exeo.app/sylenth1-win
104.26.9.233301 Moved Permanently 0 B IP 104.26.9.233:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /sylenth1-win HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 28 Jan 2023 04:33:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 28 Jan 2023 05:33:07 GMT
Location: https://exeo.app/sylenth1-win
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c3CwUm9LRkkfy5CEIPU4nY5Kuinko6mFr4cxA7iDutxggbv1%2FV%2FdAKFWRLaKMEuOdcRpcW18gRrXe7V5UDgP8O2qjXJv7FKWakjOfXNDlqN90ysL1ZVtBq3z"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79070216599b1c06-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11889
Expires: Sat, 28 Jan 2023 07:51:16 GMT
Date: Sat, 28 Jan 2023 04:33:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5467
Expires: Sat, 28 Jan 2023 06:04:14 GMT
Date: Sat, 28 Jan 2023 04:33:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2891
Expires: Sat, 28 Jan 2023 05:21:18 GMT
Date: Sat, 28 Jan 2023 04:33:07 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 03:43:03 GMT
content-type: application/json
age: 3004
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1afb5230beaeef456c0b2fe65fbd0f5c
4d6dae6adb5ea7497ac2fd24079bc101b30c1645
a34a09e41baf00e8cb53f4aeb7ad879d774bc70f98ddfd3c4f4f7161025ac671
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2618
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:07 GMT
Last-Modified: Sat, 28 Jan 2023 03:49:29 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: QsRIKJlttZSlTLP4UiMYlNdGXB1QeZFZjeKxcAjhMPph3mkhYNscaUN/if6Dwzuflizl7FbwGsA=
x-amz-request-id: RM28G3D18P2CZ3T2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 04:20:50 GMT
age: 737
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 04:33:07 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
exe.io/img/logo_sm.png
104.21.84.66200 OK 11 kB IP 104.21.84.66:0
File type PNG image data, 262 x 110, 8-bit/color RGBA, non-interlaced\012- data
Hash babf1df3467cca81bd9fdd5540a70b3d
ab768d826851da1b84b22e14f4facfda137500f4
c63f2781570d012d67b1e5ed27544bf90097a71ca5ddbbcd86a98a0f52871534
GET /img/logo_sm.png HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:08 GMT
content-type: image/png
content-length: 10989
x-frame-options: SAMEORIGIN
last-modified: Sun, 28 Mar 2021 18:01:57 GMT
cache-control: max-age=31536000
expires: Thu, 25 Jan 2024 22:31:11 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 194517
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M7B8eC9tDXHeFcBZuVtXRhG4ySTL2HvZ2XAtsjwcIc56ClKqH7875576p0UwUzqACD%2FZjHexV4Tyo%2FN%2Bhs3OXEdOFLbsZaIoxuYmZaqYjIN%2BCr9nSIxSyd4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79070219ce9efac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
exeo.app/css/continue.css
104.26.9.233200 OK 85 kB URL HTTP/2 exeo.app/css/continue.css
IP 104.26.9.233:0
File type ASCII text, with very long lines (65079)
Hash cfd4bd7aea4e5aa308617c09ef358c9d
5a6bbb7fb16471b7f39541217e70d6e68853748f
a38c5cb94881a4a22227f04b2b7956b0387d886d5fdf98586a6a70ec0d57b3e7
GET /css/continue.css HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/sylenth1-win
Cookie: AppSession=78f8bef8df67cf1c131b91d680d90781; csrfToken=81ce0f07b73012988eaf5b8fc29b8d59cca29d93989dfcf6d33e5a4b4e216c40c0f3ea1f7863c23238fc6b350eeb0e86a9f0d7af8863b88a75c5918487a964a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:08 GMT
content-type: text/css
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=211688
expires: Fri, 10 Feb 2023 22:59:15 GMT
last-modified: Mon, 12 Dec 2022 17:28:40 GMT
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1402433
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X6GYwHPLBA4wIPOXwO22io%2FrZ2zAzpdpQ80z7i4FkCWj0wBiKfJYGANS%2FqoABqygFRmbWdaz2vb86V9f9QKOxI%2BzjGlaH%2BBURnyBzBOldggOvAD2QMb%2B4zPF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79070219ac40b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ab0f05b1fbd160a436b3f0851e855410
11d6f4ddbd946028cc915333a6ce3b91d9b950dc
5472027ddae67d0acc5cb76e27ae9893194c07f3ed1f122968d9408e3184480b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3599
Cache-Control: max-age=137753
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:08 GMT
Etag: "63d40e8e-117"
Expires: Sun, 29 Jan 2023 18:49:01 GMT
Last-Modified: Fri, 27 Jan 2023 17:49:02 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 52feafa04c0657824e56bbe6ef1f8e34
fe664cd825cbc8a47d69ad4194e15a03f3ced403
6a7b20d4d663c346c3ef275206d28c2f1c6bcf7821c0d04820cb86832ffbe841
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2594
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:08 GMT
Last-Modified: Sat, 28 Jan 2023 03:49:55 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43a42dffd26cd02d992e866e14d8d857
4c5d34b358edebcc30a1157117496a56e9a7b620
2d68e9fb9547820c5a9d9338d3b4f9cb7ef1f29241c9ba7fd616034f6659efc8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2D68E9FB9547820C5A9D9338D3B4F9CB7EF1F29241C9BA7FD616034F6659EFC8"
Last-Modified: Thu, 26 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20675
Expires: Sat, 28 Jan 2023 10:17:43 GMT
Date: Sat, 28 Jan 2023 04:33:08 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 52feafa04c0657824e56bbe6ef1f8e34
fe664cd825cbc8a47d69ad4194e15a03f3ced403
6a7b20d4d663c346c3ef275206d28c2f1c6bcf7821c0d04820cb86832ffbe841
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2594
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:08 GMT
Last-Modified: Sat, 28 Jan 2023 03:49:55 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 03:49:03 GMT
age: 2645
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f97d1250e7b06507dcdde98d44b58dc8
10030f7fced8691202dbf19200efd6035bf7a405
c97a128485f45c02621ea479e8619499c3336c97a8812b0cece90e150beefb0f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C97A128485F45C02621EA479E8619499C3336C97A8812B0CECE90E150BEEFB0F"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4656
Expires: Sat, 28 Jan 2023 05:50:44 GMT
Date: Sat, 28 Jan 2023 04:33:08 GMT
Connection: keep-alive
hethisisath.xyz/utx?cb=bLZC3040R3l9&top=exeo.app&tid=822524
54.230.111.126204 No Content 0 B URL HTTP/2 hethisisath.xyz/utx?cb=bLZC3040R3l9&top=exeo.app&tid=822524
IP 54.230.111.126:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=bLZC3040R3l9&top=exeo.app&tid=822524 HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 04:33:08 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 28 Jan 2023 04:34:08 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Ny6yUVZHUZGT8vPFi-od63-a12YflzHVCfLSkJHwZpeT_QHgZ4a-4A==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43a42dffd26cd02d992e866e14d8d857
4c5d34b358edebcc30a1157117496a56e9a7b620
2d68e9fb9547820c5a9d9338d3b4f9cb7ef1f29241c9ba7fd616034f6659efc8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2D68E9FB9547820C5A9D9338D3B4F9CB7EF1F29241C9BA7FD616034F6659EFC8"
Last-Modified: Thu, 26 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20675
Expires: Sat, 28 Jan 2023 10:17:43 GMT
Date: Sat, 28 Jan 2023 04:33:08 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f97d1250e7b06507dcdde98d44b58dc8
10030f7fced8691202dbf19200efd6035bf7a405
c97a128485f45c02621ea479e8619499c3336c97a8812b0cece90e150beefb0f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C97A128485F45C02621EA479E8619499C3336C97A8812B0CECE90E150BEEFB0F"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4656
Expires: Sat, 28 Jan 2023 05:50:44 GMT
Date: Sat, 28 Jan 2023 04:33:08 GMT
Connection: keep-alive
hethisisath.xyz/eW84emQYDVsXWxhSWlwRCwMFX1Y/Sgo8AEtfUxwVHB9STldJFVJUBxUATR4CCwBWDkoXCkxfVj8mWhEcKzx9FSowFQAPACsAVDQ8LxZgMlESClZPLTMGcRQuO1pANR5NAnw+FxcMbDQ8Pj1qAiBJCAwxHQFcYBcLQCRrKy4aN1sOLjheQCMjTR17E1EKCX8NBSkrDBAADipOMR4wGn4QE00lQUstNjt6Sy4OKgo1JygCfEgIEytWQyUfJ2pMARI2DzUnIBp5LhcQDWASATAGbg4BP1oBIzMjWWtJXC0NYBIBNhVfFwI/H0gjAwkZYDITCQlWTygfFxU0EBwpDF9WOyUKS1E1XAkSAi49XSA8K1ldHQ8JIlE3CCpcDCIBFx9eHCM/Wl0WXQk2Cx0XOxUMSigQOm8bMzQgXUtRTAkLEhc+XH4dQhMcVxQURAVOFgYOGQEDXSwqAT8
54.230.111.126200 OK 1.2 kB URL HTTP/2 hethisisath.xyz/eW84emQYDVsXWxhSWlwRCwMFX1Y/Sgo8AEtfUxwVHB9STldJFVJUBxUATR4CCwBWDkoXCkxfVj8mWhEcKzx9FSowFQAPACsAVDQ8LxZgMlESClZPLTMGcRQuO1pANR5NAnw+FxcMbDQ8Pj1qAiBJCAwxHQFcYBcLQCRrKy4aN1sOLjheQCMjTR17E1EKCX8NBSkrDBAADipOMR4wGn4QE00lQUstNjt6Sy4OKgo1JygCfEgIEytWQyUfJ2pMARI2DzUnIBp5LhcQDWASATAGbg4BP1oBIzMjWWtJXC0NYBIBNhVfFwI/H0gjAwkZYDITCQlWTygfFxU0EBwpDF9WOyUKS1E1XAkSAi49XSA8K1ldHQ8JIlE3CCpcDCIBFx9eHCM/Wl0WXQk2Cx0XOxUMSigQOm8bMzQgXUtRTAkLEhc+XH4dQhMcVxQURAVOFgYOGQEDXSwqAT8
IP 54.230.111.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Hash 2c16393a14b63cc6cc5cafeb946660d0
9abdcfdbc4c2aa7bcea9310e8b9ffaf11ffb1f0e
561c590a0557e1b121d61d2544ef1eaacf9f575ce41f52dfd426f50a29422b9d
GET /eW84emQYDVsXWxhSWlwRCwMFX1Y/Sgo8AEtfUxwVHB9STldJFVJUBxUATR4CCwBWDkoXCkxfVj8mWhEcKzx9FSowFQAPACsAVDQ8LxZgMlESClZPLTMGcRQuO1pANR5NAnw+FxcMbDQ8Pj1qAiBJCAwxHQFcYBcLQCRrKy4aN1sOLjheQCMjTR17E1EKCX8NBSkrDBAADipOMR4wGn4QE00lQUstNjt6Sy4OKgo1JygCfEgIEytWQyUfJ2pMARI2DzUnIBp5LhcQDWASATAGbg4BP1oBIzMjWWtJXC0NYBIBNhVfFwI/H0gjAwkZYDITCQlWTygfFxU0EBwpDF9WOyUKS1E1XAkSAi49XSA8K1ldHQ8JIlE3CCpcDCIBFx9eHCM/Wl0WXQk2Cx0XOxUMSigQOm8bMzQgXUtRTAkLEhc+XH4dQhMcVxQURAVOFgYOGQEDXSwqAT8 HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Sat, 28 Jan 2023 04:33:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Ey87BfLFtBmnVA8gAHXkuKKnG7CfzYKqlVEMpu3fSTJXbMMgmaHAAA==
X-Firefox-Spdy: h2
hethisisath.xyz/RlJxeW8nMBIUUCdvE18aND5MXF0Ad0M/C3RiGh8eIyIbTVx2KBtXDCo9BB0JND0fDUEoNwVcXQBgPxQ9ETY1LzkFKBYqLC0bPzQELRw1FV4vBiA8PgI7JBs4dggrPS5zFSYeW3AQFjQgHhYCNjgUEyA1LQcbMxImcBQnDT0RCjArOHcEKyNeDAckHjU0AzM3LAAWGh8sADk5NS5zACURPmNgNz5eDwM0LQsMBTcSChYqGSM5dhQaNAgHCycxIQEQI007FioBKzgUHx0sPiUVMhAlFBAGIzkcPh4/KncxJCw+JRU0A1cnEwYzLRwGKCgtAAMEKAgDBicBQhQAMw42ERs3PCgiYycUPhQhNi03CBUzLyoEHCNADgNjKCg9IQc5LygcFDMoCwQINCs7HiooAyoqIj4oOBcrMzg1FDc0KDsXYx0XSSwhHhcfewgLCgMsPgNPV34/CxU
54.230.111.126200 OK 1.2 kB URL HTTP/2 hethisisath.xyz/RlJxeW8nMBIUUCdvE18aND5MXF0Ad0M/C3RiGh8eIyIbTVx2KBtXDCo9BB0JND0fDUEoNwVcXQBgPxQ9ETY1LzkFKBYqLC0bPzQELRw1FV4vBiA8PgI7JBs4dggrPS5zFSYeW3AQFjQgHhYCNjgUEyA1LQcbMxImcBQnDT0RCjArOHcEKyNeDAckHjU0AzM3LAAWGh8sADk5NS5zACURPmNgNz5eDwM0LQsMBTcSChYqGSM5dhQaNAgHCycxIQEQI007FioBKzgUHx0sPiUVMhAlFBAGIzkcPh4/KncxJCw+JRU0A1cnEwYzLRwGKCgtAAMEKAgDBicBQhQAMw42ERs3PCgiYycUPhQhNi03CBUzLyoEHCNADgNjKCg9IQc5LygcFDMoCwQINCs7HiooAyoqIj4oOBcrMzg1FDc0KDsXYx0XSSwhHhcfewgLCgMsPgNPV34/CxU
IP 54.230.111.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Hash ef5e8da10b03f8ef3d9d1130cbc072c4
98eec009fb0b58825bde65102ead3524adc4ed36
fd262b4f3c390df97530784a8d890250770eeced08ff34de845d8cb87baedbb3
GET /RlJxeW8nMBIUUCdvE18aND5MXF0Ad0M/C3RiGh8eIyIbTVx2KBtXDCo9BB0JND0fDUEoNwVcXQBgPxQ9ETY1LzkFKBYqLC0bPzQELRw1FV4vBiA8PgI7JBs4dggrPS5zFSYeW3AQFjQgHhYCNjgUEyA1LQcbMxImcBQnDT0RCjArOHcEKyNeDAckHjU0AzM3LAAWGh8sADk5NS5zACURPmNgNz5eDwM0LQsMBTcSChYqGSM5dhQaNAgHCycxIQEQI007FioBKzgUHx0sPiUVMhAlFBAGIzkcPh4/KncxJCw+JRU0A1cnEwYzLRwGKCgtAAMEKAgDBicBQhQAMw42ERs3PCgiYycUPhQhNi03CBUzLyoEHCNADgNjKCg9IQc5LygcFDMoCwQINCs7HiooAyoqIj4oOBcrMzg1FDc0KDsXYx0XSSwhHhcfewgLCgMsPgNPV34/CxU HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Sat, 28 Jan 2023 04:33:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XzS8WJpUCV_Hq0J-BtQjZ4CtmgonzTcjht2q6JzYFMj3JkVbQS8MDQ==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 77cc3af5cda362a69e4f25b9eaaffdfa
0a8f394abb5f11d8a8c358a458f3860dcdda045e
ff180e36fe7dbff7e39f077d1f93bfefe7d47d987c12799be8dee8eefb8089dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF180E36FE7DBFF7E39F077D1F93BFEFE7D47D987C12799BE8DEE8EEFB8089DC"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16250
Expires: Sat, 28 Jan 2023 09:03:58 GMT
Date: Sat, 28 Jan 2023 04:33:08 GMT
Connection: keep-alive
hethisisath.xyz/utx?cb=cLgoE4blA0yC&top=exeo.app&tid=889494
54.230.111.126204 No Content 0 B URL HTTP/2 hethisisath.xyz/utx?cb=cLgoE4blA0yC&top=exeo.app&tid=889494
IP 54.230.111.126:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=cLgoE4blA0yC&top=exeo.app&tid=889494 HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 04:33:08 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 28 Jan 2023 04:34:08 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KjLGpchwvpX7t4sSyomMw1aNUr7OZHc8GGlKMIeoo4tuBym3c8uXpw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 18:52:41 GMT
expires: Tue, 23 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 380427
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6414
Expires: Sat, 28 Jan 2023 06:20:02 GMT
Date: Sat, 28 Jan 2023 04:33:08 GMT
Connection: keep-alive
hethisisath.xyz/TENtaTEtIQ4EDi1+D09EPi9QTAMKZl8vVX5zBg9AKTMHXQJ8OQdHUiAsGA1XPiwDHR8iJhlMAwo7Iy57PxE6J2kIEiQDaQkCISp5JCEsL3cpIFwgYg8BVRh1GRELKHMWEQgeBQIOKTNfHgEKTAMKARoFYh8qBipmKxU/MEYWIiw/d3wROzx2CC0FMXQkICMMcHkhKihkPAdcP3kUJCM+diAJJw0AASArOGQ+AVwaZwRxLztzDTQ0MHcJBjhYST4WFS9jAC4vO3MOFisiABkCP1gJBBEKM2IKCyMxdBoGGDB3CQYoK0ErFiU/ZRQLLydzCTcnDQACFy8eHHQ2KSt3HQgDDWUOFScKVQoOKzsAeXIvPwEdAD4kfBgGCQxwfQooPwEGcj88dyobPE9bPywDGQwgEF8mXS02ODo
54.230.111.126200 OK 1.2 kB URL HTTP/2 hethisisath.xyz/TENtaTEtIQ4EDi1+D09EPi9QTAMKZl8vVX5zBg9AKTMHXQJ8OQdHUiAsGA1XPiwDHR8iJhlMAwo7Iy57PxE6J2kIEiQDaQkCISp5JCEsL3cpIFwgYg8BVRh1GRELKHMWEQgeBQIOKTNfHgEKTAMKARoFYh8qBipmKxU/MEYWIiw/d3wROzx2CC0FMXQkICMMcHkhKihkPAdcP3kUJCM+diAJJw0AASArOGQ+AVwaZwRxLztzDTQ0MHcJBjhYST4WFS9jAC4vO3MOFisiABkCP1gJBBEKM2IKCyMxdBoGGDB3CQYoK0ErFiU/ZRQLLydzCTcnDQACFy8eHHQ2KSt3HQgDDWUOFScKVQoOKzsAeXIvPwEdAD4kfBgGCQxwfQooPwEGcj88dyobPE9bPywDGQwgEF8mXS02ODo
IP 54.230.111.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3014), with no line terminators
Hash 6b7e490e12258cfabaecfa21fe8fd7bf
36c180c303fc47c1754a4d4e797a145da84c2241
146a56801e7344923d7aae676748492ff4d7a0d36171d459c5e131016eb8853d
GET /TENtaTEtIQ4EDi1+D09EPi9QTAMKZl8vVX5zBg9AKTMHXQJ8OQdHUiAsGA1XPiwDHR8iJhlMAwo7Iy57PxE6J2kIEiQDaQkCISp5JCEsL3cpIFwgYg8BVRh1GRELKHMWEQgeBQIOKTNfHgEKTAMKARoFYh8qBipmKxU/MEYWIiw/d3wROzx2CC0FMXQkICMMcHkhKihkPAdcP3kUJCM+diAJJw0AASArOGQ+AVwaZwRxLztzDTQ0MHcJBjhYST4WFS9jAC4vO3MOFisiABkCP1gJBBEKM2IKCyMxdBoGGDB3CQYoK0ErFiU/ZRQLLydzCTcnDQACFy8eHHQ2KSt3HQgDDWUOFScKVQoOKzsAeXIvPwEdAD4kfBgGCQxwfQooPwEGcj88dyobPE9bPywDGQwgEF8mXS02ODo HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Sat, 28 Jan 2023 04:33:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 60BWVOPV1QXsVhuvNOcnlxSGUJ7eoR7itRNMIzBPJLIzSt-0Tmg3ww==
X-Firefox-Spdy: h2
qj.wimplesbooklet.com/1clkn/29529
172.255.6.158200 OK 26 B URL HTTP/1.1 qj.wimplesbooklet.com/1clkn/29529
IP 172.255.6.158:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: qj.wimplesbooklet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 04:33:08 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sun, 29-Jan-2023 04:33:08 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Sun, 29-Jan-2023 04:33:08 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
dhthrewdownth.xyz/QVlEWTduZicqChYMEW1TFxssPXZ4Gx0ODngaLwNeIzcnFGYsDGItXiVkfGsFdGtwf0coPXloETItJS1CMmR1f14vPytkETdkdXcEdXd3aBlzfzFkBmctNDhQfGhiKUM1NXloAXZtfGEHcmF9agR4
104.21.30.239204 No Content 0 B URL HTTP/2 dhthrewdownth.xyz/QVlEWTduZicqChYMEW1TFxssPXZ4Gx0ODngaLwNeIzcnFGYsDGItXiVkfGsFdGtwf0coPXloETItJS1CMmR1f14vPytkETdkdXcEdXd3aBlzfzFkBmctNDhQfGhiKUM1NXloAXZtfGEHcmF9agR4
IP 104.21.30.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /QVlEWTduZicqChYMEW1TFxssPXZ4Gx0ODngaLwNeIzcnFGYsDGItXiVkfGsFdGtwf0coPXloETItJS1CMmR1f14vPytkETdkdXcEdXd3aBlzfzFkBmctNDhQfGhiKUM1NXloAXZtfGEHcmF9agR4 HTTP/1.1
Host: dhthrewdownth.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 04:33:08 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fl4qRaT5eo7rCoyjiCvXGpRacALQWQDSxqvp6Iyaph%2BvMO1puffB0mdBVIe7RM%2BqcxTGisOLCp2iulkjNyl3OEC6dT7F%2FYG6w2Qs%2FnVjIO3mIghRXWA6N92k60FiDWlZ%2FO3OyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7907021c4f28b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43a42dffd26cd02d992e866e14d8d857
4c5d34b358edebcc30a1157117496a56e9a7b620
2d68e9fb9547820c5a9d9338d3b4f9cb7ef1f29241c9ba7fd616034f6659efc8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2D68E9FB9547820C5A9D9338D3B4F9CB7EF1F29241C9BA7FD616034F6659EFC8"
Last-Modified: Thu, 26 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20675
Expires: Sat, 28 Jan 2023 10:17:43 GMT
Date: Sat, 28 Jan 2023 04:33:08 GMT
Connection: keep-alive
cdntechone.com/stattag.js
172.67.149.153200 OK 5.3 kB URL HTTP/2 cdntechone.com/stattag.js
IP 172.67.149.153:0
File type ASCII text, with very long lines (13087), with no line terminators
Hash 806d7faa4aa36ef95332b1ae5effa55d
ce229f24ae017901284a49f1a1134d3f1dafcb73
56acd944ff33c36b2cd35188c07382dab9ab8074a05358f45d337f2be7eb5069
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:08 GMT
content-type: application/javascript
last-modified: Thu, 29 Dec 2022 16:01:22 GMT
etag: W/"63adb9d2-331f"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5921
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4DA1zw1Mlr0Xk%2BHxlrFYXQDwEAR8AHqbWLEIb%2FhxVC%2FAks%2BDTALfw48ivko8tRYnPsYZRC5fViXXFzalWpMmIGOs8hkZd2p7o28QaWwnWdX3OPNJLTFac99c5RP3M1chKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907021afa911c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dhthrewdownth.xyz/Mm96b1QdUBkcaX85NCM2ejYwNgxCDisIFlUMFj0Vcyg8FQNnOlwbPVZSQltnAFlLSSRbC0debBQcDg4gRxxHXnJbARwAaRQZR156AkFIQWYUGkdeckYfGwhpA0kKGyBeUktZYwZXQl9nClZOW2U
104.21.30.239204 No Content 0 B URL HTTP/2 dhthrewdownth.xyz/Mm96b1QdUBkcaX85NCM2ejYwNgxCDisIFlUMFj0Vcyg8FQNnOlwbPVZSQltnAFlLSSRbC0debBQcDg4gRxxHXnJbARwAaRQZR156AkFIQWYUGkdeckYfGwhpA0kKGyBeUktZYwZXQl9nClZOW2U
IP 104.21.30.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Mm96b1QdUBkcaX85NCM2ejYwNgxCDisIFlUMFj0Vcyg8FQNnOlwbPVZSQltnAFlLSSRbC0debBQcDg4gRxxHXnJbARwAaRQZR156AkFIQWYUGkdeckYfGwhpA0kKGyBeUktZYwZXQl9nClZOW2U HTTP/1.1
Host: dhthrewdownth.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 04:33:08 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ONvjWoVF%2FMHGlnsjQN%2B%2Fna7PR476g2sSqEhUkE90vBfHVg3Mqjqe68QnWHrf7WQ%2BY45ZmqAEvouP4TI9y3sTHwGKKVKfoUH1KI63dngV30J8JkbKGBMxbQ8C34ZiMVyj5nf%2FNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7907021c8f41b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f97d1250e7b06507dcdde98d44b58dc8
10030f7fced8691202dbf19200efd6035bf7a405
c97a128485f45c02621ea479e8619499c3336c97a8812b0cece90e150beefb0f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C97A128485F45C02621EA479E8619499C3336C97A8812B0CECE90E150BEEFB0F"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4656
Expires: Sat, 28 Jan 2023 05:50:44 GMT
Date: Sat, 28 Jan 2023 04:33:08 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash ebb52ae860e35aeb31ba6d5347b8c30f
e8cf327f2307f7da76168a2472137c0b8c45ceab
e5e692eef6fd9c2a4dd9602e3522fd18ec861c80c8f9933b76bec80e50b5c497
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 04:33:08 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 14:07:11 GMT
Expires: Thu, 02 Feb 2023 14:07:10 GMT
Etag: "e8cf327f2307f7da76168a2472137c0b8c45ceab"
Cache-Control: max-age=465841,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7907021d8e67b50f-OSL
d20kfqepj430zj.cloudfront.net/IbkxRSEoNIz8udRolNXVyXH5ken5IJiInJB5xOz4mDDsncTNXGRRxD0g4Kyx3Xmo9KSQJcXctJA1xYG4rCi5sfGwaPD4jdwEvKzIuFjw4Jy1IOTB1JwE2OCQmD2ljDn9AfHR6ekY7OCYuATsibXheIiVteF59YWZ6S38TbXheOzgmfFppYgpvXHwpfn5Lfx-NteF4+J215L31hfWReZXR6egkpMiMlS34XenpffGF5el9pY3gsBz40LiUWaWMOe155f3hsG3Fg
54.230.245.228200 OK 515 B URL HTTP/2 d20kfqepj430zj.cloudfront.net/IbkxRSEoNIz8udRolNXVyXH5ken5IJiInJB5xOz4mDDsncTNXGRRxD0g4Kyx3Xmo9KSQJcXctJA1xYG4rCi5sfGwaPD4jdwEvKzIuFjw4Jy1IOTB1JwE2OCQmD2ljDn9AfHR6ekY7OCYuATsibXheIiVteF59YWZ6S38TbXheOzgmfFppYgpvXHwpfn5Lfx-NteF4+J215L31hfWReZXR6egkpMiMlS34XenpffGF5el9pY3gsBz40LiUWaWMOe155f3hsG3Fg
IP 54.230.245.228:0
File type ASCII text, with very long lines (697), with no line terminators
Hash 97905e6b8347fd0854df2a07dc9818b1
4e3e691651652930e87c21ccc36edc56af85e45d
a44e219d2df8283d1ea284fec89c7102094987cf59e998e9afa4832621541ef3
GET /IbkxRSEoNIz8udRolNXVyXH5ken5IJiInJB5xOz4mDDsncTNXGRRxD0g4Kyx3Xmo9KSQJcXctJA1xYG4rCi5sfGwaPD4jdwEvKzIuFjw4Jy1IOTB1JwE2OCQmD2ljDn9AfHR6ekY7OCYuATsibXheIiVteF59YWZ6S38TbXheOzgmfFppYgpvXHwpfn5Lfx-NteF4+J215L31hfWReZXR6egkpMiMlS34XenpffGF5el9pY3gsBz40LiUWaWMOe155f3hsG3Fg HTTP/1.1
Host: d20kfqepj430zj.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hethisisath.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 515
date: Sat, 28 Jan 2023 04:33:08 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vtEzXO5EjdKt7xaNsP3hk8nQThX0Y7io1HWUE9tnSn_TnnYOgKjNyw==
X-Firefox-Spdy: h2
d20kfqepj430zj.cloudfront.net/2NmRWdDVVCzgSCkINMkkNDl1iTQEQDiUbW0ZZDA5GWg46BgMOXDsOWRAQLBAIBkI6FVtRWXARW1VZZ1JUUgZrQBNCFDkfCFkHLA5RThQ/G1IQETdJWFkePxhZV0FkMgAYVHNGBR4TPxpRWRMlUQcGCiJRBwZVZloFE1cUUQcGEz8aAwJBZTYQBFQuQgETVx-RRBwYWIFEGd1VmQRsGTXNGBVEBNR9aE1YQRgUHVGZFBQdBZERTXxYzElpOQWQyBAZReEQTQ1ln
54.230.245.228200 OK 613 B URL HTTP/2 d20kfqepj430zj.cloudfront.net/2NmRWdDVVCzgSCkINMkkNDl1iTQEQDiUbW0ZZDA5GWg46BgMOXDsOWRAQLBAIBkI6FVtRWXARW1VZZ1JUUgZrQBNCFDkfCFkHLA5RThQ/G1IQETdJWFkePxhZV0FkMgAYVHNGBR4TPxpRWRMlUQcGCiJRBwZVZloFE1cUUQcGEz8aAwJBZTYQBFQuQgETVx-RRBwYWIFEGd1VmQRsGTXNGBVEBNR9aE1YQRgUHVGZFBQdBZERTXxYzElpOQWQyBAZReEQTQ1ln
IP 54.230.245.228:0
File type ASCII text, with very long lines (865), with no line terminators
Hash ceff177712d8e8087e2d5892e0aba52b
6ec2b3e3400ddfac4bbe0ce5a23712916c1ebf84
1753ec39eb9a5c61256bae3a9187a88fb52924f3a88ce72ab35e88580337ccfe
GET /2NmRWdDVVCzgSCkINMkkNDl1iTQEQDiUbW0ZZDA5GWg46BgMOXDsOWRAQLBAIBkI6FVtRWXARW1VZZ1JUUgZrQBNCFDkfCFkHLA5RThQ/G1IQETdJWFkePxhZV0FkMgAYVHNGBR4TPxpRWRMlUQcGCiJRBwZVZloFE1cUUQcGEz8aAwJBZTYQBFQuQgETVx-RRBwYWIFEGd1VmQRsGTXNGBVEBNR9aE1YQRgUHVGZFBQdBZERTXxYzElpOQWQyBAZReEQTQ1ln HTTP/1.1
Host: d20kfqepj430zj.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hethisisath.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 613
date: Sat, 28 Jan 2023 04:33:08 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: siatiFZfku4FJnehjk9wPOnVtkFdCwi68xrdI61Ex6AWyjS0aVUsCw==
X-Firefox-Spdy: h2
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
139.45.195.253200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 913
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 28 Jan 2023 04:33:08 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exeo.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
d20kfqepj430zj.cloudfront.net/xNGJsRWNXDQIjXEALCHhbAFFec1ISCB8qDURfABZRew4NMDZnRBg/BwlSSikCWgVRYwZaAVF0RVUGDnhXEhcNeA5bGAUpD1VHXgNWGlJJd1McFQUrB1sVH2BRBAwYYFEEU1xrUxFRLmBRBBUFK1UAR18HRgZSFHNXEVEuYFEEEBpgUHVTXHBNBEtJd1NTBw-8uDBFQKndTBVJcdFMFR151BV0QCSMMTEdeA1IEV0J1RUFfXQ
54.230.245.228200 OK 183 B URL HTTP/2 d20kfqepj430zj.cloudfront.net/xNGJsRWNXDQIjXEALCHhbAFFec1ISCB8qDURfABZRew4NMDZnRBg/BwlSSikCWgVRYwZaAVF0RVUGDnhXEhcNeA5bGAUpD1VHXgNWGlJJd1McFQUrB1sVH2BRBAwYYFEEU1xrUxFRLmBRBBUFK1UAR18HRgZSFHNXEVEuYFEEEBpgUHVTXHBNBEtJd1NTBw-8uDBFQKndTBVJcdFMFR151BV0QCSMMTEdeA1IEV0J1RUFfXQ
IP 54.230.245.228:0
File type ASCII text, with no line terminators
Hash cb496c46cc303438f71efd0ef3edb2f2
02f02d62eb73a48f4fb1e95365e59ae4295c0ff4
755a90e9002549e6a670e665b6d2d2706dd6f14119cdfc072651610b2c6a4b92
GET /xNGJsRWNXDQIjXEALCHhbAFFec1ISCB8qDURfABZRew4NMDZnRBg/BwlSSikCWgVRYwZaAVF0RVUGDnhXEhcNeA5bGAUpD1VHXgNWGlJJd1McFQUrB1sVH2BRBAwYYFEEU1xrUxFRLmBRBBUFK1UAR18HRgZSFHNXEVEuYFEEEBpgUHVTXHBNBEtJd1NTBw-8uDBFQKndTBVJcdFMFR151BV0QCSMMTEdeA1IEV0J1RUFfXQ HTTP/1.1
Host: d20kfqepj430zj.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hethisisath.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 183
date: Sat, 28 Jan 2023 04:33:08 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uf89Qb5huCViO5XRvutXMqJKoRJ1PjU9anGszUXEw8W5D35nK4WPCw==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ab0f05b1fbd160a436b3f0851e855410
11d6f4ddbd946028cc915333a6ce3b91d9b950dc
5472027ddae67d0acc5cb76e27ae9893194c07f3ed1f122968d9408e3184480b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3599
Cache-Control: max-age=137753
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:08 GMT
Etag: "63d40e8e-117"
Expires: Sun, 29 Jan 2023 18:49:01 GMT
Last-Modified: Fri, 27 Jan 2023 17:49:02 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279
push.services.mozilla.com/
34.217.157.108101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.217.157.108:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: oXDFc6GJdCyiuuQaOKQEVA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Bv2rIMgZxEV5acNq7yzH/N/SPUY=
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 28 Jan 2023 03:46:59 GMT
expires: Sat, 28 Jan 2023 05:46:59 GMT
cache-control: public, max-age=7200
age: 2769
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash f46773c05a404d6539bada9c2c349795
149d44af1129e206ed223de9ab0b0fb612a1f959
05c46c9e0c677b44b400d2ed7568ffff8d445e6e43a5d6f6a8351bd18c5dec95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash f46773c05a404d6539bada9c2c349795
149d44af1129e206ed223de9ab0b0fb612a1f959
05c46c9e0c677b44b400d2ed7568ffff8d445e6e43a5d6f6a8351bd18c5dec95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b10c572a58f34d8fb28433f25bb9c885
8bc11baa4e367bfcf8738f28000a3befc9866cc8
678014c585151112a3bd14158afd8509eeec3d4bad3117d6ccd9ecaa109107bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3785
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:08 GMT
Last-Modified: Sat, 28 Jan 2023 03:30:03 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
live.demand.supply/e/e.js?e=ll&d=615&cs=c&dsReferer=ZXhlby5hcHAvc3lsZW50aDEtd2lu
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/e/e.js?e=ll&d=615&cs=c&dsReferer=ZXhlby5hcHAvc3lsZW50aDEtd2lu
IP 104.16.134.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /e/e.js?e=ll&d=615&cs=c&dsReferer=ZXhlby5hcHAvc3lsZW50aDEtd2lu HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:08 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
etag: "e11f25735db9ddc62adb36e2e1846234-ssl"
x-nf-request-id: 01GPGADBNXCHVSK51WK5YVFSDJ
cf-cache-status: HIT
age: 1400514
accept-ranges: bytes
set-cookie: __cf_bm=pLiL8fbFO8oSmPucye3d7aW4LNv4yjo8NDjkvZMh8QY-1674880388-0-AfZJSKxBQS0foPe4pG6orbTnW0KhgPiPEpGp0T1tG/TgOeu+XT22tvDSsqECn5TWWPVN84LsWce4hjIuEuivc+8=; path=/; expires=Sat, 28-Jan-23 05:03:08 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907021eae23b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 391 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (377)
Hash c07ee8dc0b06e757f40dd2094d9f4916
48df02dff97cfcfec76518e1f2c79d4c38fca338
0807e65cd43f18ac15be698ba546830630601f2b3eefbc0e9018fb74847dcc26
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 28 Jan 2023 04:33:09 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S2130908655%3A1674880388996892&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHegh2UQYiAAzxbP-4-EXjeJqTDQt_89cj48CfiSB5y40a5x4QVRqBPW2FL7aXbAQGDy4wY
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-WQRx9MYg1uki92GELY_gig' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 391
server: GSE
set-cookie: __Host-GAPS=1:46S4F-5r-Ds7-JUc7k44fBbK42R9iA:t1UGamfy4bzbjmSi;Path=/;Expires=Mon, 27-Jan-2025 04:33:08 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash 594c9e1fdc0a68ce793286b67f5adbfa
2fc4dfa44a4374d7fcf28b35d73889798b1056d9
1b1025a9814493f66adfd54460085d95841761fce28d706f640df888724548ee
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 28 Jan 2023 04:33:09 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1375689888%3A1674880389002923&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHczL32oYobUshKNLD7hi-ae0zwWEXsW7By2FPCJj0R1hYcury-eW1y8GbpOHZ9Gc67wlHwl
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-oxs5tkGdsAQSJiNJsEPojg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:sj9bqCk66EcSVQCpF-H1Te6ZwF2DOQ:UwppsywReYiuEjN6;Path=/;Expires=Mon, 27-Jan-2025 04:33:08 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
live.demand.supply/x/e.js?ce=fs&dsReferer=ZXhlby5hcHAvc3lsZW50aDEtd2lu
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/x/e.js?ce=fs&dsReferer=ZXhlby5hcHAvc3lsZW50aDEtd2lu
IP 104.16.134.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /x/e.js?ce=fs&dsReferer=ZXhlby5hcHAvc3lsZW50aDEtd2lu HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:09 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
etag: "e11f25735db9ddc62adb36e2e1846234-ssl"
x-nf-request-id: 01GPGADFRB8VQ9MK9FGPGE3HDW
cf-cache-status: HIT
age: 1400515
accept-ranges: bytes
set-cookie: __cf_bm=43FIjvNi6GG97FV4tRYzuXEe66c1OKLYLD8B3spVQYc-1674880389-0-AbcGGltkQ2Q2MYvDcEczgWUVO/Ov1DWU0QudAd3bb04yIPBMSkCJ5/P4mDgTe6PAbmgKu0OS5cNtbcYHjEE9hsE=; path=/; expires=Sat, 28-Jan-23 05:03:09 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907021f2e4bb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b10c572a58f34d8fb28433f25bb9c885
8bc11baa4e367bfcf8738f28000a3befc9866cc8
678014c585151112a3bd14158afd8509eeec3d4bad3117d6ccd9ecaa109107bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3786
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:09 GMT
Last-Modified: Sat, 28 Jan 2023 03:30:03 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.34200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.34:0
File type ASCII text, with very long lines (39378)
Hash d54120ce89373d7c45fe25b45a1d2669
fa0b4e157c32706e61512d9c2a0d0f375d19f10a
de73f636a40e2e100ec05468b44fb543f0a7a3fda02e838872cb0868973af10b
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27624
date: Sat, 28 Jan 2023 04:33:09 GMT
expires: Sat, 28 Jan 2023 04:33:09 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1465 / 30 of 1000 / last-modified: 1674860850"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash c083fb68af37d6c700a3fa4eb04a29cb
9b3ff3c9c0bd7dc448eb18e74ddc029f7c18dc9a
3ea0d4252ad90ee13a6b23ebd1144639f7bb73e4d96ef2590b21a155809e65e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=exeo.app
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=exeo.app
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exeo.app HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 28 Jan 2023 04:33:09 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=exeo.app
142.250.74.98200 OK 1.7 kB URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exeo.app
IP 142.250.74.98:0
Hash d6fbd13bb6a983405d7f493dda479e81
0a07684d5808ac088e019fcd224028588b86ead8
e8c423d467e725f5f07af3b2e40d865cb2d5e6dd457fe8d1b8648fc0f33bceb2
GET /adsid/integrator.js?domain=exeo.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 28 Jan 2023 04:33:09 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash c083fb68af37d6c700a3fa4eb04a29cb
9b3ff3c9c0bd7dc448eb18e74ddc029f7c18dc9a
3ea0d4252ad90ee13a6b23ebd1144639f7bb73e4d96ef2590b21a155809e65e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
live.demand.supply/impl.v16.3.0.js
104.16.134.22200 OK 35 kB URL HTTP/2 live.demand.supply/impl.v16.3.0.js
IP 104.16.134.22:0
File type ASCII text, with very long lines (26438)
Hash 19101d4da0db38cae85915adf0a05926
7a67af2eb3f13af85c8b596da1f53172ad9786e6
048bb1c6f60af0beae51879b6dffb1f4be3e06c8974564d261ea653068c70129
GET /impl.v16.3.0.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Cookie: demandSupplyTi=7fc478dd-4d51-406c-bf74-046683b84070; __cf_bm=bwLv5.Z7THl2ZtdGE0tJWHQh...c8.yWQeyn.kwMOKQ-1674880388-0-AcrG6Zs3HG/iGuoIVe9b24m/g8811hBzwzKJHy2/bIpdU/D19N83tPTNcR+wXq87jaerIc/HtQohw3eVxNuAeUk=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:08 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=74953
etag: W/"b19940580c70e30455a2254a785a8919-ssl-df"
timing-allow-origin: *
vary: Accept-Encoding
x-nf-request-id: 01GMX2V689ENQZTBQ4NFCNSXD1
cf-cache-status: HIT
age: 570013
server: cloudflare
cf-ray: 7907021e7bf0b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
142.250.74.97200 OK 2.7 kB URL HTTP/2 4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: 4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Sat, 28 Jan 2023 04:33:09 GMT
expires: Sun, 28 Jan 2024 04:33:09 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 17504951994384b5dfa3387f5e8b684f
d76ab271cbc580a05222ec155fbc0e82545ae97c
f7e09c196a20bed2d1c1f6fada5eb982e04880a2f1c8c24d7fdce87e46152c3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
216.58.211.1200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 216.58.211.1:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sat, 28 Jan 2023 04:33:09 GMT
expires: Sat, 28 Jan 2023 04:33:09 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
216.58.211.1200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 216.58.211.1:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Jan 2023 22:10:29 GMT
expires: Mon, 22 Jan 2024 22:10:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 454960
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 622311873d3819b9911301b09bc2d43c
9f08d648e40479aa12da033da15b80a15017c739
6138674cec17da8b7bb02bf0686bf3e7aefa2bce6a5f844ebd80e10b665818b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
live.demand.supply/up.js
104.16.134.22200 OK 8.3 kB IP 104.16.134.22:0
File type ASCII text, with very long lines (3472)
Hash f69dc17d9b3ef23d4d166a79a7dc5eab
0497127cadfed474eea1182c538ee812ba5129d1
f2d9e36f59d1f8027ab55f141dbc5ee651a939c8d8142bb1dc9fcff88758e74e
GET /up.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:08 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 7907021afb1eb52d-OSL
age: 892
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
etag: W/"30cd4982b290dd406327b3dd39f1ea22-ssl-df"
link: <https://live.demand.supply/impl.v16.3.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v16-2-0/ZXhlby5hcHAv>; rel=preload; as=script
vary: Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
cf-polished: origSize=4391
timing-allow-origin: *
x-nf-request-id: 01GMX2WC7DDRK600SK19DPWQGC
set-cookie: demandSupplyTi=7fc478dd-4d51-406c-bf74-046683b84070; demandSupplyTc = null; demandSupplyTcI = null; SameSite=None; Secure; Max-Age=63072000
__cf_bm=bwLv5.Z7THl2ZtdGE0tJWHQh...c8.yWQeyn.kwMOKQ-1674880388-0-AcrG6Zs3HG/iGuoIVe9b24m/g8811hBzwzKJHy2/bIpdU/D19N83tPTNcR+wXq87jaerIc/HtQohw3eVxNuAeUk=; path=/; expires=Sat, 28-Jan-23 05:03:08 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google.com/recaptcha/api2/aframe
216.58.211.4200 OK 512 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 216.58.211.4:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash e06d0ba8ea8ad51381995b88692220f4
f28a99b0f1cdcd1de1ee2e63898a1349738ba887
9ed26f2c3dfc7650abdea25145a0ef835942affc5778fbeeaca65cc8dbb93d45
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 28 Jan 2023 04:33:09 GMT
date: Sat, 28 Jan 2023 04:33:09 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-C_a8uFIEwmhaMY4G9m41uw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQtrWInAQYk6zQ3QEwAQ&v=APEucNXCGixERs65h7fGA_3BKW8iydbY_qXMCqRnGMoITspqdhQkqWJgdJwjqmkdYHrxJEkCRzJnW02JuIGctjTUmEPaz7PuFCd8UIGLwwXQ_WhFZqmj0l3ZyK_JYJ_a_tOeHr2yR9A3u32dFwKTF1TCtArLyvTqAhQskZscP6sYPBbKxapMrUHOq7sTJ6eyNnLoaMsQjd73NB4wXHhwR1OAfvCgTZ8kdw
142.250.74.130200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQtrWInAQYk6zQ3QEwAQ&v=APEucNXCGixERs65h7fGA_3BKW8iydbY_qXMCqRnGMoITspqdhQkqWJgdJwjqmkdYHrxJEkCRzJnW02JuIGctjTUmEPaz7PuFCd8UIGLwwXQ_WhFZqmj0l3ZyK_JYJ_a_tOeHr2yR9A3u32dFwKTF1TCtArLyvTqAhQskZscP6sYPBbKxapMrUHOq7sTJ6eyNnLoaMsQjd73NB4wXHhwR1OAfvCgTZ8kdw
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CO-t7QIQtrWInAQYk6zQ3QEwAQ&v=APEucNXCGixERs65h7fGA_3BKW8iydbY_qXMCqRnGMoITspqdhQkqWJgdJwjqmkdYHrxJEkCRzJnW02JuIGctjTUmEPaz7PuFCd8UIGLwwXQ_WhFZqmj0l3ZyK_JYJ_a_tOeHr2yR9A3u32dFwKTF1TCtArLyvTqAhQskZscP6sYPBbKxapMrUHOq7sTJ6eyNnLoaMsQjd73NB4wXHhwR1OAfvCgTZ8kdw HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Jan 2023 04:33:10 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Jan-2023 04:48:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 28 Jan 2023 04:33:10 GMT
cache-control: private
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2612
Expires: Sat, 28 Jan 2023 05:16:42 GMT
Date: Sat, 28 Jan 2023 04:33:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2612
Expires: Sat, 28 Jan 2023 05:16:42 GMT
Date: Sat, 28 Jan 2023 04:33:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2612
Expires: Sat, 28 Jan 2023 05:16:42 GMT
Date: Sat, 28 Jan 2023 04:33:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2612
Expires: Sat, 28 Jan 2023 05:16:42 GMT
Date: Sat, 28 Jan 2023 04:33:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2612
Expires: Sat, 28 Jan 2023 05:16:42 GMT
Date: Sat, 28 Jan 2023 04:33:10 GMT
Connection: keep-alive
googleads.g.doubleclick.net/xbbe/pixel?d=CNLQ0tkCEPWElZoEGOO1ld0BMAE&v=APEucNUM_NAOWu8tZWfdMbwZ4xm2P0hZbLqENTn8tz9jLyfISz3lZ6iVTQQW26iOxiLS-efwZvy47F5lh9fs7mCW9IBMYjt_DiG0ccWqTRAaCzDi-lncFeCo0ITH-Jd3AYbOX-OoIcDPXtZF3WOV3xXM28qGD4rCZ-0nAcki9Pw26tvrBgU2aWAJ5nvW5VEYblzGrIG2M7uhX9GjcQTvGYeooU197nyX0g
142.250.74.130200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CNLQ0tkCEPWElZoEGOO1ld0BMAE&v=APEucNUM_NAOWu8tZWfdMbwZ4xm2P0hZbLqENTn8tz9jLyfISz3lZ6iVTQQW26iOxiLS-efwZvy47F5lh9fs7mCW9IBMYjt_DiG0ccWqTRAaCzDi-lncFeCo0ITH-Jd3AYbOX-OoIcDPXtZF3WOV3xXM28qGD4rCZ-0nAcki9Pw26tvrBgU2aWAJ5nvW5VEYblzGrIG2M7uhX9GjcQTvGYeooU197nyX0g
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CNLQ0tkCEPWElZoEGOO1ld0BMAE&v=APEucNUM_NAOWu8tZWfdMbwZ4xm2P0hZbLqENTn8tz9jLyfISz3lZ6iVTQQW26iOxiLS-efwZvy47F5lh9fs7mCW9IBMYjt_DiG0ccWqTRAaCzDi-lncFeCo0ITH-Jd3AYbOX-OoIcDPXtZF3WOV3xXM28qGD4rCZ-0nAcki9Pw26tvrBgU2aWAJ5nvW5VEYblzGrIG2M7uhX9GjcQTvGYeooU197nyX0g HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Jan 2023 04:33:10 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Jan-2023 04:48:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 28 Jan 2023 04:33:10 GMT
cache-control: private
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
142.250.74.130200 OK 49 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 142.250.74.130:0
File type ASCII text, with very long lines (3504)
Hash eaf26b8f5900d361a5d447ea72df4752
26b0a44ca382082dde8648abd0a4d949bdf0c664
1334af0b91c26ce21cb75ab69d0c7e9c8ec1f00c0ce946a3689bb9d6fdcc4d37
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 49065
date: Sat, 28 Jan 2023 04:33:10 GMT
expires: Sat, 28 Jan 2023 04:33:10 GMT
cache-control: private, max-age=3000
etag: "1674650782302584"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3237aa3-30cf-4312-861c-8d923987ed4b.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3237aa3-30cf-4312-861c-8d923987ed4b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 335cb821617fe98e993190c93c616f86
130b6f6d592f3ab052015656653a1b3ac259599d
ee90912b731ff31e52ccd404bf45ec6b6d3802247a29f9397eed153ab709df96
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3237aa3-30cf-4312-861c-8d923987ed4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8569
x-amzn-requestid: d97c9436-5e2d-42a2-ad40-84c7776cdac3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_rVFA_oAMF-2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44648-03ff23d6072683a067472191;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:46:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: FuvSHsmeURS0TVrB-5IPYpmsovQh5OWzvsmlT2nzkDGfO2Q8gwP3Xw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:15:45 GMT
age: 22645
etag: "130b6f6d592f3ab052015656653a1b3ac259599d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2033b2-0708-4731-82a4-5bbc9f000ae2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2033b2-0708-4731-82a4-5bbc9f000ae2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a2881cea3ae511d3dfd2f6b7cd598a4e
105d8d675aaafce5602e4015aee2d1659553d1b1
0993ef71c2af9e07ed09e0e2ba40a4d9fdd01444154c2f39f8fc48a4dfef1730
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2033b2-0708-4731-82a4-5bbc9f000ae2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10863
x-amzn-requestid: db873091-be76-4276-aa3e-f9bd44051508
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fbAMbHCMoAMFsYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4471c-57f14d6a3ebcc8a1788bae80;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:50:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: S8H9sSYtUyye2ex8ulTLy6SEyqTt3xUmjRkTWL0oCEDZIDA21dnudw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:38:29 GMT
etag: "105d8d675aaafce5602e4015aee2d1659553d1b1"
content-type: image/jpeg
age: 21281
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c808e0-eda9-4074-b1ed-65637dbd4ba9.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c808e0-eda9-4074-b1ed-65637dbd4ba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 940946e65210c717266c3a64751f1b72
f0e66aeef0c72865d565f48b563f66a184b758a9
1d031b8a530a1e6d84d79fae891f023e1ab7646596c00c57d83cfffce1f6fdf5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c808e0-eda9-4074-b1ed-65637dbd4ba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5742
x-amzn-requestid: b22fd8a5-eefc-494e-a304-75b69eef069d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPFr2GsdoAMFpqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8318-69b5e7c726fa92134d08c775;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:04:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _v22JZf26Ru1GosUney59kegdHWXkI1HT1yLPBZQzNrETZMdos834w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 04:39:18 GMT
age: 86032
etag: "f0e66aeef0c72865d565f48b563f66a184b758a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f185f0b4f90d06dbb397b44ed9c73dbe
a48e2c369a048447e0e25e4791eb603859391c1c
b466060fc132cc8d23fcb83001206606e2d5502118c65e9f55795b5adbff2fa6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9364
x-amzn-requestid: e556be7b-567a-4c9a-931e-ff6fee42d3a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T8GbFoAMFySg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-6f4476e9388c77a057153277;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: LPkLrx7l9Qf_GKdtJq_77RUkvgnKZlCaDN34xsB5bEO8c9VQEJPAew==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:38 GMT
etag: "a48e2c369a048447e0e25e4791eb603859391c1c"
content-type: image/jpeg
age: 23792
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4cb7be12333fa7ea3353901b4b3215af
4b758cc432874384f330568177eef5a328d7e69a
d6f86c0ddbabd5c4fd7cee72ce4da62ccddd9d29139c9ab033bb1ab8425bae22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11918
x-amzn-requestid: baf2eddf-03cc-4af7-b799-c2c68b90d7a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUf4sFUYoAMFg6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1ad04-696c5dd015428f7429a5ccec;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 22:28:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TqFzcoLfgMkYqL6JxAWyG4MdeGS_TA7jJs6eKHqlqe-wU174CAzKsw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:39:29 GMT
age: 21221
etag: "4b758cc432874384f330568177eef5a328d7e69a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 23784
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY9quFvQEwAQ&v=APEucNUEZKfU2FRdqWXW2BmBO-wWBqyVENiVp6qoTfyzZYZ8JnwcAhYtL-FJUGGEj8bBrR5HDmyDaMuA0N9ARzskJp5gxj-BPFuZ9nokW4XAkKIiBBQgt5vZTn-DPMD6Y-vzb_J0NooC9wjYijHlrFjTDRw34AcmZoXP7jWZbIn7dJPeaDf9zn74louddX-o_gJ_WLv6aRqp0FAclr0k0BtyxUUsmf-Uzg
142.250.74.130200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY9quFvQEwAQ&v=APEucNUEZKfU2FRdqWXW2BmBO-wWBqyVENiVp6qoTfyzZYZ8JnwcAhYtL-FJUGGEj8bBrR5HDmyDaMuA0N9ARzskJp5gxj-BPFuZ9nokW4XAkKIiBBQgt5vZTn-DPMD6Y-vzb_J0NooC9wjYijHlrFjTDRw34AcmZoXP7jWZbIn7dJPeaDf9zn74louddX-o_gJ_WLv6aRqp0FAclr0k0BtyxUUsmf-Uzg
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CJfnugEQpvPq4AIY9quFvQEwAQ&v=APEucNUEZKfU2FRdqWXW2BmBO-wWBqyVENiVp6qoTfyzZYZ8JnwcAhYtL-FJUGGEj8bBrR5HDmyDaMuA0N9ARzskJp5gxj-BPFuZ9nokW4XAkKIiBBQgt5vZTn-DPMD6Y-vzb_J0NooC9wjYijHlrFjTDRw34AcmZoXP7jWZbIn7dJPeaDf9zn74louddX-o_gJ_WLv6aRqp0FAclr0k0BtyxUUsmf-Uzg HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Jan 2023 04:33:10 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Jan-2023 04:48:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 28 Jan 2023 04:33:10 GMT
cache-control: private
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 530394aa8c31dc4f609cf36d755a7050
d5498c39a9a093d846680008e94b1b5a95e6742b
d152b0a83f2502914526bcc39080594ef0612766addc3d72620a02ce03894230
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D152B0A83F2502914526BCC39080594EF0612766ADDC3D72620A02CE03894230"
Last-Modified: Wed, 25 Jan 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8820
Expires: Sat, 28 Jan 2023 07:00:10 GMT
Date: Sat, 28 Jan 2023 04:33:10 GMT
Connection: keep-alive
id5-sync.com/api/esp/increment?counter=no-config
141.95.98.64204 0 B URL HTTP/1.1 id5-sync.com/api/esp/increment?counter=no-config
IP 141.95.98.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/esp/increment?counter=no-config HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
date: Sat, 28 Jan 2023 04:33:09 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=5182811&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hiJ1ZmNAS0-MQdVWnBsiaV&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/sylenth1-win&DVP_PP_BUNDLE_ID=
95.101.11.123200 OK 1.9 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=5182811&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hiJ1ZmNAS0-MQdVWnBsiaV&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/sylenth1-win&DVP_PP_BUNDLE_ID=
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type HTML document, ASCII text, with very long lines (536)
Hash 87b6182d03ee779aa68e37632f67656e
fac511e36df5215ae95ad7d03c4984e5ffcb7f6e
e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7
GET /dvbs_src.js?ctx=1828362&cmp=115750&plc=5182811&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hiJ1ZmNAS0-MQdVWnBsiaV&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/sylenth1-win&DVP_PP_BUNDLE_ID= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-GUploader-UploadID: ADPycds6p1jm1dM37ZrGE7degj1PHtVHSCOhkWg3tNxtDa8jls04Qf_pWilJX59SK2PF90mCXMWOvLDiSS4yJ4B9Ex0-uw
Cache-Control: max-age=86400
Expires: Wed, 18 Jan 2023 15:48:02 GMT
Last-Modified: Tue, 10 Jan 2023 11:02:09 GMT
ETag: "87b6182d03ee779aa68e37632f67656e"
x-goog-generation: 1673348529482061
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1922
x-goog-meta-pipeline-id: 742670731
x-goog-meta-previous-generation-number: 1673253614982549
Content-Type: application/javascript
x-goog-hash: crc32c=lOOx4w==, md5=h7YYLQPud5qmjjdjL2dlbg==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Content-Length: 1922
Server: UploadServer
Date: Sat, 28 Jan 2023 04:33:10 GMT
Connection: keep-alive
cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hiJ1ZmNAS0-MQdVWnBsiaV&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/sylenth1-win&DVP_PP_BUNDLE_ID=
95.101.11.123200 OK 3.3 kB URL HTTP/1.1 cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hiJ1ZmNAS0-MQdVWnBsiaV&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/sylenth1-win&DVP_PP_BUNDLE_ID=
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (8016)
Hash c130b6fbb443e8aedc3088d6e002cb18
993b47a1da2bfb78ef33b7fce7d2a8ef034033da
b37b66a9b9a7b0f362460c1efb62f50e14052b9f374654a94d85b4261e7111a4
GET /dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hiJ1ZmNAS0-MQdVWnBsiaV&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/sylenth1-win&DVP_PP_BUNDLE_ID= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 24 Jan 2023 16:47:29 GMT
Accept-Ranges: bytes
ETag: "80a6ac8b1330d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 3337
Date: Sat, 28 Jan 2023 04:33:10 GMT
Connection: keep-alive
cdn.doubleverify.com/dvbs_src_internal117.js
95.101.11.123200 OK 19 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src_internal117.js
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2636), with CRLF, LF line terminators
Hash cf93b15de9d1c76c1bc6fdaee5382496
26e52f0a242bff375cc54d8d33a1a416d89e2813
c290ae68279e0685c13650d1534a0cd86997420399bb67288046e61b13defb53
GET /dvbs_src_internal117.js HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=946080000
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 11:00:18 GMT
Accept-Ranges: bytes
ETag: "0cda5b9e224d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 18840
Date: Sat, 28 Jan 2023 04:33:10 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash af1c521d29c662e208d80836c19fa58a
64e18dcf8f3ea43f6aeb1c66299bd37121cdfe14
57fe9c6dbb637c6090c7110234fb9d3aadb75850d6d5ed5c668376ebd121c1f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
172.217.21.166200 OK 60 kB URL HTTP/2 s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
IP 172.217.21.166:0
File type ASCII text, with very long lines (2322)
Hash 36b0ba015b3250f6bda9e89b898f4707
635c67d8b08f40705e87e9c81cb138aef9c2ecdb
c70af3ba570296102947920e68bfe252d08de33b0464a910dd8e5d3ac58410f3
GET /879366/html_inpage_rendering_lib_200_276.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 60311
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 17:26:41 GMT
expires: Sat, 28 Jan 2023 17:26:41 GMT
cache-control: public, max-age=86400
age: 39989
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash af1c521d29c662e208d80836c19fa58a
64e18dcf8f3ea43f6aeb1c66299bd37121cdfe14
57fe9c6dbb637c6090c7110234fb9d3aadb75850d6d5ed5c668376ebd121c1f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 04:33:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t.6sc.co/img.gif?event=imp&mcid=84456&cb=2040016967&pid=184934570&cid=29139965
104.85.176.46200 OK 43 B URL HTTP/1.1 t.6sc.co/img.gif?event=imp&mcid=84456&cb=2040016967&pid=184934570&cid=29139965
IP 104.85.176.46:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash f837aa60b6fe83458f790db60d529fc9
14af87ccec7f81bb28d53c84da2fd5a9d5925cda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /img.gif?event=imp&mcid=84456&cb=2040016967&pid=184934570&cid=29139965 HTTP/1.1
Host: t.6sc.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-Type: image/gif
ETag: "60bb2e1b-2b"
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Sat, 05 Jun 2021 07:56:11 GMT
Pragma: no-cache
Server: nginx/1.14.0 (Ubuntu)
X-Content-Type-Options: nosniff
Content-Length: 43
Date: Sat, 28 Jan 2023 04:33:10 GMT
Connection: keep-alive
Set-Cookie: 6suuid=98054917c656000086a5d463bb020000824adc00; expires=Mon, 27-Jan-2025 04:33:10 GMT; path=/; domain=.6sc.co; SameSite=None; secure
Access-Control-Allow-Origin:
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuVLfLhCraGq5s6fzpZuQluq6ttdC93YEDLKOj8JqV2EC9aKcozigrPFLj6Ec8EQfs7eRFjyKqK4lvFB4JIY31mUM6urnPp0YuzJUNuUAIOX5DdQgqJkHAbPS_hq1IkW0_C1ix8xGYseDBXKCVws5b9ZPWLQRn-7zm53ANyTkmKJgLtF2hzxGIZ_zPKewz8JR2I4vujtN88Og0GjS9yYSN8d7HGnFs3d662fbktlcoKPbv1jf0B-K0uNy_o45MeCvHtcarlY3Qd09JkuzGg7FHafE0mz0nX2shvLRs5d9y9X74ulKtwoG8ygdENIGjv4fGl2AhEsiLFliWSwoG5mtKg4HCZkXrGYk46nQYydYE2sa5sYo0eRr4TCiis9LGyKDv0hFeDIOXZNAQGbuY3Wyl4IrYK7Ac_mnLdO7qSCHKs6EXKr_8q7rvu4xEnCbd0mjf2EB5qYlaSuHxE1oIyk3_Ncb5cZDLuWUkSuz4F0mtQrCsgYjuLa22Vx9T7EzQS7YuKx4OW_Be95-BBwp2ytO9z9YV3tuAegLHFiCdwZ7iH49aerTavFYXTmioRbooRAOl1fshtxPhmSR6XRiG-jFZDTMdmE5tRuDq15nOdGajP3OTOw7zKvxZdz8K4bab0ACgrugpS48DQcreDbSxY8ZkEI0MKWP4yvM7MeR1ZsZ_uG3aMiuwfOt6j5WGSmeR6JfZJ4ymD5GtY3AgEVZLxomJ6m7elXQAt-IZTDHBtBQ7G0Z1zAYkoC23fPVoDzKRTsY0xh69N7f4XMZjfVY9LzV7yPN8N43iN-H0O40wuj-lJDlsOFEff-ljPHZnUWYHfhe4ukc-SV0iv4E6Auc5_zJRmiUgliFlpoaMi4bDZcA35OFoFyA7_5svDMhdulsdsCb-87mbXMcI0F8yMnlwGmHbtJ-aX2cXvaY1D72DeY1PQ7E1CwPOQqhAi19igTA_65JtWPWMZuRDqi4-zZ6ti3d-OkI-ua8F6o5likluvWI_ZMV5SkT1D-MK3UqqtLTPX_5h5079CmNXDQcfpIasfLQHuN5m48sf1Q2e2qs0JOns_US-nE3UJ_U_e81WwmasuN27BGji2HP5oGN7HQZaX0OcqXtWG0RAC60jQSdVhkzode4wUfuXkS13SsBjEVN_Zhf5kxGPu-DEEccQhhTNB5JOeoE0fCf92wk_SlRvE&sai=AMfl-YTVI35xkqUwp4F4jECdQFigoiuUZ_buWQxurInqSJiQgTiTpcyqmYbBiIDQhSzVlHLvdVrOOO2OqstT319sKVL7vD1vTvsNCVAtGzN2E96EPm6ajcVgbFoICrxRYWirSAyEsD-PiCoJdd6KXOj4KDszsVJjQEqm-a3QHTzGUO-qObaPw7JH0IO0EE-KSnUHQelDdgmxLWuxZSffJKoct0f-xFybuBPSDl--PZPOY7q8QSwxcS6mDMgE3xbmViIGQeoqtWuNDsX6XifSJQzFtbiU1nslPSJIi9wPyMkqlIQM0GsBrqI&sig=Cg0ArKJSzLTH5In-OkAHEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230124.31546&arae=0&ftch=1&adurl=
142.250.74.66200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuVLfLhCraGq5s6fzpZuQluq6ttdC93YEDLKOj8JqV2EC9aKcozigrPFLj6Ec8EQfs7eRFjyKqK4lvFB4JIY31mUM6urnPp0YuzJUNuUAIOX5DdQgqJkHAbPS_hq1IkW0_C1ix8xGYseDBXKCVws5b9ZPWLQRn-7zm53ANyTkmKJgLtF2hzxGIZ_zPKewz8JR2I4vujtN88Og0GjS9yYSN8d7HGnFs3d662fbktlcoKPbv1jf0B-K0uNy_o45MeCvHtcarlY3Qd09JkuzGg7FHafE0mz0nX2shvLRs5d9y9X74ulKtwoG8ygdENIGjv4fGl2AhEsiLFliWSwoG5mtKg4HCZkXrGYk46nQYydYE2sa5sYo0eRr4TCiis9LGyKDv0hFeDIOXZNAQGbuY3Wyl4IrYK7Ac_mnLdO7qSCHKs6EXKr_8q7rvu4xEnCbd0mjf2EB5qYlaSuHxE1oIyk3_Ncb5cZDLuWUkSuz4F0mtQrCsgYjuLa22Vx9T7EzQS7YuKx4OW_Be95-BBwp2ytO9z9YV3tuAegLHFiCdwZ7iH49aerTavFYXTmioRbooRAOl1fshtxPhmSR6XRiG-jFZDTMdmE5tRuDq15nOdGajP3OTOw7zKvxZdz8K4bab0ACgrugpS48DQcreDbSxY8ZkEI0MKWP4yvM7MeR1ZsZ_uG3aMiuwfOt6j5WGSmeR6JfZJ4ymD5GtY3AgEVZLxomJ6m7elXQAt-IZTDHBtBQ7G0Z1zAYkoC23fPVoDzKRTsY0xh69N7f4XMZjfVY9LzV7yPN8N43iN-H0O40wuj-lJDlsOFEff-ljPHZnUWYHfhe4ukc-SV0iv4E6Auc5_zJRmiUgliFlpoaMi4bDZcA35OFoFyA7_5svDMhdulsdsCb-87mbXMcI0F8yMnlwGmHbtJ-aX2cXvaY1D72DeY1PQ7E1CwPOQqhAi19igTA_65JtWPWMZuRDqi4-zZ6ti3d-OkI-ua8F6o5likluvWI_ZMV5SkT1D-MK3UqqtLTPX_5h5079CmNXDQcfpIasfLQHuN5m48sf1Q2e2qs0JOns_US-nE3UJ_U_e81WwmasuN27BGji2HP5oGN7HQZaX0OcqXtWG0RAC60jQSdVhkzode4wUfuXkS13SsBjEVN_Zhf5kxGPu-DEEccQhhTNB5JOeoE0fCf92wk_SlRvE&sai=AMfl-YTVI35xkqUwp4F4jECdQFigoiuUZ_buWQxurInqSJiQgTiTpcyqmYbBiIDQhSzVlHLvdVrOOO2OqstT319sKVL7vD1vTvsNCVAtGzN2E96EPm6ajcVgbFoICrxRYWirSAyEsD-PiCoJdd6KXOj4KDszsVJjQEqm-a3QHTzGUO-qObaPw7JH0IO0EE-KSnUHQelDdgmxLWuxZSffJKoct0f-xFybuBPSDl--PZPOY7q8QSwxcS6mDMgE3xbmViIGQeoqtWuNDsX6XifSJQzFtbiU1nslPSJIi9wPyMkqlIQM0GsBrqI&sig=Cg0ArKJSzLTH5In-OkAHEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230124.31546&arae=0&ftch=1&adurl=
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsuVLfLhCraGq5s6fzpZuQluq6ttdC93YEDLKOj8JqV2EC9aKcozigrPFLj6Ec8EQfs7eRFjyKqK4lvFB4JIY31mUM6urnPp0YuzJUNuUAIOX5DdQgqJkHAbPS_hq1IkW0_C1ix8xGYseDBXKCVws5b9ZPWLQRn-7zm53ANyTkmKJgLtF2hzxGIZ_zPKewz8JR2I4vujtN88Og0GjS9yYSN8d7HGnFs3d662fbktlcoKPbv1jf0B-K0uNy_o45MeCvHtcarlY3Qd09JkuzGg7FHafE0mz0nX2shvLRs5d9y9X74ulKtwoG8ygdENIGjv4fGl2AhEsiLFliWSwoG5mtKg4HCZkXrGYk46nQYydYE2sa5sYo0eRr4TCiis9LGyKDv0hFeDIOXZNAQGbuY3Wyl4IrYK7Ac_mnLdO7qSCHKs6EXKr_8q7rvu4xEnCbd0mjf2EB5qYlaSuHxE1oIyk3_Ncb5cZDLuWUkSuz4F0mtQrCsgYjuLa22Vx9T7EzQS7YuKx4OW_Be95-BBwp2ytO9z9YV3tuAegLHFiCdwZ7iH49aerTavFYXTmioRbooRAOl1fshtxPhmSR6XRiG-jFZDTMdmE5tRuDq15nOdGajP3OTOw7zKvxZdz8K4bab0ACgrugpS48DQcreDbSxY8ZkEI0MKWP4yvM7MeR1ZsZ_uG3aMiuwfOt6j5WGSmeR6JfZJ4ymD5GtY3AgEVZLxomJ6m7elXQAt-IZTDHBtBQ7G0Z1zAYkoC23fPVoDzKRTsY0xh69N7f4XMZjfVY9LzV7yPN8N43iN-H0O40wuj-lJDlsOFEff-ljPHZnUWYHfhe4ukc-SV0iv4E6Auc5_zJRmiUgliFlpoaMi4bDZcA35OFoFyA7_5svDMhdulsdsCb-87mbXMcI0F8yMnlwGmHbtJ-aX2cXvaY1D72DeY1PQ7E1CwPOQqhAi19igTA_65JtWPWMZuRDqi4-zZ6ti3d-OkI-ua8F6o5likluvWI_ZMV5SkT1D-MK3UqqtLTPX_5h5079CmNXDQcfpIasfLQHuN5m48sf1Q2e2qs0JOns_US-nE3UJ_U_e81WwmasuN27BGji2HP5oGN7HQZaX0OcqXtWG0RAC60jQSdVhkzode4wUfuXkS13SsBjEVN_Zhf5kxGPu-DEEccQhhTNB5JOeoE0fCf92wk_SlRvE&sai=AMfl-YTVI35xkqUwp4F4jECdQFigoiuUZ_buWQxurInqSJiQgTiTpcyqmYbBiIDQhSzVlHLvdVrOOO2OqstT319sKVL7vD1vTvsNCVAtGzN2E96EPm6ajcVgbFoICrxRYWirSAyEsD-PiCoJdd6KXOj4KDszsVJjQEqm-a3QHTzGUO-qObaPw7JH0IO0EE-KSnUHQelDdgmxLWuxZSffJKoct0f-xFybuBPSDl--PZPOY7q8QSwxcS6mDMgE3xbmViIGQeoqtWuNDsX6XifSJQzFtbiU1nslPSJIi9wPyMkqlIQM0GsBrqI&sig=Cg0ArKJSzLTH5In-OkAHEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230124.31546&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
access-control-allow-origin: *
cache-control: private
content-type: image/gif
x-content-type-options: nosniff
date: Sat, 28 Jan 2023 04:33:10 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Jan-2023 04:48:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 28 Jan 2023 04:33:10 GMT
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuVLfLhCraGq5s6fzpZuQluq6ttdC93YEDLKOj8JqV2EC9aKcozigrPFLj6Ec8EQfs7eRFjyKqK4lvFB4JIY31mUM6urnPp0YuzJUNuUAIOX5DdQgqJkHAbPS_hq1IkW0_C1ix8xGYseDBXKCVws5b9ZPWLQRn-7zm53ANyTkmKJgLtF2hzxGIZ_zPKewz8JR2I4vujtN88Og0GjS9yYSN8d7HGnFs3d662fbktlcoKPbv1jf0B-K0uNy_o45MeCvHtcarlY3Qd09JkuzGg7FHafE0mz0nX2shvLRs5d9y9X74ulKtwoG8ygdENIGjv4fGl2AhEsiLFliWSwoG5mtKg4HCZkXrGYk46nQYydYE2sa5sYo0eRr4TCiis9LGyKDv0hFeDIOXZNAQGbuY3Wyl4IrYK7Ac_mnLdO7qSCHKs6EXKr_8q7rvu4xEnCbd0mjf2EB5qYlaSuHxE1oIyk3_Ncb5cZDLuWUkSuz4F0mtQrCsgYjuLa22Vx9T7EzQS7YuKx4OW_Be95-BBwp2ytO9z9YV3tuAegLHFiCdwZ7iH49aerTavFYXTmioRbooRAOl1fshtxPhmSR6XRiG-jFZDTMdmE5tRuDq15nOdGajP3OTOw7zKvxZdz8K4bab0ACgrugpS48DQcreDbSxY8ZkEI0MKWP4yvM7MeR1ZsZ_uG3aMiuwfOt6j5WGSmeR6JfZJ4ymD5GtY3AgEVZLxomJ6m7elXQAt-IZTDHBtBQ7G0Z1zAYkoC23fPVoDzKRTsY0xh69N7f4XMZjfVY9LzV7yPN8N43iN-H0O40wuj-lJDlsOFEff-ljPHZnUWYHfhe4ukc-SV0iv4E6Auc5_zJRmiUgliFlpoaMi4bDZcA35OFoFyA7_5svDMhdulsdsCb-87mbXMcI0F8yMnlwGmHbtJ-aX2cXvaY1D72DeY1PQ7E1CwPOQqhAi19igTA_65JtWPWMZuRDqi4-zZ6ti3d-OkI-ua8F6o5likluvWI_ZMV5SkT1D-MK3UqqtLTPX_5h5079CmNXDQcfpIasfLQHuN5m48sf1Q2e2qs0JOns_US-nE3UJ_U_e81WwmasuN27BGji2HP5oGN7HQZaX0OcqXtWG0RAC60jQSdVhkzode4wUfuXkS13SsBjEVN_Zhf5kxGPu-DEEccQhhTNB5JOeoE0fCf92wk_SlRvE&sai=AMfl-YTVI35xkqUwp4F4jECdQFigoiuUZ_buWQxurInqSJiQgTiTpcyqmYbBiIDQhSzVlHLvdVrOOO2OqstT319sKVL7vD1vTvsNCVAtGzN2E96EPm6ajcVgbFoICrxRYWirSAyEsD-PiCoJdd6KXOj4KDszsVJjQEqm-a3QHTzGUO-qObaPw7JH0IO0EE-KSnUHQelDdgmxLWuxZSffJKoct0f-xFybuBPSDl--PZPOY7q8QSwxcS6mDMgE3xbmViIGQeoqtWuNDsX6XifSJQzFtbiU1nslPSJIi9wPyMkqlIQM0GsBrqI&sig=Cg0ArKJSzLTH5In-OkAHEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=333&vt=11&dtpt=332&dett=2&cstd=0&cisv=r20230124.31546&arae=0&ftch=1&adurl=
142.250.74.66200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuVLfLhCraGq5s6fzpZuQluq6ttdC93YEDLKOj8JqV2EC9aKcozigrPFLj6Ec8EQfs7eRFjyKqK4lvFB4JIY31mUM6urnPp0YuzJUNuUAIOX5DdQgqJkHAbPS_hq1IkW0_C1ix8xGYseDBXKCVws5b9ZPWLQRn-7zm53ANyTkmKJgLtF2hzxGIZ_zPKewz8JR2I4vujtN88Og0GjS9yYSN8d7HGnFs3d662fbktlcoKPbv1jf0B-K0uNy_o45MeCvHtcarlY3Qd09JkuzGg7FHafE0mz0nX2shvLRs5d9y9X74ulKtwoG8ygdENIGjv4fGl2AhEsiLFliWSwoG5mtKg4HCZkXrGYk46nQYydYE2sa5sYo0eRr4TCiis9LGyKDv0hFeDIOXZNAQGbuY3Wyl4IrYK7Ac_mnLdO7qSCHKs6EXKr_8q7rvu4xEnCbd0mjf2EB5qYlaSuHxE1oIyk3_Ncb5cZDLuWUkSuz4F0mtQrCsgYjuLa22Vx9T7EzQS7YuKx4OW_Be95-BBwp2ytO9z9YV3tuAegLHFiCdwZ7iH49aerTavFYXTmioRbooRAOl1fshtxPhmSR6XRiG-jFZDTMdmE5tRuDq15nOdGajP3OTOw7zKvxZdz8K4bab0ACgrugpS48DQcreDbSxY8ZkEI0MKWP4yvM7MeR1ZsZ_uG3aMiuwfOt6j5WGSmeR6JfZJ4ymD5GtY3AgEVZLxomJ6m7elXQAt-IZTDHBtBQ7G0Z1zAYkoC23fPVoDzKRTsY0xh69N7f4XMZjfVY9LzV7yPN8N43iN-H0O40wuj-lJDlsOFEff-ljPHZnUWYHfhe4ukc-SV0iv4E6Auc5_zJRmiUgliFlpoaMi4bDZcA35OFoFyA7_5svDMhdulsdsCb-87mbXMcI0F8yMnlwGmHbtJ-aX2cXvaY1D72DeY1PQ7E1CwPOQqhAi19igTA_65JtWPWMZuRDqi4-zZ6ti3d-OkI-ua8F6o5likluvWI_ZMV5SkT1D-MK3UqqtLTPX_5h5079CmNXDQcfpIasfLQHuN5m48sf1Q2e2qs0JOns_US-nE3UJ_U_e81WwmasuN27BGji2HP5oGN7HQZaX0OcqXtWG0RAC60jQSdVhkzode4wUfuXkS13SsBjEVN_Zhf5kxGPu-DEEccQhhTNB5JOeoE0fCf92wk_SlRvE&sai=AMfl-YTVI35xkqUwp4F4jECdQFigoiuUZ_buWQxurInqSJiQgTiTpcyqmYbBiIDQhSzVlHLvdVrOOO2OqstT319sKVL7vD1vTvsNCVAtGzN2E96EPm6ajcVgbFoICrxRYWirSAyEsD-PiCoJdd6KXOj4KDszsVJjQEqm-a3QHTzGUO-qObaPw7JH0IO0EE-KSnUHQelDdgmxLWuxZSffJKoct0f-xFybuBPSDl--PZPOY7q8QSwxcS6mDMgE3xbmViIGQeoqtWuNDsX6XifSJQzFtbiU1nslPSJIi9wPyMkqlIQM0GsBrqI&sig=Cg0ArKJSzLTH5In-OkAHEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=333&vt=11&dtpt=332&dett=2&cstd=0&cisv=r20230124.31546&arae=0&ftch=1&adurl=
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsuVLfLhCraGq5s6fzpZuQluq6ttdC93YEDLKOj8JqV2EC9aKcozigrPFLj6Ec8EQfs7eRFjyKqK4lvFB4JIY31mUM6urnPp0YuzJUNuUAIOX5DdQgqJkHAbPS_hq1IkW0_C1ix8xGYseDBXKCVws5b9ZPWLQRn-7zm53ANyTkmKJgLtF2hzxGIZ_zPKewz8JR2I4vujtN88Og0GjS9yYSN8d7HGnFs3d662fbktlcoKPbv1jf0B-K0uNy_o45MeCvHtcarlY3Qd09JkuzGg7FHafE0mz0nX2shvLRs5d9y9X74ulKtwoG8ygdENIGjv4fGl2AhEsiLFliWSwoG5mtKg4HCZkXrGYk46nQYydYE2sa5sYo0eRr4TCiis9LGyKDv0hFeDIOXZNAQGbuY3Wyl4IrYK7Ac_mnLdO7qSCHKs6EXKr_8q7rvu4xEnCbd0mjf2EB5qYlaSuHxE1oIyk3_Ncb5cZDLuWUkSuz4F0mtQrCsgYjuLa22Vx9T7EzQS7YuKx4OW_Be95-BBwp2ytO9z9YV3tuAegLHFiCdwZ7iH49aerTavFYXTmioRbooRAOl1fshtxPhmSR6XRiG-jFZDTMdmE5tRuDq15nOdGajP3OTOw7zKvxZdz8K4bab0ACgrugpS48DQcreDbSxY8ZkEI0MKWP4yvM7MeR1ZsZ_uG3aMiuwfOt6j5WGSmeR6JfZJ4ymD5GtY3AgEVZLxomJ6m7elXQAt-IZTDHBtBQ7G0Z1zAYkoC23fPVoDzKRTsY0xh69N7f4XMZjfVY9LzV7yPN8N43iN-H0O40wuj-lJDlsOFEff-ljPHZnUWYHfhe4ukc-SV0iv4E6Auc5_zJRmiUgliFlpoaMi4bDZcA35OFoFyA7_5svDMhdulsdsCb-87mbXMcI0F8yMnlwGmHbtJ-aX2cXvaY1D72DeY1PQ7E1CwPOQqhAi19igTA_65JtWPWMZuRDqi4-zZ6ti3d-OkI-ua8F6o5likluvWI_ZMV5SkT1D-MK3UqqtLTPX_5h5079CmNXDQcfpIasfLQHuN5m48sf1Q2e2qs0JOns_US-nE3UJ_U_e81WwmasuN27BGji2HP5oGN7HQZaX0OcqXtWG0RAC60jQSdVhkzode4wUfuXkS13SsBjEVN_Zhf5kxGPu-DEEccQhhTNB5JOeoE0fCf92wk_SlRvE&sai=AMfl-YTVI35xkqUwp4F4jECdQFigoiuUZ_buWQxurInqSJiQgTiTpcyqmYbBiIDQhSzVlHLvdVrOOO2OqstT319sKVL7vD1vTvsNCVAtGzN2E96EPm6ajcVgbFoICrxRYWirSAyEsD-PiCoJdd6KXOj4KDszsVJjQEqm-a3QHTzGUO-qObaPw7JH0IO0EE-KSnUHQelDdgmxLWuxZSffJKoct0f-xFybuBPSDl--PZPOY7q8QSwxcS6mDMgE3xbmViIGQeoqtWuNDsX6XifSJQzFtbiU1nslPSJIi9wPyMkqlIQM0GsBrqI&sig=Cg0ArKJSzLTH5In-OkAHEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=333&vt=11&dtpt=332&dett=2&cstd=0&cisv=r20230124.31546&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sat, 28 Jan 2023 04:33:10 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Jan-2023 04:48:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 28 Jan 2023 04:33:10 GMT
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 5fcfa57252f62fc373f057a85a8e3fda
96623f3f223d893a657787a535662bb2286aa885
1e4a25b9ddd7c8f0378fb7ddea22e6c428dac1fe4c34a17d317686f20f0ec103
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 28 Jan 2023 04:33:10 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 27 Jan 2023 20:40:17 GMT
Expires: Sat, 28 Jan 2023 20:40:17 GMT
ETag: "96623f3f223d893a657787a535662bb2286aa885"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_110114000899&jsTagObjCallback=__tagObject_callback_110114000899&num=6&ctx=1828362&cmp=115750&plc=5182811&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=110114000899&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/sylenth1-win&chro=0&hist=2&winh=280&winw=770&wouh=921&wouw=1152&scah=1024&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hiJ1ZmNAS0-MQdVWnBsiaV&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=7&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauDJ%3D6%3FE9%60%5CH%3A%3F&dvp_exetime=10.00&callbackName=__verify_callback_110114000899
34.149.12.213200 OK 265 B URL HTTP/1.1 rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_110114000899&jsTagObjCallback=__tagObject_callback_110114000899&num=6&ctx=1828362&cmp=115750&plc=5182811&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=110114000899&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/sylenth1-win&chro=0&hist=2&winh=280&winw=770&wouh=921&wouw=1152&scah=1024&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hiJ1ZmNAS0-MQdVWnBsiaV&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=7&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauDJ%3D6%3FE9%60%5CH%3A%3F&dvp_exetime=10.00&callbackName=__verify_callback_110114000899
IP 34.149.12.213:0
Hash f93bbb17dcf5df9fba2b5427be3040f7
433a4855f4dfb0a06cc879b31cc5579275fed1ac
4900971d00bc4b0bd9af0c37db6b4318b4c4f55dda97a96df948186836aa3846
GET /verify.js?flvr=0&jsCallback=__verify_callback_110114000899&jsTagObjCallback=__tagObject_callback_110114000899&num=6&ctx=1828362&cmp=115750&plc=5182811&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=110114000899&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/sylenth1-win&chro=0&hist=2&winh=280&winw=770&wouh=921&wouw=1152&scah=1024&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hiJ1ZmNAS0-MQdVWnBsiaV&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=7&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauDJ%3D6%3FE9%60%5CH%3A%3F&dvp_exetime=10.00&callbackName=__verify_callback_110114000899 HTTP/1.1
Host: rtb0.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 04:33:10 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 01/27/2023 04:33:10
Pragma: no-cache
Vary: Accept-Encoding
X-DV-Response: 0
cdn.doubleverify.com/dv-measurements3438.js
95.101.11.123200 OK 109 kB URL HTTP/1.1 cdn.doubleverify.com/dv-measurements3438.js
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 109 kB (109055 bytes)
Hash 9d818853909334b5c8790966cd9db9b4
99745be6a2f1e709fb5e9af2609585a72d0f75b0
45824500b50b592cd7918071004b4422b98bd45b3737dad87f0da61334d41feb
GET /dv-measurements3438.js HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=946080900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 23 Jan 2023 08:55:06 GMT
Accept-Ranges: bytes
ETag: "051846382fd91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 109055
Date: Sat, 28 Jan 2023 04:33:11 GMT
Connection: keep-alive
servedby.flashtalking.com/imp/8/115750;5182811;201;jsappend;DV360;DV360FY20AcrobatCTXCustomAffinityBlendedNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2F4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&us_privacy=${US_PRIVACY}&cachebuster=392650.1472721331&ft_dv=%5B%25ft_dv%25%5D
104.88.10.141200 OK 819 B URL HTTP/1.1 servedby.flashtalking.com/imp/8/115750;5182811;201;jsappend;DV360;DV360FY20AcrobatCTXCustomAffinityBlendedNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2F4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&us_privacy=${US_PRIVACY}&cachebuster=392650.1472721331&ft_dv=%5B%25ft_dv%25%5D
IP 104.88.10.141:0
File type ASCII text, with CRLF, CR, LF line terminators
Hash 0c833e332425bf0b5583a596741b27ed
548c793403a0245873d2b4096b38938436f897c5
b4c2577a3c1171eb9c6b04ef7f131cde068e9e91b6742421b896ee1364005ce1
GET /imp/8/115750;5182811;201;jsappend;DV360;DV360FY20AcrobatCTXCustomAffinityBlendedNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2F4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&us_privacy=${US_PRIVACY}&cachebuster=392650.1472721331&ft_dv=%5B%25ft_dv%25%5D HTTP/1.1
Host: servedby.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=ISO-8859-1
Server: prod-xre-app3.frk11
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Sat, 28 Jan 2023 04:33:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 28 Jan 2023 04:33:11 GMT
Content-Length: 819
Connection: keep-alive
Strict-Transport-Security: max-age=86400
cdn.flashtalking.com/xre/518/5182811/4069576/js/j-5182811-4069576.js
205.185.216.10200 OK 17 kB URL HTTP/1.1 cdn.flashtalking.com/xre/518/5182811/4069576/js/j-5182811-4069576.js
IP 205.185.216.10:0
File type ASCII text, with very long lines (2897), with CRLF, CR, LF line terminators
Hash 9682ad2970bac7e13e84402d6a396661
361774aaa295b21dc991dd3c46a2398085bc0d27
0a01dc6d1407ddea050965cc50095ff0f70aab6d29ee46f2604de906804d23b0
GET /xre/518/5182811/4069576/js/j-5182811-4069576.js HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 04:33:11 GMT
Connection: Keep-Alive
ETag: "1664998028"
Cache-Control: max-age=18
Content-Encoding: gzip
Content-Length: 17005
Content-Type: text/javascript; charset=utf-8
Last-Modified: Wed, 05 Oct 2022 19:27:08 GMT
Accept-Ranges: bytes
x-amz-id-2: h5dW31rdQiUBF4O7zfAhfk5ckQJ6FAlY2unvrm+kOBjkOPEVGcpQvACmIGLFC23rcQ41lM1PNbc=
x-amz-request-id: 5D6V9RHA6DAFTNE1
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1674880391.dop065.sk1.t,1674880391.cds226.sk1.shn,1674880391.dop065.sk1.t,1674880391.cds221.sk1.c
cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182811&num=&adid=&advid=&adsrv=29&btreg=5182811&btadsrv=flashtalking&crt=4069576&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=34E93F55-E332-AEB9-ED3B-F4D83FC40497&auevent=&374732671
95.101.11.123200 OK 3.3 kB URL HTTP/1.1 cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182811&num=&adid=&advid=&adsrv=29&btreg=5182811&btadsrv=flashtalking&crt=4069576&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=34E93F55-E332-AEB9-ED3B-F4D83FC40497&auevent=&374732671
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (8016)
Hash c130b6fbb443e8aedc3088d6e002cb18
993b47a1da2bfb78ef33b7fce7d2a8ef034033da
b37b66a9b9a7b0f362460c1efb62f50e14052b9f374654a94d85b4261e7111a4
GET /dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182811&num=&adid=&advid=&adsrv=29&btreg=5182811&btadsrv=flashtalking&crt=4069576&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=34E93F55-E332-AEB9-ED3B-F4D83FC40497&auevent=&374732671 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 24 Jan 2023 16:47:29 GMT
Accept-Ranges: bytes
ETag: "80a6ac8b1330d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 3337
Date: Sat, 28 Jan 2023 04:33:11 GMT
Connection: keep-alive
cdn.flashtalking.com/116327/4069576/index.html
205.185.216.10200 OK 19 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/index.html
IP 205.185.216.10:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1453), with CRLF, LF line terminators
Hash 30b926c7796145ac24d4991241a8f2ee
e945b3ea3f707052b17a2ac17fe71dc046b73b64
abc7edc3b542d9d84563119646042401ce118992da7e5a60c397ebb82fa84a47
GET /116327/4069576/index.html HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 04:33:11 GMT
Connection: Keep-Alive
ETag: "1664411225"
Cache-Control: max-age=901
Content-Encoding: gzip
Content-Length: 19164
Content-Type: text/html
Last-Modified: Thu, 29 Sep 2022 00:27:05 GMT
Accept-Ranges: bytes
x-amz-id-2: RoMbOCX7YG3WgnkxXkEQDSY9CWAdIp1SB2YByUa65Fpj54+PxrpGGEgSxKIgoEvVvAqfz+GPTIM=
x-amz-request-id: VB0RRNNNX56KY1WK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1674880391.dop065.sk1.t,1674880391.cds226.sk1.shn,1674880391.dop065.sk1.t,1674880391.cds246.sk1.c
secure.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
23.38.200.44200 OK 1.3 kB URL HTTP/1.1 secure.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
IP 23.38.200.44:0
File type PNG image data, 19 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash db320ef6f3c45ab5c90887ef618de2bb
7d4bd175166545ea775fcb69b406eba11f7fa3ec
f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025
GET /oba/icon/iconc.png?EDAA_icon=y HTTP/1.1
Host: secure.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Sat, 12 Apr 2014 19:14:32 GMT
Content-Type: image/png
ETag: W/"db320ef6f3c45ab5c90887ef618de2bb"
X-Varnish: 440713868 434560932
Accept-Ranges: bytes
Content-Length: 1308
Cache-Control: max-age=2264528
Expires: Thu, 23 Feb 2023 09:35:19 GMT
Date: Sat, 28 Jan 2023 04:33:11 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash f12689cf8f085a2a43dedb00591eed6a
41a9584666dead5c1ecff916bcd21a7af30c6cbe
6ab479ba5fa4cfc6e41e5e5049aef4a1575728ede9fc3fe8a634a5c38800e383
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 28 Jan 2023 04:33:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 28 Jan 2023 02:52:34 GMT
Expires: Sun, 29 Jan 2023 02:52:34 GMT
ETag: "41a9584666dead5c1ecff916bcd21a7af30c6cbe"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=0408616e12bf41d59eb6e743b442b9d9&dup=&eoid=1000&cbust=1674880392692282
95.101.11.123302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=0408616e12bf41d59eb6e743b442b9d9&dup=&eoid=1000&cbust=1674880392692282
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-eu3¶m=akipv6&impid=0408616e12bf41d59eb6e743b442b9d9&dup=&eoid=1000&cbust=1674880392692282 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-eu3.doubleverify.com/event.png?impid=0408616e12bf41d59eb6e743b442b9d9&akipv6=&dup=&eoid=1000
Date: Sat, 28 Jan 2023 04:33:11 GMT
Connection: keep-alive
code.createjs.com/1.0.0/createjs.min.js
23.36.76.98200 OK 64 kB URL HTTP/2 code.createjs.com/1.0.0/createjs.min.js
IP 23.36.76.98:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32043)
Hash 292a7144ac6076827ee286446a70333b
c44f65af003ad27b49ee90ecb3c8b1788ae0ddf6
650a416042a408cbbe2448fb2ef009e0a3cab8c6344d32a52c1ae3d9a70dbe61
GET /1.0.0/createjs.min.js HTTP/1.1
Host: code.createjs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
accept-ranges: bytes
content-type: text/javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=900
expires: Sat, 28 Jan 2023 04:48:11 GMT
date: Sat, 28 Jan 2023 04:33:11 GMT
x-n: S
X-Firefox-Spdy: h2
tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=129&ttfrms=19&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauDJ%3D6%3FE9%60%5CH%3A%3F&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1259&ddur=5&uid=1674880392657726&jsCallback=dvCallback_1674880392657584&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=921&wouw=1152&scah=1024&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=101&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182811&crt=4069576&btreg=5182811&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=34E93F55-E332-AEB9-ED3B-F4D83FC40497&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=3564804592.2950907&dvp_tukv=46193905.75037295&dvp_uuid=1196907375459.2974&dvp_tuid=190919550098&jurtd=267658359
34.149.12.213200 OK 1.2 kB URL HTTP/1.1 tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=129&ttfrms=19&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauDJ%3D6%3FE9%60%5CH%3A%3F&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1259&ddur=5&uid=1674880392657726&jsCallback=dvCallback_1674880392657584&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=921&wouw=1152&scah=1024&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=101&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182811&crt=4069576&btreg=5182811&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=34E93F55-E332-AEB9-ED3B-F4D83FC40497&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=3564804592.2950907&dvp_tukv=46193905.75037295&dvp_uuid=1196907375459.2974&dvp_tuid=190919550098&jurtd=267658359
IP 34.149.12.213:0
File type ASCII text, with very long lines (3044), with no line terminators
Hash 31f0ba673105269163963374f02ceb3a
a5fbbd50bc050a6995f56c94d088c3f9826d223a
6006a3e5c6a54855aa0cd889f372b435ab07c8fd35eb2fa258a87fff519696d2
GET /visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=129&ttfrms=19&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauDJ%3D6%3FE9%60%5CH%3A%3F&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1259&ddur=5&uid=1674880392657726&jsCallback=dvCallback_1674880392657584&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=921&wouw=1152&scah=1024&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=101&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182811&crt=4069576&btreg=5182811&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=34E93F55-E332-AEB9-ED3B-F4D83FC40497&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=3564804592.2950907&dvp_tukv=46193905.75037295&dvp_uuid=1196907375459.2974&dvp_tuid=190919550098&jurtd=267658359 HTTP/1.1
Host: tps.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 04:33:11 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 01/27/2023 04:33:11
Pragma: no-cache
Vary: Accept-Encoding
cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=e7d4dec8e6ee4f8290182ba53b6aa505&dup=&eoid=1000&cbust=1674880392752843
95.101.11.123302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=e7d4dec8e6ee4f8290182ba53b6aa505&dup=&eoid=1000&cbust=1674880392752843
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-eu3¶m=akipv6&impid=e7d4dec8e6ee4f8290182ba53b6aa505&dup=&eoid=1000&cbust=1674880392752843 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-eu3.doubleverify.com/event.png?impid=e7d4dec8e6ee4f8290182ba53b6aa505&akipv6=&dup=&eoid=1000
Date: Sat, 28 Jan 2023 04:33:11 GMT
Connection: keep-alive
tpsc-eu3.doubleverify.com/event.png?impid=0408616e12bf41d59eb6e743b442b9d9&akipv6=&dup=&eoid=1000
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=0408616e12bf41d59eb6e743b442b9d9&akipv6=&dup=&eoid=1000
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=0408616e12bf41d59eb6e743b442b9d9&akipv6=&dup=&eoid=1000 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sat, 28 Jan 2023 04:33:11 GMT
Connection: keep-alive
Cache-Control: max-age=0
Expires: 01/27/2023 04:33:11
Pragma: no-cache
cdn.flashtalking.com/116327/4069576/images/acrobat_create_2.jpg
205.185.216.10200 OK 15 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/images/acrobat_create_2.jpg
IP 205.185.216.10:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 710x444, components 3\012- data
Hash 296f9ed86795c8b1f2a1554742a0485a
8899d835a9478a5161299ba357c50b3598501f40
f07b31ea4c345d978d4748fb71a680ef2861368279ccb491f78fc86380c0e37a
GET /116327/4069576/images/acrobat_create_2.jpg HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069576/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 04:33:11 GMT
Connection: Keep-Alive
ETag: "1664411224"
Cache-Control: max-age=901
Content-Length: 15071
Content-Type: image/jpeg
Last-Modified: Thu, 29 Sep 2022 00:27:04 GMT
Accept-Ranges: bytes
x-amz-id-2: vAl5bO1kI+eq7uSbH1G88h/smLj6xlVcd1SxeedgR91COuWWVTpZPVKLaJZMuKdU99xwHf6jkks=
x-amz-request-id: 81Z2JHJSXVGSP664
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1674880391.dop065.sk1.t,1674880391.cds226.sk1.shn,1674880391.dop065.sk1.t,1674880391.cds219.sk1.c
secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
23.38.200.44200 OK 6.0 kB URL HTTP/1.1 secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
IP 23.38.200.44:0
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash d675694ab4d4d2eb56cca854c25d9c36
34174b9397a3cb289f892f1f98ccc51a63698360
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98
GET /oba/icon/consumer-privacy-logo.png HTTP/1.1
Host: secure.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Thu, 11 Feb 2021 15:39:51 GMT
Content-Type: image/png
ETag: W/"d675694ab4d4d2eb56cca854c25d9c36"
X-Varnish: 721542519 721664610
Accept-Ranges: bytes
Content-Length: 5953
Cache-Control: max-age=297
Expires: Sat, 28 Jan 2023 04:38:08 GMT
Date: Sat, 28 Jan 2023 04:33:11 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
tpsc-eu3.doubleverify.com/event.png?impid=e7d4dec8e6ee4f8290182ba53b6aa505&akipv6=&dup=&eoid=1000
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=e7d4dec8e6ee4f8290182ba53b6aa505&akipv6=&dup=&eoid=1000
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=e7d4dec8e6ee4f8290182ba53b6aa505&akipv6=&dup=&eoid=1000 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sat, 28 Jan 2023 04:33:11 GMT
Connection: keep-alive
Cache-Control: max-age=0
Expires: 01/27/2023 04:33:11
Pragma: no-cache
cdn.flashtalking.com/116327/4069576/images/acrobat_screen_large_2.jpg
205.185.216.10200 OK 180 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/images/acrobat_screen_large_2.jpg
IP 205.185.216.10:0
File type JPEG image data, progressive, precision 8, 926x531, components 3\012- data
Size 180 kB (179684 bytes)
Hash 64376c876f34130eb00d7c0338667dcf
2d77b890330e48c93dac67fbcceb3a89fa7ad24e
7e1d65ca11e16f00cba0b4870172a6a854e7f6d73e88b4691e80e25ecdf3161c
GET /116327/4069576/images/acrobat_screen_large_2.jpg HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069576/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 04:33:11 GMT
Connection: Keep-Alive
ETag: "1664411224"
Cache-Control: max-age=901
Content-Length: 179684
Content-Type: image/jpeg
Last-Modified: Thu, 29 Sep 2022 00:27:04 GMT
Accept-Ranges: bytes
x-amz-id-2: H5XWK1PNFpW4tNGciRni+ZapgfSo6ohYBR7+5VRYO4i7flTt33iyiLrIUpMFGyVg9timfEv6XuU=
x-amz-request-id: 81ZFMRYSAWT0BQQ9
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1674880391.dop065.sk1.t,1674880391.cds226.sk1.shn,1674880391.dop065.sk1.t,1674880391.cds227.sk1.c
cdn.flashtalking.com/116327/4069576/images/Image2.png
205.185.216.10200 OK 5.2 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/images/Image2.png
IP 205.185.216.10:0
File type PNG image data, 92 x 131, 8-bit/color RGBA, non-interlaced\012- data
Hash 36b54eb1631f1be795a0567fc7f6034f
c574b46865c60d9e654333e29b070ea802a54a2d
8856deebcedfa5f528c116f29edc1d31e54f16f7cc4841f9875b4910703d4445
GET /116327/4069576/images/Image2.png HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069576/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 04:33:11 GMT
Connection: Keep-Alive
ETag: "1664411224"
Cache-Control: max-age=901
Content-Length: 5192
Content-Type: image/png
Last-Modified: Thu, 29 Sep 2022 00:27:04 GMT
Accept-Ranges: bytes
x-amz-id-2: mj+Rn2zb90Fim0qqtQlgwyzbqlVHUDMhifNh7AjY+KXhCY/aXRukXmO07hhlX2UGxeU8lO59Kto=
x-amz-request-id: 81Z1BACBTVGCMYH9
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1674880391.dop065.sk1.t,1674880391.cds226.sk1.shn,1674880391.dop065.sk1.t,1674880391.cds262.sk1.c
cdn.flashtalking.com/116327/4069576/images/notebook.png
205.185.216.10200 OK 99 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/images/notebook.png
IP 205.185.216.10:0
File type PNG image data, 1102 x 1102, 8-bit/color RGBA, non-interlaced\012- data
Hash 6072c623d256e1ede016076a14baa64b
754753da0a2a3202d775f71277a77417466bef14
01f6632e73c7e0f8ab3448cc32d557a93f469a4bd2db2e6a1a128af59344f74d
GET /116327/4069576/images/notebook.png HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069576/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 04:33:11 GMT
Connection: Keep-Alive
ETag: "1664411224"
Cache-Control: max-age=901
Content-Length: 98859
Content-Type: image/png
Last-Modified: Thu, 29 Sep 2022 00:27:04 GMT
Accept-Ranges: bytes
x-amz-id-2: vpjQf57YVXIvYcTATWaayw2QnRS78eCpma8r3JRyD5RQOaksWY1kPwALCkhXS1X0sYu5qSuK4SI=
x-amz-request-id: 81ZFM5F8EBX8AX5V
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1674880391.dop065.sk1.t,1674880391.cds226.sk1.shn,1674880391.dop065.sk1.t,1674880391.cds255.sk1.c
ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1|https://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1674880394858987
142.250.74.134302 Found 0 B URL HTTP/2 ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1|https://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1674880394858987
IP 142.250.74.134:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1|https://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1674880394858987 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 04:33:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/p/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1%7Chttps://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1674880394858987&~oref=https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Jan-2023 04:48:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1674880394857995
142.250.74.134302 Found 0 B URL HTTP/2 ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1674880394857995
IP 142.250.74.134:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1674880394857995 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 04:33:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/p/src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1%7Chttps://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1674880394857995&~oref=https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Jan-2023 04:48:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpsc-eu3.doubleverify.com/event.png?impid=0408616e12bf41d59eb6e743b442b9d9&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=331&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=4&msltms=21&vltms=331&sei=145&vetms=18&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=904&msrcannum=3&ismms=1044&isumms=1043&nvr=6&isgmmims=1044&isgmv4mims=1044&elmtp=1&isbxdms=2453&b0=100&b11=1411&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1511&sftb=1511&msrdp=2&naral=640&vct=512&vphgt=921&vpwdth=1152&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2053&isuiabvms=2053&isgmpims=1144&isgmv4dpims=2053&ispmxpms=2053&engalms=1042&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3367&cbust=1674880395692453
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=0408616e12bf41d59eb6e743b442b9d9&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=331&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=4&msltms=21&vltms=331&sei=145&vetms=18&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=904&msrcannum=3&ismms=1044&isumms=1043&nvr=6&isgmmims=1044&isgmv4mims=1044&elmtp=1&isbxdms=2453&b0=100&b11=1411&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1511&sftb=1511&msrdp=2&naral=640&vct=512&vphgt=921&vpwdth=1152&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2053&isuiabvms=2053&isgmpims=1144&isgmv4dpims=2053&ispmxpms=2053&engalms=1042&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3367&cbust=1674880395692453
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /event.png?impid=0408616e12bf41d59eb6e743b442b9d9&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=331&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=4&msltms=21&vltms=331&sei=145&vetms=18&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=904&msrcannum=3&ismms=1044&isumms=1043&nvr=6&isgmmims=1044&isgmv4mims=1044&elmtp=1&isbxdms=2453&b0=100&b11=1411&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1511&sftb=1511&msrdp=2&naral=640&vct=512&vphgt=921&vpwdth=1152&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2053&isuiabvms=2053&isgmpims=1144&isgmv4dpims=2053&ispmxpms=2053&engalms=1042&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3367&cbust=1674880395692453 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Sat, 28 Jan 2023 04:33:15 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 01/27/2023 04:33:15
Pragma: no-cache
tpsc-eu3.doubleverify.com/event.png?impid=e7d4dec8e6ee4f8290182ba53b6aa505&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=75&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=4&msltms=14&vltms=75&sei=146&vetms=20&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=968&msrcannum=4&ismms=27&isumms=26&nvr=6&isgmmims=27&isgmv4mims=27&elmtp=1&isbxdms=2204&b0=100&b11=2181&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2281&sftb=2281&msrdp=0&naral=704&vct=512&vphgt=921&vpwdth=1152&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1098&isuiabvms=1098&isgmpims=137&isgmv4dpims=1098&ispmxpms=1098&engalms=26&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3112&cbust=1674880395752254
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=e7d4dec8e6ee4f8290182ba53b6aa505&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=75&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=4&msltms=14&vltms=75&sei=146&vetms=20&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=968&msrcannum=4&ismms=27&isumms=26&nvr=6&isgmmims=27&isgmv4mims=27&elmtp=1&isbxdms=2204&b0=100&b11=2181&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2281&sftb=2281&msrdp=0&naral=704&vct=512&vphgt=921&vpwdth=1152&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1098&isuiabvms=1098&isgmpims=137&isgmv4dpims=1098&ispmxpms=1098&engalms=26&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3112&cbust=1674880395752254
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /event.png?impid=e7d4dec8e6ee4f8290182ba53b6aa505&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=75&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=4&msltms=14&vltms=75&sei=146&vetms=20&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=968&msrcannum=4&ismms=27&isumms=26&nvr=6&isgmmims=27&isgmv4mims=27&elmtp=1&isbxdms=2204&b0=100&b11=2181&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2281&sftb=2281&msrdp=0&naral=704&vct=512&vphgt=921&vpwdth=1152&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1098&isuiabvms=1098&isgmpims=137&isgmv4dpims=1098&ispmxpms=1098&engalms=26&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3112&cbust=1674880395752254 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://4596d478e6fad66e4890f190730fcd0c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Sat, 28 Jan 2023 04:33:15 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 01/27/2023 04:33:15
Pragma: no-cache
exeo.app/sylenth1-win
104.26.9.233200 OK 0 B IP 104.26.9.233:0
Analyzer Verdict Alert fortinet Malware
GET /sylenth1-win HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:07 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=78f8bef8df67cf1c131b91d680d90781; path=/; HttpOnly
csrfToken=81ce0f07b73012988eaf5b8fc29b8d59cca29d93989dfcf6d33e5a4b4e216c40c0f3ea1f7863c23238fc6b350eeb0e86a9f0d7af8863b88a75c5918487a964a4; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=apvfkDrSCpSyVHJPOl7cBmNrqjjmXR2%2FlYRd8evyLPvcSqIGdIWoaJost%2FlObrwYZNhJYzS2ZSrpm4ShhTXYzcCv99vjsIt1U1Ns93vz6oJ%2FKEEi8E3xATF%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79070217fbaeb511-OSL
content-encoding: br
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 0 B IP 172.64.199.35:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:08 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4053
last-modified: Sat, 28 Jan 2023 03:25:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uPYXZjhLHZbdO7c%2B765rHl%2FjE9nCAM%2FeSQSc%2F%2FpFROwGlgwuNjg54l0BeEvPCYLsI0n%2BuLBS3wu%2FQCA7XSaqfDH%2FWEWJpJRuPD%2FkChgbFst62%2FW7o8H7U%2FKRpsmlmIzh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907021cab1f88a9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.106:0
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 28 Jan 2023 04:33:08 GMT
date: Sat, 28 Jan 2023 04:33:08 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 0 B IP 172.64.199.35:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:08 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4053
last-modified: Sat, 28 Jan 2023 03:25:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=acRoMgiTPyYfX9%2FAyamZn7dGQrBS9HfIqPoWC6z60M3CQGnhlqb%2FY%2FwKzoQ978UHBPakM62xQjvW0M5BiyygjPf901TLMwzJK%2FWjqDS1lAgRwbfv5PvK57PBAFPZHnrB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907021cab1a88a9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.199.35200 OK 0 B IP 172.64.199.35:0
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:08 GMT
content-type: text/plain
set-cookie: csu=926493255202412@1@1674880388; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0jrQSw0aI0A2ifp9lvlHdyVUVwGm6%2BlLGYgpqWu5HxPtXIlJ6Se80SNuRONQf8dTR5F8PbKy102yCmWULzG%2Bl4hj2nF4PJHzuovrS995DZAXWYx6THVjdMmAlEZ1cF%2Fs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7907021c9b0f88a9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.200.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: BJsnd7zexxDIFzAoifBq9Ml+0HS3yoi1j0k5IZcsHZteyVp+XEuLV1I69QJWgWmNiafFLhrxI7bARMAkhiFCQw==
date: Sat, 28 Jan 2023 04:33:09 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.id5-sync.com/api/1.0/esp.js
104.22.52.86200 OK 0 B URL HTTP/2 cdn.id5-sync.com/api/1.0/esp.js
IP 104.22.52.86:0
GET /api/1.0/esp.js HTTP/1.1
Host: cdn.id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:10 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: FVMlFSmcD0Wn/+rph/xJPSMD8h1xLItGxMiFojs1e+J1f7LO28QsQCtM5wu1mlkwy4pwPQtZ0SQ=
x-amz-request-id: H5PSQWN45SZ0RJ5Q
last-modified: Wed, 18 Jan 2023 10:47:58 GMT
etag: W/"854d94282c6b6d99cd8ba33bb311e621"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 2028
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 79070225ba690b31-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.199.35200 OK 0 B IP 172.64.199.35:0
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:08 GMT
content-type: text/plain
set-cookie: csu=1066561880617346@1@1674880388; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rx2r1QxNfrUqdTFk%2BZn2wQFjzbzBXuMIQSEhVq8dqRawOm5ZXXvadxO%2BA%2B3011NYmKoqvjb1yP8v9LQmK4vNxOTwkfJnjQ9FMfzkmwx2Q2CDJjpr%2FuWrIkJFOnZJJNnw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7907021d6bad88a9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exeo.app/cdn-cgi/challenge-platform/h/g/scripts/cb/invisible.js?cb=79070217fbaeb511
104.26.9.233200 OK 0 B URL HTTP/2 exeo.app/cdn-cgi/challenge-platform/h/g/scripts/cb/invisible.js?cb=79070217fbaeb511
IP 104.26.9.233:0
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/challenge-platform/h/g/scripts/cb/invisible.js?cb=79070217fbaeb511 HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: AppSession=78f8bef8df67cf1c131b91d680d90781; csrfToken=81ce0f07b73012988eaf5b8fc29b8d59cca29d93989dfcf6d33e5a4b4e216c40c0f3ea1f7863c23238fc6b350eeb0e86a9f0d7af8863b88a75c5918487a964a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:08 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WkB6MeAltg39AonIzoAmldre%2BfgMl2L0d9sX0OFCnZptinpFTglxzVerRQGrnQaXTTPp2XvVbmIpi1CjuewedoAQvqqs3Vm%2Bv266QfdPP1FFVQTZ8H950R7A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7907021c3d20b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
exeo.app/fv.ico
104.26.9.233200 OK 0 B IP 104.26.9.233:0
Analyzer Verdict Alert fortinet Malware
GET /fv.ico HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/sylenth1-win
Cookie: AppSession=78f8bef8df67cf1c131b91d680d90781; csrfToken=81ce0f07b73012988eaf5b8fc29b8d59cca29d93989dfcf6d33e5a4b4e216c40c0f3ea1f7863c23238fc6b350eeb0e86a9f0d7af8863b88a75c5918487a964a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:08 GMT
content-type: image/x-icon
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Aug 2019 06:50:33 GMT
cache-control: max-age=31536000
expires: Tue, 12 Dec 2023 22:59:02 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3994446
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T4FEGajzlDc53ZcybsfOxiie94qzrv7pITkJP23poc7mlFQagqTijl%2Folu1%2F3NznZV19u0awUWFlfXcDYPt1YkSCmSof5tRbIFhsRUZM6IWOfxbqcxrwCWkf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7907021e6e04b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
live.demand.supply/ds.2.html
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/ds.2.html
IP 104.16.134.22:0
GET /ds.2.html HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:08 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
x-nf-request-id: 01GPGAFB7A85YK1WPYW7SQCTTM
cf-cache-status: HIT
age: 1400514
set-cookie: __cf_bm=DOiCjcOY9eetGtBrpi.ZSB17Iid27QIngoyqkQp_TAo-1674880388-0-AYCFyzXI1NxoKQKGGSivXdBNTndn/uMq25Mruyqawg8JMkgRbw+xjxyhVvZ3mQz0E/MzFP30qCzOTmHg8wj57tU=; path=/; expires=Sat, 28-Jan-23 05:03:08 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907021e7bf2b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
live.demand.supply/p4/v16-2-0/ZXhlby5hcHAvc3lsZW50aDEtd2lu
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/p4/v16-2-0/ZXhlby5hcHAvc3lsZW50aDEtd2lu
IP 104.16.134.22:0
GET /p4/v16-2-0/ZXhlby5hcHAvc3lsZW50aDEtd2lu HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Cookie: demandSupplyTi=7fc478dd-4d51-406c-bf74-046683b84070; __cf_bm=bwLv5.Z7THl2ZtdGE0tJWHQh...c8.yWQeyn.kwMOKQ-1674880388-0-AcrG6Zs3HG/iGuoIVe9b24m/g8811hBzwzKJHy2/bIpdU/D19N83tPTNcR+wXq87jaerIc/HtQohw3eVxNuAeUk=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 04:33:09 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907021e7bf1b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2