=1669871148001&cookie_enabled=1&scor=2055769546780235&ged=ve4_td3_tt1_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
142.250.74.162200 OK 17 kB URL HTTP/2 pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FqC3yIaW&tfcd=0&npa=0&correlator=3334130651231774&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FqC3yIaW&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F2de1e123-e4c9-424d-8e56-3ddb7ecb1f32&sid=43E0FF23-1AA4-4898-B2A4-43BC26CD9FF7&nel=0&eid=44748969%2C44765701&dlt=1669871144937&idt=2074&dt=1669871148001&cookie_enabled=1&scor=2055769546780235&ged=ve4_td3_tt1_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
IP 142.250.74.162:0
File type XML 1.0 document text\012- XML document, Unicode text, UTF-8 text, with very long lines (23977)
Hash bba84dcfcd76c2c7b675ade1a25c322f
d41e82483049df8b8b1d0625b91d0c65d4922e6e
cc27ae9a8c9c5be1a8280ab44a489830a577da34998c1c78f3a25a4b7c9e7b75
GET /gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FqC3yIaW&tfcd=0&npa=0&correlator=3334130651231774&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FqC3yIaW&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F2de1e123-e4c9-424d-8e56-3ddb7ecb1f32&sid=43E0FF23-1AA4-4898-B2A4-43BC26CD9FF7&nel=0&eid=44748969%2C44765701&dlt=1669871144937&idt=2074&dt=1669871148001&cookie_enabled=1&scor=2055769546780235&ged=ve4_td3_tt1_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491 HTTP/1.1
Host: pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://imasdk.googleapis.com
google-lineitem-id: -1
google-creative-id: -1
date: Thu, 01 Dec 2022 05:05:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 16617
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 01-Dec-2022 05:20:49 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e7e19607943d3a3770dd76e619af315d
78a4ef394f6fcbaa6b5abaa41f80eb9bce6bf06e
bafb86050e74ea34fc7206ec495f56d82f536245a1f23502eef3f3b7871ffea3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AMLnZu9s9V3TTkRxC4wlst9BjLL4LkmCMIwah8O7Tbbk=s48-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 1.3 kB URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu9s9V3TTkRxC4wlst9BjLL4LkmCMIwah8O7Tbbk=s48-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 48x48, components 3\012- data
Hash 16dd29da8e56fe47acb39120bc9abd67
1db28acae84f4ebf193d38ca5ccdcc349abf6d08
10e6e64fb5dcf0e083af750c83f039074c08fef73098de35e44e18e6b0353504
GET /ytc/AMLnZu9s9V3TTkRxC4wlst9BjLL4LkmCMIwah8O7Tbbk=s48-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 1304
x-xss-protection: 0
date: Thu, 01 Dec 2022 02:35:43 GMT
expires: Mon, 01 Aug 2022 00:47:49 GMT
cache-control: public, max-age=86400, no-transform
age: 9006
etag: "v8"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash ed11eee2bea0fb8ed1c93e5a1430e35b
0b4bd6bdb585691eb99681be0cc8544694b5bf6a
6e019a78f4ef6f7fcf21d1d905cd10be9e4843a84d557e61223fc078965dd97a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e7e19607943d3a3770dd76e619af315d
78a4ef394f6fcbaa6b5abaa41f80eb9bce6bf06e
bafb86050e74ea34fc7206ec495f56d82f536245a1f23502eef3f3b7871ffea3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash ed11eee2bea0fb8ed1c93e5a1430e35b
0b4bd6bdb585691eb99681be0cc8544694b5bf6a
6e019a78f4ef6f7fcf21d1d905cd10be9e4843a84d557e61223fc078965dd97a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:05:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr1---sn-capm-vnae.googlevideo.com/videoplayback?expire=1669899949&ei=LTaIY_DcJdmwyQWhh7GYBQ&ip=91.90.42.154&id=1029da237e4c8a3b&itag=22&source=youtube&requiressl=yes&mh=AH&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=62.577&lmt=1669744113323024&mt=1669870654&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAJVWtfkTh13Wk_lhd2vUVNfxgj7eVlkb1sqFeDBBm3hFAiEA8zb9-4xI_ve76r8zyWQNZb3fs_zHBVQsftFVgssAFeY=&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgQfV3A3BZiNmdMnbMi4a5yzY7uS0pVmfv9ktL1MqM9S4CIQDGZl-JyTyMpPtIG57Na6d9xHiCVmdGt1aVWuNn5QENvg==&cpn=NjaPQLOwpbQmGDtU
91.90.45.172206 Partial Content 130 kB URL HTTP/1.1 rr1---sn-capm-vnae.googlevideo.com/videoplayback?expire=1669899949&ei=LTaIY_DcJdmwyQWhh7GYBQ&ip=91.90.42.154&id=1029da237e4c8a3b&itag=22&source=youtube&requiressl=yes&mh=AH&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=62.577&lmt=1669744113323024&mt=1669870654&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAJVWtfkTh13Wk_lhd2vUVNfxgj7eVlkb1sqFeDBBm3hFAiEA8zb9-4xI_ve76r8zyWQNZb3fs_zHBVQsftFVgssAFeY=&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgQfV3A3BZiNmdMnbMi4a5yzY7uS0pVmfv9ktL1MqM9S4CIQDGZl-JyTyMpPtIG57Na6d9xHiCVmdGt1aVWuNn5QENvg==&cpn=NjaPQLOwpbQmGDtU
IP 91.90.45.172:0
ASN #50304 Blix Solutions AS
File type ISO Media, MP4 v2 [ISO 14496-14]\012- data
Size 130 kB (129678 bytes)
Hash ea01e40f7ed8900fe778bcc933b7d06f
f596d0c802d64ad7c2f7876c6de123d1ab06866c
a93e039f61a6e4aba20995061b12779256a33f08cae57c4ada8070a3c5c51944
GET /videoplayback?expire=1669899949&ei=LTaIY_DcJdmwyQWhh7GYBQ&ip=91.90.42.154&id=1029da237e4c8a3b&itag=22&source=youtube&requiressl=yes&mh=AH&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=62.577&lmt=1669744113323024&mt=1669870654&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAJVWtfkTh13Wk_lhd2vUVNfxgj7eVlkb1sqFeDBBm3hFAiEA8zb9-4xI_ve76r8zyWQNZb3fs_zHBVQsftFVgssAFeY=&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgQfV3A3BZiNmdMnbMi4a5yzY7uS0pVmfv9ktL1MqM9S4CIQDGZl-JyTyMpPtIG57Na6d9xHiCVmdGt1aVWuNn5QENvg==&cpn=NjaPQLOwpbQmGDtU HTTP/1.1
Host: rr1---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Last-Modified: Tue, 29 Nov 2022 17:48:33 GMT
Content-Type: video/mp4
Date: Thu, 01 Dec 2022 05:05:49 GMT
Expires: Thu, 01 Dec 2022 05:05:49 GMT
Cache-Control: private, max-age=28500
Content-Range: bytes 0-5459839/5459840
Accept-Ranges: bytes
Content-Length: 5459840
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
csi.gstatic.com/csi?v=2&s=ima&puid=1~lb4m5zaa&c=1159251045923&slotId=579625522961.5&qqid=CMaKveXS1_sCFY2fmwodudQFbQ&gqid=LTaIY83cGpmG6gSe-rioBg&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&ghmsh_eids=44748969%2C44765701&met.4=ghmsh_s.lb4m60c4~ghmsh_s.lb4m60c8&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=NjaPQLOwpbQmGDtU
172.217.175.3204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&puid=1~lb4m5zaa&c=1159251045923&slotId=579625522961.5&qqid=CMaKveXS1_sCFY2fmwodudQFbQ&gqid=LTaIY83cGpmG6gSe-rioBg&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&ghmsh_eids=44748969%2C44765701&met.4=ghmsh_s.lb4m60c4~ghmsh_s.lb4m60c8&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=NjaPQLOwpbQmGDtU
IP 172.217.175.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&puid=1~lb4m5zaa&c=1159251045923&slotId=579625522961.5&qqid=CMaKveXS1_sCFY2fmwodudQFbQ&gqid=LTaIY83cGpmG6gSe-rioBg&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&ghmsh_eids=44748969%2C44765701&met.4=ghmsh_s.lb4m60c4~ghmsh_s.lb4m60c8&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=NjaPQLOwpbQmGDtU HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Thu, 01 Dec 2022 05:05:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=ima&top=1&puid=2~lb4m60fg&c=1159251045923&slotId=579625522961.5&met.4=hvd_lc.lb4m60fg~hvd_ad.lb4m60fg~hvd_mad.lb4m60fg~hvd_admu.lb4m60fg~hvd_src.lb4m60fg
172.217.175.3204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&top=1&puid=2~lb4m60fg&c=1159251045923&slotId=579625522961.5&met.4=hvd_lc.lb4m60fg~hvd_ad.lb4m60fg~hvd_mad.lb4m60fg~hvd_admu.lb4m60fg~hvd_src.lb4m60fg
IP 172.217.175.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&top=1&puid=2~lb4m60fg&c=1159251045923&slotId=579625522961.5&met.4=hvd_lc.lb4m60fg~hvd_ad.lb4m60fg~hvd_mad.lb4m60fg~hvd_admu.lb4m60fg~hvd_src.lb4m60fg HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Thu, 01 Dec 2022 05:05:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lb4m5yml&c=1159251045923&slotId=579625522961.5&eee=missing-element&bi=missing-id
172.217.175.3204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lb4m5yml&c=1159251045923&slotId=579625522961.5&eee=missing-element&bi=missing-id
IP 172.217.175.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&top=1&puid=1~lb4m5yml&c=1159251045923&slotId=579625522961.5&eee=missing-element&bi=missing-id HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Thu, 01 Dec 2022 05:05:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
IP 172.64.108.13:0
GET /sb/notifications/games/nutaku/multi/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:48 GMT
content-type: text/css
last-modified: Thu, 15 Sep 2022 10:38:28 GMT
etag: W/"632300a4-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 828214
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=evV60OfYjLZgePzbfHzrkvVfcTh8aRxkL%2FGXTqySj30gsksW01%2BvKpjUQXnfMU5ZM69lIb6tVFPw1wJhRQwZt0LJZZQlaCX%2BUSEeia2YrG3rybbJ5t1k0%2BfLXetGZyuVX5I8oBQZQGHO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294a36d84c8873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.106:0
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 05:05:46 GMT
date: Thu, 01 Dec 2022 05:05:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.105.3200 OK 0 B IP 172.64.105.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 180
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:48 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BKLPGGlz%2FzOkJIAg%2FO85UJ1a4sCqypd%2FEik14BJNWdIJiXs6Ur9gJ3rgS4TIrSjE0%2Bdqz9lzWNp18QJpZ4bq%2BCaIitph12QQlh9btGLMSOkgq295woxCizz17Qc0UvgjfDIO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294a344e19775c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:46 GMT
content-type: text/plain
set-cookie: csu=1134596431969388@1@1669871146; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gFA93U0bZG0L0VPWFlVXC9qs2eFhbjq63oqQ3i5W2nwVc3rSzAeYBcX%2FOULNau0Ca7tbntPFoF314s0D73ewxFTPjuI%2BUXBZm1in6YvZQLmjGrrn6sFxfTeG1GC6uwod"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294a2b2cbff3e7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.105.3200 OK 0 B IP 172.64.105.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 182
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:48 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k9E68ySIIkF1Ppqe9ZEMog3x3UKkbemHUKAIp3HIhsWKixd2EmdwPNrNS0aBwbzz5kvTPt3J%2FUI2fBSuJtTCcB%2BLiJds7UeBnvY1HfP%2FnZRqMhooP%2FUO3whKIdTZ56Bsszd%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294a346e3a775c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exee.app/qC3yIaW
104.21.48.127200 OK 0 B IP 104.21.48.127:0
GET /qC3yIaW HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:46 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=60af64452645c265dc2a4dff2047335b; path=/; HttpOnly
csrfToken=f6fa783dce40c84cc214ee387bfc32815557c17324c0eccdde11f59e171e2143d0baa22da92dddd0f1b55edfcc6696c8161dcfdb77d97a46be523cb4009c9b09; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pnbburJMASCTuVXvA8HYt9N0%2BKUrwPkxdhiHLJZbokcHY%2F684%2FKnsSnaRr3CfKyVD1Wo6RcVKWuIHVuR5OtEpBBcMXqX4klvvMyiBlMvN82wmntbXNulfgccQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294a270ca81bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:46 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3704
last-modified: Thu, 01 Dec 2022 04:04:02 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JlysfcBBxQ%2Fk4j6WtaSAhVvRWu7K3vwu9wB5wx99%2Bniet5sbH4Bgd%2BnhW1E04epUrNoKkloXyBs4SMLf3MCzFdszEmzvGqpcSNfhs9YOY5BQa%2Bq1wW590F687GtNEOHu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294a2b1cbcf3e7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.202.23200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.202.23:0
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:47 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 7350a4259c179e84ba7cc33c54e8f4d2
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 01 Dec 2022 05:05:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b8pt0KFseDlefRSqvcMRaDwXw%2BKDBPMts2lxHMjcW7s2Wvj2kw2XdqrW%2F3TffWSk6hU3SKOcwJ3IV3TCiVttPl1UhbmP4dJxw33o0T4YedyQbe%2B6OFDLVN3G38xeRmU2pQn%2F47I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294a2cda2c71e1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:46 GMT
content-type: text/plain
set-cookie: csu=2000387546902819@1@1669871146; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nq9UdI82lEG8q%2FXzYFbSY4tnw0%2BuOw8KmVgzAlVe2XDpPjjEygxohXniSnFwB6H1kfeLRvmZyi8WpdwUFAWojfrOfTCXveGbU2xqa4H6WpieOwgTtWV6%2FSlaV8nJHVRK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294a2c0d30f3e7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
IP 172.64.108.13:0
GET /sb/notifications/games/nutaku/multi/2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:48 GMT
content-type: application/javascript
last-modified: Thu, 18 Aug 2022 08:55:27 GMT
etag: W/"62fdfe7f-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1350727
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oKSGldpNusQzmg8eJ40dHlfpKgfid%2F%2FIdnp7yI01K30sx757QD7t1Dex7gaWuFn6PngLrYc8V5hMnPOjwLB4y6vk5OM9oBGNx1MEMlDChuk8M%2Ft5lEQ6TX5sYRUVzyTmU1GmFJQYrCK0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294a3708848873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
104.21.29.183200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP 104.21.29.183:0
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:46 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2797
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iPAMQItVZUAyJOzlTYjBUZb6uHIpU1kRCdh1B9jQDIZ%2FajPTWUh0R4L6LzDg9TcJPbku5swXHxrN9dcPtKkCaSLAd5Kjh%2FcNvSUnuDsEYZze%2FkxBp%2FE6u09fxAbnp3RbXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294a29eae5b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.vdo.ai/core/v-exee-app/vdo.ai.js
172.64.104.3200 OK 0 B URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP 172.64.104.3:0
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:46 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.2.30
vdo-server: Tag3
x-varnish: 3820970
age: 5831
via: 1.1 varnish-v4
x-cache: MISS
cache-control: max-age=1800
cf-cache-status: HIT
last-modified: Thu, 01 Dec 2022 03:28:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lE4jQwkyoRt0SsTW4goXc4fj27mhJvZDiYaxrFHreIH1ssQGBxCyrsWDSqp%2B7N6ptopil7kHO46SmCuvB42VdbqVOFYyclpgNCiNNPZeX2WDJMnZhqiW3pC48w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294a2a3c1b7321-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FqC3yIaW&tag=v-exee-app&domain=exee.app
172.64.104.3200 OK 0 B URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FqC3yIaW&tag=v-exee-app&domain=exee.app
IP 172.64.104.3:0
GET /allowed_url.php?type=json&url=exee.app%2FqC3yIaW&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:46 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bSz6NVK8Fq1Dy6JeZXoxHFXlzZVL%2B8DB6oukjeXp4y5DMI2XgAVgf9Rrf4oylZjQM0j97oS14UoOKVxYdM3v%2FH8A6h0XZAFanbkLHWirkQ%2FTESSUp1QxHMYXc7B6zyoxLVAe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294a2b7eac72de-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.105.3200 OK 0 B IP 172.64.105.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 181
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:48 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m4U2gjKydj5fJlF5JWLSiAnBW7eKo%2Fm7LonArwLsKHd3UYSZK6tRQG3mplF%2FDDajImFNjMkCxB1UYHzCG0kf14Aw6UkINR0PxAUDj3IyrV1O%2F5w0eMTwrBn1wZbYwDENHUkV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294a349e85775c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.105.3200 OK 0 B IP 172.64.105.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 126
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:05:46 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yTnkex7e1efeEBtJt4RkUxcm8jk5JMxD2gQ28P92lGTFwInVExJmbgO%2BfNAOCl1vlhvHFuE%2BvyiKK9J6U2%2BLheqPkVvxJLSv6uftXWsrIRHBCCaHQ5168fCK3dts4TI7IY8i"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294a2b6d6b775c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: KONnySGx+bjPAA9rDr/IzLX8x2AuGyEw+B06kMQZvjT1+enWO3axa1iVU/g9jMgWjX8h3cEt4ZN7QDTav0Igtg==
date: Thu, 01 Dec 2022 05:05:47 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2