r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11533
Expires: Thu, 08 Dec 2022 07:13:58 GMT
Date: Thu, 08 Dec 2022 04:01:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14031
Expires: Thu, 08 Dec 2022 07:55:36 GMT
Date: Thu, 08 Dec 2022 04:01:45 GMT
Connection: keep-alive
exee.app/apkeditor
200 OK 165 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61702)
Size 165 kB (164849 bytes)
Hash c284dc7b1052b5ed36055764a3639860
d446dcc36c3d656d87363608a5f81f532218dec5
b32cf461567f9d9242420fb2c96d3cd29398fab9232a28f0fb403c588ea900e6
GET /apkeditor HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 04:01:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding,User-Agent
Set-Cookie: AppSession=e634b5f7495f24f4c1b437fe321d16e1; path=/; HttpOnly
csrfToken=db88c8e7399750514eacad386500a7d22f586bc277fe59a07af1eb39ae0f9804fdc96b844790096a31bf9615a5ebf4c5b39b99bb2c453209b515d3a68c4d38f0; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1uAgA%2FRxFE%2Fm%2B0tCNJLyXFA7YCn9PVPoqWid%2B8VKICF2oPUKDXgRkh5QoAfUUjToiZ1%2B%2BqnP2XrGId3x1MyURvYmKfxCMxL2%2FGHVz961iUKOFtv3psAJPuYKqA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776299fef893b521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 03:08:07 GMT
content-type: application/json
age: 3218
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c3470f9f0a4df8c1496b577fa9435ff6
f83b0226bb57ed0f3e1acdad61b940414add135d
f542579e3a3577a646babde862282c2afda6ed784360a915143216100f7a3d91
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F542579E3A3577A646BABDE862282C2AFDA6ED784360A915143216100F7A3D91"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8234
Expires: Thu, 08 Dec 2022 06:18:59 GMT
Date: Thu, 08 Dec 2022 04:01:45 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: r6qh9TGMd3iN+Lh4DPY3CZXhTaKUW4Ae16yz3pRTxmt0zQQcMIwndIN7faLb6Gnv4Np+ct+JSMQ=
x-amz-request-id: WNXJH81JJ8ANSTMY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 03:49:37 GMT
age: 728
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
exee.app/css/continue.css
200 OK 43 kB URL HTTP/1.1 exee.app/css/continue.css
IP
File type assembler source, ASCII text
Hash 86f2690abb402da57ec94426944f117d
090dd2289eff354b4ae54490f2f8060df48c9d0c
e1f10c833a7a0f58158484857fe22a7c6efdcb7e4636df1cc9e2c4a5d3d1dafa
GET /css/continue.css HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/apkeditor
Cookie: AppSession=e634b5f7495f24f4c1b437fe321d16e1; csrfToken=db88c8e7399750514eacad386500a7d22f586bc277fe59a07af1eb39ae0f9804fdc96b844790096a31bf9615a5ebf4c5b39b99bb2c453209b515d3a68c4d38f0
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 04:01:45 GMT
Content-Type: text/css
Content-Length: 43033
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 20 Nov 2020 17:25:47 GMT
Cache-Control: max-age=2592000
Expires: Wed, 04 Jan 2023 00:54:59 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Age: 270406
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wWPL9LJ4EJLlK40JtEOrvoWOZ8pAoo3Lao1MIfSMXNLHxGHvH4rHp5gUWcMKlQsZGYKRqr1hTH%2BBJZjCvZyqBNF%2BLKQpp%2FTmdEPIBsJQUipAbN%2BXmo0sRzVLOg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77629a0149a5b521-OSL
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 04:01:45 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0c89743226644fddacbe5d50c110b950
b343ae9eb9047cf764b518083d612ffd3652b209
1bf675bb6e12e913a98cd8849c1af9a0c50b0bb8bfa670c86419b41782e06e47
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP
File type ASCII text, with very long lines (1921)
Hash 839f6943d97e4999da9768a9575bf650
939d882990c7beb3e4f8091eacd1d41c5cf0f92d
a5d853166fa5908cbee09604584bd40904018ffda105a2afe0db517992c14dd5
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Dec 2022 04:01:45 GMT
expires: Thu, 08 Dec 2022 04:01:45 GMT
cache-control: private, max-age=900
last-modified: Thu, 08 Dec 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43634
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fn.deulspoorn.com/1clkn/29529
200 OK 26 B URL HTTP/1.1 fn.deulspoorn.com/1clkn/29529
IP
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: fn.deulspoorn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Dec 2022 04:01:45 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Fri, 09-Dec-2022 04:01:45 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Fri, 09-Dec-2022 04:01:45 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 30aec170d58f580f2ed4da4b92d72cc7
3b11a98ba9563f7f266e7a935e3b78bd0c0712aa
7b25e66e4383cdb29228d0451a4810eeab7d194ca81045e066c00c9467f29312
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash b3487d39a8fa6e910fc56ab7474c31dc
0cbc4f05a4af90b697770ac52aee943613ff65b4
adbf7426bb660d1f7889f11b27e53419d7416ef806ba5a204a4b3cc22adcf153
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "ADBF7426BB660D1F7889F11B27E53419D7416EF806BA5A204A4B3CC22ADCF153"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3562
Expires: Thu, 08 Dec 2022 05:01:07 GMT
Date: Thu, 08 Dec 2022 04:01:45 GMT
Connection: keep-alive
a.vdo.ai/core/v-exee-app/vdo.ai.js
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Dec 2022 04:01:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 08 Dec 2022 05:01:45 GMT
Location: https://a.vdo.ai/core/v-exee-app/vdo.ai.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Mr2AotNRvKUVRjajfXhwrLryuko1K5R3P2qEb43LKZ6YOCYcwJdlXlLV%2Fl%2Fa9GpKNBj3JBsQ3oQrGl4X1YerTSOOv5bR47b2P%2BYKDc1weZhQTsHvljvUAMlWw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77629a02ec02769d-LHR
alt-svc: h2=":443"; ma=60
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP
File type ASCII text, with very long lines (37150), with no line terminators
Hash 1ad602a6a0a41073aa9f62ef55288f73
7aff01815c286eb2968679cf27b6a35363b3de7f
5406a39477a76ea5a5aa434e317d49cae76c221e8932160acb17c1403a09f3d2
Analyzer Verdict Alert quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 04:01:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f7ed96166d885347f2fd538b7642933c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 0a7f3569daca0714122cf2c2e2145763
a286adaa66480bb99214659c2e78f26723eec5cf
24153f851e57ee0c86efdb33ee350e608e1e1eb67a8e481afca65ffaafdaada9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "24153F851E57EE0C86EFDB33EE350E608E1E1EB67A8E481AFCA65FFAAFDAADA9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3308
Expires: Thu, 08 Dec 2022 04:56:53 GMT
Date: Thu, 08 Dec 2022 04:01:45 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP
Hash 4eb6b6b44e82e088f27dd5c58edc5114
8fe2d591d197f4708f525b2b6fd094c1496020aa
6cb700348b7cf57e7d24579c4fdf1ace1027137006e00f2b6a9ed0a7dc8ada88
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash b3487d39a8fa6e910fc56ab7474c31dc
0cbc4f05a4af90b697770ac52aee943613ff65b4
adbf7426bb660d1f7889f11b27e53419d7416ef806ba5a204a4b3cc22adcf153
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "ADBF7426BB660D1F7889F11B27E53419D7416EF806BA5A204A4B3CC22ADCF153"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3562
Expires: Thu, 08 Dec 2022 05:01:07 GMT
Date: Thu, 08 Dec 2022 04:01:45 GMT
Connection: keep-alive
wisehowronspar.com/d2tCaWgWCSEEVxZWIE8dBQd/TFoxTnAvDEUBJRlQRgYoHg8QEjBHCxsENw0OBQQsHUYZDjZMWjE/FT0uIz4KCl4vAXJbOzRaGydaRjsjHiYaMiknTUUtFRApUlkELjscJgoDGzEucDwaMAILHgxFMjs5PzIoJjo5OTsTEQITAzFdMA05Njw8Dw0PLlkwDXMoWzoAMh0uDgglLiw+JhItXBInBCARPgMXGzkZPi4vBSUIEioHEiUUWRETPhcPKj9aJTwFBCknEAsSJXM8UD0cEFEpRSZnWyo2WDUtMUUtCg0fMVkbEz5PKnAkBj8BISEyRD0HLhAlAxsoUQEpGkQyHSUaHiwuEgsrDjYiETA9ExgKWyZCPi8aKjkvFzwlG15wMAIxGQM+IhA5cA4qLgUULwkhCHQgAD5OcC8wHh9zOzpPKhtbPi0KEAoFFT4bTwIEBCwZVToAMCM8DyEXAC5CCQhRWw
200 OK 1.2 kB URL HTTP/1.1 wisehowronspar.com/d2tCaWgWCSEEVxZWIE8dBQd/TFoxTnAvDEUBJRlQRgYoHg8QEjBHCxsENw0OBQQsHUYZDjZMWjE/FT0uIz4KCl4vAXJbOzRaGydaRjsjHiYaMiknTUUtFRApUlkELjscJgoDGzEucDwaMAILHgxFMjs5PzIoJjo5OTsTEQITAzFdMA05Njw8Dw0PLlkwDXMoWzoAMh0uDgglLiw+JhItXBInBCARPgMXGzkZPi4vBSUIEioHEiUUWRETPhcPKj9aJTwFBCknEAsSJXM8UD0cEFEpRSZnWyo2WDUtMUUtCg0fMVkbEz5PKnAkBj8BISEyRD0HLhAlAxsoUQEpGkQyHSUaHiwuEgsrDjYiETA9ExgKWyZCPi8aKjkvFzwlG15wMAIxGQM+IhA5cA4qLgUULwkhCHQgAD5OcC8wHh9zOzpPKhtbPi0KEAoFFT4bTwIEBCwZVToAMCM8DyEXAC5CCQhRWw
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Hash 31694a6a4f998c5bdeb659486844a545
ec0c57558b8e4f1f68fd670972e7c6f6af51d19e
dea72b08bd0fd44fc69615dfe80e48e9bf997cb5381fe8991c7b40306aeb447c
GET /d2tCaWgWCSEEVxZWIE8dBQd/TFoxTnAvDEUBJRlQRgYoHg8QEjBHCxsENw0OBQQsHUYZDjZMWjE/FT0uIz4KCl4vAXJbOzRaGydaRjsjHiYaMiknTUUtFRApUlkELjscJgoDGzEucDwaMAILHgxFMjs5PzIoJjo5OTsTEQITAzFdMA05Njw8Dw0PLlkwDXMoWzoAMh0uDgglLiw+JhItXBInBCARPgMXGzkZPi4vBSUIEioHEiUUWRETPhcPKj9aJTwFBCknEAsSJXM8UD0cEFEpRSZnWyo2WDUtMUUtCg0fMVkbEz5PKnAkBj8BISEyRD0HLhAlAxsoUQEpGkQyHSUaHiwuEgsrDjYiETA9ExgKWyZCPi8aKjkvFzwlG15wMAIxGQM+IhA5cA4qLgUULwkhCHQgAD5OcC8wHh9zOzpPKhtbPi0KEAoFFT4bTwIEBCwZVToAMCM8DyEXAC5CCQhRWw HTTP/1.1
Host: wisehowronspar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1196
Connection: keep-alive
Date: Thu, 08 Dec 2022 04:01:45 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 d009c4305a73ef1e26138117423d6076.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: h24yn0Jxd3eDVTo97fT3zq5F84RnGMh5rA_p8qOrvQhk0G5CYYgt-A==
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
200 OK 46 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP
Hash 4062018ffed2da8be25173facf0932aa
d8fcd9054d9bcae2805a2411b6fd8fb9a15a4c13
f6dd9aa4156d2431f1695741566d879762b10df159ec2115f31dbb482efd7e6e
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Dec 2022 04:01:45 GMT
date: Thu, 08 Dec 2022 04:01:45 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:56:07 GMT
expires: Tue, 05 Dec 2023 18:56:07 GMT
cache-control: public, max-age=31536000
age: 205538
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
wisehowronspar.com/utx?cb=6JHbxXXN2L01&top=exee.app&tid=822524
204 No Content 0 B URL HTTP/2 wisehowronspar.com/utx?cb=6JHbxXXN2L01&top=exee.app&tid=822524
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=6JHbxXXN2L01&top=exee.app&tid=822524 HTTP/1.1
Host: wisehowronspar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 08 Dec 2022 04:01:45 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 08 Dec 2022 04:02:45 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 cc81c6e9e0635b111f930d60fbded11e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 8UhpwGxDUCfb_JTnDGiysjOcZ_CS-hjCuXNatrOcbjpLRNbQV1bVEw==
X-Firefox-Spdy: h2
wisehowronspar.com/utx?cb=58yPb3xrwWch&top=exee.app&tid=889494
204 No Content 0 B URL HTTP/2 wisehowronspar.com/utx?cb=58yPb3xrwWch&top=exee.app&tid=889494
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=58yPb3xrwWch&top=exee.app&tid=889494 HTTP/1.1
Host: wisehowronspar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 08 Dec 2022 04:01:45 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 08 Dec 2022 04:02:45 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 cc81c6e9e0635b111f930d60fbded11e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: AwD7qrbWbyOR8s409hLZbx0f-MqtqG8pFt3QD_mxOzyt6_Vc8O4mdw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
wisehowronspar.com/Q29GSmsiDSUnVCJSJGweMQN7b1kFSnQMD3EFITpTcgIsPQwkFjRkCC8AMy4NMQAoPkUtCjJvWQVYECc9MDgrH1oACA9yPComCwksJwskJhMaNncMHAcXfnsoOjUfATkwDAojGAU/ByU4EhchLSoUGxAZARoqCQshEQkHC18BAwA4OjkMBA4GJz0lCC4gIRd/GQAIDzAuBzoDAgEkNwwfJhkgdy1cAAcfMCgXAAMZPCQFH3ofIAl3LgYXPTUwKDkmDQ0SLy4cDD4AIy0IABU5dzs4cTUHEhMrLhwMPiEiMT4MFjoqOiFwIR4SKAk7HyEpJSgDCAAVPWt+GBIoEyEzFB8XLy0VKSB7Dy4uISFeBwUqCzMrFx4QBxEMJyY5LjkDJgQVOwcHIylXAgU5ciUnCSUtORAmWxU3Bxs+FBxgIBgsATZ3LgIWPgQCJQAC
200 OK 1.2 kB URL HTTP/1.1 wisehowronspar.com/Q29GSmsiDSUnVCJSJGweMQN7b1kFSnQMD3EFITpTcgIsPQwkFjRkCC8AMy4NMQAoPkUtCjJvWQVYECc9MDgrH1oACA9yPComCwksJwskJhMaNncMHAcXfnsoOjUfATkwDAojGAU/ByU4EhchLSoUGxAZARoqCQshEQkHC18BAwA4OjkMBA4GJz0lCC4gIRd/GQAIDzAuBzoDAgEkNwwfJhkgdy1cAAcfMCgXAAMZPCQFH3ofIAl3LgYXPTUwKDkmDQ0SLy4cDD4AIy0IABU5dzs4cTUHEhMrLhwMPiEiMT4MFjoqOiFwIR4SKAk7HyEpJSgDCAAVPWt+GBIoEyEzFB8XLy0VKSB7Dy4uISFeBwUqCzMrFx4QBxEMJyY5LjkDJgQVOwcHIylXAgU5ciUnCSUtORAmWxU3Bxs+FBxgIBgsATZ3LgIWPgQCJQAC
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 9c7b6bbfb66c9606a874abc54cd2c411
913dc7770d71ee6557c3a7ed4bb9ef24f6ee129e
a9eb837f2dad4bd2b80c6d50ae26c0350d5cb3ec6c326ab0de0d55702297a956
GET /Q29GSmsiDSUnVCJSJGweMQN7b1kFSnQMD3EFITpTcgIsPQwkFjRkCC8AMy4NMQAoPkUtCjJvWQVYECc9MDgrH1oACA9yPComCwksJwskJhMaNncMHAcXfnsoOjUfATkwDAojGAU/ByU4EhchLSoUGxAZARoqCQshEQkHC18BAwA4OjkMBA4GJz0lCC4gIRd/GQAIDzAuBzoDAgEkNwwfJhkgdy1cAAcfMCgXAAMZPCQFH3ofIAl3LgYXPTUwKDkmDQ0SLy4cDD4AIy0IABU5dzs4cTUHEhMrLhwMPiEiMT4MFjoqOiFwIR4SKAk7HyEpJSgDCAAVPWt+GBIoEyEzFB8XLy0VKSB7Dy4uISFeBwUqCzMrFx4QBxEMJyY5LjkDJgQVOwcHIylXAgU5ciUnCSUtORAmWxU3Bxs+FBxgIBgsATZ3LgIWPgQCJQAC HTTP/1.1
Host: wisehowronspar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1185
Connection: keep-alive
Date: Thu, 08 Dec 2022 04:01:45 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 296d9c953cfde68911b6645bdd6877b2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: Zn7sRRqJX6yGmQ6JRf9ZKN_wvFedT3rbKoKYdHUYwN3HZNfiqgdzQg==
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP
Hash 4eb6b6b44e82e088f27dd5c58edc5114
8fe2d591d197f4708f525b2b6fd094c1496020aa
6cb700348b7cf57e7d24579c4fdf1ace1027137006e00f2b6a9ed0a7dc8ada88
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
wisehowronspar.com/WHMzc0I5EVAefTlOUVU3Kh8OVnAeVgE1JmoZVAN6aR5ZBCU/CkFdITQcRhckKhxdB2w2FkdWcB41fTcLaClkHxoAJVw3FDMxUSYEMCFyMgcfJgIUEQ82UDgAaCJjERMKIWsECAwySj0YPBt6IQdpMmMxBxU1ZSU6DCR2ShAANVcqFRo5ZyYDPCZyMRAaMXUhGAAmBz4ADhtnNhQ7BXIhNR0idQAHHxh+PgBpMVciOgI+cRQIOTZmBAUZFGUlEC8iazE7PD5xFAgcN3IQARobdSQJIDZyMQBpFXIxIRA5AwQFGRhqJxYZF0kxFA4QdBQLPCJ1AAcOJR42BRkfQCsAMT1RMQMVNmUlJR0ySzUaDyV5ERA/MmMkcjchZQp6HjJUNQ4PIXk7AQ4iFRkxNx1DThs5S1hDJT45Xjc
200 OK 1.2 kB URL HTTP/1.1 wisehowronspar.com/WHMzc0I5EVAefTlOUVU3Kh8OVnAeVgE1JmoZVAN6aR5ZBCU/CkFdITQcRhckKhxdB2w2FkdWcB41fTcLaClkHxoAJVw3FDMxUSYEMCFyMgcfJgIUEQ82UDgAaCJjERMKIWsECAwySj0YPBt6IQdpMmMxBxU1ZSU6DCR2ShAANVcqFRo5ZyYDPCZyMRAaMXUhGAAmBz4ADhtnNhQ7BXIhNR0idQAHHxh+PgBpMVciOgI+cRQIOTZmBAUZFGUlEC8iazE7PD5xFAgcN3IQARobdSQJIDZyMQBpFXIxIRA5AwQFGRhqJxYZF0kxFA4QdBQLPCJ1AAcOJR42BRkfQCsAMT1RMQMVNmUlJR0ySzUaDyV5ERA/MmMkcjchZQp6HjJUNQ4PIXk7AQ4iFRkxNx1DThs5S1hDJT45Xjc
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3016), with no line terminators
Hash b17df9c0b9b18dbb983c80d4147a260b
4c8852ce5fc3b78d6bb402c99d1c93505caa48e4
21227b14ce48ca76fdee89c4efeb713236a595094b15058f307c55550950b90c
GET /WHMzc0I5EVAefTlOUVU3Kh8OVnAeVgE1JmoZVAN6aR5ZBCU/CkFdITQcRhckKhxdB2w2FkdWcB41fTcLaClkHxoAJVw3FDMxUSYEMCFyMgcfJgIUEQ82UDgAaCJjERMKIWsECAwySj0YPBt6IQdpMmMxBxU1ZSU6DCR2ShAANVcqFRo5ZyYDPCZyMRAaMXUhGAAmBz4ADhtnNhQ7BXIhNR0idQAHHxh+PgBpMVciOgI+cRQIOTZmBAUZFGUlEC8iazE7PD5xFAgcN3IQARobdSQJIDZyMQBpFXIxIRA5AwQFGRhqJxYZF0kxFA4QdBQLPCJ1AAcOJR42BRkfQCsAMT1RMQMVNmUlJR0ySzUaDyV5ERA/MmMkcjchZQp6HjJUNQ4PIXk7AQ4iFRkxNx1DThs5S1hDJT45Xjc HTTP/1.1
Host: wisehowronspar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1166
Connection: keep-alive
Date: Thu, 08 Dec 2022 04:01:45 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 ff51bc3614c373d274030fe4ca1a34fc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: CnXXz8PMtRtzJuj2XW8-a_HJBYqeGmgSsRU-YYNoTJzZ_TabqSebLQ==
ocsp.digicert.com/
200 OK 279 B IP
Hash bdb7258c93b1966efa9cfaa0db1a066d
97e9dccd115f9bb4a26717b3d653d4ed9e474b9a
7b60369a983e68fa2c4085c520093c266216e13020a03935582bacf0bc87c9d6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3788
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:45 GMT
Last-Modified: Thu, 08 Dec 2022 02:58:37 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
thethesmahat.com/djVTV1ZZCjAkaztyYhMAHGwbADgSQBIGEC9QPjQSN1knZAwBZHUjPxIIa2VkQwdncSYfUW5mcAVBMiMjBQhicT8YUzxqcAAIYnllQhtgZnhHEyZqZ1BBIzYxSwR1JyICWW5mYEEFZ2BkRwVnb2VG
204 No Content 0 B URL HTTP/2 thethesmahat.com/djVTV1ZZCjAkaztyYhMAHGwbADgSQBIGEC9QPjQSN1knZAwBZHUjPxIIa2VkQwdncSYfUW5mcAVBMiMjBQhicT8YUzxqcAAIYnllQhtgZnhHEyZqZ1BBIzYxSwR1JyICWW5mYEEFZ2BkRwVnb2VG
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /djVTV1ZZCjAkaztyYhMAHGwbADgSQBIGEC9QPjQSN1knZAwBZHUjPxIIa2VkQwdncSYfUW5mcAVBMiMjBQhicT8YUzxqcAAIYnllQhtgZnhHEyZqZ1BBIzYxSwR1JyICWW5mYEEFZ2BkRwVnb2VG HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 08 Dec 2022 04:01:45 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WSYbEn55t8aAO4evIcUClVcOgol73JNCoKJpWIZTwGEiW95RPcaBIqpKrUF7K%2BzxgrpYyrscKeUuNxPd3aVuLJhB7vKPJ6v2SzlEv6Ij8rs8%2FI5TqCO2Jdef2oJz9r0L69EW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77629a03ada0b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thethesmahat.com/WVVHZmN2aiQVXgNlETM3axMfAg4fYRJXMWsMDzw1DDsNCAVoNmESCj1of15abWxzQBMwMXpXRSohJhIWKmh2QAo3MyhbRS9odkhQbXt0V01oczJbUn8hNwcEZGRhFhctOXpXVW5lc1FRaGVzXlRt
204 No Content 0 B URL HTTP/2 thethesmahat.com/WVVHZmN2aiQVXgNlETM3axMfAg4fYRJXMWsMDzw1DDsNCAVoNmESCj1of15abWxzQBMwMXpXRSohJhIWKmh2QAo3MyhbRS9odkhQbXt0V01oczJbUn8hNwcEZGRhFhctOXpXVW5lc1FRaGVzXlRt
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WVVHZmN2aiQVXgNlETM3axMfAg4fYRJXMWsMDzw1DDsNCAVoNmESCj1of15abWxzQBMwMXpXRSohJhIWKmh2QAo3MyhbRS9odkhQbXt0V01oczJbUn8hNwcEZGRhFhctOXpXVW5lc1FRaGVzXlRt HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 08 Dec 2022 04:01:45 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O0UhtnRjSkulDK0%2FdlhFH1HNhLOC4aS69QSWHHkMIFnWqj9GhZKco%2FnERKX0vWfhYK2gz2wmNillifvl3NolG2EZBCekpvtl48OcfcmLARMPxG3TjOJFrGM67Q%2BPquUPULVH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77629a03ddb0b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP
Hash 4eb6b6b44e82e088f27dd5c58edc5114
8fe2d591d197f4708f525b2b6fd094c1496020aa
6cb700348b7cf57e7d24579c4fdf1ace1027137006e00f2b6a9ed0a7dc8ada88
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
friendshipmale.com/sfp.js
200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 04:01:45 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 2b9743477230d1485c663953b7c46b8a
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Thu, 08 Dec 2022 04:01:45 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s1oGvpgwBpycVEAgxfaY4avrhF5BG%2B1v85h5CnRhhguvF1fx0TyL7wB796ekZtqcpZS6iYpD5qQkIm27U08sCQy18ZqKGl6mWBCHi0rf%2BaIIQdyVcZ0fLq%2BFx3fdlcrpQrdqcT0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77629a041cc5776b-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
d2jgp81mjwggyr.cloudfront.net/TWTFTUHc6Xj02SC1YN21PawNmYkN/WyA/GSkMHjsFE2UrGiIwd2YyPWECdSQNPQxjdhs4XzRtUTxfMG1Gf1A3MkptFycgGDIMPD4eLFIyIhUrQnUlFmRcPCoeNV0ydUUfBH1gUmsBeyceN1U8JwR8A2M+A3wDY2FHdwF2YzV8A2MnHjcHZ3VEGxRhYA9vBX-ZjNXwDYyIBfAISYUdsH2N5UmsBNDUUMl52YjFrAWJgR2gBYnVFaVc6IhI/Xit1RR8AY2VZaRcmbUY
200 OK 517 B URL HTTP/1.1 d2jgp81mjwggyr.cloudfront.net/TWTFTUHc6Xj02SC1YN21PawNmYkN/WyA/GSkMHjsFE2UrGiIwd2YyPWECdSQNPQxjdhs4XzRtUTxfMG1Gf1A3MkptFycgGDIMPD4eLFIyIhUrQnUlFmRcPCoeNV0ydUUfBH1gUmsBeyceN1U8JwR8A2M+A3wDY2FHdwF2YzV8A2MnHjcHZ3VEGxRhYA9vBX-ZjNXwDYyIBfAISYUdsH2N5UmsBNDUUMl52YjFrAWJgR2gBYnVFaVc6IhI/Xit1RR8AY2VZaRcmbUY
IP
File type ASCII text, with very long lines (711), with no line terminators
Hash 9f6a53895d75f7840c234003ace0c00a
0d5192a7643e978c6d3297341ccaf018b0d35ada
0679a6467d11143c0bbd44b2e60f5d1c7fa9bc0f569eef96ae516b61b68f078d
GET /TWTFTUHc6Xj02SC1YN21PawNmYkN/WyA/GSkMHjsFE2UrGiIwd2YyPWECdSQNPQxjdhs4XzRtUTxfMG1Gf1A3MkptFycgGDIMPD4eLFIyIhUrQnUlFmRcPCoeNV0ydUUfBH1gUmsBeyceN1U8JwR8A2M+A3wDY2FHdwF2YzV8A2MnHjcHZ3VEGxRhYA9vBX-ZjNXwDYyIBfAISYUdsH2N5UmsBNDUUMl52YjFrAWJgR2gBYnVFaVc6IhI/Xit1RR8AY2VZaRcmbUY HTTP/1.1
Host: d2jgp81mjwggyr.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wisehowronspar.com/
HTTP/1.1 200 OK
Content-Length: 517
Connection: keep-alive
Date: Thu, 08 Dec 2022 04:01:45 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hWaw3hmRGp5X0pRN8ekYHmlZy8Lp_FaHKYzT2ZoGYN828L20PIfppg==
thethesmahat.com/Z093NGxIcBRHUSolLUM4IAI2dSkPakVyOhAGNWc0Cx41dSomKhtlShMmEwlUU3xFAl1BPx5QUVZ3UUcYBjsCR1FWaR5aCghyUUJRVmFHGl5JfVFBUVZpA0QNAHJGEhwTOxsJXVF4RwBbVX5HAFRfdw
204 No Content 0 B URL HTTP/2 thethesmahat.com/Z093NGxIcBRHUSolLUM4IAI2dSkPakVyOhAGNWc0Cx41dSomKhtlShMmEwlUU3xFAl1BPx5QUVZ3UUcYBjsCR1FWaR5aCghyUUJRVmFHGl5JfVFBUVZpA0QNAHJGEhwTOxsJXVF4RwBbVX5HAFRfdw
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Z093NGxIcBRHUSolLUM4IAI2dSkPakVyOhAGNWc0Cx41dSomKhtlShMmEwlUU3xFAl1BPx5QUVZ3UUcYBjsCR1FWaR5aCghyUUJRVmFHGl5JfVFBUVZpA0QNAHJGEhwTOxsJXVF4RwBbVX5HAFRfdw HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 08 Dec 2022 04:01:45 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rY0Htr9jk%2Fsxwa7eONOyMwuO6sQdPyodrGhzhSXK7mDKoblhqfo5jSssgiEfrFcet0b9KiwLzRCht4BuUjlP6p%2FMZmdv0w%2FHKIJYZago4JWO%2FisF7AdxeS02kTuuA2gMnoWC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77629a044ddeb505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 2b30426b2ebadaeefe42e0df47296748
921c1e9f523c4ce527d56b6115c9ed68d5916757
abce6391e73f193d1338618d44d1e83403aeca6b58a280f08a6a6fa5baf6223a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=122899
Date: Thu, 08 Dec 2022 04:01:45 GMT
Etag: "63909596-1d7"
Expires: Fri, 09 Dec 2022 14:10:04 GMT
Last-Modified: Wed, 07 Dec 2022 13:31:02 GMT
Server: ECS (nyb/1D11)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: at12M_GyKEkMAcTmvICFHIKZ14b3dL-9u6OP43jcuD7ZBo7piGZ9hg==
Age: 2342
ocsp.sectigo.com/
200 OK 472 B IP
Hash 688b45eb160bc1d3c007143fd57ffca4
fc3d05405c60679f2916d4d7f9456f66ee17b47e
fc2909dede0f02f33d873592a40c1617f8097be4e23990e4bde7806b2811c369
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 04:01:45 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 04:52:36 GMT
Expires: Mon, 12 Dec 2022 04:52:35 GMT
Etag: "fc3d05405c60679f2916d4d7f9456f66ee17b47e"
Cache-Control: max-age=348049,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77629a04dfc9b4f3-OSL
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 0a7f3569daca0714122cf2c2e2145763
a286adaa66480bb99214659c2e78f26723eec5cf
24153f851e57ee0c86efdb33ee350e608e1e1eb67a8e481afca65ffaafdaada9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "24153F851E57EE0C86EFDB33EE350E608E1E1EB67A8E481AFCA65FFAAFDAADA9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3308
Expires: Thu, 08 Dec 2022 04:56:53 GMT
Date: Thu, 08 Dec 2022 04:01:45 GMT
Connection: keep-alive
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash f5605e5d2faf9b9c8d26485ac30b0ee7
64d1772a586286b934c7f4c57abe191ef80f05ea
fc7b2fb5b33c138cb6c613f5256a202805f259408265425cbfd77a162d27ccb4
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:45 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=9d2430dc-d569-41c6-8731-ffb47321d495:2:1; expires=Sun, 05 Dec 2032 04:01:45 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
200 OK 5.2 kB URL HTTP/2 cdntechone.com/stattag.js
IP
File type ASCII text, with very long lines (12932), with no line terminators
Hash e5afbfab418e916fd9c4384807d0e86c
8b519749c57b18d4db5e6569806584000b56c5c0
32da83c2e167401567d74561c6e432b8a49796f1f2b9e5587ef00f2e587974f1
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:45 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5916
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MXxUeYRmEipAIfzlBvtMH10O3rQYkOqJgKZf3vJh1dNZLdw9RAM%2Boba%2F07NCDvbNl20thL%2FlYVvwumoGDgQ5Ph7lvixeJpetZxPQ10m89OZEFQ1%2B0sLKsGyqVrh%2FLMwODA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77629a02bffbb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d2jgp81mjwggyr.cloudfront.net/FNDI0ZWlXXVoDVkBbUFhRAAEGU1gSWEcKB0QPbQRRXwJTAyNZdhIRE1APBEMFVVxTWE9RXFdYWBJTUAdUABRBBFRZXU4MBVhTEVcvARwEQFsEGkMMB1BdQxZMBgJaEUwGAgVVRwQXBydMBgJDDAcCBhFWKxEABB1fABcHJ0wGAkYTTAdzBVVcGgIdQFsEVV-EGAlsXBiNbBAMEVVgEAxFXWVJbRgAPW0oRVy8FAgFLWRJHCVQ
200 OK 185 B URL HTTP/1.1 d2jgp81mjwggyr.cloudfront.net/FNDI0ZWlXXVoDVkBbUFhRAAEGU1gSWEcKB0QPbQRRXwJTAyNZdhIRE1APBEMFVVxTWE9RXFdYWBJTUAdUABRBBFRZXU4MBVhTEVcvARwEQFsEGkMMB1BdQxZMBgJaEUwGAgVVRwQXBydMBgJDDAcCBhFWKxEABB1fABcHJ0wGAkYTTAdzBVVcGgIdQFsEVV-EGAlsXBiNbBAMEVVgEAxFXWVJbRgAPW0oRVy8FAgFLWRJHCVQ
IP
File type ASCII text, with no line terminators
Hash 0db27096b947d2afa69fb6e32514df7d
0cb5b6b93a18b3b0403a989372eaf8f6ccf66089
70b79347d657bd3885227800666d2bcf57ee73a3d39c07194de131bfdbd7b2ab
GET /FNDI0ZWlXXVoDVkBbUFhRAAEGU1gSWEcKB0QPbQRRXwJTAyNZdhIRE1APBEMFVVxTWE9RXFdYWBJTUAdUABRBBFRZXU4MBVhTEVcvARwEQFsEGkMMB1BdQxZMBgJaEUwGAgVVRwQXBydMBgJDDAcCBhFWKxEABB1fABcHJ0wGAkYTTAdzBVVcGgIdQFsEVV-EGAlsXBiNbBAMEVVgEAxFXWVJbRgAPW0oRVy8FAgFLWRJHCVQ HTTP/1.1
Host: d2jgp81mjwggyr.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wisehowronspar.com/
HTTP/1.1 200 OK
Content-Length: 185
Connection: keep-alive
Date: Thu, 08 Dec 2022 04:01:45 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 0ap509lf5mWibbGSXkJll7udqxIdxbAeEQNjvbZnB2iCHjqnMOV0ww==
sweptpeculiar.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
200 OK 29 kB URL HTTP/1.1 sweptpeculiar.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 2a0f330e6eab4775cf0dbd37333fce0d
120c3864ef0237ab9c393a2fa81a52b02fa8359a
569e31221e78dbf426246f9aba54b59aabea7f449281eb31d05d9ad0b64b09b2
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/ed/da/e3edda287db626ee1ba52321f203a61e.js HTTP/1.1
Host: sweptpeculiar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 04:01:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0d2a535301c9f5370f4db20a0d00c33c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 03:07:55 GMT
age: 3230
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
d2jgp81mjwggyr.cloudfront.net/7VmVsWmU1CgI8WiIMCGddblxYY1FwDx81CyZYKRscLisFPAoSQxggAWtVSjYEOAJRfAA4BlFrQzcBDmdRcBEcNQ5rCgIzEDUEHjgXJUMZO1g7ChYzCToESWgjY0tcf1dmTRszCzIKGylAZFUCLkBkVV1qS2ZAXxhAZFUbMwtgUUlpJ3NXXCJTYkBfGEBkVR-4sQGUkXWpQeFVFf1dmAgk5DjlAXhxXZlRcalRmVEloVTAMHj8DOR1JaCNnVVl0VXAQUWs
200 OK 622 B URL HTTP/1.1 d2jgp81mjwggyr.cloudfront.net/7VmVsWmU1CgI8WiIMCGddblxYY1FwDx81CyZYKRscLisFPAoSQxggAWtVSjYEOAJRfAA4BlFrQzcBDmdRcBEcNQ5rCgIzEDUEHjgXJUMZO1g7ChYzCToESWgjY0tcf1dmTRszCzIKGylAZFUCLkBkVV1qS2ZAXxhAZFUbMwtgUUlpJ3NXXCJTYkBfGEBkVR-4sQGUkXWpQeFVFf1dmAgk5DjlAXhxXZlRcalRmVEloVTAMHj8DOR1JaCNnVVl0VXAQUWs
IP
File type ASCII text, with very long lines (873), with no line terminators
Hash 163883b736deb64bd76f9839e1fb386f
1a62f4f62b8a32e84c7d6c5cbda222800a54992f
259624705f9428f103158c36c782203098dd608fe557402ec2b480619ffa36a1
GET /7VmVsWmU1CgI8WiIMCGddblxYY1FwDx81CyZYKRscLisFPAoSQxggAWtVSjYEOAJRfAA4BlFrQzcBDmdRcBEcNQ5rCgIzEDUEHjgXJUMZO1g7ChYzCToESWgjY0tcf1dmTRszCzIKGylAZFUCLkBkVV1qS2ZAXxhAZFUbMwtgUUlpJ3NXXCJTYkBfGEBkVR-4sQGUkXWpQeFVFf1dmAgk5DjlAXhxXZlRcalRmVEloVTAMHj8DOR1JaCNnVVl0VXAQUWs HTTP/1.1
Host: d2jgp81mjwggyr.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wisehowronspar.com/
HTTP/1.1 200 OK
Content-Length: 622
Connection: keep-alive
Date: Thu, 08 Dec 2022 04:01:45 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jWXqPoS_gAte9moasj4F3RmyS2c2p1YeDAZF9_fPjWKeHkLHDNV6pA==
pogothere.xyz/
200 OK 44 kB IP
File type ASCII text, with no line terminators
Hash ece2fef15820424d9aa2dfd3437c8223
7ca92985332cf47bf83fb7c7483c54052cbd69e6
55cd19464bcda0a8c8f983903d40bff438a5fbda1f21c41c312b62b4f3646d15
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:45 GMT
content-type: text/plain
set-cookie: csu=1269744197610664@1@1670472105; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7v1c0YzsYEMiNjNM6G2ccJf6vKrCRED9nrcm9YOz0N4EWFKDKbJCd99n84iq4PiaR5x2DnIKmbEFdJ8gRBk8PaYg1nAQNEv5TpR%2BD7uuwgpihgFE1dFi8CajNhSmukj3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77629a049a3324d4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash f5605e5d2faf9b9c8d26485ac30b0ee7
64d1772a586286b934c7f4c57abe191ef80f05ea
fc7b2fb5b33c138cb6c613f5256a202805f259408265425cbfd77a162d27ccb4
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Cookie: uid_id2=9d2430dc-d569-41c6-8731-ffb47321d495:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:45 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3566
Cache-Control: max-age=108270
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:46 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:06:16 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
addresseepaper.com/sfp.js
200 OK 2.6 kB URL HTTP/1.1 addresseepaper.com/sfp.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Hash 41f66bb0ac50f2d851236170e7c71341
59bcec216302151922219b51be8ad8ab6d0b8384
ec99cca58b612ce268e6ada818dfcec0acc22dd1bbe372487be9abbdd07ce073
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 08 Dec 2022 04:01:46 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:21 GMT
ETag: "638fbef9-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_ksH1sTc9EjXCmWZup74uFSR+dkwy0KAqHyDjqCX5+b0zeGjsBDwHGeUXqHO1YTnGXNMqi9DZqRg/7nsDREvaAw
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google
foundfroshelves.com/pixel/purst?dl=0&th=0&sc=0&rs=1178&rd=1178&fd=343&bv=22.10.v.10&tmpl=136
200 OK 0 B URL HTTP/1.1 foundfroshelves.com/pixel/purst?dl=0&th=0&sc=0&rs=1178&rd=1178&fd=343&bv=22.10.v.10&tmpl=136
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1178&rd=1178&fd=343&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: foundfroshelves.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 04:01:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/dependencies_hbv4_latest/vdo.min.js?v=v2.2 HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Dec 2022 04:01:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 08 Dec 2022 05:01:46 GMT
Location: https://a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eCjx2cRpDGBfLHWT5R2j17BSyRlIFEDZYLdA7kJ2OYWwJ%2BaCyq8567agKDdynKjCU%2Bw5%2F9Hd5QMcMV3QyHslg%2FsHuepnU3soX%2FnDGVuImLuQcxvj5RFD89FWUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77629a07ce13769d-LHR
alt-svc: h2=":443"; ma=60
thethesmahat.com/popunder.gif
301 Moved Permanently 0 B URL HTTP/1.1 thethesmahat.com/popunder.gif
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Dec 2022 04:01:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 08 Dec 2022 05:01:46 GMT
Location: https://thethesmahat.com/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cyI5i692I8JQViKGrCtAFlaj6OnZC2kaTJC1NXxgjt0f9EiPN3lsTn05Ep3urYzphec0u%2F93AY9I%2Fs22Uxr%2BDqP%2Bnh%2B%2BQXfcbOTgNQCsDuWy4XEFJzOoHx5uMaAUAKCjeiVP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77629a0809690b61-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8e2262c4ef5db0228091c3d8871b6828
72ca720f2a972f42d6c7913c57ec1c19e23ba608
7046e66b0fce348a957c3eac37394f072fd3c3f344dc548c0474f7db8f8ad438
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7046E66B0FCE348A957C3EAC37394F072FD3C3F344DC548C0474F7DB8F8AD438"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10601
Expires: Thu, 08 Dec 2022 06:58:27 GMT
Date: Thu, 08 Dec 2022 04:01:46 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Bk7pA/wiI/M14CHuXq1Plg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BaDCT1L8asc7FCkJLLByjyxJ1P4=
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash c60c2123426686d7a152be20d9fc69a5
7e70926256b7ea6310a2ed5ddfab288699f93974
a4e03dcf4daba37f345242c687a2956f3af01f8955f94a455209ca274e18fe65
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A4E03DCF4DABA37F345242C687A2956F3AF01F8955F94A455209CA274E18FE65"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1483
Expires: Thu, 08 Dec 2022 04:26:29 GMT
Date: Thu, 08 Dec 2022 04:01:46 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
200 OK 149 kB URL HTTP/1.1 www.google-analytics.com/analytics.js
IP
Size 149 kB (149193 bytes)
Hash 4471c5c8a1d9994e658b3ac9cf267dae
a8781cd77372161fb1c23352a8e561066067f5c1
097e4040b77aa49a36e469a000aa9e03324056e4e815641dae161680ed91aa82
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20039
Date: Thu, 08 Dec 2022 02:13:35 GMT
Expires: Thu, 08 Dec 2022 04:13:35 GMT
Cache-Control: public, max-age=7200
Age: 6491
Last-Modified: Tue, 27 Sep 2022 22:01:05 GMT
Content-Type: text/javascript
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 82cd1ce897294f8b6283690009066d4d
239c6d29c3574a2b4d591729f0ec5691875f1649
9141e07fa8daf3d95d50d43ad596b80e671693a4dd268f39cc83456cd07e93af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
imasdk.googleapis.com/js/sdkloader/ima3.js
200 OK 127 kB URL HTTP/1.1 imasdk.googleapis.com/js/sdkloader/ima3.js
IP
File type ASCII text, with very long lines (2791)
Size 127 kB (126815 bytes)
Hash e6ce6730b0e7cfe4cc995926ca00e5b9
78a31d1c17bce48b0fc1ffe4580166fc9d21de25
263312f99ed53981d3f885c3af5e34d0b579f55718f8e8352f9431bc437fb225
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Content-Length: 126815
Date: Thu, 08 Dec 2022 04:01:46 GMT
Expires: Thu, 08 Dec 2022 04:01:46 GMT
Cache-Control: private, max-age=900, stale-while-revalidate=3600
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
ocsp.digicert.com/
200 OK 471 B IP
Hash 3041a0828d1aeb289bac655852c04bbb
e7ac7db3b4861c0c269170a4b9f9cfcc07f30647
07600c5e37975e1e64911afe5150beb53526a4c552295fec54cda73347ebd833
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4035
Cache-Control: max-age=87838
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:46 GMT
Etag: "63900605-1d7"
Expires: Fri, 09 Dec 2022 04:25:44 GMT
Last-Modified: Wed, 07 Dec 2022 03:18:29 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 82cd1ce897294f8b6283690009066d4d
239c6d29c3574a2b4d591729f0ec5691875f1649
9141e07fa8daf3d95d50d43ad596b80e671693a4dd268f39cc83456cd07e93af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 41fc261ed7ad069dc3c2ddb5c5cbb976
7b8b2bcbbb82466b85af86257d9f361c54c228a1
5ef57a4d057b9edc02a1b2a36d947d0b1f3470e6d9ad45b5984b378e0f1b0435
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5EF57A4D057B9EDC02A1B2A36D947D0B1F3470E6D9AD45B5984B378E0F1B0435"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20434
Expires: Thu, 08 Dec 2022 09:42:20 GMT
Date: Thu, 08 Dec 2022 04:01:46 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 08 Dec 2022 02:46:55 GMT
expires: Thu, 08 Dec 2022 04:46:55 GMT
cache-control: public, max-age=7200
age: 4491
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 859edce23d484f06db3419501d542924
08c0bdf7544936d3a16d7fd1bb5e0c800da82c74
de6f59d096df0cf071bd9ed6b9aba63ff43e1f2f6cf77eddbb94955f68912482
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 08 Dec 2022 04:01:46 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1745492590%3A1670472106652951&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4wn5tLL8pqmegrK0gPc5G_K0C7sv7-7n7ah5f4RbJFAFeEmLnJljf3VXecULbDQCc21CuUzg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-hskCqNSZDJf_kD_t5K5OBQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:_oCrkSQmvCF1Uddxa2bU9k5MSOwt5Q:JGB4mTicYUXjn247;Path=/;Expires=Sat, 07-Dec-2024 04:01:46 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j98&a=203311159&t=timing&_s=1&dl=http%3A%2F%2Fexee.app%2Fapkeditor&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=274&_u=YEDAAUABCAAAACAAI~&jid=1476439989&gjid=12042375&cid=1917799588.1670472106&tid=UA-113932176-41&_gid=253538809.1670472106&_r=1>m=2oubu0&z=1085419865
200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=203311159&t=timing&_s=1&dl=http%3A%2F%2Fexee.app%2Fapkeditor&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=274&_u=YEDAAUABCAAAACAAI~&jid=1476439989&gjid=12042375&cid=1917799588.1670472106&tid=UA-113932176-41&_gid=253538809.1670472106&_r=1>m=2oubu0&z=1085419865
IP
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=203311159&t=timing&_s=1&dl=http%3A%2F%2Fexee.app%2Fapkeditor&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=274&_u=YEDAAUABCAAAACAAI~&jid=1476439989&gjid=12042375&cid=1917799588.1670472106&tid=UA-113932176-41&_gid=253538809.1670472106&_r=1>m=2oubu0&z=1085419865 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: http://exee.app
date: Thu, 08 Dec 2022 04:01:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2Fapkeditor&tag=v-exee-app&domain=exee.app
200 OK 2.1 kB URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2Fapkeditor&tag=v-exee-app&domain=exee.app
IP
File type JSON data\012- , ASCII text, with very long lines (9656)
Hash 8e054d83fdc7cb9ac6357a9709b58f2d
3cef57b71e8a1bbcf5abc8265b80a22d3ee9c559
0d229803ccaf07ed9aff7ed58a19b467cd2b37bd416de0a01310f426471d7adc
GET /allowed_url.php?type=json&url=exee.app%2Fapkeditor&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:46 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6HMsEs%2Fln2KRIijz%2FNOCkBhYruwXJSPQUGEArXs5FHtH%2Ff4ASLCp0kLYCgoTvWYZ15D8sFZ6AahAAzuaPs%2FO5EB25s6lokynItoWnNfM4ONJjn%2BxicsGY7w5bTUdPr2p5%2FMk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77629a067a6d23d7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
analytics.vdo.ai/logger
200 OK 4.1 kB IP
Hash 921336bec30954a66dd940f4c1c88d06
f9b4d3aa6b4727c65200bbf335d6295a3659423b
9325fbc98677a226ce8f5b7d85e5456ad4053d3e35cfbb79431f07f8e7154767
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 127
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:46 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2By63P8VlFtrn56AE2T7iqofwKs%2FHufx7hY%2Bv%2BMu9t9U%2FlkU1gCV6JmfH2eAoDZhI8cFH2h6FMm8ZljpN9%2BH%2FI%2B1N%2Bo1hh%2BUN62%2FtOVtQiUhPa5wZ5gRH9YEnLAkh7iFqCSZP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77629a065c7a23d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 3041a0828d1aeb289bac655852c04bbb
e7ac7db3b4861c0c269170a4b9f9cfcc07f30647
07600c5e37975e1e64911afe5150beb53526a4c552295fec54cda73347ebd833
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4035
Cache-Control: max-age=87838
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:46 GMT
Etag: "63900605-1d7"
Expires: Fri, 09 Dec 2022 04:25:44 GMT
Last-Modified: Wed, 07 Dec 2022 03:18:29 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
a.vdo.ai/core/assets/vdo.player.js
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/assets/vdo.player.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/assets/vdo.player.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Dec 2022 04:01:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 08 Dec 2022 05:01:46 GMT
Location: https://a.vdo.ai/core/assets/vdo.player.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=83VJmmPQoDg7oL%2BKjdhHDgKuIkXjahZdhudPbNz%2Fg2yOuTaZfq0RWbnF8T%2F3Dac56C4FGtyz%2B2%2Fa0743T5AqvCQLEXnwUlDZfLkcQNEo6hOW6GSLUy%2FvacxdUw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77629a0bb841769d-LHR
alt-svc: h2=":443"; ma=60
a.vdo.ai/core/assets/rtb_v6.24.1.js
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/assets/rtb_v6.24.1.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/assets/rtb_v6.24.1.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Dec 2022 04:01:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 08 Dec 2022 05:01:46 GMT
Location: https://a.vdo.ai/core/assets/rtb_v6.24.1.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w%2BNvcQk07bC9nNHvj54Pi3r3UQVxvgDv3Vtzp4Rgev6ca7rQSO1vKrz%2BZEEG1Vl%2Brdju9gFTdWzRZIriHYFJOTN9yV0dldaWTJKBmgw04ihWBpGTabbBsssp5w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77629a0bdd0423d7-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 200fbab5e89aa7def1734122074b4394
5d14c5617b8c4901253e37177d9b7e9c7caadc54
a71b25190bb6ff84eeca8da0a090a7f51e6c703f190efb94bec0dd7ab5f272da
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A71B25190BB6FF84EECA8DA0A090A7F51E6C703F190EFB94BEC0DD7AB5F272DA"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6611
Expires: Thu, 08 Dec 2022 05:51:57 GMT
Date: Thu, 08 Dec 2022 04:01:46 GMT
Connection: keep-alive
sweptpeculiar.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3kQQvajsxYM4eFKQSffMdJLZRRbjGgnGJO6u5Fy%2FelKmuqqp6p6eBITggix4mb157HyTHxgXdf8AQSZeJCA4HjQH8w94U9izzGRg9EH3e1997%2FB9770vDosrEqKgl1sf2X2lNV2I62HtzW1lhC19beNBLQrr4e3atjKLrdu13vjnureiMK6Hb9U%2BkHzXLjTCKAyjMKqtKicT21uYsFDZk3ZUb4f1VqMexS303P%2BxLwJ4GkB0r8grUGL03M7PT6H4ECb9%2Fq70u7nN3n4%2FLTTNrUNXnH5ido0tDdJZmbgAiTmddsP6ESFf3YA1p1MHsN2jsQMwNSLB7xGYOZ3KBOseXytlGtKAiRdRdoeQeghFh%2BD2IZT4lQBcYGMTJj3ZsK6ke9csHbMjMv%2FsH6hyROb%2FvAmTfruiVa923%2BoiV9Z49JIKqjeE6gyRFefI9wOo8hw8%2FxxK%2FEIWnq3DpEebXlsoUU3cKzWESobQsg%2FqAxTjTwUokgBFFiAVlzUat5MwXEpY0mwutzjnzSbn8fKiiEWztZyEKPhYXh951gfXfXB3gMwdYFf14Yof4XcqeBHA5yMSfHyArqhQSoLSE5SUoFQEZU5QdqtjoX3DVydC%2B4JF09yY5mY1sHnnkB7bvCMNOcyuyMvjuQQvnd3ErrysJfFynCzGfJEvxlGjydqxEGGbyWajJWSTMXhVQfkbE6v7akTmPvsLmRqRGysLYPQcXp%2BDqzdAi9dAy8FSIwTdGbSWQ%2BybE9mTdWUhbIUsn0e%2BFxzqK%2FLqZDO3qu8g%2BcWdv5NJgLsKmavwqfqJoKMfDe7Zkhzds6UnTzezXKVqn463dj%2BnuZw7%2B1DuldaJtbu%2B%2F%2FW7fEyMyycPpM%2FXqRHKdDz5ZkUJId2qdVySH9b8tmRbhd9ZKZwpsvWt91bX0sxJ75U1Q9DxBT7%2FDrgakReqPyYX%2Bbr8EsoN4YoKaXFBpgFlz8GzA%2Fhspt9bAqdnPSwLUBbVwDXY7FErAi1nmLIK%2Fj%2BYzepD%2FwgdF4DmD2HSCl1XoasrUN2HL%2BYGeeYu7vzWnASYDgZMu%2BCIaacfXw%2FXq8uajJMwkWFDsqTNkiUainbSajPajuQSi2mE3I%2F4Y3r2LwAAAP%2F%2FAQAA%2F%2F9I5iYVaQQAAA%3D%3D
200 OK 8 B URL HTTP/1.1 sweptpeculiar.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3kQQvajsxYM4eFKQSffMdJLZRRbjGgnGJO6u5Fy%2FelKmuqqp6p6eBITggix4mb157HyTHxgXdf8AQSZeJCA4HjQH8w94U9izzGRg9EH3e1997%2FB9770vDosrEqKgl1sf2X2lNV2I62HtzW1lhC19beNBLQrr4e3atjKLrdu13vjnureiMK6Hb9U%2BkHzXLjTCKAyjMKqtKicT21uYsFDZk3ZUb4f1VqMexS303P%2BxLwJ4GkB0r8grUGL03M7PT6H4ECb9%2Fq70u7nN3n4%2FLTTNrUNXnH5ido0tDdJZmbgAiTmddsP6ESFf3YA1p1MHsN2jsQMwNSLB7xGYOZ3KBOseXytlGtKAiRdRdoeQeghFh%2BD2IZT4lQBcYGMTJj3ZsK6ke9csHbMjMv%2FsH6hyROb%2FvAmTfruiVa923%2BoiV9Z49JIKqjeE6gyRFefI9wOo8hw8%2FxxK%2FEIWnq3DpEebXlsoUU3cKzWESobQsg%2FqAxTjTwUokgBFFiAVlzUat5MwXEpY0mwutzjnzSbn8fKiiEWztZyEKPhYXh951gfXfXB3gMwdYFf14Yof4XcqeBHA5yMSfHyArqhQSoLSE5SUoFQEZU5QdqtjoX3DVydC%2B4JF09yY5mY1sHnnkB7bvCMNOcyuyMvjuQQvnd3ErrysJfFynCzGfJEvxlGjydqxEGGbyWajJWSTMXhVQfkbE6v7akTmPvsLmRqRGysLYPQcXp%2BDqzdAi9dAy8FSIwTdGbSWQ%2BybE9mTdWUhbIUsn0e%2BFxzqK%2FLqZDO3qu8g%2BcWdv5NJgLsKmavwqfqJoKMfDe7Zkhzds6UnTzezXKVqn463dj%2BnuZw7%2B1DuldaJtbu%2B%2F%2FW7fEyMyycPpM%2FXqRHKdDz5ZkUJId2qdVySH9b8tmRbhd9ZKZwpsvWt91bX0sxJ75U1Q9DxBT7%2FDrgakReqPyYX%2Bbr8EsoN4YoKaXFBpgFlz8GzA%2Fhspt9bAqdnPSwLUBbVwDXY7FErAi1nmLIK%2Fj%2BYzepD%2FwgdF4DmD2HSCl1XoasrUN2HL%2BYGeeYu7vzWnASYDgZMu%2BCIaacfXw%2FXq8uajJMwkWFDsqTNkiUainbSajPajuQSi2mE3I%2F4Y3r2LwAAAP%2F%2FAQAA%2F%2F9I5iYVaQQAAA%3D%3D
IP
File type ASCII text, with no line terminators
Hash 3906cd80742de180e89653ddef72bca2
0e87a2f73be3c8ce3f316065a79017c20ad8f09c
3f57726bc10fc28cad1488d3a34f23ef3d0ef64fee7074493308205868b2c8e5
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3kQQvajsxYM4eFKQSffMdJLZRRbjGgnGJO6u5Fy%2FelKmuqqp6p6eBITggix4mb157HyTHxgXdf8AQSZeJCA4HjQH8w94U9izzGRg9EH3e1997%2FB9770vDosrEqKgl1sf2X2lNV2I62HtzW1lhC19beNBLQrr4e3atjKLrdu13vjnureiMK6Hb9U%2BkHzXLjTCKAyjMKqtKicT21uYsFDZk3ZUb4f1VqMexS303P%2BxLwJ4GkB0r8grUGL03M7PT6H4ECb9%2Fq70u7nN3n4%2FLTTNrUNXnH5ido0tDdJZmbgAiTmddsP6ESFf3YA1p1MHsN2jsQMwNSLB7xGYOZ3KBOseXytlGtKAiRdRdoeQeghFh%2BD2IZT4lQBcYGMTJj3ZsK6ke9csHbMjMv%2FsH6hyROb%2FvAmTfruiVa923%2BoiV9Z49JIKqjeE6gyRFefI9wOo8hw8%2FxxK%2FEIWnq3DpEebXlsoUU3cKzWESobQsg%2FqAxTjTwUokgBFFiAVlzUat5MwXEpY0mwutzjnzSbn8fKiiEWztZyEKPhYXh951gfXfXB3gMwdYFf14Yof4XcqeBHA5yMSfHyArqhQSoLSE5SUoFQEZU5QdqtjoX3DVydC%2B4JF09yY5mY1sHnnkB7bvCMNOcyuyMvjuQQvnd3ErrysJfFynCzGfJEvxlGjydqxEGGbyWajJWSTMXhVQfkbE6v7akTmPvsLmRqRGysLYPQcXp%2BDqzdAi9dAy8FSIwTdGbSWQ%2BybE9mTdWUhbIUsn0e%2BFxzqK%2FLqZDO3qu8g%2BcWdv5NJgLsKmavwqfqJoKMfDe7Zkhzds6UnTzezXKVqn463dj%2BnuZw7%2B1DuldaJtbu%2B%2F%2FW7fEyMyycPpM%2FXqRHKdDz5ZkUJId2qdVySH9b8tmRbhd9ZKZwpsvWt91bX0sxJ75U1Q9DxBT7%2FDrgakReqPyYX%2Bbr8EsoN4YoKaXFBpgFlz8GzA%2Fhspt9bAqdnPSwLUBbVwDXY7FErAi1nmLIK%2Fj%2BYzepD%2FwgdF4DmD2HSCl1XoasrUN2HL%2BYGeeYu7vzWnASYDgZMu%2BCIaacfXw%2FXq8uajJMwkWFDsqTNkiUainbSajPajuQSi2mE3I%2F4Y3r2LwAAAP%2F%2FAQAA%2F%2F9I5iYVaQQAAA%3D%3D HTTP/1.1
Host: sweptpeculiar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Cookie: u_pl=17869332; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3842223]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 04:01:46 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 202c74274d7edb3ab7f07dc6ee8681d9
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b9083cdf8a3f174763927ae3e9ca3934
1d1ca843e0517b384f693ff52b55fcafc48f9ee7
0f42326e84100eb58e3ac1d2eb5e21f7f0ba3502ddea7f607627a465cc234801
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pogothere.xyz/asd100.bin
200 OK 102 kB IP
Size 102 kB (102435 bytes)
Hash 5321d99800d4d6cd2ebb6ca1cf8f5b7e
2c1dccc3423e04faa46b3a1ac9fed03b55c79cfe
fb63800cf7d715238c2d639791ce421af8b8e36a24a517bedd65065678758d88
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:45 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 07 Dec 2022 00:45:25 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pcsQrQh7mTnHHNHij05JdD03YL89TcYXTflkH97P7BcfzNgw962VmIyHZyzGnWEkP6b%2BPMDDQsRyPIFpdZUKoLkuLOFXy8Zc20D94hnONt3ZnIZ1YQuD%2Bczu83QhH9Ui"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77629a03a9c324d4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.youtube.com/iframe_api
200 OK 995 B URL HTTP/2 www.youtube.com/iframe_api
IP
File type ASCII text, with very long lines (509)
Hash 8f9cfa4652f7fce3729ed5d4019a665e
a7ab71dc2c04597938bb214a8deffc322c762bcf
a589a0d8e58ec1a70ba309751c327623f2f1c02c40f37eb25ea665cb99232a40
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Thu, 08 Dec 2022 04:01:47 GMT
date: Thu, 08 Dec 2022 04:01:47 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=6Yd_3U7K0Ek; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=KPk9YTRPT_Q; Domain=.youtube.com; Expires=Tue, 06-Jun-2023 04:01:47 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+333; expires=Sat, 07-Dec-2024 04:01:47 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
imasdk.googleapis.com/js/core/bridge3.548.0_en.html
200 OK 227 kB URL HTTP/1.1 imasdk.googleapis.com/js/core/bridge3.548.0_en.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (39845)
Size 227 kB (227263 bytes)
Hash e0a9d7285e89825a9cff16a31e9d2117
a190d490e6608e48ec77980963db2500422081c5
badef8adb68752a6c78a6affd02a609e767d64d8c44da0aac9c4b1c0bc265b9b
GET /js/core/bridge3.548.0_en.html HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Content-Length: 227263
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 18:02:53 GMT
Expires: Thu, 07 Dec 2023 18:02:53 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 06 Dec 2022 19:21:37 GMT
Content-Type: text/html
Age: 35934
a.vdo.ai/core/assets/img/logo.svg
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/assets/img/logo.svg
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/assets/img/logo.svg HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Dec 2022 04:01:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 08 Dec 2022 05:01:47 GMT
Location: https://a.vdo.ai/core/assets/img/logo.svg
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dg40BllVhgKs9Zm%2B9M5XTSbY1I7vGqRKJQGNI2qnsoptikoQJBKLOZPJ2LI7%2FQJJlvBCwk1HewhxgDx6b3FWesBqAai65D3K0rxZDoav%2FLQ%2BUIr9RRJ%2BrJR32g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77629a0f7ac0769d-LHR
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 03:43:07 GMT
expires: Thu, 08 Dec 2022 04:43:07 GMT
cache-control: public, max-age=3600
age: 1120
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10096
Expires: Thu, 08 Dec 2022 06:50:03 GMT
Date: Thu, 08 Dec 2022 04:01:47 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10096
Expires: Thu, 08 Dec 2022 06:50:03 GMT
Date: Thu, 08 Dec 2022 04:01:47 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10096
Expires: Thu, 08 Dec 2022 06:50:03 GMT
Date: Thu, 08 Dec 2022 04:01:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F525e2750-67bb-410b-9408-34845ca67f18.jpeg
200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F525e2750-67bb-410b-9408-34845ca67f18.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1cfd2bbdab3f88f525c53c375a0e0439
b0a5af508496c98460212497f6e75a0ddfc7f2de
9fd863a6e673c348b4e5cbc3e4747d48e87b4699e9fed7ae9590e36ae72ad9c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F525e2750-67bb-410b-9408-34845ca67f18.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6746
x-amzn-requestid: 50f40893-5343-473d-96ff-e59b0c7ec77e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy3_pFx6oAMF1cA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639106ca-79cff8fe348074d505426909;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: s4Zf3VmA9ybuz7NQdvaolSHSFvGyZ0niRgZtogYnTNWEatHRouG3Sw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:01:55 GMT
age: 21592
etag: "b0a5af508496c98460212497f6e75a0ddfc7f2de"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6524c56-aea0-48f9-a1c0-2eb8b37618cc.jpeg
200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6524c56-aea0-48f9-a1c0-2eb8b37618cc.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39ae12151067969e63a9064a2b273e03
9450229c82f195e4b62c0862650dbb3d159b46e8
7b462d7f52643ca683c18d789d2adc4475c64e655489513a2faa1edbd69eecd3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6524c56-aea0-48f9-a1c0-2eb8b37618cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8401
x-amzn-requestid: f90a46ff-cf1f-4a27-a85c-088fdca3abb4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4BDF1zIAMF-EA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639106d3-7496cf2770c9b22924b2a11c;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R6ftXKYEOemnZcKjNanVHiKnPEQw34DUyLPODM5DCcqIGU50qVvNIA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:06:53 GMT
age: 21294
etag: "9450229c82f195e4b62c0862650dbb3d159b46e8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95d68d20-ce48-4bc4-a89b-d42a294520bc.jpeg
200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95d68d20-ce48-4bc4-a89b-d42a294520bc.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 077c8b656d9ac4ecba7aea40ecaa4e0c
84b9d58a1cf4174f1a55b1c3475a09d579094f19
abf13120589f3c11466a6b3f65874565a78b3a25b047b2089dafdae0cdf71c08
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95d68d20-ce48-4bc4-a89b-d42a294520bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6656
x-amzn-requestid: 623488c8-42b4-43d0-a274-f35f4e2695c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4AwH11IAMFfCw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639106d1-1226750c2e9dbe517b1211e3;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Wvq8PJEuXz7Yf5QE2phHXPYPCLWzIR1MXWiJKyN84yHINqK6H_ZQrQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:05:39 GMT
age: 21368
etag: "84b9d58a1cf4174f1a55b1c3475a09d579094f19"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: va_vly0iX6rzm_aTWrryPRjoTWlI-_0m6rpS6VrTx-nsd71dk1cSZw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 06:11:41 GMT
age: 78606
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57be99ac898a37d73f2ba4a24f56248f
04e32eb45581201a6a1863200e4d139df48285e6
a20081b64fc019372843360b15aa3461ec9dd3deb50ab398bca0a5e74d5468c2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12534
x-amzn-requestid: 2a01f2ba-cf3a-4f59-8339-214c66bcc0d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czDbyGTcoAMF_TQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911918-5d3eba8d01e4175a71acc6cd;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:52:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NoZlZ8WFfOuIbkWaC2pJPJQrWtjzz2gCHJWr-u-nMNYmu8MkTf6_PA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:03:58 GMT
age: 17869
etag: "04e32eb45581201a6a1863200e4d139df48285e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F234796b8-a59e-4174-a03a-b127b03b60eb.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F234796b8-a59e-4174-a03a-b127b03b60eb.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57a992ab666f21c6da0057fefb622ff2
c36381d6744ae44360b2a37ca7586028e980714b
afe4050d9b07dcab509c95eb8d75ca410db74bd59f39561e5d190550cb61503e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F234796b8-a59e-4174-a03a-b127b03b60eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13556
x-amzn-requestid: 3e79e2da-80ea-404c-8d87-939c7682dbe8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4h8EuUIAMFkIQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639107a5-68318f164708882a43fb0f12;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7RZTh3iQHGp_XffXQQw13UUWqPNZQFJ_e4pIvNPgAaA1aGy_cXMueA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:13:24 GMT
etag: "c36381d6744ae44360b2a37ca7586028e980714b"
content-type: image/jpeg
age: 20903
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash ca55b94db6b0f59786fb0373050d6769
99a4f9391898ff04c85b6ff8bdbd3b713b766767
84d9d61dc3d8e577c92834e7c81e25987c4d508dc1c0b55c5225ef766507b808
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 08 Dec 2022 04:01:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Dec 2022 18:32:17 GMT
Expires: Thu, 08 Dec 2022 18:32:17 GMT
ETag: "99a4f9391898ff04c85b6ff8bdbd3b713b766767"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash ca55b94db6b0f59786fb0373050d6769
99a4f9391898ff04c85b6ff8bdbd3b713b766767
84d9d61dc3d8e577c92834e7c81e25987c4d508dc1c0b55c5225ef766507b808
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 08 Dec 2022 04:01:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Dec 2022 18:32:17 GMT
Expires: Thu, 08 Dec 2022 18:32:17 GMT
ETag: "99a4f9391898ff04c85b6ff8bdbd3b713b766767"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash ca55b94db6b0f59786fb0373050d6769
99a4f9391898ff04c85b6ff8bdbd3b713b766767
84d9d61dc3d8e577c92834e7c81e25987c4d508dc1c0b55c5225ef766507b808
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 08 Dec 2022 04:01:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Dec 2022 18:32:17 GMT
Expires: Thu, 08 Dec 2022 18:32:17 GMT
ETag: "99a4f9391898ff04c85b6ff8bdbd3b713b766767"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
sweptpeculiar.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=130
200 OK 0 B URL HTTP/1.1 sweptpeculiar.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=130
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=130 HTTP/1.1
Host: sweptpeculiar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 04:01:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash bb40d555c4da9919cf19871eadd2fe47
3a5a9fe8d07331b9d155fd6ea801ac3056d9ed1d
e9bb9e04ebdda30f889647c792f638c73db19b996e493701b9d83330ee64c87d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A096E53A81068E99D5CAA600D62AE48D28B3F841598DFD85BFB61D5E050F890E"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13983
Expires: Thu, 08 Dec 2022 07:54:50 GMT
Date: Thu, 08 Dec 2022 04:01:47 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 86fc724a00926b02780c2d6459b90fb7
dbf925559b90d11e9bdfbbc171f3ac1fe3210322
a096e53a81068e99d5caa600d62ae48d28b3f841598dfd85bfb61d5e050f890e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A096E53A81068E99D5CAA600D62AE48D28B3F841598DFD85BFB61D5E050F890E"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13983
Expires: Thu, 08 Dec 2022 07:54:50 GMT
Date: Thu, 08 Dec 2022 04:01:47 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash bb40d555c4da9919cf19871eadd2fe47
3a5a9fe8d07331b9d155fd6ea801ac3056d9ed1d
e9bb9e04ebdda30f889647c792f638c73db19b996e493701b9d83330ee64c87d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A096E53A81068E99D5CAA600D62AE48D28B3F841598DFD85BFB61D5E050F890E"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13983
Expires: Thu, 08 Dec 2022 07:54:50 GMT
Date: Thu, 08 Dec 2022 04:01:47 GMT
Connection: keep-alive
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.16.1
Date: Thu, 08 Dec 2022 04:01:47 GMT
Connection: keep-alive
Expires: Fri, 08 Dec 2023 04:01:47 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Thu, 08 Dec 2022 04:01:47 GMT
Date: Thu, 08 Dec 2022 04:01:47 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png
200 OK 4.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png
IP
File type PNG image data, 500 x 500, 8-bit gray+alpha, non-interlaced\012- data
Hash 23e9690b0e7ac26868363a6248f44467
d7ad0eae64e0c1e65b12eda0aa9d2b91996dd64f
f362c67320d739ccf3bea21f857b9620075bd20ceacda8c51261b9612fe28395
GET /sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:47 GMT
content-type: image/png
content-length: 4022
last-modified: Wed, 17 Feb 2021 11:46:53 GMT
etag: "602d022d-fb6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1951818
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5V2rskOG6P6aq7GQwQd5dShFB3h52UTVnFOeFns3ytWPzrn5wCwrIyqoXT%2ByG93BULSLyyJ8Ra1GccGrIyz%2FBryTCeXOV9EW%2FD%2By%2FL7CD%2BBPlenc5ROMoS5MRLiescXLKezRLixQxgL0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77629a123e3e772c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
200 OK 7.7 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
IP
Hash 928d1e1d2c8615e123add5e629634f60
222ab4d2b2ea090da583b3dc356f0979f4d6801c
9be36bbf2e0af17b45c5347c4917a457db6165f11070bf0d9410961268a6ae23
GET /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Thu, 08 Dec 2022 04:01:47 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d3b-bf8c"
Expires: Fri, 08 Dec 2023 04:01:47 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 63a533e7b5caf59058266a837420c342
4eca831fb15dccf4eb608e983fe8b89250fc0313
d8904e4cc9a407e7c154cbbf6afe3985a55adcb878dacfb80a0e3cd92ea9703e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8904E4CC9A407E7C154CBBF6AFE3985A55ADCB878DACFB80A0E3CD92EA9703E"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3252
Expires: Thu, 08 Dec 2022 04:55:59 GMT
Date: Thu, 08 Dec 2022 04:01:47 GMT
Connection: keep-alive
cdn.barscreative1.com/sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html
200 OK 71 kB URL HTTP/2 cdn.barscreative1.com/sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html
IP
ASN #39572 DataWeb Global Group B.V.
Hash 0018d8d0879cf72fd9c3c80038f29365
af95cc9d5636e87f54edc6a6f4d694b99302509f
976d53066d2db26d821a3e2b707e05e3bf8de066fb48c5e742c7bd758c7a50c5
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:46 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:28 GMT
etag: W/"6275e5b8-4b9"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 08 Dec 2022 05:01:46 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 86fc724a00926b02780c2d6459b90fb7
dbf925559b90d11e9bdfbbc171f3ac1fe3210322
a096e53a81068e99d5caa600d62ae48d28b3f841598dfd85bfb61d5e050f890e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A096E53A81068E99D5CAA600D62AE48D28B3F841598DFD85BFB61D5E050F890E"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13983
Expires: Thu, 08 Dec 2022 07:54:50 GMT
Date: Thu, 08 Dec 2022 04:01:47 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/92/d4/78/92d478d8042ff325fb6dd1f4f0a51caf/1670417019.png
200 OK 67 kB URL HTTP/2 cdn.cloudimagesb.com/si/92/d4/78/92d478d8042ff325fb6dd1f4f0a51caf/1670417019.png
IP
ASN #39572 DataWeb Global Group B.V.
Hash 3f3c9c1eb5f64051ef4e5c219b0d5143
3f6b2a4a9cd71987c4dbfe79d067f79ca5f8bf16
5c8df6eea43611ed543421b4f2e2794bf2389316fd61b3b018efdb5429d11053
GET /si/92/d4/78/92d478d8042ff325fb6dd1f4f0a51caf/1670417019.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:47 GMT
content-type: image/png
content-length: 67428
server: nginx/1.17.6
last-modified: Wed, 07 Dec 2022 12:43:48 GMT
etag: "63908a84-10764"
expires: Sat, 10 Dec 2022 04:01:47 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.16.1
Date: Thu, 08 Dec 2022 04:01:48 GMT
Connection: keep-alive
Expires: Fri, 08 Dec 2023 04:01:48 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
sweptpeculiar.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fcss%2Fstyle.css&l=5644&fd=366
200 OK 0 B URL HTTP/1.1 sweptpeculiar.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fcss%2Fstyle.css&l=5644&fd=366
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fcss%2Fstyle.css&l=5644&fd=366 HTTP/1.1
Host: sweptpeculiar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 04:01:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 21:12:42 GMT
Expires: Thu, 07 Dec 2023 21:12:42 GMT
Cache-Control: public, max-age=31536000
Age: 24546
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 21:13:27 GMT
Expires: Thu, 07 Dec 2023 21:13:27 GMT
Cache-Control: public, max-age=31536000
Age: 24501
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js
200 OK 196 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js
IP
Hash b688997ce974eb342a8c4588573bb54f
56ef5cd079b909ccfafe1fdd880f6434eaeafd39
e977d89993be6091b81dd9d6cacec8c14028eb6f0d19923acce25af082e49f11
GET /sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:48 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:46:52 GMT
etag: W/"602d022c-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rJ6SXrEJtUqoa%2B5Q6HtSLOlcLV1AvS%2Fgeqj%2FALjChJrw6kq3mH1BItx75CGsJQfSHhJD%2FohQkk2VpZHVu1%2BJWXOjIy10kikjYIlYogRrXqAadBubjT0Mw01fHnpGYaD7NpGDekWoMYAV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77629a11aab17725-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sweptpeculiar.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fcss%2Fanimate.css&l=79245&fd=368
200 OK 0 B URL HTTP/1.1 sweptpeculiar.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fcss%2Fanimate.css&l=79245&fd=368
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fcss%2Fanimate.css&l=79245&fd=368 HTTP/1.1
Host: sweptpeculiar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 04:01:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
sweptpeculiar.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=366
200 OK 0 B URL HTTP/1.1 sweptpeculiar.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=366
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=366 HTTP/1.1
Host: sweptpeculiar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 04:01:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
sweptpeculiar.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 sweptpeculiar.com/pixel/sbs?c=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: sweptpeculiar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Cookie: u_pl=17869332; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3842223]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 04:01:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 1d710c2ae0ff0416ce1764fb7693d013
c1c510bda24203ddf2d803c081b623709ba55fa6
775db3bc6b40a9276261cf44642fe22183fda853674d9d16db709e0a7239b408
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css
200 OK 396 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css
IP
Size 396 kB (395855 bytes)
Hash 722473d39cb45c6516b984bf18610c20
9f510b825a8f2049ca0eac7ff3f5783377f1e0f6
2b60c6cd971b2ba701959e40f68cfe702834728d1511fb470d706c8ec56b9b68
GET /sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:48 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:46:51 GMT
etag: W/"602d022b-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kT31a9G0lGGcS4doAx44jGSSKlcrp4m3R7d22NMyYAbsItcpoF39MmtM7Gf8%2FgjcU%2F4oKHYbXRFfUqDvyRNNAyzUCLrAUMlOyVA0jYs7KcS%2BjkKARz2rYSb6X8%2BPtVRqCzioyOymEwRD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77629a11bab67725-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s0.2mdn.net/instream/video/client.js
200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Thu, 08 Dec 2022 04:01:48 GMT
expires: Thu, 08 Dec 2022 04:01:48 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 1.1 kB IP
Hash c386f4c5157c39324fd708e1bc22ae33
3401aec01a850cd83bf0065f9c5f2964eb8e8817
5ab88b976dc97a8a718b7fe7a5f28ccbbeb53b9ff30b0a2e2448211189db0025
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 04:01:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=exee.app
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 08 Dec 2022 04:01:48 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=http%3A%2F%2Fexee.app%2Fapkeditor&tfcd=0&npa=0&correlator=3446941269040195&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=http%3A%2F%2Fexee.app%2Fapkeditor&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.548.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.548.0&media_url=blob%3Ahttp%253a%2F%2Fexee.app%2Fc0367b73-025e-4fa3-8edd-312955285f29&sid=38681C03-A804-44CB-86F5-C56AA48517F5&nel=0&eid=44748969%2C44750823%2C44765701%2C44777649&dlt=1670472104529&idt=2508&dt=1670472108315&cookie_enabled=1&scor=3656299726425937&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
200 OK 113 B URL HTTP/2 pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=http%3A%2F%2Fexee.app%2Fapkeditor&tfcd=0&npa=0&correlator=3446941269040195&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=http%3A%2F%2Fexee.app%2Fapkeditor&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.548.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.548.0&media_url=blob%3Ahttp%253a%2F%2Fexee.app%2Fc0367b73-025e-4fa3-8edd-312955285f29&sid=38681C03-A804-44CB-86F5-C56AA48517F5&nel=0&eid=44748969%2C44750823%2C44765701%2C44777649&dlt=1670472104529&idt=2508&dt=1670472108315&cookie_enabled=1&scor=3656299726425937&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
IP
File type XML 1.0 document text\012- XML document, ASCII text
Hash 9e5d36292a75aef07bdde5891b2e4a7b
8d69904b7df5e550f1884e06c139bd9661eb2917
92ffc3ec51e068750c23ae95041fd670aa4aa60ce3a5295ad27d2179d0780168
GET /gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=http%3A%2F%2Fexee.app%2Fapkeditor&tfcd=0&npa=0&correlator=3446941269040195&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=http%3A%2F%2Fexee.app%2Fapkeditor&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.548.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.548.0&media_url=blob%3Ahttp%253a%2F%2Fexee.app%2Fc0367b73-025e-4fa3-8edd-312955285f29&sid=38681C03-A804-44CB-86F5-C56AA48517F5&nel=0&eid=44748969%2C44750823%2C44765701%2C44777649&dlt=1670472104529&idt=2508&dt=1670472108315&cookie_enabled=1&scor=3656299726425937&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491 HTTP/1.1
Host: pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://imasdk.googleapis.com
Connection: keep-alive
Referer: http://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: http://imasdk.googleapis.com
google-lineitem-id: -2
google-creative-id: -2
google-mediationgroup-id: -2
google-mediationtag-id: -2
date: Thu, 08 Dec 2022 04:01:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 113
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 04:16:48 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=9d2430dc-d569-41c6-8731-ffb47321d495&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=9d2430dc-d569-41c6-8731-ffb47321d495&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=9d2430dc-d569-41c6-8731-ffb47321d495&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 08 Dec 2022 04:01:49 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: be8bafd78c2427c753b8d2814d8d102d
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=9d2430dc-d569-41c6-8731-ffb47321d495&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=9d2430dc-d569-41c6-8731-ffb47321d495&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=9d2430dc-d569-41c6-8731-ffb47321d495&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 08 Dec 2022 04:01:49 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 50c56161abd5a77afb50eb9e61c65092
Strict-Transport-Security: max-age=0; includeSubdomains
accounts.google.com/v3/signin/identifier?dsh=S1745492590%3A1670472106652951&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4wn5tLL8pqmegrK0gPc5G_K0C7sv7-7n7ah5f4RbJFAFeEmLnJljf3VXecULbDQCc21CuUzg
403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1745492590%3A1670472106652951&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4wn5tLL8pqmegrK0gPc5G_K0C7sv7-7n7ah5f4RbJFAFeEmLnJljf3VXecULbDQCc21CuUzg
IP
GET /v3/signin/identifier?dsh=S1745492590%3A1670472106652951&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4wn5tLL8pqmegrK0gPc5G_K0C7sv7-7n7ah5f4RbJFAFeEmLnJljf3VXecULbDQCc21CuUzg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 08 Dec 2022 04:01:46 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-A2KWPl4vvC0dMjYmysecnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
exee.app/fv.ico
200 OK 0 B IP
GET /fv.ico HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:46 GMT
content-type: image/x-icon
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Aug 2019 06:50:33 GMT
cache-control: max-age=31536000
expires: Tue, 17 Oct 2023 15:43:20 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4450706
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rvT5Aso5Z%2BOFc0MEd1YqlXNQvGUiFfy2s9afOdlPXAUJZuMhhC%2BvLrK3ihDZ1u3ZK9429ecbbgFLzMtMUDCnwGlpDIoOzchsRV3xfby7omQyePkKydoqv46I4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77629a0a4e24b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.vdo.ai/core/v-exee-app/vdo.ai.js
200 OK 0 B URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:45 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
vdo-server: Tag2
cache-control: public, max-age=1800
x-varnish: 12880756 9957664
via: 1.1 varnish-v4
x-cache: HIT
cf-cache-status: EXPIRED
last-modified: Thu, 08 Dec 2022 04:01:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lbzgMK%2F3kKpex8pHoGknpLSB172c%2FNrBFKeDril3t9XX%2BFtD3IGeBBTpHA8O4%2Br5BBsDRQEoH51DizUHOS5QiTCqnPXnpFpg%2FpG4LojvYK2m%2BpfZMvJ9VeMy6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77629a046c067747-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css
IP
GET /sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:48 GMT
content-type: text/css
last-modified: Thu, 23 Sep 2021 11:41:22 GMT
etag: W/"614c67e2-160c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1HkuZFHTyGFKPd5VMxErlrK63z2q7KXUyDXwVybxoFMKoWvDI7tg6l3zFPsH0Q7NSZAeqwFmlJkkdmeAp7UTrsJPKOPlXXuqDSJ5qvuRMwm2mNLgBi%2BM44qkzIMtzGgzh7hqEaDk8E1x"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77629a11babc7725-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:45 GMT
content-type: text/plain
set-cookie: csu=234829238590846@1@1670472105; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3rHuu3vOwfA4y%2F8Njv8MNLnI5ImwvU6wJ%2Fv5eVMnwDgmawzc5ufDLGqHR088jnFSbHhbInjT0Gda9BFg78js7Mu5q5yevx7AFdnhx66wbPku9qjA9jUB131n6GiwdkIj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77629a03e9e224d4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 08 Dec 2022 04:01:45 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 07 Dec 2022 00:45:25 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n8fciRRXmP9nnpEn0nKRLTytpT3vF4I6VStMhAXQnuYIh%2BfDY2TC5c53LmsbfQebU4xD6NZfMAFXa%2BZsJu4TEM3%2Bh6ZfM2CqlQ%2Bb%2FKHiMJTN7VFZxcP%2FPs5rYjbPdAAc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77629a03e9e524d4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: Wh4eo5jWsxoJF7zt/X5E3c9/LhAb0yx9A7U3n+xGSCv1OTvDRXMYCMraDG0XLVCCzBINZynt9wWw7JMmOzF8EQ==
date: Thu, 08 Dec 2022 04:01:46 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
104.21.48.127
142.250.74.131
104.21.34.106
188.114.97.1
23.36.77.32
93.184.220.29
18.185.190.54
157.240.200.35
23.109.248.184
51.79.72.196