exe.io/kmHG8E
104.26.3.103301 Moved Permanently 0 B IP 104.26.3.103:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /kmHG8E HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 25 Dec 2022 06:48:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 25 Dec 2022 07:48:22 GMT
Location: https://exe.io/kmHG8E
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lXD2KHu1WXnn9fVcNmPBiSon0%2FLqI57DXfqfhephbACIs15E317EiJ784Q2gV2%2FZNmcntKILKR7RN2fSP%2Brr2nyBnnEh7RyF7XXvKAm0FDIMjPipp57lsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77efa1751fd2b511-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9cce060ddc316540d079e6816a1e7412
709a74969d1996d2b35ef0f7f34ae18455169f1e
6d58b895476c9ab451d8fc51df98809adca445bc6e9d720430e80a0c85242879
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D58B895476C9AB451D8FC51DF98809ADCA445BC6E9D720430E80A0C85242879"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14694
Expires: Sun, 25 Dec 2022 10:53:16 GMT
Date: Sun, 25 Dec 2022 06:48:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7e300ca7d2d586dd1ca0c185ef6b0da5
3914cfd3b7aa6e1d1117bf509319479e489ed2a4
91c8810ad137faf4393f7d15f9c619c06d124a7aaebfa21290dca614db2c7757
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91C8810AD137FAF4393F7D15F9C619C06D124A7AAEBFA21290DCA614DB2C7757"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2260
Expires: Sun, 25 Dec 2022 07:26:02 GMT
Date: Sun, 25 Dec 2022 06:48:22 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 25 Dec 2022 06:46:21 GMT
content-type: application/json
age: 121
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7f0ad5c2841a345f98197c2f1e86f4d
84cbfd91934a8715baba4a2da46451f35597c99c
be30540f2e06a3565c9b38bdbb9691f707d692b196bdcef5d671708aa9609795
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE30540F2E06A3565C9B38BDBB9691F707D692B196BDCEF5D671708AA9609795"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9306
Expires: Sun, 25 Dec 2022 09:23:28 GMT
Date: Sun, 25 Dec 2022 06:48:22 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 9cafc84f72c9137a2de0235d78ed329c
377b796e3d0ba28d63b49878565516066bb2ce7b
d28f6d0da023e6caca679dd5ba1eee2c474d448674b2d7dc801992a5dacb314e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2489
Cache-Control: max-age=140039
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:22 GMT
Etag: "63a76884-116"
Expires: Mon, 26 Dec 2022 21:42:21 GMT
Last-Modified: Sat, 24 Dec 2022 21:00:52 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 278
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: FECh20z+yDMUeD6QyzbwfAL8dnOYVLpJINbf7saKInc2UdfZpKm1GhSqkN7W/l5EqQYw7QtTyyQ=
x-amz-request-id: 47PAC75JYKFRA069
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 25 Dec 2022 05:56:54 GMT
age: 3088
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Dec 2022 06:48:22 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 9cafc84f72c9137a2de0235d78ed329c
377b796e3d0ba28d63b49878565516066bb2ce7b
d28f6d0da023e6caca679dd5ba1eee2c474d448674b2d7dc801992a5dacb314e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2490
Cache-Control: max-age=140039
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:23 GMT
Etag: "63a76884-116"
Expires: Mon, 26 Dec 2022 21:42:22 GMT
Last-Modified: Sat, 24 Dec 2022 21:00:52 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 278
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc0b1c9ef710b63c6ea637e040e2f087
a6c4ac4b5175a70fc41a3538ae56dd1080067bdc
957194303dac5075a80b096f8c468a90539d9a370f37467e6e43ea4bbeb15cba
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "957194303DAC5075A80B096F8C468A90539D9A370F37467E6E43EA4BBEB15CBA"
Last-Modified: Thu, 22 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4523
Expires: Sun, 25 Dec 2022 08:03:46 GMT
Date: Sun, 25 Dec 2022 06:48:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 25 Dec 2022 06:33:29 GMT
age: 894
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 9cafc84f72c9137a2de0235d78ed329c
377b796e3d0ba28d63b49878565516066bb2ce7b
d28f6d0da023e6caca679dd5ba1eee2c474d448674b2d7dc801992a5dacb314e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2490
Cache-Control: max-age=140039
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:23 GMT
Etag: "63a76884-116"
Expires: Mon, 26 Dec 2022 21:42:22 GMT
Last-Modified: Sat, 24 Dec 2022 21:00:52 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 278
exe.io/img/logo_sm.png
104.26.3.103200 OK 7.3 kB IP 104.26.3.103:0
File type PNG image data, 262 x 110, 8-bit/color RGBA, non-interlaced\012- data
Hash 8c6ea820184e2fed66d46bea0961727b
3f4c8a3b29ec92470986f0073faf93f6d5cb8c35
7b5909e1e74fbd27e91e37fb276c6a440ee23d05cf4a03fb6af5455e0812686c
GET /img/logo_sm.png HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 06:48:23 GMT
content-type: image/png
content-length: 7266
cache-control: max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10989, status=vary_header_present
expires: Tue, 12 Dec 2023 17:30:47 GMT
last-modified: Sun, 28 Mar 2021 18:01:57 GMT
vary: User-Agent, Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1084656
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BVIFS10H3urh1OdVkSN%2B%2FMZmw6%2BvjqotPf0UYvuhDdqBiQNE2YOJrfG0ENZu2KjiDw%2FcieFCAK%2Ff3%2Fzz0mu0QwlkSJygPeGI8L%2B0sDdajbqqkzsQS1jZIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77efa17abd3eb515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5100021a7f8224edae91cf7c15ece4b2
2b0877c1cde0483463babb806f610158761489c7
701becec3ebad5661cfc231ad96cd17d95c4453206036fd3d05a246db72debef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c3fe4743f9a53cff9cc725d5da6fef2f
21f8c945671d492d20d3ae73535b44b80393bab4
27baee9b01e7877fd04130c0485cac8e3b14c17f8bfb5882d51cb470ea007db8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash b6d52916dc8caec8722f78ae314e73dc
097c89104461f4b730964c975c7e4346744c5b62
66cd402d94803ab67bc488bcb1f0339bb3d00d2c284be5706a8c45c7755a0d41
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 25 Dec 2022 06:48:23 GMT
expires: Sun, 25 Dec 2022 06:48:23 GMT
cache-control: private, max-age=900
last-modified: Sun, 25 Dec 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43634
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5100021a7f8224edae91cf7c15ece4b2
2b0877c1cde0483463babb806f610158761489c7
701becec3ebad5661cfc231ad96cd17d95c4453206036fd3d05a246db72debef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c3fe4743f9a53cff9cc725d5da6fef2f
21f8c945671d492d20d3ae73535b44b80393bab4
27baee9b01e7877fd04130c0485cac8e3b14c17f8bfb5882d51cb470ea007db8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash bafd2cc0185e69e5067efa3677cb60de
ada566fa835017734341818628659b05f19a62db
70de686c5f0a8638320298579c84ef33647c1240e94de7c8d51120f99e84d5ff
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3105
Cache-Control: max-age=129143
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:23 GMT
Etag: "63a73b8d-117"
Expires: Mon, 26 Dec 2022 18:40:46 GMT
Last-Modified: Sat, 24 Dec 2022 17:49:01 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fdfc8b21641f66ff38b7ee06bc18715
70c3a649fa96037b54cb76678bd4274d698cda58
75b4c0b7b45fa2addaa25810c6a41fa58bd8cea1f795adacd50d4f4a0a9877b8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "75B4C0B7B45FA2ADDAA25810C6A41FA58BD8CEA1F795ADACD50D4F4A0A9877B8"
Last-Modified: Thu, 22 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12702
Expires: Sun, 25 Dec 2022 10:20:05 GMT
Date: Sun, 25 Dec 2022 06:48:23 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d7938ab2263405a708c44813f3e16cb8
3ba9f4363ecc2834ea1211f761ce2d04e0077ab3
8a8ef4218bcd8ecb1f12ecdb74f3f453a7093be8dd3c233615577dcc9b40fa92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3918
Cache-Control: max-age=98624
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:23 GMT
Etag: "63a6c129-1d7"
Expires: Mon, 26 Dec 2022 10:12:07 GMT
Last-Modified: Sat, 24 Dec 2022 09:06:49 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f8f1ca50c1b7a4ced1d6977fdcafd26a
bd2a0c5a212d0e7410d4bc754550867ff38c9f37
8bfc8eb6cd9526c9cef4535ca66cef8b3f797ee425f5f5db6a754457011af3d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BFC8EB6CD9526C9CEF4535CA66CEF8B3F797EE425F5F5DB6A754457011AF3D5"
Last-Modified: Thu, 22 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4315
Expires: Sun, 25 Dec 2022 08:00:18 GMT
Date: Sun, 25 Dec 2022 06:48:23 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 35962dc99143b9b61b1a429df7d27f77
4869481c1ff7fdc6144cacdb7089aa94d9016f32
69f73899571abc3fbd79fe5c5d1850a6f1eeb5c20e9636e53673fba68ace0aee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "69F73899571ABC3FBD79FE5C5D1850A6F1EEB5C20E9636E53673FBA68ACE0AEE"
Last-Modified: Sat, 24 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3440
Expires: Sun, 25 Dec 2022 07:45:43 GMT
Date: Sun, 25 Dec 2022 06:48:23 GMT
Connection: keep-alive
qj.wimplesbooklet.com/1clkn/29529
172.255.6.217200 OK 26 B URL HTTP/1.1 qj.wimplesbooklet.com/1clkn/29529
IP 172.255.6.217:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: qj.wimplesbooklet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Dec 2022 06:48:23 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 26-Dec-2022 06:48:23 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Mon, 26-Dec-2022 06:48:23 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 9527d889a5b94c28b4dcd8809ffba513
b2ee81348df6ebc3f72fcd64b7767df0a1903fb5
9d3cfbc6c96f2da85420d44bdd58f8e860487d3cbf1ffda4d21477b566f23059
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3fc0062635ed288cd9b0f2506a3857e2
d093920fa499404588553e2cfcceb008c10edea3
582e5d9235eb2ca856370a74b08e64b333fe7c26077e7fc0bcb38ac6a38787f3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "582E5D9235EB2CA856370A74B08E64B333FE7C26077E7FC0BCB38AC6A38787F3"
Last-Modified: Thu, 22 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11732
Expires: Sun, 25 Dec 2022 10:03:55 GMT
Date: Sun, 25 Dec 2022 06:48:23 GMT
Connection: keep-alive
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Dec 2022 18:52:41 GMT
expires: Tue, 19 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 474942
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3fc0062635ed288cd9b0f2506a3857e2
d093920fa499404588553e2cfcceb008c10edea3
582e5d9235eb2ca856370a74b08e64b333fe7c26077e7fc0bcb38ac6a38787f3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "582E5D9235EB2CA856370A74B08E64B333FE7C26077E7FC0BCB38AC6A38787F3"
Last-Modified: Thu, 22 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11732
Expires: Sun, 25 Dec 2022 10:03:55 GMT
Date: Sun, 25 Dec 2022 06:48:23 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fdfc8b21641f66ff38b7ee06bc18715
70c3a649fa96037b54cb76678bd4274d698cda58
75b4c0b7b45fa2addaa25810c6a41fa58bd8cea1f795adacd50d4f4a0a9877b8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "75B4C0B7B45FA2ADDAA25810C6A41FA58BD8CEA1F795ADACD50D4F4A0A9877B8"
Last-Modified: Thu, 22 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12702
Expires: Sun, 25 Dec 2022 10:20:05 GMT
Date: Sun, 25 Dec 2022 06:48:23 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 9527d889a5b94c28b4dcd8809ffba513
b2ee81348df6ebc3f72fcd64b7767df0a1903fb5
9d3cfbc6c96f2da85420d44bdd58f8e860487d3cbf1ffda4d21477b566f23059
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash bafd2cc0185e69e5067efa3677cb60de
ada566fa835017734341818628659b05f19a62db
70de686c5f0a8638320298579c84ef33647c1240e94de7c8d51120f99e84d5ff
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3105
Cache-Control: max-age=129143
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:23 GMT
Etag: "63a73b8d-117"
Expires: Mon, 26 Dec 2022 18:40:46 GMT
Last-Modified: Sat, 24 Dec 2022 17:49:01 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
142.250.74.35200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Dec 2022 18:56:07 GMT
expires: Tue, 19 Dec 2023 18:56:07 GMT
cache-control: public, max-age=31536000
age: 474736
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
aultseemedto.xyz/utx?cb=4CCFKIpbUzwG&top=exeo.app&tid=822524
108.157.229.74204 No Content 0 B URL HTTP/2 aultseemedto.xyz/utx?cb=4CCFKIpbUzwG&top=exeo.app&tid=822524
IP 108.157.229.74:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=4CCFKIpbUzwG&top=exeo.app&tid=822524 HTTP/1.1
Host: aultseemedto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 25 Dec 2022 06:48:23 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 25 Dec 2022 06:49:23 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0f31cf94bd251bd501ac532dacb719fe.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: bcdWZxMNLBdTJcaV47geMkYZSgGWHzX-O65wZtfSFFzcYVkMW-5rCg==
X-Firefox-Spdy: h2
aultseemedto.xyz/UkpZTTUzKDogCjN3O2tAICZkaAcUb2sLUWMvKz8HJzozfQFiMHcuWT0/PStHPSQtY1s3Pnx/cworagdeHycIBH0DOgwaTWooGAwMMRJpC2IQDA8DchAuPQ5dJhoaCHQiAQsATQoIFCljEAgQDHMICQghARQICxtvFAscC3AEIR0cUj0dGyoMAx4ILnMWPTIIdhN7PA50IhIPI2cAGAwHdxMMCwl3A3s6DHQDDB81UQUdITpkFHsDL2RjGzobcGcIEyVRBR0uGHsKDBMrY2MuLhxjPgkRDGcDHjIIWBR7Ay90EAMBG0wiDg8MURkdaDl3EwwIAHMlZz0XdmJ/GARSEB8OJn8HC2gfVAR7AA50NQMYDGMDBhx8UQUuHxtXAHo2DmQ6fwkbZHQgKiJbInc1P3gQKwwjQiQ
108.157.229.74200 OK 1.2 kB URL HTTP/2 aultseemedto.xyz/UkpZTTUzKDogCjN3O2tAICZkaAcUb2sLUWMvKz8HJzozfQFiMHcuWT0/PStHPSQtY1s3Pnx/cworagdeHycIBH0DOgwaTWooGAwMMRJpC2IQDA8DchAuPQ5dJhoaCHQiAQsATQoIFCljEAgQDHMICQghARQICxtvFAscC3AEIR0cUj0dGyoMAx4ILnMWPTIIdhN7PA50IhIPI2cAGAwHdxMMCwl3A3s6DHQDDB81UQUdITpkFHsDL2RjGzobcGcIEyVRBR0uGHsKDBMrY2MuLhxjPgkRDGcDHjIIWBR7Ay90EAMBG0wiDg8MURkdaDl3EwwIAHMlZz0XdmJ/GARSEB8OJn8HC2gfVAR7AA50NQMYDGMDBhx8UQUuHxtXAHo2DmQ6fwkbZHQgKiJbInc1P3gQKwwjQiQ
IP 108.157.229.74:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Hash 084963f6cd7eea53c0e18dda5e0c8ded
84c08bacc57df6282dbbedb048a9bb3eb1f847cb
9206130db6bbd37164bb24cf78d3c94d12d4bea208d2a0cff5b382dd2b9443a5
GET /UkpZTTUzKDogCjN3O2tAICZkaAcUb2sLUWMvKz8HJzozfQFiMHcuWT0/PStHPSQtY1s3Pnx/cworagdeHycIBH0DOgwaTWooGAwMMRJpC2IQDA8DchAuPQ5dJhoaCHQiAQsATQoIFCljEAgQDHMICQghARQICxtvFAscC3AEIR0cUj0dGyoMAx4ILnMWPTIIdhN7PA50IhIPI2cAGAwHdxMMCwl3A3s6DHQDDB81UQUdITpkFHsDL2RjGzobcGcIEyVRBR0uGHsKDBMrY2MuLhxjPgkRDGcDHjIIWBR7Ay90EAMBG0wiDg8MURkdaDl3EwwIAHMlZz0XdmJ/GARSEB8OJn8HC2gfVAR7AA50NQMYDGMDBhx8UQUuHxtXAHo2DmQ6fwkbZHQgKiJbInc1P3gQKwwjQiQ HTTP/1.1
Host: aultseemedto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1164
date: Sun, 25 Dec 2022 06:48:23 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0f31cf94bd251bd501ac532dacb719fe.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: T-5ocvpTWgu4MJIS-RdP7c9sAKvv-RRxIJKOoXKs5e5TGZB3L9h7TQ==
X-Firefox-Spdy: h2
aultseemedto.xyz/bWRoWXkMBgs0RgxZCn8MHwhVfEsrQVofHVwBGitLGBQCaU1dHkY6FQIRDD8LAgocdxcIEE1rPzUHPh8WOyEhCikKPRE/KDhQLB4VWzc/MRoPPDIBNhUXXxU4KxchMwooLA8XHS8cB2A+XVAPFjs7Fz8RMBghLGEpDDM5DCkaEBg6SA4TLB0jSFYuCyEOByIaSQwGKhwKICY9YTgUPQUeKhkrIQo3IDQpOgwmHFhgOjUiHxdLPyMyHh0pPT0YEyYcUGg7FCkQDz4jPSczIzg9WTEVDghRMS06BykPPiM9ISAKCz5ZIQEOMCZpLgA1XgtLOyoyLjs4PVl0HgAqLgsQJjM+ICslXTE/LgkgMQhBFS06NlxfJjwOICg1Wh8jNywiGCA7CBA6PChXKQogAyISbSgOPClqICsMADs8K1cgDhUXQgIqFgMUVRMWKws6bCo1KCI
108.157.229.74200 OK 1.2 kB URL HTTP/2 aultseemedto.xyz/bWRoWXkMBgs0RgxZCn8MHwhVfEsrQVofHVwBGitLGBQCaU1dHkY6FQIRDD8LAgocdxcIEE1rPzUHPh8WOyEhCikKPRE/KDhQLB4VWzc/MRoPPDIBNhUXXxU4KxchMwooLA8XHS8cB2A+XVAPFjs7Fz8RMBghLGEpDDM5DCkaEBg6SA4TLB0jSFYuCyEOByIaSQwGKhwKICY9YTgUPQUeKhkrIQo3IDQpOgwmHFhgOjUiHxdLPyMyHh0pPT0YEyYcUGg7FCkQDz4jPSczIzg9WTEVDghRMS06BykPPiM9ISAKCz5ZIQEOMCZpLgA1XgtLOyoyLjs4PVl0HgAqLgsQJjM+ICslXTE/LgkgMQhBFS06NlxfJjwOICg1Wh8jNywiGCA7CBA6PChXKQogAyISbSgOPClqICsMADs8K1cgDhUXQgIqFgMUVRMWKws6bCo1KCI
IP 108.157.229.74:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3036), with no line terminators
Hash 77674e1f6a804615bb69a3afdbadb4ab
8f4599c0063f8e93c538238f537d0ef255107124
a7c7c3ff71595d24a8c62cb9808a6a9eab9f1d03b7b322dc30d4913215fab264
GET /bWRoWXkMBgs0RgxZCn8MHwhVfEsrQVofHVwBGitLGBQCaU1dHkY6FQIRDD8LAgocdxcIEE1rPzUHPh8WOyEhCikKPRE/KDhQLB4VWzc/MRoPPDIBNhUXXxU4KxchMwooLA8XHS8cB2A+XVAPFjs7Fz8RMBghLGEpDDM5DCkaEBg6SA4TLB0jSFYuCyEOByIaSQwGKhwKICY9YTgUPQUeKhkrIQo3IDQpOgwmHFhgOjUiHxdLPyMyHh0pPT0YEyYcUGg7FCkQDz4jPSczIzg9WTEVDghRMS06BykPPiM9ISAKCz5ZIQEOMCZpLgA1XgtLOyoyLjs4PVl0HgAqLgsQJjM+ICslXTE/LgkgMQhBFS06NlxfJjwOICg1Wh8jNywiGCA7CBA6PChXKQogAyISbSgOPClqICsMADs8K1cgDhUXQgIqFgMUVRMWKws6bCo1KCI HTTP/1.1
Host: aultseemedto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1188
date: Sun, 25 Dec 2022 06:48:23 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0f31cf94bd251bd501ac532dacb719fe.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 2xBVZVtJJOepe2Q4qL158RBqPf6BiGjCiRl-UCY0HKf_9eORusJGAw==
X-Firefox-Spdy: h2
othdgemanow.xyz/ODdNOGkXCC5LVHZ/C248bHIPaT56XgxPM3JVCmEtegcXXzBfZmtMAFwKdQpbDQV5HhlRU3AJT0tDLEwcSwp8HgBWUSIFT04KfBZaDBl+CUcKETgFWB5DPVkOBQZrSB1MW3AJXw8GdA1ZAQd8CV8P
188.114.96.1204 No Content 0 B URL HTTP/2 othdgemanow.xyz/ODdNOGkXCC5LVHZ/C248bHIPaT56XgxPM3JVCmEtegcXXzBfZmtMAFwKdQpbDQV5HhlRU3AJT0tDLEwcSwp8HgBWUSIFT04KfBZaDBl+CUcKETgFWB5DPVkOBQZrSB1MW3AJXw8GdA1ZAQd8CV8P
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ODdNOGkXCC5LVHZ/C248bHIPaT56XgxPM3JVCmEtegcXXzBfZmtMAFwKdQpbDQV5HhlRU3AJT0tDLEwcSwp8HgBWUSIFT04KfBZaDBl+CUcKETgFWB5DPVkOBQZrSB1MW3AJXw8GdA1ZAQd8CV8P HTTP/1.1
Host: othdgemanow.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 25 Dec 2022 06:48:23 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5lRzqqfFF3Th36FRw5bG8qyvWVcKLuvY0d3Qi6kTRjM8vdPICztO9jCq9pkWxlxx4IFbXNvWOFF5v9Knkd3UXxpukxOxyNYoPErFRF8CSsid%2FiS7hGmFsnoFn04xOeUlies%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77efa17c5eb7b517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 9527d889a5b94c28b4dcd8809ffba513
b2ee81348df6ebc3f72fcd64b7767df0a1903fb5
9d3cfbc6c96f2da85420d44bdd58f8e860487d3cbf1ffda4d21477b566f23059
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
othdgemanow.xyz/UkFjUjZ9fgAhCzE7OT5lBA8hE3AAZFEQVzkyLAQFKiswNVIKIjQhECYoB28OanhXawJ0MQo2C2NnECZXJjQQbwd0KA00WW9nFW8HfHJXfAVjb1F0Q29wRSZGMyZeYxAiNRc+C2N3VGMPZ3FaYgdgcFY
188.114.96.1204 No Content 0 B URL HTTP/2 othdgemanow.xyz/UkFjUjZ9fgAhCzE7OT5lBA8hE3AAZFEQVzkyLAQFKiswNVIKIjQhECYoB28OanhXawJ0MQo2C2NnECZXJjQQbwd0KA00WW9nFW8HfHJXfAVjb1F0Q29wRSZGMyZeYxAiNRc+C2N3VGMPZ3FaYgdgcFY
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UkFjUjZ9fgAhCzE7OT5lBA8hE3AAZFEQVzkyLAQFKiswNVIKIjQhECYoB28OanhXawJ0MQo2C2NnECZXJjQQbwd0KA00WW9nFW8HfHJXfAVjb1F0Q29wRSZGMyZeYxAiNRc+C2N3VGMPZ3FaYgdgcFY HTTP/1.1
Host: othdgemanow.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 25 Dec 2022 06:48:23 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cERxQOMdRNCshlLstmeEnjWvLQhYLoFmlf28LZgmyaxXdc8qFT%2FnwEF2bGS2lvwjcO5%2FvbQQuq5uiRobhD%2F06DdogGlKpi7ArWv0sigZ4HqmyGhcnD%2BpgISbLbqyudxtO4Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77efa17c5ebab517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 35962dc99143b9b61b1a429df7d27f77
4869481c1ff7fdc6144cacdb7089aa94d9016f32
69f73899571abc3fbd79fe5c5d1850a6f1eeb5c20e9636e53673fba68ace0aee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "69F73899571ABC3FBD79FE5C5D1850A6F1EEB5C20E9636E53673FBA68ACE0AEE"
Last-Modified: Sat, 24 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3440
Expires: Sun, 25 Dec 2022 07:45:43 GMT
Date: Sun, 25 Dec 2022 06:48:23 GMT
Connection: keep-alive
aultseemedto.xyz/WDJGR3M5UCUqTDkPJGEGKl57YkEeF3QBF2lXNDVBLUIsd0doSGgkHzdHIiEBN1wyaR09RmN1NWtnKDcKAmYXPzUKRQIECgFmACsUFWsDLzsORQR3Nhl3DRAaEnoJFDoefDwKHhl6HxY4HWcKHzcaUQQvSglQdjcmG2QTfzsNCwISJy9oEnYiC38+cyIPcwR3Nz97DR9BYHYFLxcJYj4CMhlkMSgrGVEDBCdgZAUGCwFiLjMrDgEMKSUdeAcFHhJhBBYLOXwuEjUeWgAgIDBFFAIkGnkXdiY5ayp+MRJKACAgP2cLEB4KfRB2KWpWdi8wEGMMKitoHwMpNg9wDQYxFWAfEwccZBcBSwteMgYxNXsiAQQCVBYRShl7MR0aCwIMETEPeAoRQjt3CAU+GXMADkoZXiIfEDV8DRVDK3ciBkoIZAdhGStdKDdOE3V3IjoMVwQFIW9cLiU
108.157.229.74200 OK 1.2 kB URL HTTP/2 aultseemedto.xyz/WDJGR3M5UCUqTDkPJGEGKl57YkEeF3QBF2lXNDVBLUIsd0doSGgkHzdHIiEBN1wyaR09RmN1NWtnKDcKAmYXPzUKRQIECgFmACsUFWsDLzsORQR3Nhl3DRAaEnoJFDoefDwKHhl6HxY4HWcKHzcaUQQvSglQdjcmG2QTfzsNCwISJy9oEnYiC38+cyIPcwR3Nz97DR9BYHYFLxcJYj4CMhlkMSgrGVEDBCdgZAUGCwFiLjMrDgEMKSUdeAcFHhJhBBYLOXwuEjUeWgAgIDBFFAIkGnkXdiY5ayp+MRJKACAgP2cLEB4KfRB2KWpWdi8wEGMMKitoHwMpNg9wDQYxFWAfEwccZBcBSwteMgYxNXsiAQQCVBYRShl7MR0aCwIMETEPeAoRQjt3CAU+GXMADkoZXiIfEDV8DRVDK3ciBkoIZAdhGStdKDdOE3V3IjoMVwQFIW9cLiU
IP 108.157.229.74:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3046), with no line terminators
Hash 697b1cb5992a925715343685bf0898df
dfa21ad19d61a07de7a501760a205d1021748572
402ffa323a8c9632724980e99fd22269802cc45654b54329187931fe0517033c
GET /WDJGR3M5UCUqTDkPJGEGKl57YkEeF3QBF2lXNDVBLUIsd0doSGgkHzdHIiEBN1wyaR09RmN1NWtnKDcKAmYXPzUKRQIECgFmACsUFWsDLzsORQR3Nhl3DRAaEnoJFDoefDwKHhl6HxY4HWcKHzcaUQQvSglQdjcmG2QTfzsNCwISJy9oEnYiC38+cyIPcwR3Nz97DR9BYHYFLxcJYj4CMhlkMSgrGVEDBCdgZAUGCwFiLjMrDgEMKSUdeAcFHhJhBBYLOXwuEjUeWgAgIDBFFAIkGnkXdiY5ayp+MRJKACAgP2cLEB4KfRB2KWpWdi8wEGMMKitoHwMpNg9wDQYxFWAfEwccZBcBSwteMgYxNXsiAQQCVBYRShl7MR0aCwIMETEPeAoRQjt3CAU+GXMADkoZXiIfEDV8DRVDK3ciBkoIZAdhGStdKDdOE3V3IjoMVwQFIW9cLiU HTTP/1.1
Host: aultseemedto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Sun, 25 Dec 2022 06:48:23 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0f31cf94bd251bd501ac532dacb719fe.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: eIjtD-vJ3VbSSX5RV62E4M6bv2m-iZx_-Ko5ls7JBWuv5kXOEygXgw==
X-Firefox-Spdy: h2
live.demand.supply/e/e.js?e=ll&d=206&cs=c&dsReferer=ZXhlby5hcHAva21IRzhF
104.16.133.22200 OK 0 B URL HTTP/2 live.demand.supply/e/e.js?e=ll&d=206&cs=c&dsReferer=ZXhlby5hcHAva21IRzhF
IP 104.16.133.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /e/e.js?e=ll&d=206&cs=c&dsReferer=ZXhlby5hcHAva21IRzhF HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 06:48:23 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
etag: "9664438fc0db5c4deed9238aef210660-ssl"
x-nf-request-id: 01GM32FRGGARDGXY1X31YKZ3XW
cf-cache-status: HIT
age: 1064045
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77efa17cffc8b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
aultseemedto.xyz/utx?cb=0bkuypdAGSm4&top=exeo.app&tid=889494
108.157.229.74204 No Content 0 B URL HTTP/2 aultseemedto.xyz/utx?cb=0bkuypdAGSm4&top=exeo.app&tid=889494
IP 108.157.229.74:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=0bkuypdAGSm4&top=exeo.app&tid=889494 HTTP/1.1
Host: aultseemedto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 25 Dec 2022 06:48:23 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 25 Dec 2022 06:49:23 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0f31cf94bd251bd501ac532dacb719fe.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 8_sDOZdB6j5ucD2qCbtk1Mn4S13pCD3hh8RUO9S-FMnqy8gEGZaU0A==
X-Firefox-Spdy: h2
othdgemanow.xyz/ckt5RXdddBo2Sj0DGjIjNxIzFBAkbksDFAU7NgYvCm5LBzQnGj0jPzdtDSwTT3NNdkVEel81HhZ2SH1RAT8YMQIBdkhjHhwtFnhRBHZIa0dceVd3UQd2SGMDAioeeEZUOw0xG096T3JGS35JfEdDeUp2
188.114.96.1204 No Content 0 B URL HTTP/2 othdgemanow.xyz/ckt5RXdddBo2Sj0DGjIjNxIzFBAkbksDFAU7NgYvCm5LBzQnGj0jPzdtDSwTT3NNdkVEel81HhZ2SH1RAT8YMQIBdkhjHhwtFnhRBHZIa0dceVd3UQd2SGMDAioeeEZUOw0xG096T3JGS35JfEdDeUp2
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ckt5RXdddBo2Sj0DGjIjNxIzFBAkbksDFAU7NgYvCm5LBzQnGj0jPzdtDSwTT3NNdkVEel81HhZ2SH1RAT8YMQIBdkhjHhwtFnhRBHZIa0dceVd3UQd2SGMDAioeeEZUOw0xG096T3JGS35JfEdDeUp2 HTTP/1.1
Host: othdgemanow.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 25 Dec 2022 06:48:23 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=boBxJgwFtMwS8FjwuBDiWuqWqpDzOtnPm%2B4u1tu2UOUeAnFxhtUf8J%2Fn5FkOLhdZXOy2nR%2Fjzge0MICh2kijlQE%2BszrlZdJy%2Bt6PYXGG3lEaBN33YdNETAObV7sB4oP%2Fouo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77efa17c9ef3b517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3fc0062635ed288cd9b0f2506a3857e2
d093920fa499404588553e2cfcceb008c10edea3
582e5d9235eb2ca856370a74b08e64b333fe7c26077e7fc0bcb38ac6a38787f3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "582E5D9235EB2CA856370A74B08E64B333FE7C26077E7FC0BCB38AC6A38787F3"
Last-Modified: Thu, 22 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11732
Expires: Sun, 25 Dec 2022 10:03:55 GMT
Date: Sun, 25 Dec 2022 06:48:23 GMT
Connection: keep-alive
push.services.mozilla.com/
34.215.56.181101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.215.56.181:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qfbDBLl2IHRiUi7ml1OqrQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: h00PprCKEKtfM515arPcsckNBmg=
d1err2upj040z.cloudfront.net/Xa3JkMmQIHQpUWx8bAA9cX0FWBFVNGBddChtPCEApKRMxXBMdVBBIAFZCQl4FBRVZFAEFEVkDQgoWBg9QTQcFDwkECA1eCApXVnRRRUJBAFRDBQ1cAAQFFxdWWxwQF1ZbQ1QcVE5BJhdWWwUNXFJfV1dwQVlCHARQTkEmF1ZbABIXVypDVAdKW1tBAFQMFw-dZC05AIgBUWkJUA1RaV1YCAgIAAVQLE1dWdFVbR0oCQh5PVQ
143.204.42.111200 OK 184 B URL HTTP/2 d1err2upj040z.cloudfront.net/Xa3JkMmQIHQpUWx8bAA9cX0FWBFVNGBddChtPCEApKRMxXBMdVBBIAFZCQl4FBRVZFAEFEVkDQgoWBg9QTQcFDwkECA1eCApXVnRRRUJBAFRDBQ1cAAQFFxdWWxwQF1ZbQ1QcVE5BJhdWWwUNXFJfV1dwQVlCHARQTkEmF1ZbABIXVypDVAdKW1tBAFQMFw-dZC05AIgBUWkJUA1RaV1YCAgIAAVQLE1dWdFVbR0oCQh5PVQ
IP 143.204.42.111:0
File type ASCII text, with no line terminators
Hash 15a16f6100c5e5ab8cc4d5aec74798fe
f106a63f449c5d289c71f749e6be87d01d8040fd
4fb9b8ac212711e718846e85e032aee27b77702ddf8dddf98f281abe2b8010a1
GET /Xa3JkMmQIHQpUWx8bAA9cX0FWBFVNGBddChtPCEApKRMxXBMdVBBIAFZCQl4FBRVZFAEFEVkDQgoWBg9QTQcFDwkECA1eCApXVnRRRUJBAFRDBQ1cAAQFFxdWWxwQF1ZbQ1QcVE5BJhdWWwUNXFJfV1dwQVlCHARQTkEmF1ZbABIXVypDVAdKW1tBAFQMFw-dZC05AIgBUWkJUA1RaV1YCAgIAAVQLE1dWdFVbR0oCQh5PVQ HTTP/1.1
Host: d1err2upj040z.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aultseemedto.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 184
date: Sun, 25 Dec 2022 06:48:24 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9yeZcM9RPimHrz600fROLYeucKG37AzvlqDT29uyFVLe4alIDObuGw==
X-Firefox-Spdy: h2
d1err2upj040z.cloudfront.net/3UnpyZTQxFRwDCyYTFlgMYEhHVwB0EAEKWiJHOSIFNzMmAHYQKEULXDBcBh9Qb0pUCVU8HU9DUTwZT1QSMx4QWAB0DgIKX28DChdQPxEAAVwoXAcECT8VCAxYPhtXV3JnVEJABmJSBQxaNhUFFhFgShwREWBKQ1UaYl9BJxFgSgUMWmROV1Z2d0hCHQJmX0-EnEWBKABMRYTtDVQF8SltABmIdFwZfPV9AIwZiS0JVBWJLV1cENBMAAFI9AldXcmNKR0sEdA9PVA
143.204.42.111200 OK 491 B URL HTTP/2 d1err2upj040z.cloudfront.net/3UnpyZTQxFRwDCyYTFlgMYEhHVwB0EAEKWiJHOSIFNzMmAHYQKEULXDBcBh9Qb0pUCVU8HU9DUTwZT1QSMx4QWAB0DgIKX28DChdQPxEAAVwoXAcECT8VCAxYPhtXV3JnVEJABmJSBQxaNhUFFhFgShwREWBKQ1UaYl9BJxFgSgUMWmROV1Z2d0hCHQJmX0-EnEWBKABMRYTtDVQF8SltABmIdFwZfPV9AIwZiS0JVBWJLV1cENBMAAFI9AldXcmNKR0sEdA9PVA
IP 143.204.42.111:0
File type ASCII text, with very long lines (694), with no line terminators
Hash 3650bca84be084255b66cc9b4d27f2a7
df8c4b13021e4b48887c1360f900fb95672f27eb
21b95d0e2ce99076da4a355f743a0dbe38d4874d9ccff6771542ae84f88a7790
GET /3UnpyZTQxFRwDCyYTFlgMYEhHVwB0EAEKWiJHOSIFNzMmAHYQKEULXDBcBh9Qb0pUCVU8HU9DUTwZT1QSMx4QWAB0DgIKX28DChdQPxEAAVwoXAcECT8VCAxYPhtXV3JnVEJABmJSBQxaNhUFFhFgShwREWBKQ1UaYl9BJxFgSgUMWmROV1Z2d0hCHQJmX0-EnEWBKABMRYTtDVQF8SltABmIdFwZfPV9AIwZiS0JVBWJLV1cENBMAAFI9AldXcmNKR0sEdA9PVA HTTP/1.1
Host: d1err2upj040z.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aultseemedto.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 491
date: Sun, 25 Dec 2022 06:48:24 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XzeIs4FVF5Ii2B1CqVXGan0LOFlIQ6zhd-PMVMvsMR0nhSZw3iSCNQ==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 4520987e43f1961867ed52d00b1a5dd9
48d26ca30d8f20bb77ba538c92b9bcb1f01e9a25
4865aa67755f602ed0050bb0eb1a5ccc04e63fff4b4d15bce39a3218c925c7a2
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 06:48:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Dec 2022 14:07:07 GMT
Expires: Thu, 29 Dec 2022 14:07:06 GMT
Etag: "48d26ca30d8f20bb77ba538c92b9bcb1f01e9a25"
Cache-Control: max-age=371321,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77efa17e5addfabc-OSL
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
139.45.195.253200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 902
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 25 Dec 2022 06:48:24 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exeo.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ff571c77e9fbd063e9602e6634d1e87e
b2c9a22cfee280893f58609a831e01a917677df7
716047d46377cc3673d79312a4e80ec96ee2870cd32b03b43afe4108fa83c130
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 890
Cache-Control: max-age=108932
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:24 GMT
Etag: "63a6f542-1d7"
Expires: Mon, 26 Dec 2022 13:03:56 GMT
Last-Modified: Sat, 24 Dec 2022 12:49:06 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 25 Dec 2022 06:41:11 GMT
expires: Sun, 25 Dec 2022 08:41:11 GMT
cache-control: public, max-age=7200
age: 433
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9d5332c93030ae2a20d6a6b5a16474c
fbf673c69861c5d118d31e14e30f4874bbb97b9a
4acf9e40763ef30e24620d081e14dfbdcef283b8eaee4350f0771ab2a3193cf5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash be8f0ec43455138c0c17a20e9d90b541
21fa5f5df0b8cbf7cd77b1932bf82fb2913a19f4
0bb8177c477a31188f16732747ef20758863be5d7fe657624f8b50c5499706e5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9d5332c93030ae2a20d6a6b5a16474c
fbf673c69861c5d118d31e14e30f4874bbb97b9a
4acf9e40763ef30e24620d081e14dfbdcef283b8eaee4350f0771ab2a3193cf5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d1err2upj040z.cloudfront.net/XcVFoVEISPgYyfQU4DGl6SWhcbXZXOxs7LAFsIjsEHgNdBxo9G04gOBVsWHIuED8PaWQUPwtpc1cwDDZ/RXccJC0abBEsMBU8AyYmGStOISNMPAcuKx09CXFwN2RGZGdDYUAjKx81ByMxVGNYOjZUY1hlcl9hTWcAVGNYIysfZ1xxcTN0WmQ6R2VNZwBUY1-gmNFRiKWVyRH9YfWdDYQ8xIRo+TWYEQ2FZZHJAYVlxcEE3ASYnFz4QcXA3YFhhbEF3HWlz
143.204.42.111200 OK 609 B URL HTTP/2 d1err2upj040z.cloudfront.net/XcVFoVEISPgYyfQU4DGl6SWhcbXZXOxs7LAFsIjsEHgNdBxo9G04gOBVsWHIuED8PaWQUPwtpc1cwDDZ/RXccJC0abBEsMBU8AyYmGStOISNMPAcuKx09CXFwN2RGZGdDYUAjKx81ByMxVGNYOjZUY1hlcl9hTWcAVGNYIysfZ1xxcTN0WmQ6R2VNZwBUY1-gmNFRiKWVyRH9YfWdDYQ8xIRo+TWYEQ2FZZHJAYVlxcEE3ASYnFz4QcXA3YFhhbEF3HWlz
IP 143.204.42.111:0
File type ASCII text, with very long lines (862), with no line terminators
Hash dc2143354e25bc358c38d4d58f7f9ee0
b380798e037256f7b44e3f0a6fc05ce38086c737
63e57849d8ddd5c2df3e1df0d944d30388b368f48e9ac2475eb68725f23282c1
GET /XcVFoVEISPgYyfQU4DGl6SWhcbXZXOxs7LAFsIjsEHgNdBxo9G04gOBVsWHIuED8PaWQUPwtpc1cwDDZ/RXccJC0abBEsMBU8AyYmGStOISNMPAcuKx09CXFwN2RGZGdDYUAjKx81ByMxVGNYOjZUY1hlcl9hTWcAVGNYIysfZ1xxcTN0WmQ6R2VNZwBUY1-gmNFRiKWVyRH9YfWdDYQ8xIRo+TWYEQ2FZZHJAYVlxcEE3ASYnFz4QcXA3YFhhbEF3HWlz HTTP/1.1
Host: d1err2upj040z.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aultseemedto.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 609
date: Sun, 25 Dec 2022 06:48:24 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 80CdavAxNRjpJLUccBHcNa2qCLew2ymbmT2GLWiRhm6Nf2jAkSknIw==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash f64baf8f8b0183dd5044548fd51d6130
d636f8d88588e3198337edddd151c98c78c12d71
683a937a7ca51917e50e1709441b50018748a4a91c3827b01247e3509417ebe4
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 25 Dec 2022 06:48:24 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S738533765%3A1671950904197066&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5lORsGx6cH-Ml0vEkS5PwbYhu_T0OhIKIISWAIQjF3977YA0WOrmDTjiX48-Mukiy79A_w
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-IF4pYqqokR3tL9MWwUCqeA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:GwtGMn2joy0UdPT57d5tx80RxDdSqg:LJzJ7zKy8O89fKr-;Path=/;Expires=Tue, 24-Dec-2024 06:48:24 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.130200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (40253)
Hash cd91a1fd2b9bfe67d515cc36b3c34903
7f8286b85da37718308c6c0cd6608df953fbed5d
e6099f220b91443cb5a9123857f74574f2bab9bf5afc00de0bc59e44cb5f42a5
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27542
date: Sun, 25 Dec 2022 06:48:24 GMT
expires: Sun, 25 Dec 2022 06:48:24 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1431 / 254 of 1000 / last-modified: 1670587517"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 391 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (378)
Hash d4fbf882b93f6970774938500f8f38e3
c68b60288e907d734f2976eea54e51f692d794a9
af13bab3e2eadfa5bd8fb9bdb9c658829b6a61a3dac8b083908b6856878bfabf
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 25 Dec 2022 06:48:24 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S2131103866%3A1671950904206176&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5hQs245-XTJBrodd0ymavWxye6hj1LQmeLXeLYOf0U2t67nBG_Krd61GwMeTkzc12X41yg
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-5xR2uDXNfXUOF1nYfI1kHA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 391
server: GSE
set-cookie: __Host-GAPS=1:hJnCd3bNjTm_Dcoy1dd2ixFvj1r1wg:JLxhAe2lsknL3LEK;Path=/;Expires=Tue, 24-Dec-2024 06:48:24 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash be8f0ec43455138c0c17a20e9d90b541
21fa5f5df0b8cbf7cd77b1932bf82fb2913a19f4
0bb8177c477a31188f16732747ef20758863be5d7fe657624f8b50c5499706e5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/v3/signin/identifier?dsh=S738533765%3A1671950904197066&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5lORsGx6cH-Ml0vEkS5PwbYhu_T0OhIKIISWAIQjF3977YA0WOrmDTjiX48-Mukiy79A_w
142.250.74.109403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S738533765%3A1671950904197066&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5lORsGx6cH-Ml0vEkS5PwbYhu_T0OhIKIISWAIQjF3977YA0WOrmDTjiX48-Mukiy79A_w
IP 142.250.74.109:0
Hash 3f66a62aecacf61d876b7de57490cb66
d1820b1b17630eb7609d587e28a33b99f8576008
562c76ad5adb9e90f7ef5cb2322c554d1ecb9e4d7b11ea2aa77fca3b5620f8bc
GET /v3/signin/identifier?dsh=S738533765%3A1671950904197066&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5lORsGx6cH-Ml0vEkS5PwbYhu_T0OhIKIISWAIQjF3977YA0WOrmDTjiX48-Mukiy79A_w HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 25 Dec 2022 06:48:24 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-GF7eXsGG-2RTi1zgOzUHfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ff571c77e9fbd063e9602e6634d1e87e
b2c9a22cfee280893f58609a831e01a917677df7
716047d46377cc3673d79312a4e80ec96ee2870cd32b03b43afe4108fa83c130
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 890
Cache-Control: max-age=108932
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:24 GMT
Etag: "63a6f542-1d7"
Expires: Mon, 26 Dec 2022 13:03:56 GMT
Last-Modified: Sat, 24 Dec 2022 12:49:06 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 157 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
Size 157 kB (156612 bytes)
Hash e44a3dc01d6eee5c1097e8d65516abf8
ea532a5b079083bb5d5cae6f0d2987ef71df261a
088c71e1bbf83f1d2c89ccf9f7c0897ac52f47f22dbeb7d0e1bc127067635082
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: CMtwQ1/+2FjegxqOhrS+lZTWO5JFP13izR/EEVIGMdroIIwcFOULehFOBIO79Bm4/p9KZh2LvMNKF0W47mMv6g==
date: Sun, 25 Dec 2022 06:48:24 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5ec1233b7456781e4e2fb3e8dfea4860
bf61533c9ec2a6310d80457b1231400cf8631868
820ff717f6d3609bf61e238fda2ecfd8fd9aaf77e85760c0154f72461b33de6e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bcf8604a2e2524ce2ec88b3069229507
74921ac0ddce6f7e98f5a5b5994130ef9817226d
2d79eec59ae587d9986860b35bff8b1bbbc11bf1a642b9cb82d9d574316dbd14
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=exeo.app
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exeo.app
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exeo.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 25 Dec 2022 06:48:24 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S2131103866%3A1671950904206176&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5hQs245-XTJBrodd0ymavWxye6hj1LQmeLXeLYOf0U2t67nBG_Krd61GwMeTkzc12X41yg
142.250.74.109403 Forbidden 908 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S2131103866%3A1671950904206176&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5hQs245-XTJBrodd0ymavWxye6hj1LQmeLXeLYOf0U2t67nBG_Krd61GwMeTkzc12X41yg
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1751), with no line terminators
Hash d456bdb226f0e7d4f7511f60f8ee2f56
f4dfc07618ecd3896f937bba0b9c7dfd3e41940e
d160d0ca337e4aa1764ac90e48b088d17fae04418a3e0ddc0289dd7d5f212b37
GET /v3/signin/identifier?dsh=S2131103866%3A1671950904206176&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5hQs245-XTJBrodd0ymavWxye6hj1LQmeLXeLYOf0U2t67nBG_Krd61GwMeTkzc12X41yg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 25 Dec 2022 06:48:24 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
content-security-policy: script-src 'nonce-B9mtqi68Q04vTPQx9wZnoA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bcf8604a2e2524ce2ec88b3069229507
74921ac0ddce6f7e98f5a5b5994130ef9817226d
2d79eec59ae587d9986860b35bff8b1bbbc11bf1a642b9cb82d9d574316dbd14
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.106200 OK 41 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.106:0
Hash 7a12f913e96c4889501600bbb7b96ce5
871e3226d481f08e9920d3011725801079ace0f1
0baf45ec8e37ed4371394f11782cc05eb0d20af0a43d373c021530d00bb71c27
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 25 Dec 2022 06:48:23 GMT
date: Sun, 25 Dec 2022 06:48:23 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
live.demand.supply/up.js
104.16.133.22200 OK 13 kB IP 104.16.133.22:0
File type ASCII text, with very long lines (3472)
Hash afc6c2fa3edff2d86896514f2da30cb9
b9915f9a0fac833cbcb988e53ef07183ce73e709
25d0aa085211160f9580d39b68eecec52e39cb0566a51392f051fe7f924464e7
GET /up.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 06:48:23 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 77efa17bbb56b4fd-OSL
age: 614
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
etag: W/"30cd4982b290dd406327b3dd39f1ea22-ssl-df"
link: <https://live.demand.supply/impl.v16.3.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v16-2-0/ZXhlby5hcHAv>; rel=preload; as=script
set-cookie: demandSupplyTi=bd5cee6c-e676-499b-bb0b-de17b61f7ecc; demandSupplyTc = null; demandSupplyTcI = null; SameSite=None; Secure; Max-Age=63072000
vary: Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
cf-polished: origSize=4391
timing-allow-origin: *
x-nf-request-id: 01GMX2WC7DDRK600SK19DPWQGC
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash b9f99a85781195f2978e242e8e34ff16
7033d45ec984bf7b577308c731e47a4e84596c9c
09e2c2c00b04a0bd83ab098fa77ea0cd3e00499a0feb7df92b1f91af82ec0c69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pogothere.xyz/asd100.bin
172.64.173.27200 OK 103 kB IP 172.64.173.27:0
Size 103 kB (102679 bytes)
Hash 92535761b727c3c2c68fdb969b483b4b
905b1ffd801a055d16f8688e78fcd5a1789d2cc8
8c80aee7b22d0445d80403bf185bcdf13e218363b03bdf9abcf2c837ee7469f2
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 25 Dec 2022 06:48:23 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1111
last-modified: Sun, 25 Dec 2022 06:29:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r398N6YsfDl5dkTeKcxzQOigWDqUQNQV5BSI1FIqJz9VcQFkixb9aVVCUnRJWkeLX20aX6G7PxzSYTEUuct6wB5i%2FrcRZXC652levZeTmStUvqt0IQTg2ZVN2eoMAa0d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77efa17cac8d7761-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
142.250.74.35200 OK 29 kB URL HTTP/2 fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
IP 142.250.74.35:0
File type gzip compressed data, max compression\012- data
Hash 939209d057cd987b968ddf347451e4b7
f09df88329647db187f664bd34746a9fe612cdf7
6268301b2bb6abb784f8201b8e6e15afeda27945436cc436292652cdd014769c
GET /s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28288
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Dec 2022 20:35:00 GMT
expires: Thu, 21 Dec 2023 20:35:00 GMT
cache-control: public, max-age=31536000
age: 296005
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 78339fa925808fac05474a7b6ff42a5c
fd2578ed4c9f314fc3c9602b1ff276888afd4620
9ae5380973c7ec08dd455c573b403c7a1756aa1e4c542390207b73e31d9177b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 78339fa925808fac05474a7b6ff42a5c
fd2578ed4c9f314fc3c9602b1ff276888afd4620
9ae5380973c7ec08dd455c573b403c7a1756aa1e4c542390207b73e31d9177b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.id5-sync.com/api/1.0/esp.js
172.67.38.106200 OK 18 kB URL HTTP/2 cdn.id5-sync.com/api/1.0/esp.js
IP 172.67.38.106:0
Hash 0a5a775ef07d85b445831f8dffd16c98
78416ae303dff37bef5d932170e5c3850a6798e6
7512fb7ed9f25fb0664c60e5230b7cf24ed1111b37f7dc9b415f0010e9c4c898
GET /api/1.0/esp.js HTTP/1.1
Host: cdn.id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 06:48:25 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: br8ocj5fWmQgOqNy/Y5LiIH5q+MAwLmtxoIHmumKrdJnVOflpFk2DrvLlhRMxH1N156iQZCmWrRJmSpedVGlPA==
x-amz-request-id: 9KT5DTFKEWY7HC5S
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
etag: W/"91dadf6b1eddd8d91a5cc2e3be5ea8cf"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 1770
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 77efa1845d17b4ff-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 78339fa925808fac05474a7b6ff42a5c
fd2578ed4c9f314fc3c9602b1ff276888afd4620
9ae5380973c7ec08dd455c573b403c7a1756aa1e4c542390207b73e31d9177b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 78339fa925808fac05474a7b6ff42a5c
fd2578ed4c9f314fc3c9602b1ff276888afd4620
9ae5380973c7ec08dd455c573b403c7a1756aa1e4c542390207b73e31d9177b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
172.217.21.161200 OK 62 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
IP 172.217.21.161:0
File type Unicode text, UTF-8 text, with very long lines (65008)
Hash 190bcb4c44fd9e0e93baa80c9b2535b8
97bda56ddc8d6a00d19e1747d63325051f3fd144
b7677f820f06329e357561f570729fe4110af4ac5fb741b97567e20a0f533301
GET /rtv/012211060024000/amp4ads-v0.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 61592
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Dec 2022 18:08:55 GMT
expires: Tue, 19 Dec 2023 18:08:55 GMT
cache-control: public, max-age=31536000
age: 477570
etag: "a2fca7132416d151"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs
172.217.21.161200 OK 5.2 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs
IP 172.217.21.161:0
File type ASCII text, with very long lines (14697)
Hash ae1a9f090984c448deb0629cc2304ee3
e601825ccec746695f370ed68fa33325152e0d9f
6a947bfcdeea64faa6c795caea11ee09dbe00f5d4003b7b9d47e4945c05ac1e4
GET /rtv/012211060024000/v0/amp-ad-exit-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 5218
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Dec 2022 10:51:50 GMT
expires: Wed, 20 Dec 2023 10:51:50 GMT
cache-control: public, max-age=31536000
age: 417395
etag: "abd4378f71571d78"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs
172.217.21.161200 OK 29 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs
IP 172.217.21.161:0
File type ASCII text, with very long lines (65534)
Hash c88b4e73b12307e42222d337bdd646a2
621233bf4e777b2d44b1bc143187111aca2fe718
ef6935537cd5a603b79bc98d4274b70ee5608955792523fc58e818c8ddbb7b48
GET /rtv/012211060024000/v0/amp-analytics-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 28809
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 18 Dec 2022 17:37:12 GMT
expires: Mon, 18 Dec 2023 17:37:12 GMT
cache-control: public, max-age=31536000
etag: "dd6615029de85e23"
content-type: text/javascript; charset=UTF-8
age: 565873
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs
172.217.21.161200 OK 13 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs
IP 172.217.21.161:0
File type Unicode text, UTF-8 text, with very long lines (41057)
Hash 2f873064835eed23708bde2a16830216
7559437b82b9b761e02549d8d51f9e3571e5ed2c
0f5d00ac674cc34652997f2e0dd7fb6eb1a5b22010989c35a81cd7a388c84fdd
GET /rtv/012211060024000/v0/amp-form-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 12946
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Dec 2022 17:54:43 GMT
expires: Sat, 23 Dec 2023 17:54:43 GMT
cache-control: public, max-age=31536000
age: 132822
etag: "0bacd3f1ce38a7db"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png
172.217.21.161200 OK 2.5 kB URL HTTP/2 tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png
IP 172.217.21.161:0
File type PNG image data, 150 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash a2ecfe2f1ee4b65edff71fd02eef82f2
f062d54119184483f6608c869e7d06a0fbbce5bb
e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91
GET /pagead/images/adchoices/en_bl.png HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
server: cafe
content-length: 2471
x-xss-protection: 0
date: Sat, 24 Dec 2022 17:34:16 GMT
expires: Sun, 25 Dec 2022 17:34:16 GMT
cache-control: public, max-age=86400
age: 47649
etag: 11660698925711390587
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/images/adchoices/icon.png
172.217.21.161200 OK 295 B URL HTTP/2 tpc.googlesyndication.com/pagead/images/adchoices/icon.png
IP 172.217.21.161:0
File type PNG image data, 15 x 15, 16-bit/color RGBA, non-interlaced\012- data
Hash d848a2953307aa510bdad31f5bf84671
e9d6d8daa9255f99e4e778ff4c4b47806bdb18c1
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
GET /pagead/images/adchoices/icon.png HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
server: cafe
content-length: 295
x-xss-protection: 0
date: Sat, 24 Dec 2022 07:23:45 GMT
expires: Sun, 25 Dec 2022 07:23:45 GMT
cache-control: public, max-age=86400
age: 84280
etag: 426692510519060060
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 78339fa925808fac05474a7b6ff42a5c
fd2578ed4c9f314fc3c9602b1ff276888afd4620
9ae5380973c7ec08dd455c573b403c7a1756aa1e4c542390207b73e31d9177b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6526
Expires: Sun, 25 Dec 2022 08:37:11 GMT
Date: Sun, 25 Dec 2022 06:48:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6526
Expires: Sun, 25 Dec 2022 08:37:11 GMT
Date: Sun, 25 Dec 2022 06:48:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90be501d-93e5-40ba-98d6-b790fc50966b.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90be501d-93e5-40ba-98d6-b790fc50966b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d780f4b4a5928afafeea1348a117ab7
f0623d0355e6b57a5b9bed048b93e1b6b102dfe9
ad6dd8216b30147c99abfff2d1672d731ff940b2fb1da015d3fd5b0b96d11d0d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90be501d-93e5-40ba-98d6-b790fc50966b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10502
x-amzn-requestid: 93c0b9d3-6c3a-4ee0-b534-04bac0605c9e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dlF8zECooAMFs5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a51d1e-33fe89cb2bc2652425f43eec;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 03:14:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: HnMBSKP2dFjT7X90aHvAnnSKwWuoy-PaGE-gHW-6fnda4M2XEeqeqQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 03:42:15 GMT
age: 11170
etag: "f0623d0355e6b57a5b9bed048b93e1b6b102dfe9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde54d3c-acc5-40fb-9ff5-b4488535d517.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde54d3c-acc5-40fb-9ff5-b4488535d517.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 895f9fcad941ec99eff1af6e23fc61f8
92e86c10f43ed6912e82c3ba4c40d4c3b5f368ca
2556080dfdeb5356b5c11192a091efa5ef703e38c68f35cc5e3dfd3daedadcce
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde54d3c-acc5-40fb-9ff5-b4488535d517.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10422
x-amzn-requestid: 9566ea1a-feed-4ef3-a585-6927aa7ebbd0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dlFQgFSBoAMFumw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a51c03-160a7aa2250841ca26aeaca3;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 03:09:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PKArB2AqBrdeEYUTtUd_mM6NM_0XY81jrFMxgJHgXd6Mjy8pjtPnUg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 06:02:37 GMT
age: 2748
etag: "92e86c10f43ed6912e82c3ba4c40d4c3b5f368ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 59975c59126aefbfdace58a7f62d1623
bbcd2d22c8f5b051c08dc2fe6c0c3ef61752d584
0a833a4fdaad520d09969a74697e616a300be33ba5932543f49c136a27a44754
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0A833A4FDAAD520D09969A74697E616A300BE33BA5932543F49C136A27A44754"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15884
Expires: Sun, 25 Dec 2022 11:13:09 GMT
Date: Sun, 25 Dec 2022 06:48:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6699a9ae-bfe2-45e8-b58c-7be35c06940a.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6699a9ae-bfe2-45e8-b58c-7be35c06940a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c768f906c5cc15efe7830420b6be847e
020fbadae57763c372e11d26749a3dead4906e81
005592c3e24a348573036bfe78af7ab949d66bcd98c249e3b0a52852ce2de6b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6699a9ae-bfe2-45e8-b58c-7be35c06940a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9615
x-amzn-requestid: 39099e11-1866-4bcb-8b7c-54ca82dc339c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dpBhCHegIAMFnQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a6afa0-37a4dfb15bc9cb350016574c;Sampled=0
x-amzn-remapped-date: Sat, 24 Dec 2022 07:52:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: N5hi8zMfgNXnb-oKMTPPKlm8nmFKjghjG7e3HST9Jd1ZfgkRJFuQhQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 21:47:19 GMT
age: 32466
etag: "020fbadae57763c372e11d26749a3dead4906e81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09c8810b-667c-45b5-b2d1-f4afc3505a7a.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09c8810b-667c-45b5-b2d1-f4afc3505a7a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d0ab1bb58f592edab2abf55836383389
266ca036a6ff4a0f6be79fd1281e8c61ecdc5fab
73456092e6c143a996789bf1b0513c817daf01219bfa310cfbf212d565b0644b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09c8810b-667c-45b5-b2d1-f4afc3505a7a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6632
x-amzn-requestid: f0ed9030-aa96-42a8-bde0-85169dea945c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: do621E9zIAMFoSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a6a4f8-22a8ca5212c4bf5366ca5543;Sampled=0
x-amzn-remapped-date: Sat, 24 Dec 2022 07:06:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VcgEvhBEeCgObGGrtdlB96fzY6degQk22KsZlKTCmTbRuiO7CbJodw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 07:29:22 GMT
age: 83943
etag: "266ca036a6ff4a0f6be79fd1281e8c61ecdc5fab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdf5688c-654b-47a0-9c5f-8352f65e5715.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdf5688c-654b-47a0-9c5f-8352f65e5715.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c6d13f6c1d756476b4d249a5adf8a7c6
cfefff041364cdfe8ebc88d42204f42a782758ec
6046387c2117ee84c8b4323efcdb5efd8356b7f56493ec729d3dc6e105214cd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdf5688c-654b-47a0-9c5f-8352f65e5715.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15283
x-amzn-requestid: 06d729e0-735e-4b7f-8315-31288bae004c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dlnB-HZQIAMFRhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a5520c-73879f297d98c86e3e41984c;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 07:00:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QWZcUCtzfW8l3tSLeTU2FoYT30U24ehbs0VD2rcyUbZW5NO2wo3K0Q==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 07:24:17 GMT
age: 84248
etag: "cfefff041364cdfe8ebc88d42204f42a782758ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2a1f057-d23b-436a-bff6-82977d1d5527.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2a1f057-d23b-436a-bff6-82977d1d5527.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8dee6282a859a55ad30148c8e36e3cc8
c55bdd00c0d39f468908bd22a62a6e9b3182e4b8
4d951f758f425e3a8f127d2bc6e43558ee9ad775f147e8aae6f016007fbf4160
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2a1f057-d23b-436a-bff6-82977d1d5527.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11084
x-amzn-requestid: ee635254-6e82-4c96-b4b3-590fabf5b188
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dbNEXGT9IAMF_Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a12882-248a27d00736e6c643109714;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 03:14:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G1M5t4EvERnCaL7wcyu0_8-3jqhBZ2AS5571X_K6omN_EH4l-NjmBQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 14:42:40 GMT
age: 57945
etag: "c55bdd00c0d39f468908bd22a62a6e9b3182e4b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
id5-sync.com/api/esp/increment?counter=no-config
141.95.98.64204 0 B URL HTTP/1.1 id5-sync.com/api/esp/increment?counter=no-config
IP 141.95.98.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/esp/increment?counter=no-config HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
date: Sun, 25 Dec 2022 06:48:24 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj8-sDVATAB&v=APEucNVxdK14ndEP2sQNeVNBlSMUBklR3L6xrXC3dh2JQN8TYhmanwxaE_GyvK0BGQ7_BtgU2gbvX0kDqZDRE2BZym0j2rdLwD8JJ8IwNR9ZDGeGHXlUoXBP1z3pKz7S731UScPl7DyfmWgN6FpouJ2X-7e6JF8N_yNH5ExxDejNY3lzkDQfAlwW06f0PgV88B-uX_L9D1iWq3mqx6D9RiVpbezyiCbtAQ
142.250.74.162200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj8-sDVATAB&v=APEucNVxdK14ndEP2sQNeVNBlSMUBklR3L6xrXC3dh2JQN8TYhmanwxaE_GyvK0BGQ7_BtgU2gbvX0kDqZDRE2BZym0j2rdLwD8JJ8IwNR9ZDGeGHXlUoXBP1z3pKz7S731UScPl7DyfmWgN6FpouJ2X-7e6JF8N_yNH5ExxDejNY3lzkDQfAlwW06f0PgV88B-uX_L9D1iWq3mqx6D9RiVpbezyiCbtAQ
IP 142.250.74.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CO-t7QIQhsvvAhj8-sDVATAB&v=APEucNVxdK14ndEP2sQNeVNBlSMUBklR3L6xrXC3dh2JQN8TYhmanwxaE_GyvK0BGQ7_BtgU2gbvX0kDqZDRE2BZym0j2rdLwD8JJ8IwNR9ZDGeGHXlUoXBP1z3pKz7S731UScPl7DyfmWgN6FpouJ2X-7e6JF8N_yNH5ExxDejNY3lzkDQfAlwW06f0PgV88B-uX_L9D1iWq3mqx6D9RiVpbezyiCbtAQ HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c674219087d7e139b37592146a2852e2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 25 Dec 2022 06:48:25 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 25-Dec-2022 07:03:25 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 25 Dec 2022 06:48:25 GMT
cache-control: private
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7fd6ef320514aba7ae7c9bb625cc68b8
37ce04a6e471dd435ad84e6ad8d2b061cd5fc6e9
39973c7fc556eedf2b081f338342f9476424c9ef4905b7a1985120f15435af19
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/drt/ui
142.250.74.132302 Found 0 B URL HTTP/2 www.google.com/pagead/drt/ui
IP 142.250.74.132:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/drt/ui HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 25 Dec 2022 06:48:25 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
142.250.74.162200 OK 48 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 142.250.74.162:0
File type ASCII text, with very long lines (3501)
Hash 0aea457deb170b60b680d7d723b4a6e2
3acbe700c709c2c5c07d6fb145ea7b448cc07a90
86c662679bc2508be7e8064c91055a3c5be7db2c24d58e5f27676f35702ba339
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c674219087d7e139b37592146a2852e2.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 47725
date: Sun, 25 Dec 2022 06:48:25 GMT
expires: Sun, 25 Dec 2022 06:48:25 GMT
cache-control: private, max-age=3000
etag: "1670417373259609"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CDZPA8Ti99B_ZlwKfq_keZw3IDMIb2QVdmpHLL-EE3uKMttS2xQM2Dnf3bz6RcV3vgH0W_gLCif_keIhVjp82hClmwjg&cry=1&dbm_d=AKAmf-BuHAcyvrwXVqmbZncud3RgY3zF36SIgteAL-XoKu2X06d_CKzV6y8-07QIKycH7OROCv5ls-RsJbjfeV4v_zs6JfyRH6dpKYiC-rFKvpLNznvtn1Zf_VEt81G5lFU55xe4yR41hHuOiSkGDKy-biD68w3-OshhyQnRxuDGBd0uzZ5HEe3aAAsWnTrU8J39OZDZCjshifZBmex3gpOqL0i-citntgdWLm3IOzXmJMd9mHUBvKRFViQ_QjjF7e8YKyIPlyMaxpRQy-Ohq_z6bFd2AVsL2rTbKdAj6_rEuzBQo9VrpEIHH0pNCsZmpDIMdqvPX57MfHWw6SFOMpY3zLHOR5W-BSEE7NcQ5YgeGGupp26xKNTveMg01NlPbSISPoAJCz-3WvPjDDu2HY52Po5REios_bst5udTd90NGFv4im8f3E236PADLucxqrZXVSS3SAWsV50ocoRkXLdT8OnxNpK97USlfjKP8FcnGhG2M1WoPURGhCKEvddidp4dtVoWpd8nNcZLaF99H2ORrb1bVFPyVpJksbPjgBTxD-YuXy_xeVJPZ9CFbx9F3LTv1Se1Dr0S_aGmYGHCkbVKXwVd8uRdHZYIKEYC9dcCkujNpQT2MXjVh2P9h26ctOAa2dqhAoVnx5LwAc0U-AEb9fbZ1uv2E6rrb03rmEKz7aEyE7MCtsbAxBBKWpem_VHKFZymM90awvPi5ca0q0GQi_EsLR-Vv1xXsadZK5mvkozDGEMuFR3u7SROJTIgfR47ehh6BuMwQdvby1hNTGVCSDTNPc7RlN7pPcI7nHc8gft6XFKkgQ42pteJjT4nRmu1Il-KVEPII9Eta_tLk1izeT6aqQXzqyNjCs5T6XQZqJumyGpqCRO-pmZPqu3gKtzMy0MTRqPFohYfxbVMiznAPnBp7YxD70mtyiQmxMyxI9c0huuBWvCV3Mw3nm3vqBJkXbObe_HQITQWfD6PsJ2dhLfx1r8thVDw8LRge0KLu8SLGh9R-cfuzZcFMU5KyGFNr5c0lefkurJmMP5OKrB2sD1jt0A1SCPJdBNqc_EsqRGNi9f_w32jL0vCmektfDnbdA6qzoAVlKXiKejFtu7Hrz0MwJYyqt1gVgNWr6Kd27DdJLmdxszy7ehKQrXwVvhAjRRCAtx4jEUq34frh1_dWTMbkkWZ_HsusKKD0RnmhJQLleHb1IekhIqRL1ipga0rqcX3dmlxPuR6WKzRkuTJoa9T_-vDiDM03w7bgrPu5cfnlRT6GFL2rNft8CBkdftDjy6ChkLLFruq8OiCva3fGdXRApNeGtFHAVOMbBn-9x5Q_XFmzCAy2LvEeAuyKRL4XY59JJnafcM5A2tsZq_FwGTAeOEIjlco4U3UcftvMYKcsEPLSMZQTVyOSVV_ERI4yZenURAMdgXIQ-xKhflSEEbKZPMDP0kbl1GLJ7FpeqGrIIjFhRnqjsqEBNwVrPa9nPEwaH7wgqesPXClml58OHHusQ_XbyojqgDNf_V7RvCdSKHfxMUC3UoPfpyAoU4IiWjExhcJbspFyly7EPBjcb4AkvDgUgw_MZviZ7nxj_RyRj2w9QBR5C90PzJfk8VZFN2mguYIyuvQYRKEN-gFAskZ8RfqC2ZUsFG9yjBqMtQ-5Kg8txnpvVDvJEuSrwpZYraBTWPW7ocLXQysv0XXnRtjq8CLl76TIvYQvHyi9-j76bLgPJ7EhqXCA_DYzfQXXYd1mmYPAWrqw8vlyCDWhjedkOO8uUJdV_Rt5DNakIAx81QKWhJ8Z-MKgzC41ofUNGAD-eGa6JkQsf8NxNcEwwe4kLJZNGVxBO91pBmOhkXja573_60MX87kuCM3X5hDEhF4oAN699OfjLL8LlKPfd2h_udJsPL6mXytOYAm2MOU_FFtY-7-YXwUvMc-vjJ7P56GWV-f8yrytQqr108ZOut01dZKusnhzJvoV-cK9JxiZf9lUg6_39XgikYH1MT9VLrfoCricTh69uB5Vg1FkyO26-b-hZ1QuSawsXWDQhA0Rlbu4RKi6KKhjKmDaUWNfMDx7MJKiFl4zTjoXkNstVRsfaa-49Lt2wh_WfF20FKOEChhsZlgqNwAn9CjRAoyUG2WyrtyQfPmqw1xB-knYcW4S1-eS4VNuOpTBFPx6zQieLXZA7IiwUmkp6hXT7mGt_5S9JOfxnsYJjI_dKGbRkMfPQCCHJX7UZ8PQaq9BLR6wWBYnu3AffvzG7mutiuCulMN07jkpnl3CChCkCtI87wOfrVJtCjyoZoOv_P0lQdpqBaqqaLelDDxM8hzmFcnCu5P69ujTjLwSfiyBuRLPuyptCLLs4aKb9mxxpkVoFux2yTbWl2D42Xe-qq-2mnVUiHvkRtHuy9kwd3y6xaorIlcXfgzi6IXpf0qt6otPNge1gmxBzQWB89_ycWcyYG6D6RfopG-dMO_Tcc5NQG766xr1snjELQC61XvgJdxlDbJYuot0-FGy7Cp7REsudAfzcxeabkyHtjWpvcyvzcv58NGHgU-NcSBBhsSpF-Iee5lOGLGqzU3ZrvQlfmibF_Bs18SW9sjtZNYtHfkSHRuT2lC8cRFbYrudEpgvP_ClvhC2nNgx-Okgt3bx3VjSkD3QK1IDNMAsMyt8F6vyIJ1mVWuqPVenf8qPwLG3_kjSYlqbtKP5bF_nrPSLTJCteZwxKz3qPYLBvVZwKe1QQAdkCSGTQAt4yko2mmcpjZNroWRxsGzRv8pzz5641nEeMNWOylJvJclwYq41Ht_FGgAOdJo06CcOLj398uJHUf1QAM73iGsYs4ySsFEt6kIsWBQS41fn8MiPg1Lqud50GU3gndcaQHeM-y2xdSB0_2gokaXTsE1SwTmozYr1ayMS0P7u3suMiSiHNO8mCDuSq1XhuHayrAHR28EdFrCuFiJEtAbDVSizPMBJPGRcc8-3_wa931XeUR0BkhCC13mUH4W3OfShurLOe8gFqipMxqiSKe_QzwB_DNNq4g_XbgKfrArwSKf3WM06BCLmJ-_-10WwCfYBqZqy28yLm7XkWFrqGxwYcNkKnqYIdcWxKo_ifEEQ31t6A5PITiCu39lQF31RGm2-ylHVdZYNQsD_Dm4ZJ_HD9wqBcEw7MHCfFbRKan4_BeNU0GpTSrF3A_pQXNcTMSATXCxxzU1QcA7qGuT0N5cxy1N3X7J12Sc9bbssXivTIcP0-ghtkvm2--MP_u5twV1K-Bfq4o5JwkbMdhDemawAQHWjjc&cid=CAQSTADq26N9_Mc4eN3NhcIwxOaaDR1-0ho4zwGfXIj2hDzZ3SWeXCg6JRaMxc8kKbA0FPxl1xfX7rd31UbJCGHiSe6eFmZ_tDVqIIXWNAMYASAT&dv3_ver=m202209210101&rfl=https%3A%2F%2Fexeo.app%2F&ds=l&xdt=1&iif=1&cor=6597712644405442000&adk=250412560&idt=49&cac=0&dtd=8
142.250.74.162200 OK 32 kB URL HTTP/2 googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CDZPA8Ti99B_ZlwKfq_keZw3IDMIb2QVdmpHLL-EE3uKMttS2xQM2Dnf3bz6RcV3vgH0W_gLCif_keIhVjp82hClmwjg&cry=1&dbm_d=AKAmf-BuHAcyvrwXVqmbZncud3RgY3zF36SIgteAL-XoKu2X06d_CKzV6y8-07QIKycH7OROCv5ls-RsJbjfeV4v_zs6JfyRH6dpKYiC-rFKvpLNznvtn1Zf_VEt81G5lFU55xe4yR41hHuOiSkGDKy-biD68w3-OshhyQnRxuDGBd0uzZ5HEe3aAAsWnTrU8J39OZDZCjshifZBmex3gpOqL0i-citntgdWLm3IOzXmJMd9mHUBvKRFViQ_QjjF7e8YKyIPlyMaxpRQy-Ohq_z6bFd2AVsL2rTbKdAj6_rEuzBQo9VrpEIHH0pNCsZmpDIMdqvPX57MfHWw6SFOMpY3zLHOR5W-BSEE7NcQ5YgeGGupp26xKNTveMg01NlPbSISPoAJCz-3WvPjDDu2HY52Po5REios_bst5udTd90NGFv4im8f3E236PADLucxqrZXVSS3SAWsV50ocoRkXLdT8OnxNpK97USlfjKP8FcnGhG2M1WoPURGhCKEvddidp4dtVoWpd8nNcZLaF99H2ORrb1bVFPyVpJksbPjgBTxD-YuXy_xeVJPZ9CFbx9F3LTv1Se1Dr0S_aGmYGHCkbVKXwVd8uRdHZYIKEYC9dcCkujNpQT2MXjVh2P9h26ctOAa2dqhAoVnx5LwAc0U-AEb9fbZ1uv2E6rrb03rmEKz7aEyE7MCtsbAxBBKWpem_VHKFZymM90awvPi5ca0q0GQi_EsLR-Vv1xXsadZK5mvkozDGEMuFR3u7SROJTIgfR47ehh6BuMwQdvby1hNTGVCSDTNPc7RlN7pPcI7nHc8gft6XFKkgQ42pteJjT4nRmu1Il-KVEPII9Eta_tLk1izeT6aqQXzqyNjCs5T6XQZqJumyGpqCRO-pmZPqu3gKtzMy0MTRqPFohYfxbVMiznAPnBp7YxD70mtyiQmxMyxI9c0huuBWvCV3Mw3nm3vqBJkXbObe_HQITQWfD6PsJ2dhLfx1r8thVDw8LRge0KLu8SLGh9R-cfuzZcFMU5KyGFNr5c0lefkurJmMP5OKrB2sD1jt0A1SCPJdBNqc_EsqRGNi9f_w32jL0vCmektfDnbdA6qzoAVlKXiKejFtu7Hrz0MwJYyqt1gVgNWr6Kd27DdJLmdxszy7ehKQrXwVvhAjRRCAtx4jEUq34frh1_dWTMbkkWZ_HsusKKD0RnmhJQLleHb1IekhIqRL1ipga0rqcX3dmlxPuR6WKzRkuTJoa9T_-vDiDM03w7bgrPu5cfnlRT6GFL2rNft8CBkdftDjy6ChkLLFruq8OiCva3fGdXRApNeGtFHAVOMbBn-9x5Q_XFmzCAy2LvEeAuyKRL4XY59JJnafcM5A2tsZq_FwGTAeOEIjlco4U3UcftvMYKcsEPLSMZQTVyOSVV_ERI4yZenURAMdgXIQ-xKhflSEEbKZPMDP0kbl1GLJ7FpeqGrIIjFhRnqjsqEBNwVrPa9nPEwaH7wgqesPXClml58OHHusQ_XbyojqgDNf_V7RvCdSKHfxMUC3UoPfpyAoU4IiWjExhcJbspFyly7EPBjcb4AkvDgUgw_MZviZ7nxj_RyRj2w9QBR5C90PzJfk8VZFN2mguYIyuvQYRKEN-gFAskZ8RfqC2ZUsFG9yjBqMtQ-5Kg8txnpvVDvJEuSrwpZYraBTWPW7ocLXQysv0XXnRtjq8CLl76TIvYQvHyi9-j76bLgPJ7EhqXCA_DYzfQXXYd1mmYPAWrqw8vlyCDWhjedkOO8uUJdV_Rt5DNakIAx81QKWhJ8Z-MKgzC41ofUNGAD-eGa6JkQsf8NxNcEwwe4kLJZNGVxBO91pBmOhkXja573_60MX87kuCM3X5hDEhF4oAN699OfjLL8LlKPfd2h_udJsPL6mXytOYAm2MOU_FFtY-7-YXwUvMc-vjJ7P56GWV-f8yrytQqr108ZOut01dZKusnhzJvoV-cK9JxiZf9lUg6_39XgikYH1MT9VLrfoCricTh69uB5Vg1FkyO26-b-hZ1QuSawsXWDQhA0Rlbu4RKi6KKhjKmDaUWNfMDx7MJKiFl4zTjoXkNstVRsfaa-49Lt2wh_WfF20FKOEChhsZlgqNwAn9CjRAoyUG2WyrtyQfPmqw1xB-knYcW4S1-eS4VNuOpTBFPx6zQieLXZA7IiwUmkp6hXT7mGt_5S9JOfxnsYJjI_dKGbRkMfPQCCHJX7UZ8PQaq9BLR6wWBYnu3AffvzG7mutiuCulMN07jkpnl3CChCkCtI87wOfrVJtCjyoZoOv_P0lQdpqBaqqaLelDDxM8hzmFcnCu5P69ujTjLwSfiyBuRLPuyptCLLs4aKb9mxxpkVoFux2yTbWl2D42Xe-qq-2mnVUiHvkRtHuy9kwd3y6xaorIlcXfgzi6IXpf0qt6otPNge1gmxBzQWB89_ycWcyYG6D6RfopG-dMO_Tcc5NQG766xr1snjELQC61XvgJdxlDbJYuot0-FGy7Cp7REsudAfzcxeabkyHtjWpvcyvzcv58NGHgU-NcSBBhsSpF-Iee5lOGLGqzU3ZrvQlfmibF_Bs18SW9sjtZNYtHfkSHRuT2lC8cRFbYrudEpgvP_ClvhC2nNgx-Okgt3bx3VjSkD3QK1IDNMAsMyt8F6vyIJ1mVWuqPVenf8qPwLG3_kjSYlqbtKP5bF_nrPSLTJCteZwxKz3qPYLBvVZwKe1QQAdkCSGTQAt4yko2mmcpjZNroWRxsGzRv8pzz5641nEeMNWOylJvJclwYq41Ht_FGgAOdJo06CcOLj398uJHUf1QAM73iGsYs4ySsFEt6kIsWBQS41fn8MiPg1Lqud50GU3gndcaQHeM-y2xdSB0_2gokaXTsE1SwTmozYr1ayMS0P7u3suMiSiHNO8mCDuSq1XhuHayrAHR28EdFrCuFiJEtAbDVSizPMBJPGRcc8-3_wa931XeUR0BkhCC13mUH4W3OfShurLOe8gFqipMxqiSKe_QzwB_DNNq4g_XbgKfrArwSKf3WM06BCLmJ-_-10WwCfYBqZqy28yLm7XkWFrqGxwYcNkKnqYIdcWxKo_ifEEQ31t6A5PITiCu39lQF31RGm2-ylHVdZYNQsD_Dm4ZJ_HD9wqBcEw7MHCfFbRKan4_BeNU0GpTSrF3A_pQXNcTMSATXCxxzU1QcA7qGuT0N5cxy1N3X7J12Sc9bbssXivTIcP0-ghtkvm2--MP_u5twV1K-Bfq4o5JwkbMdhDemawAQHWjjc&cid=CAQSTADq26N9_Mc4eN3NhcIwxOaaDR1-0ho4zwGfXIj2hDzZ3SWeXCg6JRaMxc8kKbA0FPxl1xfX7rd31UbJCGHiSe6eFmZ_tDVqIIXWNAMYASAT&dv3_ver=m202209210101&rfl=https%3A%2F%2Fexeo.app%2F&ds=l&xdt=1&iif=1&cor=6597712644405442000&adk=250412560&idt=49&cac=0&dtd=8
IP 142.250.74.162:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 22ea9c5b688336e9ab121decd36013f1
f655081570a7c97c5f87ff5c354ddb276d6e9e7b
4e6435ffcc516ac5fa22c4ee02a4bcf4810aa7651a0a6dce8ebfd54b8e9571e7
GET /dbm/ad?dbm_c=AKAmf-CDZPA8Ti99B_ZlwKfq_keZw3IDMIb2QVdmpHLL-EE3uKMttS2xQM2Dnf3bz6RcV3vgH0W_gLCif_keIhVjp82hClmwjg&cry=1&dbm_d=AKAmf-BuHAcyvrwXVqmbZncud3RgY3zF36SIgteAL-XoKu2X06d_CKzV6y8-07QIKycH7OROCv5ls-RsJbjfeV4v_zs6JfyRH6dpKYiC-rFKvpLNznvtn1Zf_VEt81G5lFU55xe4yR41hHuOiSkGDKy-biD68w3-OshhyQnRxuDGBd0uzZ5HEe3aAAsWnTrU8J39OZDZCjshifZBmex3gpOqL0i-citntgdWLm3IOzXmJMd9mHUBvKRFViQ_QjjF7e8YKyIPlyMaxpRQy-Ohq_z6bFd2AVsL2rTbKdAj6_rEuzBQo9VrpEIHH0pNCsZmpDIMdqvPX57MfHWw6SFOMpY3zLHOR5W-BSEE7NcQ5YgeGGupp26xKNTveMg01NlPbSISPoAJCz-3WvPjDDu2HY52Po5REios_bst5udTd90NGFv4im8f3E236PADLucxqrZXVSS3SAWsV50ocoRkXLdT8OnxNpK97USlfjKP8FcnGhG2M1WoPURGhCKEvddidp4dtVoWpd8nNcZLaF99H2ORrb1bVFPyVpJksbPjgBTxD-YuXy_xeVJPZ9CFbx9F3LTv1Se1Dr0S_aGmYGHCkbVKXwVd8uRdHZYIKEYC9dcCkujNpQT2MXjVh2P9h26ctOAa2dqhAoVnx5LwAc0U-AEb9fbZ1uv2E6rrb03rmEKz7aEyE7MCtsbAxBBKWpem_VHKFZymM90awvPi5ca0q0GQi_EsLR-Vv1xXsadZK5mvkozDGEMuFR3u7SROJTIgfR47ehh6BuMwQdvby1hNTGVCSDTNPc7RlN7pPcI7nHc8gft6XFKkgQ42pteJjT4nRmu1Il-KVEPII9Eta_tLk1izeT6aqQXzqyNjCs5T6XQZqJumyGpqCRO-pmZPqu3gKtzMy0MTRqPFohYfxbVMiznAPnBp7YxD70mtyiQmxMyxI9c0huuBWvCV3Mw3nm3vqBJkXbObe_HQITQWfD6PsJ2dhLfx1r8thVDw8LRge0KLu8SLGh9R-cfuzZcFMU5KyGFNr5c0lefkurJmMP5OKrB2sD1jt0A1SCPJdBNqc_EsqRGNi9f_w32jL0vCmektfDnbdA6qzoAVlKXiKejFtu7Hrz0MwJYyqt1gVgNWr6Kd27DdJLmdxszy7ehKQrXwVvhAjRRCAtx4jEUq34frh1_dWTMbkkWZ_HsusKKD0RnmhJQLleHb1IekhIqRL1ipga0rqcX3dmlxPuR6WKzRkuTJoa9T_-vDiDM03w7bgrPu5cfnlRT6GFL2rNft8CBkdftDjy6ChkLLFruq8OiCva3fGdXRApNeGtFHAVOMbBn-9x5Q_XFmzCAy2LvEeAuyKRL4XY59JJnafcM5A2tsZq_FwGTAeOEIjlco4U3UcftvMYKcsEPLSMZQTVyOSVV_ERI4yZenURAMdgXIQ-xKhflSEEbKZPMDP0kbl1GLJ7FpeqGrIIjFhRnqjsqEBNwVrPa9nPEwaH7wgqesPXClml58OHHusQ_XbyojqgDNf_V7RvCdSKHfxMUC3UoPfpyAoU4IiWjExhcJbspFyly7EPBjcb4AkvDgUgw_MZviZ7nxj_RyRj2w9QBR5C90PzJfk8VZFN2mguYIyuvQYRKEN-gFAskZ8RfqC2ZUsFG9yjBqMtQ-5Kg8txnpvVDvJEuSrwpZYraBTWPW7ocLXQysv0XXnRtjq8CLl76TIvYQvHyi9-j76bLgPJ7EhqXCA_DYzfQXXYd1mmYPAWrqw8vlyCDWhjedkOO8uUJdV_Rt5DNakIAx81QKWhJ8Z-MKgzC41ofUNGAD-eGa6JkQsf8NxNcEwwe4kLJZNGVxBO91pBmOhkXja573_60MX87kuCM3X5hDEhF4oAN699OfjLL8LlKPfd2h_udJsPL6mXytOYAm2MOU_FFtY-7-YXwUvMc-vjJ7P56GWV-f8yrytQqr108ZOut01dZKusnhzJvoV-cK9JxiZf9lUg6_39XgikYH1MT9VLrfoCricTh69uB5Vg1FkyO26-b-hZ1QuSawsXWDQhA0Rlbu4RKi6KKhjKmDaUWNfMDx7MJKiFl4zTjoXkNstVRsfaa-49Lt2wh_WfF20FKOEChhsZlgqNwAn9CjRAoyUG2WyrtyQfPmqw1xB-knYcW4S1-eS4VNuOpTBFPx6zQieLXZA7IiwUmkp6hXT7mGt_5S9JOfxnsYJjI_dKGbRkMfPQCCHJX7UZ8PQaq9BLR6wWBYnu3AffvzG7mutiuCulMN07jkpnl3CChCkCtI87wOfrVJtCjyoZoOv_P0lQdpqBaqqaLelDDxM8hzmFcnCu5P69ujTjLwSfiyBuRLPuyptCLLs4aKb9mxxpkVoFux2yTbWl2D42Xe-qq-2mnVUiHvkRtHuy9kwd3y6xaorIlcXfgzi6IXpf0qt6otPNge1gmxBzQWB89_ycWcyYG6D6RfopG-dMO_Tcc5NQG766xr1snjELQC61XvgJdxlDbJYuot0-FGy7Cp7REsudAfzcxeabkyHtjWpvcyvzcv58NGHgU-NcSBBhsSpF-Iee5lOGLGqzU3ZrvQlfmibF_Bs18SW9sjtZNYtHfkSHRuT2lC8cRFbYrudEpgvP_ClvhC2nNgx-Okgt3bx3VjSkD3QK1IDNMAsMyt8F6vyIJ1mVWuqPVenf8qPwLG3_kjSYlqbtKP5bF_nrPSLTJCteZwxKz3qPYLBvVZwKe1QQAdkCSGTQAt4yko2mmcpjZNroWRxsGzRv8pzz5641nEeMNWOylJvJclwYq41Ht_FGgAOdJo06CcOLj398uJHUf1QAM73iGsYs4ySsFEt6kIsWBQS41fn8MiPg1Lqud50GU3gndcaQHeM-y2xdSB0_2gokaXTsE1SwTmozYr1ayMS0P7u3suMiSiHNO8mCDuSq1XhuHayrAHR28EdFrCuFiJEtAbDVSizPMBJPGRcc8-3_wa931XeUR0BkhCC13mUH4W3OfShurLOe8gFqipMxqiSKe_QzwB_DNNq4g_XbgKfrArwSKf3WM06BCLmJ-_-10WwCfYBqZqy28yLm7XkWFrqGxwYcNkKnqYIdcWxKo_ifEEQ31t6A5PITiCu39lQF31RGm2-ylHVdZYNQsD_Dm4ZJ_HD9wqBcEw7MHCfFbRKan4_BeNU0GpTSrF3A_pQXNcTMSATXCxxzU1QcA7qGuT0N5cxy1N3X7J12Sc9bbssXivTIcP0-ghtkvm2--MP_u5twV1K-Bfq4o5JwkbMdhDemawAQHWjjc&cid=CAQSTADq26N9_Mc4eN3NhcIwxOaaDR1-0ho4zwGfXIj2hDzZ3SWeXCg6JRaMxc8kKbA0FPxl1xfX7rd31UbJCGHiSe6eFmZ_tDVqIIXWNAMYASAT&dv3_ver=m202209210101&rfl=https%3A%2F%2Fexeo.app%2F&ds=l&xdt=1&iif=1&cor=6597712644405442000&adk=250412560&idt=49&cac=0&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c674219087d7e139b37592146a2852e2.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 25 Dec 2022 06:48:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 31777
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 25-Dec-2022 07:03:25 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 915903fa6db6c0224648e3273daf13c8
98bad0e53f8f362341207cf5b1c37ab6c0dbb7d7
cc46e6cbdc91bba473f6337162f3e1d0231e556ca42fdd2fe44947aa1eeac413
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/simgad/10038277565593592441
142.250.74.70200 OK 12 kB URL HTTP/2 s0.2mdn.net/simgad/10038277565593592441
IP 142.250.74.70:0
File type PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash 3ddec6f61dd4fb2f268a8d9c2dd94759
1d4ad3818a4a49018385092c18cb75754bdb2b9f
f76bca4b8356d33a21df98096577ae1124192b1e367301341ba7eb3df25eeb8e
GET /simgad/10038277565593592441 HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c674219087d7e139b37592146a2852e2.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 12284
x-content-type-options: nosniff
x-dns-prefetch-control: off
server: sffe
x-xss-protection: 0
date: Fri, 23 Dec 2022 13:34:56 GMT
expires: Sat, 23 Dec 2023 13:34:56 GMT
cache-control: public, max-age=31536000
age: 148409
last-modified: Thu, 06 Oct 2022 20:01:11 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssBB2XsNzptW_r_NqdlEIEAuZdt-_meeb9vT7Szpny_RlKZ5AT85_SEYkNZiRJb2N60f7_fg1rhKYnme5X2trU3RP44WHujgaui3wxDbAMIIYfoiPIluDKywnqpsaSs2EGphf0t1cVRLULPbIFSlX3CBGxlAbbSrsJDg8GI_AhSMqYLkhFS_BceUkoljt1vK06AzTOYeOlC4xNPxD1LS5Zjoh1HJTe7VQLTurpxm-8cLhAg8Z0CbAYsZ2lXhM-DNQPnItlKTlfDofe9G4BXBnzk4OI19QLX68K2Bqn1UUMtbDeWmns7VC-qaioZhDbIe9rhI1Q_HwXkboYKmPNhdWNjl8jGiDyqVme-whve6KRhIC47c7DB871rP3RaLyR4QlLGSx3j6DZlM9PAHIGfPKpyz1U5DvkZKgkIPgGqcmVOfBKflQpN71T-mEBsuPvQHPfzYQn3G_rSweCvgpw5Q38oSVFWej4MWtdSI2iryX17hMkGq5r5BLiCtUc6xoItD1EWHqVIU_RvIwCinzLGRsNu1XhWMfKLQ2KSpBwI96JZH95-51A7BobqKwk1726wo3Zf29rx-hZmFqDBNsYu_bmqy-2fa6_rb-z5bu8XA5WxtfFAGF8IAdN8KQvoudnx8UmktumhWMGlV8HlA7vQHMR80QBbEa3h5LfFtax8dPp_iFN5nMSgHMm8ZMtsqcSpPOGpP306oDXZ-MyoxiXD1NQQvYgg0LhavvnoF_ERTcu-if82kD-WqNCqkwEu4PsahPiPoGScFQicaypupUtpppVjqLuEgWXC-Ncp9y8VJxc-RPi0O8Yz4D564ljuDZ6ZdSDQyBmEH7OYXFgr-PC4-vr7iF8gDqQ2qOF-u_PtZxxgVl31Ue_n7FQY723MfBkrGAYxDIlqudW3nBV7aGy0T8FX85BK7jMyP52Oxam4t8knLbYAk5pd__UHOQ_FPk3HtkhadO1QVHt-K3aAv7d-lMshGT9h9rhdck_oDCST_mjs82ZJYrtnyKGW5nLjeJxae5BKyHEVyz-HOeB-di3jvYW4x5APQg6oIinukC4qMGqLP2fxkaNe1muOAKEJpjEZ9P1xc7hB7PdS4oBzk69INmSItFvfotSGgLOLrYH0t0eNqxzgPpzXftE18JBz_Ggyt06UFjht0virYPBtwlIqaZ3t1peCn3kjerjLhcPvf0DLJ2lj-TTlIvFYtg&sai=AMfl-YSNqV8xFFyXP5Ez5fg4dyLS1TUzp0dhnS6v3IhU3sAFhyRP7uFvkqSgU720qdXiMFuGVZNavgzRLmCi65VhzzxKq-tLpoqsZdbYKShB0nDju9s6CQrH5Gi3gVF21AV64N7ct3wtDCBIeHyly8QoQWKQs657PUzQWZgGagI5_2zQv26ukWZc5A9ZBZql4INF3xd6Tt5Nn6ID6xSehbRGhT-rO8rvPtgegSi0Zm9At2mu9tipcO7OgHFH99iwc4LEDJLB3iKClc2qKQ7sOrPiMxQTOjFl3o4vkTCtswSYpMf0338ClfE&sig=Cg0ArKJSzMazT5WqMGTIEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221207.23311&arae=0&ftch=1&adurl=
142.250.74.34200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssBB2XsNzptW_r_NqdlEIEAuZdt-_meeb9vT7Szpny_RlKZ5AT85_SEYkNZiRJb2N60f7_fg1rhKYnme5X2trU3RP44WHujgaui3wxDbAMIIYfoiPIluDKywnqpsaSs2EGphf0t1cVRLULPbIFSlX3CBGxlAbbSrsJDg8GI_AhSMqYLkhFS_BceUkoljt1vK06AzTOYeOlC4xNPxD1LS5Zjoh1HJTe7VQLTurpxm-8cLhAg8Z0CbAYsZ2lXhM-DNQPnItlKTlfDofe9G4BXBnzk4OI19QLX68K2Bqn1UUMtbDeWmns7VC-qaioZhDbIe9rhI1Q_HwXkboYKmPNhdWNjl8jGiDyqVme-whve6KRhIC47c7DB871rP3RaLyR4QlLGSx3j6DZlM9PAHIGfPKpyz1U5DvkZKgkIPgGqcmVOfBKflQpN71T-mEBsuPvQHPfzYQn3G_rSweCvgpw5Q38oSVFWej4MWtdSI2iryX17hMkGq5r5BLiCtUc6xoItD1EWHqVIU_RvIwCinzLGRsNu1XhWMfKLQ2KSpBwI96JZH95-51A7BobqKwk1726wo3Zf29rx-hZmFqDBNsYu_bmqy-2fa6_rb-z5bu8XA5WxtfFAGF8IAdN8KQvoudnx8UmktumhWMGlV8HlA7vQHMR80QBbEa3h5LfFtax8dPp_iFN5nMSgHMm8ZMtsqcSpPOGpP306oDXZ-MyoxiXD1NQQvYgg0LhavvnoF_ERTcu-if82kD-WqNCqkwEu4PsahPiPoGScFQicaypupUtpppVjqLuEgWXC-Ncp9y8VJxc-RPi0O8Yz4D564ljuDZ6ZdSDQyBmEH7OYXFgr-PC4-vr7iF8gDqQ2qOF-u_PtZxxgVl31Ue_n7FQY723MfBkrGAYxDIlqudW3nBV7aGy0T8FX85BK7jMyP52Oxam4t8knLbYAk5pd__UHOQ_FPk3HtkhadO1QVHt-K3aAv7d-lMshGT9h9rhdck_oDCST_mjs82ZJYrtnyKGW5nLjeJxae5BKyHEVyz-HOeB-di3jvYW4x5APQg6oIinukC4qMGqLP2fxkaNe1muOAKEJpjEZ9P1xc7hB7PdS4oBzk69INmSItFvfotSGgLOLrYH0t0eNqxzgPpzXftE18JBz_Ggyt06UFjht0virYPBtwlIqaZ3t1peCn3kjerjLhcPvf0DLJ2lj-TTlIvFYtg&sai=AMfl-YSNqV8xFFyXP5Ez5fg4dyLS1TUzp0dhnS6v3IhU3sAFhyRP7uFvkqSgU720qdXiMFuGVZNavgzRLmCi65VhzzxKq-tLpoqsZdbYKShB0nDju9s6CQrH5Gi3gVF21AV64N7ct3wtDCBIeHyly8QoQWKQs657PUzQWZgGagI5_2zQv26ukWZc5A9ZBZql4INF3xd6Tt5Nn6ID6xSehbRGhT-rO8rvPtgegSi0Zm9At2mu9tipcO7OgHFH99iwc4LEDJLB3iKClc2qKQ7sOrPiMxQTOjFl3o4vkTCtswSYpMf0338ClfE&sig=Cg0ArKJSzMazT5WqMGTIEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221207.23311&arae=0&ftch=1&adurl=
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjssBB2XsNzptW_r_NqdlEIEAuZdt-_meeb9vT7Szpny_RlKZ5AT85_SEYkNZiRJb2N60f7_fg1rhKYnme5X2trU3RP44WHujgaui3wxDbAMIIYfoiPIluDKywnqpsaSs2EGphf0t1cVRLULPbIFSlX3CBGxlAbbSrsJDg8GI_AhSMqYLkhFS_BceUkoljt1vK06AzTOYeOlC4xNPxD1LS5Zjoh1HJTe7VQLTurpxm-8cLhAg8Z0CbAYsZ2lXhM-DNQPnItlKTlfDofe9G4BXBnzk4OI19QLX68K2Bqn1UUMtbDeWmns7VC-qaioZhDbIe9rhI1Q_HwXkboYKmPNhdWNjl8jGiDyqVme-whve6KRhIC47c7DB871rP3RaLyR4QlLGSx3j6DZlM9PAHIGfPKpyz1U5DvkZKgkIPgGqcmVOfBKflQpN71T-mEBsuPvQHPfzYQn3G_rSweCvgpw5Q38oSVFWej4MWtdSI2iryX17hMkGq5r5BLiCtUc6xoItD1EWHqVIU_RvIwCinzLGRsNu1XhWMfKLQ2KSpBwI96JZH95-51A7BobqKwk1726wo3Zf29rx-hZmFqDBNsYu_bmqy-2fa6_rb-z5bu8XA5WxtfFAGF8IAdN8KQvoudnx8UmktumhWMGlV8HlA7vQHMR80QBbEa3h5LfFtax8dPp_iFN5nMSgHMm8ZMtsqcSpPOGpP306oDXZ-MyoxiXD1NQQvYgg0LhavvnoF_ERTcu-if82kD-WqNCqkwEu4PsahPiPoGScFQicaypupUtpppVjqLuEgWXC-Ncp9y8VJxc-RPi0O8Yz4D564ljuDZ6ZdSDQyBmEH7OYXFgr-PC4-vr7iF8gDqQ2qOF-u_PtZxxgVl31Ue_n7FQY723MfBkrGAYxDIlqudW3nBV7aGy0T8FX85BK7jMyP52Oxam4t8knLbYAk5pd__UHOQ_FPk3HtkhadO1QVHt-K3aAv7d-lMshGT9h9rhdck_oDCST_mjs82ZJYrtnyKGW5nLjeJxae5BKyHEVyz-HOeB-di3jvYW4x5APQg6oIinukC4qMGqLP2fxkaNe1muOAKEJpjEZ9P1xc7hB7PdS4oBzk69INmSItFvfotSGgLOLrYH0t0eNqxzgPpzXftE18JBz_Ggyt06UFjht0virYPBtwlIqaZ3t1peCn3kjerjLhcPvf0DLJ2lj-TTlIvFYtg&sai=AMfl-YSNqV8xFFyXP5Ez5fg4dyLS1TUzp0dhnS6v3IhU3sAFhyRP7uFvkqSgU720qdXiMFuGVZNavgzRLmCi65VhzzxKq-tLpoqsZdbYKShB0nDju9s6CQrH5Gi3gVF21AV64N7ct3wtDCBIeHyly8QoQWKQs657PUzQWZgGagI5_2zQv26ukWZc5A9ZBZql4INF3xd6Tt5Nn6ID6xSehbRGhT-rO8rvPtgegSi0Zm9At2mu9tipcO7OgHFH99iwc4LEDJLB3iKClc2qKQ7sOrPiMxQTOjFl3o4vkTCtswSYpMf0338ClfE&sig=Cg0ArKJSzMazT5WqMGTIEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221207.23311&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://c674219087d7e139b37592146a2852e2.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sun, 25 Dec 2022 06:48:25 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 25-Dec-2022 07:03:25 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 25 Dec 2022 06:48:25 GMT
X-Firefox-Spdy: h2
t.6sc.co/img.gif?event=imp&mcid=84455&cb=2005598045&pid=179403358&cid=28401156
23.14.5.116200 OK 43 B URL HTTP/1.1 t.6sc.co/img.gif?event=imp&mcid=84455&cb=2005598045&pid=179403358&cid=28401156
IP 23.14.5.116:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash f837aa60b6fe83458f790db60d529fc9
14af87ccec7f81bb28d53c84da2fd5a9d5925cda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /img.gif?event=imp&mcid=84455&cb=2005598045&pid=179403358&cid=28401156 HTTP/1.1
Host: t.6sc.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c674219087d7e139b37592146a2852e2.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-Type: image/gif
ETag: "615ccf16-2b"
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Tue, 05 Oct 2021 22:17:58 GMT
Pragma: no-cache
Server: nginx/1.14.0 (Ubuntu)
X-Content-Type-Options: nosniff
Content-Length: 43
Date: Sun, 25 Dec 2022 06:48:25 GMT
Connection: keep-alive
Set-Cookie: 6suuid=1c9854683927000039f2a7631e0300005db13b00; expires=Tue, 24-Dec-2024 06:48:25 GMT; path=/; domain=.6sc.co; SameSite=None; secure
Access-Control-Allow-Origin:
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 915903fa6db6c0224648e3273daf13c8
98bad0e53f8f362341207cf5b1c37ab6c0dbb7d7
cc46e6cbdc91bba473f6337162f3e1d0231e556ca42fdd2fe44947aa1eeac413
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 06:48:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssBB2XsNzptW_r_NqdlEIEAuZdt-_meeb9vT7Szpny_RlKZ5AT85_SEYkNZiRJb2N60f7_fg1rhKYnme5X2trU3RP44WHujgaui3wxDbAMIIYfoiPIluDKywnqpsaSs2EGphf0t1cVRLULPbIFSlX3CBGxlAbbSrsJDg8GI_AhSMqYLkhFS_BceUkoljt1vK06AzTOYeOlC4xNPxD1LS5Zjoh1HJTe7VQLTurpxm-8cLhAg8Z0CbAYsZ2lXhM-DNQPnItlKTlfDofe9G4BXBnzk4OI19QLX68K2Bqn1UUMtbDeWmns7VC-qaioZhDbIe9rhI1Q_HwXkboYKmPNhdWNjl8jGiDyqVme-whve6KRhIC47c7DB871rP3RaLyR4QlLGSx3j6DZlM9PAHIGfPKpyz1U5DvkZKgkIPgGqcmVOfBKflQpN71T-mEBsuPvQHPfzYQn3G_rSweCvgpw5Q38oSVFWej4MWtdSI2iryX17hMkGq5r5BLiCtUc6xoItD1EWHqVIU_RvIwCinzLGRsNu1XhWMfKLQ2KSpBwI96JZH95-51A7BobqKwk1726wo3Zf29rx-hZmFqDBNsYu_bmqy-2fa6_rb-z5bu8XA5WxtfFAGF8IAdN8KQvoudnx8UmktumhWMGlV8HlA7vQHMR80QBbEa3h5LfFtax8dPp_iFN5nMSgHMm8ZMtsqcSpPOGpP306oDXZ-MyoxiXD1NQQvYgg0LhavvnoF_ERTcu-if82kD-WqNCqkwEu4PsahPiPoGScFQicaypupUtpppVjqLuEgWXC-Ncp9y8VJxc-RPi0O8Yz4D564ljuDZ6ZdSDQyBmEH7OYXFgr-PC4-vr7iF8gDqQ2qOF-u_PtZxxgVl31Ue_n7FQY723MfBkrGAYxDIlqudW3nBV7aGy0T8FX85BK7jMyP52Oxam4t8knLbYAk5pd__UHOQ_FPk3HtkhadO1QVHt-K3aAv7d-lMshGT9h9rhdck_oDCST_mjs82ZJYrtnyKGW5nLjeJxae5BKyHEVyz-HOeB-di3jvYW4x5APQg6oIinukC4qMGqLP2fxkaNe1muOAKEJpjEZ9P1xc7hB7PdS4oBzk69INmSItFvfotSGgLOLrYH0t0eNqxzgPpzXftE18JBz_Ggyt06UFjht0virYPBtwlIqaZ3t1peCn3kjerjLhcPvf0DLJ2lj-TTlIvFYtg&sai=AMfl-YSNqV8xFFyXP5Ez5fg4dyLS1TUzp0dhnS6v3IhU3sAFhyRP7uFvkqSgU720qdXiMFuGVZNavgzRLmCi65VhzzxKq-tLpoqsZdbYKShB0nDju9s6CQrH5Gi3gVF21AV64N7ct3wtDCBIeHyly8QoQWKQs657PUzQWZgGagI5_2zQv26ukWZc5A9ZBZql4INF3xd6Tt5Nn6ID6xSehbRGhT-rO8rvPtgegSi0Zm9At2mu9tipcO7OgHFH99iwc4LEDJLB3iKClc2qKQ7sOrPiMxQTOjFl3o4vkTCtswSYpMf0338ClfE&sig=Cg0ArKJSzMazT5WqMGTIEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=350&vt=11&dtpt=349&dett=2&cstd=0&cisv=r20221207.23311&arae=0&ftch=1&adurl=
142.250.74.34200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssBB2XsNzptW_r_NqdlEIEAuZdt-_meeb9vT7Szpny_RlKZ5AT85_SEYkNZiRJb2N60f7_fg1rhKYnme5X2trU3RP44WHujgaui3wxDbAMIIYfoiPIluDKywnqpsaSs2EGphf0t1cVRLULPbIFSlX3CBGxlAbbSrsJDg8GI_AhSMqYLkhFS_BceUkoljt1vK06AzTOYeOlC4xNPxD1LS5Zjoh1HJTe7VQLTurpxm-8cLhAg8Z0CbAYsZ2lXhM-DNQPnItlKTlfDofe9G4BXBnzk4OI19QLX68K2Bqn1UUMtbDeWmns7VC-qaioZhDbIe9rhI1Q_HwXkboYKmPNhdWNjl8jGiDyqVme-whve6KRhIC47c7DB871rP3RaLyR4QlLGSx3j6DZlM9PAHIGfPKpyz1U5DvkZKgkIPgGqcmVOfBKflQpN71T-mEBsuPvQHPfzYQn3G_rSweCvgpw5Q38oSVFWej4MWtdSI2iryX17hMkGq5r5BLiCtUc6xoItD1EWHqVIU_RvIwCinzLGRsNu1XhWMfKLQ2KSpBwI96JZH95-51A7BobqKwk1726wo3Zf29rx-hZmFqDBNsYu_bmqy-2fa6_rb-z5bu8XA5WxtfFAGF8IAdN8KQvoudnx8UmktumhWMGlV8HlA7vQHMR80QBbEa3h5LfFtax8dPp_iFN5nMSgHMm8ZMtsqcSpPOGpP306oDXZ-MyoxiXD1NQQvYgg0LhavvnoF_ERTcu-if82kD-WqNCqkwEu4PsahPiPoGScFQicaypupUtpppVjqLuEgWXC-Ncp9y8VJxc-RPi0O8Yz4D564ljuDZ6ZdSDQyBmEH7OYXFgr-PC4-vr7iF8gDqQ2qOF-u_PtZxxgVl31Ue_n7FQY723MfBkrGAYxDIlqudW3nBV7aGy0T8FX85BK7jMyP52Oxam4t8knLbYAk5pd__UHOQ_FPk3HtkhadO1QVHt-K3aAv7d-lMshGT9h9rhdck_oDCST_mjs82ZJYrtnyKGW5nLjeJxae5BKyHEVyz-HOeB-di3jvYW4x5APQg6oIinukC4qMGqLP2fxkaNe1muOAKEJpjEZ9P1xc7hB7PdS4oBzk69INmSItFvfotSGgLOLrYH0t0eNqxzgPpzXftE18JBz_Ggyt06UFjht0virYPBtwlIqaZ3t1peCn3kjerjLhcPvf0DLJ2lj-TTlIvFYtg&sai=AMfl-YSNqV8xFFyXP5Ez5fg4dyLS1TUzp0dhnS6v3IhU3sAFhyRP7uFvkqSgU720qdXiMFuGVZNavgzRLmCi65VhzzxKq-tLpoqsZdbYKShB0nDju9s6CQrH5Gi3gVF21AV64N7ct3wtDCBIeHyly8QoQWKQs657PUzQWZgGagI5_2zQv26ukWZc5A9ZBZql4INF3xd6Tt5Nn6ID6xSehbRGhT-rO8rvPtgegSi0Zm9At2mu9tipcO7OgHFH99iwc4LEDJLB3iKClc2qKQ7sOrPiMxQTOjFl3o4vkTCtswSYpMf0338ClfE&sig=Cg0ArKJSzMazT5WqMGTIEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=350&vt=11&dtpt=349&dett=2&cstd=0&cisv=r20221207.23311&arae=0&ftch=1&adurl=
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjssBB2XsNzptW_r_NqdlEIEAuZdt-_meeb9vT7Szpny_RlKZ5AT85_SEYkNZiRJb2N60f7_fg1rhKYnme5X2trU3RP44WHujgaui3wxDbAMIIYfoiPIluDKywnqpsaSs2EGphf0t1cVRLULPbIFSlX3CBGxlAbbSrsJDg8GI_AhSMqYLkhFS_BceUkoljt1vK06AzTOYeOlC4xNPxD1LS5Zjoh1HJTe7VQLTurpxm-8cLhAg8Z0CbAYsZ2lXhM-DNQPnItlKTlfDofe9G4BXBnzk4OI19QLX68K2Bqn1UUMtbDeWmns7VC-qaioZhDbIe9rhI1Q_HwXkboYKmPNhdWNjl8jGiDyqVme-whve6KRhIC47c7DB871rP3RaLyR4QlLGSx3j6DZlM9PAHIGfPKpyz1U5DvkZKgkIPgGqcmVOfBKflQpN71T-mEBsuPvQHPfzYQn3G_rSweCvgpw5Q38oSVFWej4MWtdSI2iryX17hMkGq5r5BLiCtUc6xoItD1EWHqVIU_RvIwCinzLGRsNu1XhWMfKLQ2KSpBwI96JZH95-51A7BobqKwk1726wo3Zf29rx-hZmFqDBNsYu_bmqy-2fa6_rb-z5bu8XA5WxtfFAGF8IAdN8KQvoudnx8UmktumhWMGlV8HlA7vQHMR80QBbEa3h5LfFtax8dPp_iFN5nMSgHMm8ZMtsqcSpPOGpP306oDXZ-MyoxiXD1NQQvYgg0LhavvnoF_ERTcu-if82kD-WqNCqkwEu4PsahPiPoGScFQicaypupUtpppVjqLuEgWXC-Ncp9y8VJxc-RPi0O8Yz4D564ljuDZ6ZdSDQyBmEH7OYXFgr-PC4-vr7iF8gDqQ2qOF-u_PtZxxgVl31Ue_n7FQY723MfBkrGAYxDIlqudW3nBV7aGy0T8FX85BK7jMyP52Oxam4t8knLbYAk5pd__UHOQ_FPk3HtkhadO1QVHt-K3aAv7d-lMshGT9h9rhdck_oDCST_mjs82ZJYrtnyKGW5nLjeJxae5BKyHEVyz-HOeB-di3jvYW4x5APQg6oIinukC4qMGqLP2fxkaNe1muOAKEJpjEZ9P1xc7hB7PdS4oBzk69INmSItFvfotSGgLOLrYH0t0eNqxzgPpzXftE18JBz_Ggyt06UFjht0virYPBtwlIqaZ3t1peCn3kjerjLhcPvf0DLJ2lj-TTlIvFYtg&sai=AMfl-YSNqV8xFFyXP5Ez5fg4dyLS1TUzp0dhnS6v3IhU3sAFhyRP7uFvkqSgU720qdXiMFuGVZNavgzRLmCi65VhzzxKq-tLpoqsZdbYKShB0nDju9s6CQrH5Gi3gVF21AV64N7ct3wtDCBIeHyly8QoQWKQs657PUzQWZgGagI5_2zQv26ukWZc5A9ZBZql4INF3xd6Tt5Nn6ID6xSehbRGhT-rO8rvPtgegSi0Zm9At2mu9tipcO7OgHFH99iwc4LEDJLB3iKClc2qKQ7sOrPiMxQTOjFl3o4vkTCtswSYpMf0338ClfE&sig=Cg0ArKJSzMazT5WqMGTIEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=350&vt=11&dtpt=349&dett=2&cstd=0&cisv=r20221207.23311&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://c674219087d7e139b37592146a2852e2.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sun, 25 Dec 2022 06:48:25 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 25-Dec-2022 07:03:25 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 25 Dec 2022 06:48:25 GMT
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 06:48:23 GMT
content-type: text/plain
set-cookie: csu=1389527517099402@1@1671950903; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KoNCPeUDzXFORI%2FmNCXrE6SONKxClCv%2BhHlJreQGA4kyC7lp%2FWEB%2BNJqLUSy3l6bNOQi0F8haKGx0yZShJW%2BdDO1HsoYW2O4jdX0PQ0jw2zGUry67Vytjc%2Fb2Td8bxc8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77efa17cac867761-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.demand.supply/v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAva21IRzhF
104.16.133.22200 OK 0 B URL HTTP/2 api.demand.supply/v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAva21IRzhF
IP 104.16.133.22:0
GET /v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAva21IRzhF HTTP/1.1
Host: api.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 06:48:23 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
etag: W/"130-cuIimaqz9R/W6QfpO65KP93Vq1c"
cf-cache-status: HIT
age: 3327
vary: Accept-Encoding
server: cloudflare
cf-ray: 77efa17d980ab512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 25 Dec 2022 06:48:23 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1111
last-modified: Sun, 25 Dec 2022 06:29:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tKT1mnpp26mafyj9QL7Kg7wkVWus0yR24%2B2%2BPnJFNXdwtK0AYzR2m5Naa7A7Q2qmV4QQf8o0HTBrP18epE69JcFkRGp2dCzRcHPufN80v3vYVygd6qC8%2FuPPRtjz7ByE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77efa17cbc967761-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
live.demand.supply/p4/v16-2-0/ZXhlby5hcHAva21IRzhF
104.16.133.22200 OK 0 B URL HTTP/2 live.demand.supply/p4/v16-2-0/ZXhlby5hcHAva21IRzhF
IP 104.16.133.22:0
GET /p4/v16-2-0/ZXhlby5hcHAva21IRzhF HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Cookie: demandSupplyTi=bd5cee6c-e676-499b-bb0b-de17b61f7ecc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 06:48:23 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
vary: Accept-Encoding
server: cloudflare
cf-ray: 77efa17c8bb6b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
188.114.96.1200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP 188.114.96.1:0
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 06:48:23 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 931
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bla0kxPFXYDPLtSNrvd%2B0qxF08WNBLdfY%2BR2evF95WDJMrQbbhGOvF7Vkxqn%2F%2FR1slOJNW94xTiB3gL6dgDPDBMXn6zAKGcRoflTrWClDXmclgR%2BMOWwHDND6%2B0EX6sZtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77efa17bcb19b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 06:48:23 GMT
content-type: text/plain
set-cookie: csu=1186536940400404@1@1671950903; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8bSfJPvCTDYD1RHJavEDotHDuS%2B7SwszGRYZrv0%2FVdDvrjhVN5OLvdndoAbu%2BhZ9YOkdWxj0sf5KejQ4xeZ7g8BH1jb7O5i0Bp%2BnV0Mj3MNeXp5FI%2FHxkNgSYr2FyEOd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77efa17d6d0a7761-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exe.io/kmHG8E
172.67.71.40302 Found 0 B IP 172.67.71.40:0
GET /kmHG8E HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sun, 25 Dec 2022 06:48:23 GMT
content-type: text/html; charset=UTF-8
location: https://exeo.app/kmHG8E
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=a5f98f913b27e0eee559e6cbfd55e879; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2M3CUNIKfCCOicFWq8ZtxJAVjpyR%2BZ%2FS3%2BwpvQl41QF6FEWm%2FPPbVQjEsfYLFuCkJuYsvsv4xV6FbwKnlBi6Lhlo7mA9gTR6xs86cqQ52qR1MCIqg2y1Kg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77efa177694db509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exeo.app/css/continue.css
172.67.74.139200 OK 0 B URL HTTP/2 exeo.app/css/continue.css
IP 172.67.74.139:0
GET /css/continue.css HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/kmHG8E
Cookie: AppSession=e2be97a2a9787edec27db326296fe2bd; csrfToken=7866bec177d7b81fe1b75263bccefa5df5b810f2fac2c84f2e8fa8bc064a04f8e4575af61516ab55db411886cd358d7c642c5bd13f299bf63c69b1eafd03138a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 06:48:23 GMT
content-type: text/css
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=211688
expires: Wed, 11 Jan 2023 22:59:01 GMT
last-modified: Mon, 12 Dec 2022 17:28:40 GMT
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1064962
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rl14pwNlVSDg0lGQQ%2BRaVpCAv2essQN0RDiJo%2FCWr0%2BGrRnKzja5SEGpRcCect9N66w85f4EtdNQ%2FqTckYpEdeAPIHYPmhjGqbyZ6wI9UIbvkt5VV8GpghYc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77efa17a7d5fb4e8-OSL
content-encoding: br
X-Firefox-Spdy: h2
exeo.app/fv.ico
172.67.74.139200 OK 0 B IP 172.67.74.139:0
Analyzer Verdict Alert fortinet Malware
GET /fv.ico HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/kmHG8E
Cookie: AppSession=e2be97a2a9787edec27db326296fe2bd; csrfToken=7866bec177d7b81fe1b75263bccefa5df5b810f2fac2c84f2e8fa8bc064a04f8e4575af61516ab55db411886cd358d7c642c5bd13f299bf63c69b1eafd03138a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 06:48:24 GMT
content-type: image/x-icon
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Aug 2019 06:50:33 GMT
cache-control: max-age=31536000
expires: Tue, 12 Dec 2023 22:59:02 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1064962
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7UbQLduf4LnJekT0wDsTBKgJmqjFsM42SIQFrAfMnC9jrqf08NflY6u1W3TSuuYEdeKnJrjjUyMOmv9BnwlIz0mEBOS6W9AT7to4znJfBJAS2xr78O2DvFF%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77efa17ebf08b4e8-OSL
content-encoding: br
X-Firefox-Spdy: h2
live.demand.supply/ds.2.html
104.16.133.22200 OK 0 B URL HTTP/2 live.demand.supply/ds.2.html
IP 104.16.133.22:0
GET /ds.2.html HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 06:48:23 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
x-nf-request-id: 01GM32FRGGXY91P3W7PAZSC246
cf-cache-status: HIT
age: 1064045
vary: Accept-Encoding
server: cloudflare
cf-ray: 77efa17c9bb8b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2