exe.io/wxpzt
301 Moved Permanently 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wxpzt HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Nov 2022 12:49:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 26 Nov 2022 13:49:43 GMT
Location: https://exe.io/wxpzt
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZSyt0VdX24C1qA0Bjt9NbZZ%2FNL6x614qzOohg9xAzlT7QeNZdyRbKeFC9%2FZLF52FMqHHDJnWuqWpBi2KHLMvFU9tqTLYwLzRr4uKMnlBTUhukkXhQkE8eg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7702bee52829b4f9-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15463
Expires: Sat, 26 Nov 2022 17:07:26 GMT
Date: Sat, 26 Nov 2022 12:49:43 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 15b59d5e62caedb4bec3ba6724906c1e
960f801e608a56fdd11449f4face29f62cad2b21
8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5813
Cache-Control: max-age=170298
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:43 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 12:08:01 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9616
Expires: Sat, 26 Nov 2022 15:29:59 GMT
Date: Sat, 26 Nov 2022 12:49:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 12:17:32 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1931
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Csjl4hIpQ/upiFdfCQ2sOkbCk5JzL2B1CEOcH9AS2KJIdDnlwySSNvRrxdo9LsptIbNvJlXl3EI=
x-amz-request-id: BR4V2YJM4EEBW9JJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 12:44:14 GMT
age: 329
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 39015baf6711f27aeeb4e13472d9a3a5
ba4894a96b534d6ad9b06b860eed813f393ae3c3
31905bde9da06af66fc57b31470e779ec06578513647a894e4d9e33e010b65ed
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5478
Cache-Control: max-age=121381
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:43 GMT
Etag: "63812d26-117"
Expires: Sun, 27 Nov 2022 22:32:44 GMT
Last-Modified: Fri, 25 Nov 2022 21:01:26 GMT
Server: ECS (amb/6B74)
X-Cache: HIT
Content-Length: 279
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 12:49:43 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 39015baf6711f27aeeb4e13472d9a3a5
ba4894a96b534d6ad9b06b860eed813f393ae3c3
31905bde9da06af66fc57b31470e779ec06578513647a894e4d9e33e010b65ed
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5478
Cache-Control: max-age=121381
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:43 GMT
Etag: "63812d26-117"
Expires: Sun, 27 Nov 2022 22:32:44 GMT
Last-Modified: Fri, 25 Nov 2022 21:01:26 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash ef04c39aceafdb60d96736475cf7a477
080637fc7bb2a614b36f947ffa8a5004278c6d5d
f1d0cd835c2b036b2f8ca34a83e063c971185b1ac3449737b543146370697015
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "F1D0CD835C2B036B2F8CA34A83E063C971185B1AC3449737B543146370697015"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8853
Expires: Sat, 26 Nov 2022 15:17:16 GMT
Date: Sat, 26 Nov 2022 12:49:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 12:08:54 GMT
cache-control: public,max-age=3600
age: 2449
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash ef04c39aceafdb60d96736475cf7a477
080637fc7bb2a614b36f947ffa8a5004278c6d5d
f1d0cd835c2b036b2f8ca34a83e063c971185b1ac3449737b543146370697015
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "F1D0CD835C2B036B2F8CA34A83E063C971185B1AC3449737B543146370697015"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8852
Expires: Sat, 26 Nov 2022 15:17:16 GMT
Date: Sat, 26 Nov 2022 12:49:44 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e388353a642bc503beff27c23339e2b5
7849301df8cbfa3f9c019b1d4033b66e0f44c4bd
5e595e9ce96c6147c3ff79ebba0068ddb0d997237a671936cb05d9575c59a424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP
File type ASCII text, with very long lines (1921)
Hash d18d867ea83f99be990015214f70dcbd
cb18fd35a5494dbb6c7dbbb03bd9e539e3b4b08f
d1f3bfaff1f90b831232e0cf80ba34bed07a8deddc650184552b07fbf4e08919
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 26 Nov 2022 12:49:44 GMT
expires: Sat, 26 Nov 2022 12:49:44 GMT
cache-control: private, max-age=900
last-modified: Sat, 26 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43617
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6164
Cache-Control: max-age=165591
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:44 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 10:49:35 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a5c7a10dbb81ef0a722eeecdc9fad12f
a6e0b9c8f595a6c60abb24cf2c3d4b77cc4bc118
ce358108e98ffc558d5e25334bc4525fa24c5b12e4b65785fac48271cfa84ad5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE358108E98FFC558D5E25334BC4525FA24C5B12E4B65785FAC48271CFA84AD5"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6903
Expires: Sat, 26 Nov 2022 14:44:47 GMT
Date: Sat, 26 Nov 2022 12:49:44 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e388353a642bc503beff27c23339e2b5
7849301df8cbfa3f9c019b1d4033b66e0f44c4bd
5e595e9ce96c6147c3ff79ebba0068ddb0d997237a671936cb05d9575c59a424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 68745a2ce5202b74813ec9b5bf58c1c8
f342c1a18d2797b4b9733b6f7fa1b9b340117440
54d2b755bfbfedfc4da722a3260099c671ffb2449458266c99faefd2429a2869
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "54D2B755BFBFEDFC4DA722A3260099C671FFB2449458266C99FAEFD2429A2869"
Last-Modified: Fri, 25 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16332
Expires: Sat, 26 Nov 2022 17:21:56 GMT
Date: Sat, 26 Nov 2022 12:49:44 GMT
Connection: keep-alive
fn.deulspoorn.com/1clkn/29529
200 OK 26 B URL HTTP/1.1 fn.deulspoorn.com/1clkn/29529
IP
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: fn.deulspoorn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 12:49:44 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sun, 27-Nov-2022 12:49:44 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sun, 27-Nov-2022 12:49:44 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 68745a2ce5202b74813ec9b5bf58c1c8
f342c1a18d2797b4b9733b6f7fa1b9b340117440
54d2b755bfbfedfc4da722a3260099c671ffb2449458266c99faefd2429a2869
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "54D2B755BFBFEDFC4DA722A3260099C671FFB2449458266C99FAEFD2429A2869"
Last-Modified: Fri, 25 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16332
Expires: Sat, 26 Nov 2022 17:21:56 GMT
Date: Sat, 26 Nov 2022 12:49:44 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 3f4a7fb0a46243afcdef495930802d62
979a0675885be263f28e6b3cf9a699c8cdd69f04
6428e7f877dc58c23c7ac0d9597d40db3548026b8e5aa5f5c58706841b45bd1c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6428E7F877DC58C23C7AC0D9597D40DB3548026B8E5AA5F5C58706841B45BD1C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15224
Expires: Sat, 26 Nov 2022 17:03:28 GMT
Date: Sat, 26 Nov 2022 12:49:44 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 3f4a7fb0a46243afcdef495930802d62
979a0675885be263f28e6b3cf9a699c8cdd69f04
6428e7f877dc58c23c7ac0d9597d40db3548026b8e5aa5f5c58706841b45bd1c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6428E7F877DC58C23C7AC0D9597D40DB3548026B8E5AA5F5C58706841B45BD1C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15224
Expires: Sat, 26 Nov 2022 17:03:28 GMT
Date: Sat, 26 Nov 2022 12:49:44 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 4831d5e92555537513ad4c63c2e39426
741b4861613e04bb1b22a6980b7a8a6955fd0da7
d858beed523fd699997da5717fc1287fcc6ea31eac495d7d719b46010173fe83
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D858BEED523FD699997DA5717FC1287FCC6EA31EAC495D7D719B46010173FE83"
Last-Modified: Fri, 25 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16696
Expires: Sat, 26 Nov 2022 17:28:00 GMT
Date: Sat, 26 Nov 2022 12:49:44 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 3f4a7fb0a46243afcdef495930802d62
979a0675885be263f28e6b3cf9a699c8cdd69f04
6428e7f877dc58c23c7ac0d9597d40db3548026b8e5aa5f5c58706841b45bd1c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6428E7F877DC58C23C7AC0D9597D40DB3548026B8E5AA5F5C58706841B45BD1C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15224
Expires: Sat, 26 Nov 2022 17:03:28 GMT
Date: Sat, 26 Nov 2022 12:49:44 GMT
Connection: keep-alive
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 05:42:51 GMT
expires: Fri, 24 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 198413
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 19:07:15 GMT
expires: Tue, 21 Nov 2023 19:07:15 GMT
cache-control: public, max-age=31536000
age: 409349
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
watchingssu.com/NWE3UFdUA1Q9aFRcVXYiRw0KdWVzRAUWMwcTRCY0WFBFaCJDDFF+NFkOQjQxRw5ZJHlbBEN1ZXM5VAUBRwJaAQR+BmIFAEI0RBRnDAJkCC9TMgYSD3kZUDQUUicDHBZ0LH4IAl8xQDMzViJYMhRMFV0YIFIgYxgBeylQBTF8DW0FFmdZWgY8eyJyExJ/NQYSD3gzRDQTBRZYFQUBLn8pb34ndmgAbBkDBABnFkYVBUYofwMFejB0GhJUUEMIAV4nQxgVRipxAzhWIGIWE1EwYhcGYC8GBzx/KmYHFWwschYTUTNAMhReBU8EPHAMYRgzVyJbGhFsJxo3IGQ0eWEQZDN1ATBnAGY8EVMFYhoPYwpyORNdJGcYOnc7eRYNdwVxJBRjNHFgA14jYhYuQjtxJx5QMWJlFnwKdWEPWRliBi13NmYncV8SWD4nCCZFOAcFKXozOwAgXj8N
200 OK 1.2 kB URL HTTP/2 watchingssu.com/NWE3UFdUA1Q9aFRcVXYiRw0KdWVzRAUWMwcTRCY0WFBFaCJDDFF+NFkOQjQxRw5ZJHlbBEN1ZXM5VAUBRwJaAQR+BmIFAEI0RBRnDAJkCC9TMgYSD3kZUDQUUicDHBZ0LH4IAl8xQDMzViJYMhRMFV0YIFIgYxgBeylQBTF8DW0FFmdZWgY8eyJyExJ/NQYSD3gzRDQTBRZYFQUBLn8pb34ndmgAbBkDBABnFkYVBUYofwMFejB0GhJUUEMIAV4nQxgVRipxAzhWIGIWE1EwYhcGYC8GBzx/KmYHFWwschYTUTNAMhReBU8EPHAMYRgzVyJbGhFsJxo3IGQ0eWEQZDN1ATBnAGY8EVMFYhoPYwpyORNdJGcYOnc7eRYNdwVxJBRjNHFgA14jYhYuQjtxJx5QMWJlFnwKdWEPWRliBi13NmYncV8SWD4nCCZFOAcFKXozOwAgXj8N
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash f5db463e237c2d3838ab229c9c0326e5
a75e524b915176c4716a0424b015d29a14cbe43b
cc5eb79a19cf901c2d3c0ddbd156faa9289ca2cfe54ad2f8b49ac7f6065a8cfe
GET /NWE3UFdUA1Q9aFRcVXYiRw0KdWVzRAUWMwcTRCY0WFBFaCJDDFF+NFkOQjQxRw5ZJHlbBEN1ZXM5VAUBRwJaAQR+BmIFAEI0RBRnDAJkCC9TMgYSD3kZUDQUUicDHBZ0LH4IAl8xQDMzViJYMhRMFV0YIFIgYxgBeylQBTF8DW0FFmdZWgY8eyJyExJ/NQYSD3gzRDQTBRZYFQUBLn8pb34ndmgAbBkDBABnFkYVBUYofwMFejB0GhJUUEMIAV4nQxgVRipxAzhWIGIWE1EwYhcGYC8GBzx/KmYHFWwschYTUTNAMhReBU8EPHAMYRgzVyJbGhFsJxo3IGQ0eWEQZDN1ATBnAGY8EVMFYhoPYwpyORNdJGcYOnc7eRYNdwVxJBRjNHFgA14jYhYuQjtxJx5QMWJlFnwKdWEPWRliBi13NmYncV8SWD4nCCZFOAcFKXozOwAgXj8N HTTP/1.1
Host: watchingssu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1196
date: Sat, 26 Nov 2022 12:49:44 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 009f08cce389af684f28c36891875534.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: mXdxoMz5wpE9d1SyhnpW0XM-6948ySLAIl-tE2PMolB6T90bqNNVFA==
X-Firefox-Spdy: h2
watchingssu.com/utx?cb=CR5NUa8xxMah&top=exee.app&tid=822524
204 No Content 0 B URL HTTP/2 watchingssu.com/utx?cb=CR5NUa8xxMah&top=exee.app&tid=822524
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=CR5NUa8xxMah&top=exee.app&tid=822524 HTTP/1.1
Host: watchingssu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 26 Nov 2022 12:49:44 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 26 Nov 2022 12:50:44 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 009f08cce389af684f28c36891875534.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: Lgtd9RHywPnrafSKecb-PuAjrIV6FW5RmYRcU-KMf5UlARZj8fRuIQ==
X-Firefox-Spdy: h2
watchingssu.com/bURWMEgMJjVddwx5NBY9HyhrFXorYWR2LF82JUYrAHUkCD0bKTAeKwErI1QuHys4RGYDISIVeisuDGQKIwlkRw81PRhmHRUCDHsZWBEDYQZIdhByHlwAAVp9DgU+ZQYpKBNXADonGVEeBg0QWiQnBxBXCQx1bn4LXCAhdhkGCAMDCS4XMWIdITNjaRldESV0LygPBVkaCwUXYR4LdwBqGxoGOXEeFQoESRoJBxdAAD0sDFUeO3BjdiRYEhdoeAkcE3EMKTwMVR44Jz1oHh0WEGh9FRcAUwkjFQBpGSwJBnYkWBIHWjs6HC9hCgsVDHMePyg5cR4aBwBjZVgdFwAJLgchdis7BRQJCQE8A3YQVQAVVzAuDxBlDCUWABV6KyAAAR4vExt0GwUFGFYJSy4lXyYdeRVSBBUTFWp9AA
200 OK 1.2 kB URL HTTP/2 watchingssu.com/bURWMEgMJjVddwx5NBY9HyhrFXorYWR2LF82JUYrAHUkCD0bKTAeKwErI1QuHys4RGYDISIVeisuDGQKIwlkRw81PRhmHRUCDHsZWBEDYQZIdhByHlwAAVp9DgU+ZQYpKBNXADonGVEeBg0QWiQnBxBXCQx1bn4LXCAhdhkGCAMDCS4XMWIdITNjaRldESV0LygPBVkaCwUXYR4LdwBqGxoGOXEeFQoESRoJBxdAAD0sDFUeO3BjdiRYEhdoeAkcE3EMKTwMVR44Jz1oHh0WEGh9FRcAUwkjFQBpGSwJBnYkWBIHWjs6HC9hCgsVDHMePyg5cR4aBwBjZVgdFwAJLgchdis7BRQJCQE8A3YQVQAVVzAuDxBlDCUWABV6KyAAAR4vExt0GwUFGFYJSy4lXyYdeRVSBBUTFWp9AA
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3014), with no line terminators
Hash 4743dca4bfbe3f477ff91b2bdd635c09
c54ba14b26d0f5b070b4eb3a03d1cf9608d64b12
6be7bdede8dc935d81a07405daa7e97f3a304c20a2bb12cde0f2199767b21a91
GET /bURWMEgMJjVddwx5NBY9HyhrFXorYWR2LF82JUYrAHUkCD0bKTAeKwErI1QuHys4RGYDISIVeisuDGQKIwlkRw81PRhmHRUCDHsZWBEDYQZIdhByHlwAAVp9DgU+ZQYpKBNXADonGVEeBg0QWiQnBxBXCQx1bn4LXCAhdhkGCAMDCS4XMWIdITNjaRldESV0LygPBVkaCwUXYR4LdwBqGxoGOXEeFQoESRoJBxdAAD0sDFUeO3BjdiRYEhdoeAkcE3EMKTwMVR44Jz1oHh0WEGh9FRcAUwkjFQBpGSwJBnYkWBIHWjs6HC9hCgsVDHMePyg5cR4aBwBjZVgdFwAJLgchdis7BRQJCQE8A3YQVQAVVzAuDxBlDCUWABV6KyAAAR4vExt0GwUFGFYJSy4lXyYdeRVSBBUTFWp9AA HTTP/1.1
Host: watchingssu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1167
date: Sat, 26 Nov 2022 12:49:44 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 009f08cce389af684f28c36891875534.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: gtii4dyox0pIMR7IoC6CMT4jtwB1NQyEjUB_ulWV-blEnW03I0KTrw==
X-Firefox-Spdy: h2
watchingssu.com/cjZ3RmITVBQrXRMLFWAXAFpKY1A0E0UABkBEBDABHwcFfhcEWxFoAR5ZAiIEAFkZMkwcUwNjUDQEE3YKQWAccjc4ThwxASN7HwNQBgQlHhIxbD82MDtRJnMrM1JGAzVGXDEuCRNzDi0UFF0hMCoKdAIHGwVHJCgKIHkefjg+BgcxKQpdBRUPFlkxLxUkV0Q2MCJ3FHMoJ1kbAjYdXTAVKyV7NBMzEFE+dQEKWRkCNkpfMD8OIWw2LiEoXRM8BDdSEAcmSlEyPwEzfCAyJBd0HC8DQmBDFA8oUSV0UzdwMDIkF3c2Y1A0fzIAWidbIgs3HEY/CgwachUTTyNjFnY0RnQkBBAgdxsBOBxCLSMkR0wRAwEEcx0TDjVxRgAnOk4/IzcWWxF2BkdjGhRHQHQyFSc0ew4hOz9wPS0hN2xDFwwaE0UENyYHPBwVVFwEKQwCCxF+DxNnGgMFKgBFfzMV
200 OK 1.2 kB URL HTTP/2 watchingssu.com/cjZ3RmITVBQrXRMLFWAXAFpKY1A0E0UABkBEBDABHwcFfhcEWxFoAR5ZAiIEAFkZMkwcUwNjUDQEE3YKQWAccjc4ThwxASN7HwNQBgQlHhIxbD82MDtRJnMrM1JGAzVGXDEuCRNzDi0UFF0hMCoKdAIHGwVHJCgKIHkefjg+BgcxKQpdBRUPFlkxLxUkV0Q2MCJ3FHMoJ1kbAjYdXTAVKyV7NBMzEFE+dQEKWRkCNkpfMD8OIWw2LiEoXRM8BDdSEAcmSlEyPwEzfCAyJBd0HC8DQmBDFA8oUSV0UzdwMDIkF3c2Y1A0fzIAWidbIgs3HEY/CgwachUTTyNjFnY0RnQkBBAgdxsBOBxCLSMkR0wRAwEEcx0TDjVxRgAnOk4/IzcWWxF2BkdjGhRHQHQyFSc0ew4hOz9wPS0hN2xDFwwaE0UENyYHPBwVVFwEKQwCCxF+DxNnGgMFKgBFfzMV
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash 2fcb8ec82126370958aa904a22607eb6
ca0b484738ceb48dd1dfa9f9a8e08e923ed2fe69
b1e20e71690f0c23f0250dc8f016582e3ed58202da3a4c23109949de2c196dd5
GET /cjZ3RmITVBQrXRMLFWAXAFpKY1A0E0UABkBEBDABHwcFfhcEWxFoAR5ZAiIEAFkZMkwcUwNjUDQEE3YKQWAccjc4ThwxASN7HwNQBgQlHhIxbD82MDtRJnMrM1JGAzVGXDEuCRNzDi0UFF0hMCoKdAIHGwVHJCgKIHkefjg+BgcxKQpdBRUPFlkxLxUkV0Q2MCJ3FHMoJ1kbAjYdXTAVKyV7NBMzEFE+dQEKWRkCNkpfMD8OIWw2LiEoXRM8BDdSEAcmSlEyPwEzfCAyJBd0HC8DQmBDFA8oUSV0UzdwMDIkF3c2Y1A0fzIAWidbIgs3HEY/CgwachUTTyNjFnY0RnQkBBAgdxsBOBxCLSMkR0wRAwEEcx0TDjVxRgAnOk4/IzcWWxF2BkdjGhRHQHQyFSc0ew4hOz9wPS0hN2xDFwwaE0UENyYHPBwVVFwEKQwCCxF+DxNnGgMFKgBFfzMV HTTP/1.1
Host: watchingssu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Sat, 26 Nov 2022 12:49:44 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 009f08cce389af684f28c36891875534.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 7qN-nvf9VvQYB8BgrnDSw06xAdaq7DfRauLgr5wBUGaF9djkcauj3A==
X-Firefox-Spdy: h2
ceprovidingsesse.com/M3BwYkMcTxMRfmccIhAnWEFIO3IGMhU6clsoQCB7VR0qABFdRFYWKldNSFBxBkJERDNaFE1TZUAEERY2QE1BRCpdFh9fZUVNQUxwB15DU20CVgVfchUEAAMkDkFWEjdHHE1TdQVJRFR1CkhDUXUH
204 No Content 0 B URL HTTP/2 ceprovidingsesse.com/M3BwYkMcTxMRfmccIhAnWEFIO3IGMhU6clsoQCB7VR0qABFdRFYWKldNSFBxBkJERDNaFE1TZUAEERY2QE1BRCpdFh9fZUVNQUxwB15DU20CVgVfchUEAAMkDkFWEjdHHE1TdQVJRFR1CkhDUXUH
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /M3BwYkMcTxMRfmccIhAnWEFIO3IGMhU6clsoQCB7VR0qABFdRFYWKldNSFBxBkJERDNaFE1TZUAEERY2QE1BRCpdFh9fZUVNQUxwB15DU20CVgVfchUEAAMkDkFWEjdHHE1TdQVJRFR1CkhDUXUH HTTP/1.1
Host: ceprovidingsesse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 26 Nov 2022 12:49:44 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bungn5Xd2tf0zgB6h0AgHiGLep4kYHPv29LSqQIzmZCneLlz5O6sX84ICpdnAf7tD2FwkH02WHR%2BItSPmihDOCnoVRuJxxwS4sTw0SJOOFEtM4zk22gaiYymiuPodGIyJ%2FPXg0QvBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702beec981d0b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ceprovidingsesse.com/SFNSTFFnbDE/bB89CBkzez8gHQYKCwYbGxgxBHkBKhYAJAYdNHQ4OCxuanhiemVjaiEhN299aW4gJi0lPSBvfXchPTQjbG4lb31/eH1gYmNuJm99dzwjMytseXUiOCUkbmN6Z3FnZHpocGBmf2I
204 No Content 0 B URL HTTP/2 ceprovidingsesse.com/SFNSTFFnbDE/bB89CBkzez8gHQYKCwYbGxgxBHkBKhYAJAYdNHQ4OCxuanhiemVjaiEhN299aW4gJi0lPSBvfXchPTQjbG4lb31/eH1gYmNuJm99dzwjMytseXUiOCUkbmN6Z3FnZHpocGBmf2I
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /SFNSTFFnbDE/bB89CBkzez8gHQYKCwYbGxgxBHkBKhYAJAYdNHQ4OCxuanhiemVjaiEhN299aW4gJi0lPSBvfXchPTQjbG4lb31/eH1gYmNuJm99dzwjMytseXUiOCUkbmN6Z3FnZHpocGBmf2I HTTP/1.1
Host: ceprovidingsesse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 26 Nov 2022 12:49:44 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c2%2FXvaS8fMYAdSoNz5zYqitHMTSMiyK83JBkrRrhfbmKpRjM6U4xyKnas4ydDqlgzVfsfC5LIavqjKI18ZLcvzEG6qW4C2W55qoUiygSPEuxgrAgAJWb3QbPfBAA%2Ft85KmHXR5aTCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702beec98240b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
watchingssu.com/utx?cb=UCze7OOHdJqM&top=exee.app&tid=889494
204 No Content 0 B URL HTTP/2 watchingssu.com/utx?cb=UCze7OOHdJqM&top=exee.app&tid=889494
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=UCze7OOHdJqM&top=exee.app&tid=889494 HTTP/1.1
Host: watchingssu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 26 Nov 2022 12:49:44 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 26 Nov 2022 12:50:44 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 009f08cce389af684f28c36891875534.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: pjHF7yj3HHbpNK9dxyp3HrudbVdmyJroTggWfBtG3tPnu56A5Rd2VQ==
X-Firefox-Spdy: h2
ceprovidingsesse.com/TEM3NENjfFRHfgIuW0QVGChnbC95L3Z1CRYUcEMNDi9xVho7exFAKih+Dwx6eHoDEjMlJwoFZT83VkA2P34GEioiJVgJZTp+BhpweG0EBW19ZUIJcmo3R1UkcXIRRDc4LwoFdXp6AwJ1dXsEAHJ5
204 No Content 0 B URL HTTP/2 ceprovidingsesse.com/TEM3NENjfFRHfgIuW0QVGChnbC95L3Z1CRYUcEMNDi9xVho7exFAKih+Dwx6eHoDEjMlJwoFZT83VkA2P34GEioiJVgJZTp+BhpweG0EBW19ZUIJcmo3R1UkcXIRRDc4LwoFdXp6AwJ1dXsEAHJ5
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TEM3NENjfFRHfgIuW0QVGChnbC95L3Z1CRYUcEMNDi9xVho7exFAKih+Dwx6eHoDEjMlJwoFZT83VkA2P34GEioiJVgJZTp+BhpweG0EBW19ZUIJcmo3R1UkcXIRRDc4LwoFdXp6AwJ1dXsEAHJ5 HTTP/1.1
Host: ceprovidingsesse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 26 Nov 2022 12:49:44 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nFQbDXHfkHKfVtsUWl3aAMl2k8rMRp%2BnAzEFaMnn0vHtCej8WSN0wO7g3Fszwug%2FP0bG8LGIhOlEUMwDcF8If6%2B88t4gjX09vmSqIjADZxrq%2Fpy3%2FcxflYN3qrzD5IKWLBPxR0eVMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702beecb8310b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 4831d5e92555537513ad4c63c2e39426
741b4861613e04bb1b22a6980b7a8a6955fd0da7
d858beed523fd699997da5717fc1287fcc6ea31eac495d7d719b46010173fe83
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D858BEED523FD699997DA5717FC1287FCC6EA31EAC495D7D719B46010173FE83"
Last-Modified: Fri, 25 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16696
Expires: Sat, 26 Nov 2022 17:28:00 GMT
Date: Sat, 26 Nov 2022 12:49:44 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nv1WKXhAE4f4foL5n6YCmw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5vo7cGpB7ZRrp/8eatc489+lfWc=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ee2f0a2d313e4deb0089e8437b3f333
a6b2014c9f18627e59a2651327454015fd7afe8d
fd661a7d6c37112eca96ab0d2525dbd0d845bd8b35cdb240841dee9e3968b3d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD661A7D6C37112ECA96AB0D2525DBD0D845BD8B35CDB240841DEE9E3968B3D8"
Last-Modified: Fri, 25 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8021
Expires: Sat, 26 Nov 2022 15:03:25 GMT
Date: Sat, 26 Nov 2022 12:49:44 GMT
Connection: keep-alive
d2rsvcm1r8uvmf.cloudfront.net/XcUVrcmQSKgUUWwUsD09cSXxfS1BXLxgdCgF4LAAMIXUjPwcdcCobCytjHwgATHVNHgUfIlZUAR8mVkNCECEJT1BXMRsdD0woER4OHy8KFA8WYx4TWRwqERsIHSROQCJEa1tXVkFtHBsKFSocAUFDdQUGQUN1WkJKQWBYMEFDdRwbCkdxTkEmVHdbClJFYF-gwQUN1GQRBQgRaQlFfdUJXVkEiDhEPHmBZNFZBdFtCVUF0TkBUFywZFwIePU5AIkB1XlxUVzBWQw
200 OK 620 B URL HTTP/2 d2rsvcm1r8uvmf.cloudfront.net/XcUVrcmQSKgUUWwUsD09cSXxfS1BXLxgdCgF4LAAMIXUjPwcdcCobCytjHwgATHVNHgUfIlZUAR8mVkNCECEJT1BXMRsdD0woER4OHy8KFA8WYx4TWRwqERsIHSROQCJEa1tXVkFtHBsKFSocAUFDdQUGQUN1WkJKQWBYMEFDdRwbCkdxTkEmVHdbClJFYF-gwQUN1GQRBQgRaQlFfdUJXVkEiDhEPHmBZNFZBdFtCVUF0TkBUFywZFwIePU5AIkB1XlxUVzBWQw
IP
File type ASCII text, with very long lines (870), with no line terminators
Hash 077b38c46346b1bafca3983cf54adbd7
8a752d05925cab3327557403d1c1698e2a7a5b44
07943a9546f6f5f8fe08f9e6ef7dcafec8ee8296b0e58a6ede6016e846eefcdd
GET /XcUVrcmQSKgUUWwUsD09cSXxfS1BXLxgdCgF4LAAMIXUjPwcdcCobCytjHwgATHVNHgUfIlZUAR8mVkNCECEJT1BXMRsdD0woER4OHy8KFA8WYx4TWRwqERsIHSROQCJEa1tXVkFtHBsKFSocAUFDdQUGQUN1WkJKQWBYMEFDdRwbCkdxTkEmVHdbClJFYF-gwQUN1GQRBQgRaQlFfdUJXVkEiDhEPHmBZNFZBdFtCVUF0TkBUFywZFwIePU5AIkB1XlxUVzBWQw HTTP/1.1
Host: d2rsvcm1r8uvmf.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://watchingssu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 620
date: Sat, 26 Nov 2022 12:49:44 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7qT3hYLDMG87fs_o4Jnzq_snTMkMaaDRRlmrq1impabSt_3AQD7AZg==
X-Firefox-Spdy: h2
d2rsvcm1r8uvmf.cloudfront.net/jZTBNM2wGXyNVUxFZKQ5UUQN/BV1DWj5cAhUNDlEgHWcOaVkIFjlJCFgAa18NC1dwFQkLU3ACSgRULw5YQ0UsDgEKSiRfAAQVf3VZSwBoAVxNRyRdCApHPhZeVV45Fl5VAX0dXEADDxZeVUckXVpRFX5xSVcANQVYQAMPFl5VQjsWXyQBfQZCVRloAVwCVS-5YA0ACCwFcVAB9AlxUFX8DCgxCKFUDHRV/dV1VBWMDShANfA
200 OK 186 B URL HTTP/2 d2rsvcm1r8uvmf.cloudfront.net/jZTBNM2wGXyNVUxFZKQ5UUQN/BV1DWj5cAhUNDlEgHWcOaVkIFjlJCFgAa18NC1dwFQkLU3ACSgRULw5YQ0UsDgEKSiRfAAQVf3VZSwBoAVxNRyRdCApHPhZeVV45Fl5VAX0dXEADDxZeVUckXVpRFX5xSVcANQVYQAMPFl5VQjsWXyQBfQZCVRloAVwCVS-5YA0ACCwFcVAB9AlxUFX8DCgxCKFUDHRV/dV1VBWMDShANfA
IP
File type ASCII text, with no line terminators
Hash e1b37e90fc9ae3eed75d9bcdade8bfa8
08f3841ce8d6510b57e43a01c6340aee31f80f80
d83487ddab0cdb096aecdd9ce11082f76232247d053bf96d50b473c79940eed4
GET /jZTBNM2wGXyNVUxFZKQ5UUQN/BV1DWj5cAhUNDlEgHWcOaVkIFjlJCFgAa18NC1dwFQkLU3ACSgRULw5YQ0UsDgEKSiRfAAQVf3VZSwBoAVxNRyRdCApHPhZeVV45Fl5VAX0dXEADDxZeVUckXVpRFX5xSVcANQVYQAMPFl5VQjsWXyQBfQZCVRloAVwCVS-5YA0ACCwFcVAB9AlxUFX8DCgxCKFUDHRV/dV1VBWMDShANfA HTTP/1.1
Host: d2rsvcm1r8uvmf.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://watchingssu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 186
date: Sat, 26 Nov 2022 12:49:44 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZBlEFEa2zd0zf0-o0mTahxk_KCA949AR-7l3Nxqcd_8hQXakSmAWAQ==
X-Firefox-Spdy: h2
d2rsvcm1r8uvmf.cloudfront.net/2d0h3Vk4UJxkwcQMhE2t2RXpCZHpRIgQ5IAd1EW4jFhkaEykvfkVvHxBuAywqSnhROi8ZL0pwKxkrSmdoFiwVa3pRPAc5JUolDTokGSIWMCUQbgI3cxonDT8iGylSZAhCZkdzfEdgAD8gEycAJWtFeBkia0V4RmZgR21EFGtFeAA/IEF8UmUMUnpHLnhDbU-QUa0V4BSBrRAlGZntZeF5zfEcvEjUlGG1FEHxHeUdmf0d5UmR+ESEFMygYMFJkCEZ4Qnh+UT1KZw
200 OK 512 B URL HTTP/2 d2rsvcm1r8uvmf.cloudfront.net/2d0h3Vk4UJxkwcQMhE2t2RXpCZHpRIgQ5IAd1EW4jFhkaEykvfkVvHxBuAywqSnhROi8ZL0pwKxkrSmdoFiwVa3pRPAc5JUolDTokGSIWMCUQbgI3cxonDT8iGylSZAhCZkdzfEdgAD8gEycAJWtFeBkia0V4RmZgR21EFGtFeAA/IEF8UmUMUnpHLnhDbU-QUa0V4BSBrRAlGZntZeF5zfEcvEjUlGG1FEHxHeUdmf0d5UmR+ESEFMygYMFJkCEZ4Qnh+UT1KZw
IP
File type ASCII text, with very long lines (702), with no line terminators
Hash f11fff56f0b78ef9d6298f8265da45c9
446d64ecd90e49beb16165fdf6a94686e759281f
20d9f5eb36dd8d48eac66b4676a80fc339ed607eb43d87cdb6864cf7e0ed8dbf
GET /2d0h3Vk4UJxkwcQMhE2t2RXpCZHpRIgQ5IAd1EW4jFhkaEykvfkVvHxBuAywqSnhROi8ZL0pwKxkrSmdoFiwVa3pRPAc5JUolDTokGSIWMCUQbgI3cxonDT8iGylSZAhCZkdzfEdgAD8gEycAJWtFeBkia0V4RmZgR21EFGtFeAA/IEF8UmUMUnpHLnhDbU-QUa0V4BSBrRAlGZntZeF5zfEcvEjUlGG1FEHxHeUdmf0d5UmR+ESEFMygYMFJkCEZ4Qnh+UT1KZw HTTP/1.1
Host: d2rsvcm1r8uvmf.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://watchingssu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 512
date: Sat, 26 Nov 2022 12:49:44 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2_8rMH7f04vNEPaFw6PJhMfl_NwQjxVzj27X1-AhprC4Ng3VgGA-GQ==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 8a2e7ab9f879e661a79bbd1a8941771d
2ffaca360ca166595c22af6993fe09f828d94f2e
7de1ce8e8144f318bd65ae8f6cfc023abdd5f34da94a0fd9098b18e1be3413d2
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 12:49:44 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 16:52:35 GMT
Expires: Thu, 01 Dec 2022 16:52:34 GMT
Etag: "2ffaca360ca166595c22af6993fe09f828d94f2e"
Cache-Control: max-age=445969,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7702beede8520b55-OSL
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 900
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 26 Nov 2022 12:49:44 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37184), with no line terminators
Hash 870e81762e8245839f3ca6e299a4aae1
fb7e7b5ef2f5d93d260659e3e8c7e8861e516b27
6a922f957540eec4d5fc41477dcdabeb244d297002696d9cbe39fb8dff9f778a
Analyzer Verdict Alert quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 26 Nov 2022 12:49:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bbb59a95198a3bf1e04037995cfec667
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash d438e1af63e2f2b0e0cdf2a74966ab91
37e36842937ddc6abf543f0623894e770cc06118
a5121c332d69fbec0378a247a93432ecc3f00014bd67df9b1ff613bea57af4d1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A5121C332D69FBEC0378A247A93432ECC3F00014BD67DF9B1FF613BEA57AF4D1"
Last-Modified: Fri, 25 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3807
Expires: Sat, 26 Nov 2022 13:53:12 GMT
Date: Sat, 26 Nov 2022 12:49:45 GMT
Connection: keep-alive
pogothere.xyz/asd100.bin
200 OK 103 kB IP
Size 103 kB (102871 bytes)
Hash e41e698921963ff992ad1174dea1745c
b6f3c6113aee05427762cc09ae4f67c0476d7b35
8d2060ac8438558bd3013befc1f43d609d00ad652fda270ea7701b234e6893fc
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:44 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4510
last-modified: Sat, 26 Nov 2022 11:34:34 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2FV7djnUyOw%2BInePxlzVvmu9B%2BcDMCpXtbDtUFHOYHf27GXYPbripbeaQDug9fCrF57aBalcal5z3w2mfbuJWP4jzvCXqmy%2F5KNqeAhRi2yynfOGgg7nkq6AP%2BXY%2B8EN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702beec2c721c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 4da2dd0086c386b10efafa062b641240
b9224dd5fdb03c66a85012369095d16e64a00139
6c7e6262591f2869782e060b748206ea7610f0100c5d6f0263ad595705c9597f
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:45 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=f081f52a-7b09-41b9-a4dc-28f65a70fbe8:3:1; expires=Tue, 23 Nov 2032 12:49:45 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 506 B IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b986a97cd1810e0510b4ccc86cf63135
d04147bb1c0721b53411e96b2de71b216466cf5e
ef6c83136b379b6b19986e305c41175fc3a4bcf7aa469c33a20f3268fe056230
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 407ca8387c360d434a53812c03688310
90e74fa4928adcf8ae410f2eea7956b6ae7f687b
5690f667c20ba6c6daf71668a7c02c6d50383b585521e6f3e7a0ddcf895358d3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4070
Cache-Control: max-age=149822
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:45 GMT
Etag: "6381a1c1-1d7"
Expires: Mon, 28 Nov 2022 06:26:47 GMT
Last-Modified: Sat, 26 Nov 2022 05:18:57 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 26 Nov 2022 12:41:08 GMT
expires: Sat, 26 Nov 2022 14:41:08 GMT
cache-control: public, max-age=7200
age: 517
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash e99fcdc3ed7523948d56cbe1c943fcf3
4b8a3c27fa51771c288a392441d678321d7a3717
60e7c3efee2b4d2fb45d7ddeaee81b3dcd379b3cad9774f51402f09e1dcf9cfc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 391 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash 4c233e8c817ea1bc84f43b30141931a5
9dce6e836149f9e87890a574bead0e2368745c95
6e3d2105beba85ad3f7323fe7d8bb1f9f9e6d13167a245757bf5a814c05b59fc
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 26 Nov 2022 12:49:45 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S772591821%3A1669466985369922&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvXN5vtxkpR2TbgE-xU2aEm0xXrWKOiSDsJ7iam7dudFLKTtfvk3XxAWoYUmeGUYXVlqQjyaQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-G1cOWfvIvjhjbfFrf0FAaw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 391
server: GSE
set-cookie: __Host-GAPS=1:WxU9WpVECxpe2VvySShWzSIXS3Pt5Q:OHdhNY6MxfvxZ2p0;Path=/;Expires=Mon, 25-Nov-2024 12:49:45 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 400 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 75add6069230906ce7e4919599e61b4f
ca7e821c3fc598121886c23f21e00461d6fd88ee
18b73b32175c3a7a7e60e256769b7454acc7601faac55d8f45d9e21c7f0eaf92
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 26 Nov 2022 12:49:45 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1593960072%3A1669466985385884&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvJwzvpo55G8GM8Uuzn7d_UZyUJcDIQgxVEa48_WLkA7QaLzHFO1-vvRORfM9ybVChA57D6HA
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-8Nk3I10plbqCdISWnXYgYw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 400
server: GSE
set-cookie: __Host-GAPS=1:pesxSubcMmP274-jbVWb0UpZKWbDGA:ncNPNScon-QcSc5T;Path=/;Expires=Mon, 25-Nov-2024 12:49:45 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e922b25acaba2d7f8921ebe973a4b261
5dd4c237c84a652cbcf3db163529f3788ceafc46
a7856c7777aa01b671ddae097494f2b031cbbddc7b244fe8714a8c02b85d8589
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash d438e1af63e2f2b0e0cdf2a74966ab91
37e36842937ddc6abf543f0623894e770cc06118
a5121c332d69fbec0378a247a93432ecc3f00014bd67df9b1ff613bea57af4d1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A5121C332D69FBEC0378A247A93432ECC3F00014BD67DF9B1FF613BEA57AF4D1"
Last-Modified: Fri, 25 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3807
Expires: Sat, 26 Nov 2022 13:53:12 GMT
Date: Sat, 26 Nov 2022 12:49:45 GMT
Connection: keep-alive
accounts.google.com/v3/signin/identifier?dsh=S1593960072%3A1669466985385884&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvJwzvpo55G8GM8Uuzn7d_UZyUJcDIQgxVEa48_WLkA7QaLzHFO1-vvRORfM9ybVChA57D6HA
403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1593960072%3A1669466985385884&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvJwzvpo55G8GM8Uuzn7d_UZyUJcDIQgxVEa48_WLkA7QaLzHFO1-vvRORfM9ybVChA57D6HA
IP
Hash 871051d20b97dafe6091ef7c30145667
016582c001e71af841bccf2be1864861da0a138b
2c95a38b4aa5c79abfe8b7dc1f9cd63d7bad4a26ef3be77685494c27b13b0565
GET /v3/signin/identifier?dsh=S1593960072%3A1669466985385884&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvJwzvpo55G8GM8Uuzn7d_UZyUJcDIQgxVEa48_WLkA7QaLzHFO1-vvRORfM9ybVChA57D6HA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 26 Nov 2022 12:49:45 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-s8T6YLnxzTkKAKJ1xcrrwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18339
Expires: Sat, 26 Nov 2022 17:55:24 GMT
Date: Sat, 26 Nov 2022 12:49:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18339
Expires: Sat, 26 Nov 2022 17:55:24 GMT
Date: Sat, 26 Nov 2022 12:49:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18339
Expires: Sat, 26 Nov 2022 17:55:24 GMT
Date: Sat, 26 Nov 2022 12:49:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18339
Expires: Sat, 26 Nov 2022 17:55:24 GMT
Date: Sat, 26 Nov 2022 12:49:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg
200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg
IP
Hash c5a335cac6e1603dbdd7e0a725f8df46
636eb1095f4860a2bcbfa053621ff45224fa8209
61e9ce0891112442aa008a5c8a9bbfed90dd604db58dc9a5d0aa375bc5eec04c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: eede6332-5376-4f9c-83fc-f894430c1f4b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWWYFFgoAMFhaQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381375b-66d7ffc70f7d901420a503da;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:44:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yM8EHyxy6pUHVZhGUOHuFOU-Z4eTyL2N3Ooa6QMrPlIfp6X5I_JBRw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:06 GMT
age: 54219
etag: "c47a3884465fc02b5c57faa5ffbd986ba29c64c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93728079-c686-4b9a-9313-1cc6778793d2.jpeg
200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93728079-c686-4b9a-9313-1cc6778793d2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 96437d0cb1ceaffa77124f0dcfeb38cf
3f4a47cdd9ea3bbd20fec37e4a9dbfa9af2acc50
89244601b0a4bc150033e52dc56cf0fbe2846ebba7532c477146258a70783e05
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93728079-c686-4b9a-9313-1cc6778793d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7799
x-amzn-requestid: 4b3bf619-fb69-4cfe-b8e7-7de4ea127853
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLXADFOvoAMFXQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813866-77f561ae3496d84c75541300;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:49:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lt_7H9W9LVUS5gKPrBF_vGiXg-anP_bGV5izsxPiGhiasy2eBnltuw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:33:39 GMT
age: 51366
etag: "3f4a47cdd9ea3bbd20fec37e4a9dbfa9af2acc50"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7c216e6-fb54-4285-8656-a1e15990a37a.jpeg
200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7c216e6-fb54-4285-8656-a1e15990a37a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70fae9ac56bb7676177d4252757f0180
bd3027af47f20f4bb9ac36cd9e4493e28e6b041c
1378749f1b28b6c56b8e76418fc5dd59cf608a4e64c1e1067b4f19df10233afc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7c216e6-fb54-4285-8656-a1e15990a37a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8078
x-amzn-requestid: e199b062-09f2-46b8-a8ee-6d7b782f7359
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVC7GT2oAMF5XA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813545-485ea8fd3e785be748834efd;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: yJdSAEHw1AFVsBFBSX5G6rqED3Kpi_P69vtTrVVE1vFDtl3XMsyJ4g==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:31:51 GMT
age: 51474
etag: "bd3027af47f20f4bb9ac36cd9e4493e28e6b041c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg
200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8dc4b8a7e9f7f4f84f0da568b43392b
3d32bff85cb7ec118c4496d0c3802829fdc9af3b
4b0ffde427085c796a7a5823604b29a4af43dbb93e99ec41f34feb37f52ac7d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9049
x-amzn-requestid: 6cbd9639-c29d-4ff4-8091-3168f64f4c78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVGHzKoAMFSuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135ba-100ea4235fdf1df8491041c8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: utbUF-6Z7rMqPNdRKHJyI-IZoyTy6HpkNBY-60xcZ-6NDXBz1XN6-Q==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:40 GMT
age: 54065
etag: "3d32bff85cb7ec118c4496d0c3802829fdc9af3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
200 OK 8.7 kB URL HTTP/2 cdntechone.com/stattag.js
IP
File type ASCII text, with very long lines (12932), with no line terminators
Hash 66e99a61beb5dae04cae8f7eac0f10dc
19d83e6b5c692d5d9d91caacc3c2a09c9aba583b
4b139256cdc02e95f814b32c39c51744c02e736c1ba155df03f283904f0cc873
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:44 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2022
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GBRXZVbd5GuYuUZHmynQsCOOTnu7Ftxvo%2B94UD9Iv1h4xuKzsrjVLWNaCL%2FDm%2F6AALbSJOOqhwRO4BaV8lo37wtEugIJyiavOQAddrH5YUr4btufpQS%2B9Rxw6yj0uEb%2FFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702beeb6deab51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg
200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 17ebe470d040a6ea8c57e9b9d4f4e828
1ac7a410cd4f3709f476c776dd5646dd982dcfa8
d65114b68fcc12344c6df7bf294718b79822fa9782d3bd54ca044b66f82052b1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15818
x-amzn-requestid: a6570859-3b03-492e-9f84-e25b01223da2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLXrUF3bIAMF8CA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381397b-379b1bcf2ac0715835e10e48;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:54:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TI0cacek54dPUYW7fYy0xm-1CKdRXZGqBH1vGURakUsBbm-WGcW-vA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:17:55 GMT
age: 52310
etag: "1ac7a410cd4f3709f476c776dd5646dd982dcfa8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 15442b0808c5d6324d8abbcf530fd024
6345943f61f535f9ce1e95911cc1746df8c289cc
0c52e416df30432ba5857bdbdc0a6fa9bcf0c9c8d829c5e75e865a6d834444bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0C52E416DF30432BA5857BDBDC0A6FA9BCF0C9C8D829C5E75E865A6D834444BB"
Last-Modified: Thu, 24 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8871
Expires: Sat, 26 Nov 2022 15:17:36 GMT
Date: Sat, 26 Nov 2022 12:49:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 65f96a268c71dd2240b791911c212326
1c35b60c96efc632a131cb94748ee415a879f3b2
eecc5be54045ae30a37b00d7b96102d40dacc0e1c761a6432425673e04761c3a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EECC5BE54045AE30A37B00D7B96102D40DACC0E1C761A6432425673E04761C3A"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4383
Expires: Sat, 26 Nov 2022 14:02:48 GMT
Date: Sat, 26 Nov 2022 12:49:45 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=f081f52a-7b09-41b9-a4dc-28f65a70fbe8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
200 OK 27 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=f081f52a-7b09-41b9-a4dc-28f65a70fbe8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
IP
ASN #39572 DataWeb Global Group B.V.
Hash 610936feccccd033b794a865db03ed2e
072b0d93ef04fd2925dcf4ddaabf8fe7e5bf9f0e
2505d6667e1182fd56c3c3b1a6f91de93db6c134325f58acf1e4e1ad61ebcb4e
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=f081f52a-7b09-41b9-a4dc-28f65a70fbe8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 26 Nov 2022 12:49:46 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1d877ae24d59e475efb2a9d26eb47b5d
Strict-Transport-Security: max-age=0; includeSubdomains
whiskerssituationdisturb.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=f081f52a-7b09-41b9-a4dc-28f65a70fbe8%3A3%3A1
200 OK 4.2 kB URL HTTP/1.1 whiskerssituationdisturb.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=f081f52a-7b09-41b9-a4dc-28f65a70fbe8%3A3%3A1
IP
File type JSON data\012- , ASCII text, with very long lines (5793), with no line terminators
Hash 08002f00f0705641576f3ff91da07cbc
dc7a20eb709dba3e94f3170371fa9512f3b85d1f
8c05dab4ff1f379ff5d9e5e21342fe0ecd0e65f6ab05de043bf41b7b9477dd44
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=f081f52a-7b09-41b9-a4dc-28f65a70fbe8%3A3%3A1 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Nov 2022 12:49:46 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://exee.app
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Sun, 27 Nov 2022 12:49:46 GMT; secure; SameSite=None
uid_id2=f081f52a-7b09-41b9-a4dc-28f65a70fbe8:3:1; expires=Sat, 03 Dec 2022 12:49:46 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 27 Nov 2022 12:49:46 GMT; secure; SameSite=None
uncs=1; expires=Sun, 27 Nov 2022 12:49:46 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 27 Nov 2022 12:49:46 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 27 Nov 2022 12:49:46 GMT; secure; SameSite=None
slecf585f65c6c65123b95dd09be324de3bb=[3760951]; expires=Sat, 26 Nov 2022 12:49:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e4044994fdf1e6866868bd54c175f279
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
200 OK 279 B IP
Hash 679b075bba72ca5ba54aa0374b7b5c33
3ef17e85c0c763b4cb7172722a97657c1a819c03
b7a5684aa189422499d41b538343bd7faacc48db9620ea752359f4a02a8500cc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 398
Cache-Control: max-age=106925
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:49:46 GMT
Etag: "63810889-117"
Expires: Sun, 27 Nov 2022 18:31:51 GMT
Last-Modified: Fri, 25 Nov 2022 18:25:13 GMT
Server: ECS (amb/6B74)
X-Cache: HIT
Content-Length: 279
whiskerssituationdisturb.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH72ujC7tR6caFMogLBTN5b2bezDy7KKY1EkyT0Fayvr%2Fe5DZ33n3c%2B968SUCILUihLkZEcfnynfzAWsT%2BAaJM3JSA0HEhWRiXLtwIYjduZJKB4Fm8c877nMX5fs%2F9ZCc%2FIT5yerx6w2wprelcWPUrb66pRJjCVZZvVwK%2F6l%2BprKmk2bhS6U8%2BtvdO4IdV%2F63K%2B5JvmLmaH%2Fh%2B4AeVBWVlbPpzpxQqfRQF1civNmrVIGygb%2F%2Ffu9yDox5E74S8DCXGz60%2FeQzFR0i6312XbiMz6dvvdXNNM2PREwcfJhuJKRJ0z8vYeoiTg%2Bk0jBsT8tUFmORgqgCmtztRAKbGxPs1AEsOpmuC9fbONmUaMgETl1D0RpB6BEVH4OYelHhKAC6wvIKku79sbEE3zyid0DGZefY3VDEmM79dRtL9dl6rfuWW0XmmTOLQj0uo%2FgiqM0KaHyLb8qCKQ%2FDsLpT4mcw9W0LS3V1x2kCJ4zdivx3EYY3OtpgfzTYCFs3ShuCztXbcDGnLj5lsn1qk1AgqHkHLAai7iNx5yJWHPPaQpx664rhCwyj2%2FVbM4nq93eCc1%2Buch%2B2mCEW90Y595HyiYYAsHYDrAbjdRmq3saEGsPmPcOslnPDgMoKeKFFIgsIRFJSgUARFRlD0yj2hXc2V%2B0K7nAXTXJvmejk0WWeH7pmsIxOyk56QlybGeS8%2BvIwNeVyJw3YYN0Pe5M0wqNVZFArhR0zWaw0h64zBqRLKXQB1HrbUmFz86E%2BkakwuzM%2BB0UM4fQiuXgfNXwUthq2aD7o%2BbLR9bCX7si%2BrykCYEmk2g2zT29En5JXT00W8BcmPrv7z7x%2F6wbUvwW2J1Ja4o34i6Oj7w5umILs3TeHI45U0U121RSdnvZXRTM48%2FEBuFsaKxetu8PW7fAIm5aPb0mVLNBEq6TjyzbwSQtoFY7kk3y%2B6NclWc7c%2Bn9skT5dWry0sdlMrnVMmGYGqp63PwdWYvHBj%2B%2FTBvvbpEyg7gs1LdPMjMg0ocwiebsOlR1d%2F1w%2BuffHx83CGwOrzGZZ6KPJyaGvs%2FKdWBFqe95SVcPLcAiaPfvjrjO24%2B%2BhYDzS7h6RbomdL9HQJqgdw%2BcVhltqjq7%2FUTwNMe0OmrbfLtNWfnVnr1HFFhrEfS78mWRyxuEV9EcWNiNEokC0W0gCZG%2FO7l%2B78BwAA%2F%2F8BAAD%2F%2FwxQDKuIBAAA
200 OK 7 B URL HTTP/1.1 whiskerssituationdisturb.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH72ujC7tR6caFMogLBTN5b2bezDy7KKY1EkyT0Fayvr%2Fe5DZ33n3c%2B968SUCILUihLkZEcfnynfzAWsT%2BAaJM3JSA0HEhWRiXLtwIYjduZJKB4Fm8c877nMX5fs%2F9ZCc%2FIT5yerx6w2wprelcWPUrb66pRJjCVZZvVwK%2F6l%2BprKmk2bhS6U8%2BtvdO4IdV%2F63K%2B5JvmLmaH%2Fh%2B4AeVBWVlbPpzpxQqfRQF1civNmrVIGygb%2F%2Ffu9yDox5E74S8DCXGz60%2FeQzFR0i6312XbiMz6dvvdXNNM2PREwcfJhuJKRJ0z8vYeoiTg%2Bk0jBsT8tUFmORgqgCmtztRAKbGxPs1AEsOpmuC9fbONmUaMgETl1D0RpB6BEVH4OYelHhKAC6wvIKku79sbEE3zyid0DGZefY3VDEmM79dRtL9dl6rfuWW0XmmTOLQj0uo%2FgiqM0KaHyLb8qCKQ%2FDsLpT4mcw9W0LS3V1x2kCJ4zdivx3EYY3OtpgfzTYCFs3ShuCztXbcDGnLj5lsn1qk1AgqHkHLAai7iNx5yJWHPPaQpx664rhCwyj2%2FVbM4nq93eCc1%2Buch%2B2mCEW90Y595HyiYYAsHYDrAbjdRmq3saEGsPmPcOslnPDgMoKeKFFIgsIRFJSgUARFRlD0yj2hXc2V%2B0K7nAXTXJvmejk0WWeH7pmsIxOyk56QlybGeS8%2BvIwNeVyJw3YYN0Pe5M0wqNVZFArhR0zWaw0h64zBqRLKXQB1HrbUmFz86E%2BkakwuzM%2BB0UM4fQiuXgfNXwUthq2aD7o%2BbLR9bCX7si%2BrykCYEmk2g2zT29En5JXT00W8BcmPrv7z7x%2F6wbUvwW2J1Ja4o34i6Oj7w5umILs3TeHI45U0U121RSdnvZXRTM48%2FEBuFsaKxetu8PW7fAIm5aPb0mVLNBEq6TjyzbwSQtoFY7kk3y%2B6NclWc7c%2Bn9skT5dWry0sdlMrnVMmGYGqp63PwdWYvHBj%2B%2FTBvvbpEyg7gs1LdPMjMg0ocwiebsOlR1d%2F1w%2BuffHx83CGwOrzGZZ6KPJyaGvs%2FKdWBFqe95SVcPLcAiaPfvjrjO24%2B%2BhYDzS7h6RbomdL9HQJqgdw%2BcVhltqjq7%2FUTwNMe0OmrbfLtNWfnVnr1HFFhrEfS78mWRyxuEV9EcWNiNEokC0W0gCZG%2FO7l%2B78BwAA%2F%2F8BAAD%2F%2FwxQDKuIBAAA
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH72ujC7tR6caFMogLBTN5b2bezDy7KKY1EkyT0Fayvr%2Fe5DZ33n3c%2B968SUCILUihLkZEcfnynfzAWsT%2BAaJM3JSA0HEhWRiXLtwIYjduZJKB4Fm8c877nMX5fs%2F9ZCc%2FIT5yerx6w2wprelcWPUrb66pRJjCVZZvVwK%2F6l%2BprKmk2bhS6U8%2BtvdO4IdV%2F63K%2B5JvmLmaH%2Fh%2B4AeVBWVlbPpzpxQqfRQF1civNmrVIGygb%2F%2Ffu9yDox5E74S8DCXGz60%2FeQzFR0i6312XbiMz6dvvdXNNM2PREwcfJhuJKRJ0z8vYeoiTg%2Bk0jBsT8tUFmORgqgCmtztRAKbGxPs1AEsOpmuC9fbONmUaMgETl1D0RpB6BEVH4OYelHhKAC6wvIKku79sbEE3zyid0DGZefY3VDEmM79dRtL9dl6rfuWW0XmmTOLQj0uo%2FgiqM0KaHyLb8qCKQ%2FDsLpT4mcw9W0LS3V1x2kCJ4zdivx3EYY3OtpgfzTYCFs3ShuCztXbcDGnLj5lsn1qk1AgqHkHLAai7iNx5yJWHPPaQpx664rhCwyj2%2FVbM4nq93eCc1%2Buch%2B2mCEW90Y595HyiYYAsHYDrAbjdRmq3saEGsPmPcOslnPDgMoKeKFFIgsIRFJSgUARFRlD0yj2hXc2V%2B0K7nAXTXJvmejk0WWeH7pmsIxOyk56QlybGeS8%2BvIwNeVyJw3YYN0Pe5M0wqNVZFArhR0zWaw0h64zBqRLKXQB1HrbUmFz86E%2BkakwuzM%2BB0UM4fQiuXgfNXwUthq2aD7o%2BbLR9bCX7si%2BrykCYEmk2g2zT29En5JXT00W8BcmPrv7z7x%2F6wbUvwW2J1Ja4o34i6Oj7w5umILs3TeHI45U0U121RSdnvZXRTM48%2FEBuFsaKxetu8PW7fAIm5aPb0mVLNBEq6TjyzbwSQtoFY7kk3y%2B6NclWc7c%2Bn9skT5dWry0sdlMrnVMmGYGqp63PwdWYvHBj%2B%2FTBvvbpEyg7gs1LdPMjMg0ocwiebsOlR1d%2F1w%2BuffHx83CGwOrzGZZ6KPJyaGvs%2FKdWBFqe95SVcPLcAiaPfvjrjO24%2B%2BhYDzS7h6RbomdL9HQJqgdw%2BcVhltqjq7%2FUTwNMe0OmrbfLtNWfnVnr1HFFhrEfS78mWRyxuEV9EcWNiNEokC0W0gCZG%2FO7l%2B78BwAA%2F%2F8BAAD%2F%2FwxQDKuIBAAA HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=f081f52a-7b09-41b9-a4dc-28f65a70fbe8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Nov 2022 12:49:46 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0cd31551debfeefdfb81d1db7b5e0f24
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 666f0822fa3b2bd37642dc6f1f9b95ea
b082ce304fa32d1afd9eee2c00c4d751d444f730
ea0fd5b59bc464c03f64e107247d245f8b9e65b5ad6593400952e0f978ba5251
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EA0FD5B59BC464C03F64E107247D245F8B9E65B5AD6593400952E0F978BA5251"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3935
Expires: Sat, 26 Nov 2022 13:55:21 GMT
Date: Sat, 26 Nov 2022 12:49:46 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 666f0822fa3b2bd37642dc6f1f9b95ea
b082ce304fa32d1afd9eee2c00c4d751d444f730
ea0fd5b59bc464c03f64e107247d245f8b9e65b5ad6593400952e0f978ba5251
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EA0FD5B59BC464C03F64E107247D245F8B9E65B5AD6593400952E0F978BA5251"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3935
Expires: Sat, 26 Nov 2022 13:55:21 GMT
Date: Sat, 26 Nov 2022 12:49:46 GMT
Connection: keep-alive
cdn.yourwebbars.com/sb/notifications/software/multi/browsers/ff/3/index.html
200 OK 499 B URL HTTP/2 cdn.yourwebbars.com/sb/notifications/software/multi/browsers/ff/3/index.html
IP
File type HTML document text\012- HTML document, ASCII text
Hash 8c91c3dfa2f35669b8c77ce2f5be55d1
e82f3a9d6390323f6b5cd9dce80902a3b8675c54
64a1f65b99f7e54ddf005a2f6a9dfdb461cbfa7445967d35b3433a5608578fca
GET /sb/notifications/software/multi/browsers/ff/3/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:46 GMT
content-type: text/html
last-modified: Thu, 08 Sep 2022 07:49:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 330640
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CDXVyiaRt9cuiOkwyZv6DAYnfwDTQhwk4sq43ggwCNW%2F3UpqyWkIJxngca79q4fZJpEbytrQs21P9EwXESJIWPIeOt2P3gGYp0JGoBXj9DsVx7m5YHyFxBPc5ftAaw6sTyMopSE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702bef88c90b51d-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/close.png
200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/close.png
IP
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/notifications/software/multi/browsers/ff/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:46 GMT
content-type: image/png
content-length: 5982
last-modified: Thu, 08 Sep 2022 07:49:57 GMT
etag: "63199ea5-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 615231
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EJPjX4ex4FXAm9AJytQ%2BfirbjsLvxQlMbWbt9XAWZrrrPb9HuGYC98zRqy8BIBUgU4qPW3bbMg5N9gYO9h6RRNhIpZJNgt4QOfgM3al7Gb33LUwzuVhAkqsZRm%2FVuZEHguD797SQjHej"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702bef95b95770b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 666f0822fa3b2bd37642dc6f1f9b95ea
b082ce304fa32d1afd9eee2c00c4d751d444f730
ea0fd5b59bc464c03f64e107247d245f8b9e65b5ad6593400952e0f978ba5251
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EA0FD5B59BC464C03F64E107247D245F8B9E65B5AD6593400952E0F978BA5251"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3935
Expires: Sat, 26 Nov 2022 13:55:21 GMT
Date: Sat, 26 Nov 2022 12:49:46 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/update-icon.png
200 OK 175 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/update-icon.png
IP
File type PNG image data, 452 x 453, 8-bit/color RGBA, non-interlaced\012- data
Size 175 kB (174730 bytes)
Hash 85bc2f8a287afa33ac84c90178055d00
c98e7ebd06397a77a20607f55fe4ebf1b57ca334
85d20d101efc753f9b0619a33901e1689d1e0c11a46bf6d6d657c1393542cc30
GET /sb/notifications/software/multi/browsers/ff/3/img/update-icon.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:46 GMT
content-type: image/png
content-length: 174730
last-modified: Thu, 08 Sep 2022 07:49:58 GMT
etag: "63199ea6-2aa8a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 615231
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JGmRmf%2BvVWU2vqzP4MYh3FSGiu5t47vHxZ1VYstYl7G8lLduMWhkNjJ8xYDSz5LwxhW%2FpV1wa7eGf%2BVHTvPM4rbh1M35U4o0eJW%2FU0Bv4yUb48LSYkVNFu4XQ%2BP1XRe2NO3eTBTtSoYC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702bef95b97770b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fstyle.css&l=3735&fd=117
200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fstyle.css&l=3735&fd=117
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fstyle.css&l=3735&fd=117 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=f081f52a-7b09-41b9-a4dc-28f65a70fbe8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Nov 2022 12:49:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fmagic.css&l=45250&fd=121
200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fmagic.css&l=45250&fd=121
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fmagic.css&l=45250&fd=121 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=f081f52a-7b09-41b9-a4dc-28f65a70fbe8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Nov 2022 12:49:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fjs%2Fscript.js&l=8814&fd=40
200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fjs%2Fscript.js&l=8814&fd=40
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fjs%2Fscript.js&l=8814&fd=40 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=f081f52a-7b09-41b9-a4dc-28f65a70fbe8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Nov 2022 12:49:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:08 GMT
expires: Thu, 23 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 234938
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/js/jquery.min.js
200 OK 46 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/js/jquery.min.js
IP
File type ASCII text, with very long lines (32025), with CRLF line terminators
Hash 178fd316cb074dbf0f819fcd748027c2
a63feb42b62281e361bae03f2df2f595b99374c5
ff791ff79bd42ed45dee970ecdf1fe820377c91ca60205476d2d5af20d3138d2
GET /sb/notifications/software/multi/browsers/ff/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:46 GMT
content-type: application/javascript
last-modified: Thu, 08 Sep 2022 07:49:59 GMT
etag: W/"63199ea7-149a0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 615231
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y7GMpOPFALJiu2aYXQzyt4Uz1vVsgIwCFMXZoed0bviRDpNE8qLrMnoQWjtqvFcv1vq1XgtL1pOENjQyKuAu6GTv93hzsBlB%2FhAf2v310nfxjZpkEIRUJ2WK%2FE5ZHQSTAFHQXF2SzZLR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702bef95b9b770b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
whiskerssituationdisturb.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSy4scVRTGbyWjC7NRycaF0ogLBaenHl39MIvgJEaCSWZIIrO%2Br%2Bq5mdt1i3urunoGhDEBCcRFiygua76eB8Yg5g8QpcdNGBDSLmQWjksXbgQxGzfSMw2DZ1HnnPqdxfm%2Bcz%2FZKo6Ij4IeLl83G0pruhDX%2FdqbKyoVpnS1G7drgV%2F3L9RWVNpsXKgNph%2Fbfyfw47r%2FVu19ydfMQugHvh%2F4Qe2KsjIxg4VjCpU96gT1jl9vhPUgbmBg%2F9%2B7woOjHkT%2FiLwMJSbPrT55DMXHSHvfXZZuLTfZ2%2B%2F1Ck1zY9EXex%2Bma6kpU%2FROy8R6SNK92TSMmxDy1RmYdG%2BmAKa%2FPVUApibE%2BzUAS%2Fdma4L1d042ZRoyBRPnUPbHkHoMRcfg5h6UeEoALnBjCWlv94axJV0%2FoXRKJ2Tu2d9Q5YTM%2FXYeae%2FbRa0GtVtGF7kyqcMgqaAGY6juGFmxj3zDgyr3wfO7UOJnsvDsGtLe9pLTBkocvpH47SCJQzrfYn5nvhGwzjxtCD4ftpNmTFt%2BwmT72CKlxlDJGFoOQd1ZFM5DoTwUiYci89AThzUadxLfbyUsiaJ2g3MeRZzH7aaIRdRoJz4KPtUwRJ4NwfUQ3G4is5tYU0PY4ke41QpOeHA5QV9UKCVB6QhKSlAqgjInKPvVjtAudNWu0K5gwSyHsxxVI5N3t%2BiOybsyJVvZEXlpapz34sPzWJOHtSRux0kz5k3ejIMwYp1YCL%2FDZBQ2hIwYg1MVlDsD6jxsqAk5%2B9GfyNSEnFlcAKP7cHofXL0OWrwKWo5aoQ%2B6Omq0fWyku3Ig68pAmApZPod83dvSR%2BSV49N1eAuSH1z8598%2F9INLX4LbCpmtcEf9RNDV90c3TUm2b5rSkcdLWa56aoNOz3orp7mce%2FiBXC%2BNFVcvu%2BHX7%2FIpmJaPbkuXX6OpUGnXkW8WlRDSXjGWS%2FL9Vbci2XLhVhcLmxbZteVLV672MiudUyYdg6qnrc%2FB1YS8cH3z%2BMG%2B9ukTKDuGLSr0igMyCyizD55twmUHF3%2FXDy598fHzcIbA6tMZlnkoi2pkQ3b6UysCLU97yio4eWoBkwc%2F%2FHXCttx9dK0Hmt9D2qvQtxX6ugLVQ7ji7CjP7MHFX6LjANPeiGnrbTNt9Wcn1jp1WIuDhmyzdosLwSQXQSuM2pHvh0I0Wh0ZdJC7Cb977s5%2FAAAA%2F%2F8BAAD%2F%2FxhYgk2IBAAA
200 OK 7 B URL HTTP/1.1 whiskerssituationdisturb.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSy4scVRTGbyWjC7NRycaF0ogLBaenHl39MIvgJEaCSWZIIrO%2Br%2Bq5mdt1i3urunoGhDEBCcRFiygua76eB8Yg5g8QpcdNGBDSLmQWjksXbgQxGzfSMw2DZ1HnnPqdxfm%2Bcz%2FZKo6Ij4IeLl83G0pruhDX%2FdqbKyoVpnS1G7drgV%2F3L9RWVNpsXKgNph%2Fbfyfw47r%2FVu19ydfMQugHvh%2F4Qe2KsjIxg4VjCpU96gT1jl9vhPUgbmBg%2F9%2B7woOjHkT%2FiLwMJSbPrT55DMXHSHvfXZZuLTfZ2%2B%2F1Ck1zY9EXex%2Bma6kpU%2FROy8R6SNK92TSMmxDy1RmYdG%2BmAKa%2FPVUApibE%2BzUAS%2Fdma4L1d042ZRoyBRPnUPbHkHoMRcfg5h6UeEoALnBjCWlv94axJV0%2FoXRKJ2Tu2d9Q5YTM%2FXYeae%2FbRa0GtVtGF7kyqcMgqaAGY6juGFmxj3zDgyr3wfO7UOJnsvDsGtLe9pLTBkocvpH47SCJQzrfYn5nvhGwzjxtCD4ftpNmTFt%2BwmT72CKlxlDJGFoOQd1ZFM5DoTwUiYci89AThzUadxLfbyUsiaJ2g3MeRZzH7aaIRdRoJz4KPtUwRJ4NwfUQ3G4is5tYU0PY4ke41QpOeHA5QV9UKCVB6QhKSlAqgjInKPvVjtAudNWu0K5gwSyHsxxVI5N3t%2BiOybsyJVvZEXlpapz34sPzWJOHtSRux0kz5k3ejIMwYp1YCL%2FDZBQ2hIwYg1MVlDsD6jxsqAk5%2B9GfyNSEnFlcAKP7cHofXL0OWrwKWo5aoQ%2B6Omq0fWyku3Ig68pAmApZPod83dvSR%2BSV49N1eAuSH1z8598%2F9INLX4LbCpmtcEf9RNDV90c3TUm2b5rSkcdLWa56aoNOz3orp7mce%2FiBXC%2BNFVcvu%2BHX7%2FIpmJaPbkuXX6OpUGnXkW8WlRDSXjGWS%2FL9Vbci2XLhVhcLmxbZteVLV672MiudUyYdg6qnrc%2FB1YS8cH3z%2BMG%2B9ukTKDuGLSr0igMyCyizD55twmUHF3%2FXDy598fHzcIbA6tMZlnkoi2pkQ3b6UysCLU97yio4eWoBkwc%2F%2FHXCttx9dK0Hmt9D2qvQtxX6ugLVQ7ji7CjP7MHFX6LjANPeiGnrbTNt9Wcn1jp1WIuDhmyzdosLwSQXQSuM2pHvh0I0Wh0ZdJC7Cb977s5%2FAAAA%2F%2F8BAAD%2F%2FxhYgk2IBAAA
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSy4scVRTGbyWjC7NRycaF0ogLBaenHl39MIvgJEaCSWZIIrO%2Br%2Bq5mdt1i3urunoGhDEBCcRFiygua76eB8Yg5g8QpcdNGBDSLmQWjksXbgQxGzfSMw2DZ1HnnPqdxfm%2Bcz%2FZKo6Ij4IeLl83G0pruhDX%2FdqbKyoVpnS1G7drgV%2F3L9RWVNpsXKgNph%2Fbfyfw47r%2FVu19ydfMQugHvh%2F4Qe2KsjIxg4VjCpU96gT1jl9vhPUgbmBg%2F9%2B7woOjHkT%2FiLwMJSbPrT55DMXHSHvfXZZuLTfZ2%2B%2F1Ck1zY9EXex%2Bma6kpU%2FROy8R6SNK92TSMmxDy1RmYdG%2BmAKa%2FPVUApibE%2BzUAS%2Fdma4L1d042ZRoyBRPnUPbHkHoMRcfg5h6UeEoALnBjCWlv94axJV0%2FoXRKJ2Tu2d9Q5YTM%2FXYeae%2FbRa0GtVtGF7kyqcMgqaAGY6juGFmxj3zDgyr3wfO7UOJnsvDsGtLe9pLTBkocvpH47SCJQzrfYn5nvhGwzjxtCD4ftpNmTFt%2BwmT72CKlxlDJGFoOQd1ZFM5DoTwUiYci89AThzUadxLfbyUsiaJ2g3MeRZzH7aaIRdRoJz4KPtUwRJ4NwfUQ3G4is5tYU0PY4ke41QpOeHA5QV9UKCVB6QhKSlAqgjInKPvVjtAudNWu0K5gwSyHsxxVI5N3t%2BiOybsyJVvZEXlpapz34sPzWJOHtSRux0kz5k3ejIMwYp1YCL%2FDZBQ2hIwYg1MVlDsD6jxsqAk5%2B9GfyNSEnFlcAKP7cHofXL0OWrwKWo5aoQ%2B6Omq0fWyku3Ig68pAmApZPod83dvSR%2BSV49N1eAuSH1z8598%2F9INLX4LbCpmtcEf9RNDV90c3TUm2b5rSkcdLWa56aoNOz3orp7mce%2FiBXC%2BNFVcvu%2BHX7%2FIpmJaPbkuXX6OpUGnXkW8WlRDSXjGWS%2FL9Vbci2XLhVhcLmxbZteVLV672MiudUyYdg6qnrc%2FB1YS8cH3z%2BMG%2B9ukTKDuGLSr0igMyCyizD55twmUHF3%2FXDy598fHzcIbA6tMZlnkoi2pkQ3b6UysCLU97yio4eWoBkwc%2F%2FHXCttx9dK0Hmt9D2qvQtxX6ugLVQ7ji7CjP7MHFX6LjANPeiGnrbTNt9Wcn1jp1WIuDhmyzdosLwSQXQSuM2pHvh0I0Wh0ZdJC7Cb977s5%2FAAAA%2F%2F8BAAD%2F%2FxhYgk2IBAAA HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=f081f52a-7b09-41b9-a4dc-28f65a70fbe8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Nov 2022 12:49:46 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4845e4f5f35f27c81e04e1033d003abf
Strict-Transport-Security: max-age=0; includeSubdomains
whiskerssituationdisturb.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/sbs?c=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=f081f52a-7b09-41b9-a4dc-28f65a70fbe8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Nov 2022 12:49:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
exe.io/wxpzt
302 Found 0 B IP
GET /wxpzt HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sat, 26 Nov 2022 12:49:43 GMT
content-type: text/html; charset=UTF-8
location: https://exee.app/wxpzt
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=dc11ea8d1deb3d82ef059b981feab0fd; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZLnpW1s4T6z9AXQFdkxzCYxjJ%2FkvlNcVtLoU9weFa9YTMbe5hv9EPzhGpr2goo3hrv41LTCF6dazSU%2BR%2BwfhwlEgNoXqZfn3H6a%2Bf3DbuPVq4tbs5aeXWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702bee728f30b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 12:49:44 GMT
date: Sat, 26 Nov 2022 12:49:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/css/style.css
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/css/style.css
IP
GET /sb/notifications/software/multi/browsers/ff/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:46 GMT
content-type: text/css
last-modified: Thu, 08 Sep 2022 07:49:56 GMT
etag: W/"63199ea4-e97"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 196755
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MjTPRLdrLD6e9I8CLrLfUZG7yYox022EyLHygOsDZNTgvqpHpkPfF74xeokhakQRDp6ZbKAZWzpgVWVpAgr6uall7RmRUD8IU%2BXiztQV9iXE%2BUxoJqNX9aD2p5sEoJfTJKeXA1e1GlO0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702bef93b4e770b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:44 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4510
last-modified: Sat, 26 Nov 2022 11:34:34 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lBG3SQOa%2Bfx1xByzQ8ahhmZJgaUPiwUUFp5s%2FkTpQL0NmzBlghshwiozCtO%2BUsXeaGH35jE8IjJMd%2BptPiNoQjygKX1WBC%2BYSyykyVl%2FyH9mWamg1W6sg6CEi9RrygCq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702beec7cdb1c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: varp0YnXGPMYLqEpXTGHTj0pMgF5sgTjlAKVGAI0cnc9n44POnjuO7hOJPD7m7J69OMfiR007WkSjalbpQ8nRw==
date: Sat, 26 Nov 2022 12:49:45 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/css/magic.css
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/css/magic.css
IP
GET /sb/notifications/software/multi/browsers/ff/3/css/magic.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:46 GMT
content-type: text/css
last-modified: Thu, 08 Sep 2022 07:49:55 GMT
etag: W/"63199ea3-b0c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 196755
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3C2svJFXlAw73tXKY5ZjPA73oJ6g3J%2BSkyI%2BMuVVgVXKuLis0LTVz3hagrc6yuXzw7xNgYZYxX8rBvpYZg125A6kSR16WswI4zxIpUAod0z524sqYFkRjyu0%2FZMnIu18760y3jZZ9zbS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702bef92b4c770b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exee.app/wxpzt
200 OK 0 B IP
GET /wxpzt HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:43 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=8de426449866d4428c3c6ef27eaf759e; path=/; HttpOnly
csrfToken=4810471d573412b473df2b11af99a794c3f6aba02d6c181f67d65f8e328e4869488be5bef3326f79a6acc55eaf86dc1a7320d896adbc1074b21dbf9026f51247; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bDaKQYYnKISnw4JHMSiTnAo2U4kZsJveI5Ra1v2YRGZPBJsoct2x4m3qS2pCGq3bKbyutWIzxxPW0F5kSDcVJRHLo1AQGsHSHQ%2Bf1c%2FXPJrWsvx3DhRG1STbYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702bee88ffa0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exee.app/css/continue.css
200 OK 0 B URL HTTP/2 exee.app/css/continue.css
IP
GET /css/continue.css HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/wxpzt
Cookie: AppSession=8de426449866d4428c3c6ef27eaf759e; csrfToken=4810471d573412b473df2b11af99a794c3f6aba02d6c181f67d65f8e328e4869488be5bef3326f79a6acc55eaf86dc1a7320d896adbc1074b21dbf9026f51247
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:44 GMT
content-type: text/css
x-frame-options: SAMEORIGIN
last-modified: Fri, 20 Nov 2020 17:25:47 GMT
cache-control: max-age=2592000
expires: Fri, 16 Dec 2022 15:46:33 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 853391
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KvfnN34fxPJATKXEkYWR5xOXVGCmFXh3Tui33L1yTl2xDmM2P0nL%2FiR7VDk19FY4f%2FSpM9uWOY2Nxx%2BRoWkaBYeudTbMVnxTjodaK8LEx%2FS71jzudfJc%2FPbsBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702beea69ab0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S772591821%3A1669466985369922&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvXN5vtxkpR2TbgE-xU2aEm0xXrWKOiSDsJ7iam7dudFLKTtfvk3XxAWoYUmeGUYXVlqQjyaQ
403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S772591821%3A1669466985369922&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvXN5vtxkpR2TbgE-xU2aEm0xXrWKOiSDsJ7iam7dudFLKTtfvk3XxAWoYUmeGUYXVlqQjyaQ
IP
GET /v3/signin/identifier?dsh=S772591821%3A1669466985369922&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvXN5vtxkpR2TbgE-xU2aEm0xXrWKOiSDsJ7iam7dudFLKTtfvk3XxAWoYUmeGUYXVlqQjyaQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 26 Nov 2022 12:49:45 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-9dRu5KWCeCP0LBbVIXjRbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/js/script.js
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/js/script.js
IP
GET /sb/notifications/software/multi/browsers/ff/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:46 GMT
content-type: application/javascript
last-modified: Thu, 08 Sep 2022 07:49:59 GMT
etag: W/"63199ea7-2ae2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 196755
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qH7GJl15e6qOwZos99%2BnqczpArFvBHpGFHEiGRCWINiutpAffDiL%2BL6WmHSpZggGh2fqboEaYOEiOpPsiwJ4um%2BzSgTYoQw5Ut0ZDLxlsv2mRIJ6mqBb99jB7k9dVDOu2X5OhBQ2wbGr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702befa0c89770b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:44 GMT
content-type: text/plain
set-cookie: csu=358080476922864@1@1669466984; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TtIUaYn8SbhI3ICfELNjy6l4y%2B8%2FmOhxzwLrWThcxpxkpsR0XH6CZL3GbZLNavIWRYNMy%2F615FEXms%2BNAEgdz%2Bnir4SVu0bEU8nF%2BLxmRGF9GqT1VWVU%2BIjWfJP9OlP2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702beec7cd31c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:49:45 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 73ca81f7838dced2afe6fc4be73fef2d
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 26 Nov 2022 12:49:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m2FeHkITL0SencOGvWSzUGvECQ76Z5GPp3tz6%2FGwLxi8zGB9beNbQGrVTna5g5pib76TXWHDrNT2eTqCnhcPpHo0gUSKaa3%2BbaGxaKLx1qDqZdENKJwKISK5F9tJ2CcdF8wup1M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702bef0aa3f772b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
172.67.71.40
23.36.76.226
93.184.220.29
104.21.20.247
52.28.211.11
31.13.72.36
172.255.6.56