exe.io/Mmq6v
301 Moved Permanently 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Mmq6v HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 29 Nov 2022 21:28:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 29 Nov 2022 22:28:05 GMT
Location: https://exe.io/Mmq6v
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HKMeWKrdcFOWicZH1VxO%2BNO5AQGNdMppsfiGB0nRcEwqljpuI%2Bnzf65k6XOrMmOJQRZJIBCFBlzvlJ40hcTUNinYu3yZ4kIAnucN5pubI0O3za9kyglcSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771e6e58dd700af6-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10121
Expires: Wed, 30 Nov 2022 00:16:46 GMT
Date: Tue, 29 Nov 2022 21:28:05 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1159
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:05 GMT
Etag: "638650c5-37"
Last-Modified: Tue, 29 Nov 2022 18:34:45 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3395
Expires: Tue, 29 Nov 2022 22:24:40 GMT
Date: Tue, 29 Nov 2022 21:28:05 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 21:19:38 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 507
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash bc5c10c11adf1656caaf0a2abb7022a4
22defa2633c80ce129d96a5b9ebebb731fb19ae0
6feeddf955e328e6c146a873291ae990808cbeb9b1c3ffa42f7cdeff1d8ea455
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2808
Cache-Control: max-age=87578
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:05 GMT
Etag: "63852187-118"
Expires: Wed, 30 Nov 2022 21:47:43 GMT
Last-Modified: Mon, 28 Nov 2022 21:00:55 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 8TXYb4Z3qklBBjL8XNEcDfp/FkHlWGvmSqbfiM2PgRkp6XJhcveWvafIWCbRhpqJrVvdVxhaR7o=
x-amz-request-id: MQZKZDSA2215YPQ8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 20:44:57 GMT
age: 2588
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:28:05 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash bc5c10c11adf1656caaf0a2abb7022a4
22defa2633c80ce129d96a5b9ebebb731fb19ae0
6feeddf955e328e6c146a873291ae990808cbeb9b1c3ffa42f7cdeff1d8ea455
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2808
Cache-Control: max-age=87578
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:05 GMT
Etag: "63852187-118"
Expires: Wed, 30 Nov 2022 21:47:43 GMT
Last-Modified: Mon, 28 Nov 2022 21:00:55 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 1934a261f7e042e1bd80f832c3aa0243
330b9d8f9a3ef1b32a8b788895a31e13aa09b39f
66a647639cf87ed0633d0a9b58779e5989a2aed1881804dceb3cf97c11459824
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "66A647639CF87ED0633D0A9B58779E5989A2AED1881804DCEB3CF97C11459824"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7571
Expires: Tue, 29 Nov 2022 23:34:16 GMT
Date: Tue, 29 Nov 2022 21:28:05 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 21:11:13 GMT
cache-control: public,max-age=3600
age: 1012
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 1934a261f7e042e1bd80f832c3aa0243
330b9d8f9a3ef1b32a8b788895a31e13aa09b39f
66a647639cf87ed0633d0a9b58779e5989a2aed1881804dceb3cf97c11459824
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "66A647639CF87ED0633D0A9B58779E5989A2AED1881804DCEB3CF97C11459824"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7570
Expires: Tue, 29 Nov 2022 23:34:16 GMT
Date: Tue, 29 Nov 2022 21:28:06 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4363
Cache-Control: max-age=132685
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:06 GMT
Etag: "6385cba8-1d7"
Expires: Thu, 01 Dec 2022 10:19:31 GMT
Last-Modified: Tue, 29 Nov 2022 09:06:48 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 44 kB IP
Hash ceea7db8f717984418b4af4a7029fd44
680e7558ff9c04c21d9af6081cedbcbb76eda3b6
f0b6fe05d74db20654adce7b8461f0b0e96e0d0577ad1691b089e4a697b5933f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f50fd635895870df33a17fe377a6a038
dd65dfbbc810b095432cfd59f971af04a9e31ab7
ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP
File type ASCII text, with very long lines (1921)
Hash 3b5e04e35e60982c04760162a709c0a0
3bdb21f948a95820d8f66f46274aae2ad4e793aa
0fc451d50cdcdb6e3fb3438be209bc096f68ade69ba40162ab84d84d29c2b37e
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 29 Nov 2022 21:28:06 GMT
expires: Tue, 29 Nov 2022 21:28:06 GMT
cache-control: private, max-age=900
last-modified: Tue, 29 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43612
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f50fd635895870df33a17fe377a6a038
dd65dfbbc810b095432cfd59f971af04a9e31ab7
ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 3254f7c878d1f52f6503bf5b5b01b8fa
9061a49e98763ce6261db1792944ddd73a63ae03
ec1dace4e9720c35cdaecc0b552c805852d307eedbd02c06e9f3642facd4b3d3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EC1DACE4E9720C35CDAECC0B552C805852D307EEDBD02C06E9F3642FACD4B3D3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19093
Expires: Wed, 30 Nov 2022 02:46:19 GMT
Date: Tue, 29 Nov 2022 21:28:06 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1aa96893eefb23edcae5a5e02fe68b72
3d0a47b56bc185e6555fda2e6f66f36d7949b7fb
9bf6b9a4e0d425406d59508a911b342817fc7b1714fef7a31eed848e7fd2451a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BF6B9A4E0D425406D59508A911B342817FC7B1714FEF7A31EED848E7FD2451A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3230
Expires: Tue, 29 Nov 2022 22:21:56 GMT
Date: Tue, 29 Nov 2022 21:28:06 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 278 B IP
Hash e5cfe106605866ea2309326d0d77b536
10760bfbf43611da5e1c2781a5427afc7d928c4a
e3c20d55bf19b34b99fe83cbd760e5f1cb034621863aebfa3f04df0a418b8447
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6377
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:06 GMT
Last-Modified: Tue, 29 Nov 2022 19:41:50 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5nVObNhmbWjSIM8ZvHFdiA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +kAGbdbz4re+rHegzF4P0aTVDlE=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1941107888656c44ed84e98b515dd264
ea75e4a99ec553cf0539ab866b8174b9d01b91e4
1304be24714e48fb3996f6229bfbf0188ac7ad2292ecb5ebca5600005dffab1d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1304BE24714E48FB3996F6229BFBF0188AC7AD2292ECB5EBCA5600005DFFAB1D"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2275
Expires: Tue, 29 Nov 2022 22:06:01 GMT
Date: Tue, 29 Nov 2022 21:28:06 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 3254f7c878d1f52f6503bf5b5b01b8fa
9061a49e98763ce6261db1792944ddd73a63ae03
ec1dace4e9720c35cdaecc0b552c805852d307eedbd02c06e9f3642facd4b3d3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EC1DACE4E9720C35CDAECC0B552C805852D307EEDBD02C06E9F3642FACD4B3D3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19093
Expires: Wed, 30 Nov 2022 02:46:19 GMT
Date: Tue, 29 Nov 2022 21:28:06 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash b9fbd71f67201a0428c19d6a726c89bf
ab8f474825fca13772639ab689c0f190ef2ee7d1
fdced6c4d035e8f40e719aaa50eb9ad071c404e78f71f99a3c2e7bf886283c91
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FDCED6C4D035E8F40E719AAA50EB9AD071C404E78F71F99A3C2E7BF886283C91"
Last-Modified: Tue, 29 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9570
Expires: Wed, 30 Nov 2022 00:07:36 GMT
Date: Tue, 29 Nov 2022 21:28:06 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:56:05 GMT
expires: Tue, 28 Nov 2023 18:56:05 GMT
cache-control: public, max-age=31536000
age: 95521
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 40ce48359a1c3a5f1a0347a5e1aa6cbe
50e7a1e47058334ce76d640feca3cfd616e69c18
f72a564ba72dccd6b3b12d077276ed88cf244d8439c1980eecefef9c2948baec
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F72A564BA72DCCD6B3B12D077276ED88CF244D8439C1980EECEFEF9C2948BAEC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3254
Expires: Tue, 29 Nov 2022 22:22:20 GMT
Date: Tue, 29 Nov 2022 21:28:06 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 40ce48359a1c3a5f1a0347a5e1aa6cbe
50e7a1e47058334ce76d640feca3cfd616e69c18
f72a564ba72dccd6b3b12d077276ed88cf244d8439c1980eecefef9c2948baec
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F72A564BA72DCCD6B3B12D077276ED88CF244D8439C1980EECEFEF9C2948BAEC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3254
Expires: Tue, 29 Nov 2022 22:22:20 GMT
Date: Tue, 29 Nov 2022 21:28:06 GMT
Connection: keep-alive
exee.app/Mmq6v
200 OK 168 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61596)
Size 168 kB (167551 bytes)
Hash fa2821fa0e6bfa6f232bd8c08478240c
2c187785b73cf4dc261b4cfcf479e77c366ca939
eeb6bea1f8d8527015662e2cd77284536d8c29edd1d14e48df0a0d755d992cd9
GET /Mmq6v HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:05 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=a3b9df00e650949fb267bbb870cfa82b; path=/; HttpOnly
csrfToken=559b85541c38fb418f85eb39e9cb431b0c140fb23e3f755469e57a0c950208c4b08d9df8c6001897a9f9828f18f9197c9bb13fe36b337e66e9e7ca2f8973f85a; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AejtKCPlDOy1ogIVIGfll4056eyLp4TSjhwoDAhdv9aRFvRcjXChBqL%2FI3sZBvwwoDbH2dHp1gUpJe0RadOxqxp5wRdUNeDdUnqzs2LTAwPtPLzNk%2BR6IYI%2BmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e6e5c4d1cb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:52:41 GMT
expires: Tue, 28 Nov 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 95725
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
arthwhilearthu.com/utx?cb=L5F5uN01QFh3&top=exee.app&tid=822524
204 No Content 0 B URL HTTP/2 arthwhilearthu.com/utx?cb=L5F5uN01QFh3&top=exee.app&tid=822524
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=L5F5uN01QFh3&top=exee.app&tid=822524 HTTP/1.1
Host: arthwhilearthu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 21:28:06 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 29 Nov 2022 21:29:06 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: l_zQUj2C9GE2NYL1INYXiC6oWtKxuNgZnxKZsb2yeb5ACoiSpZ6yqg==
X-Firefox-Spdy: h2
arthwhilearthu.com/dkcxUEYXJVI9eRd6U3YzBCsMdXQwYgMWIkc3Bjc2QzAIZzNBMwZ+JRooRDQgBChfJGgYIkV1dDB/UmIqIx5lNxc0LV4YBAEkcB0AAQZjYTYbEUY8EDc+Uh8QEQlkEQUsDHdhIQMERhUQNS18IAUnLHAzLiAEd2EUHRUAARU0PX8zDh4eeR53AQ1nASEBBkYGDiI+dBEEJHN2HCEeEnknLg4SAmUBJHVjFQUdCXMZMR4QdycfHAJZYQQhE14GDiMBawoQMxBgYD4YDklhBCEUfBkQHRFVMxA8cWc8Mh0AYGUOIgBSOg4jAWsaLhUjYBMuGhJgYSIhHxxhAzUsfB8LJw1lGAMOKnsnNjIQdgIUNRJ/CSUgCngWFzcqcxZyFQJpFhIQLHsKHyN/eAYUDjdkEWAcNF4+NksTdiIiRz1baSAVIHlhPB8
200 OK 1.2 kB URL HTTP/2 arthwhilearthu.com/dkcxUEYXJVI9eRd6U3YzBCsMdXQwYgMWIkc3Bjc2QzAIZzNBMwZ+JRooRDQgBChfJGgYIkV1dDB/UmIqIx5lNxc0LV4YBAEkcB0AAQZjYTYbEUY8EDc+Uh8QEQlkEQUsDHdhIQMERhUQNS18IAUnLHAzLiAEd2EUHRUAARU0PX8zDh4eeR53AQ1nASEBBkYGDiI+dBEEJHN2HCEeEnknLg4SAmUBJHVjFQUdCXMZMR4QdycfHAJZYQQhE14GDiMBawoQMxBgYD4YDklhBCEUfBkQHRFVMxA8cWc8Mh0AYGUOIgBSOg4jAWsaLhUjYBMuGhJgYSIhHxxhAzUsfB8LJw1lGAMOKnsnNjIQdgIUNRJ/CSUgCngWFzcqcxZyFQJpFhIQLHsKHyN/eAYUDjdkEWAcNF4+NksTdiIiRz1baSAVIHlhPB8
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3028), with no line terminators
Hash 9dbaefcfd3d23197d684f4903af8478e
d0f3b327582b4e389812fdee3147ea78a8ea2f57
88491cd5f43608f884dce45535ba8cb11ea645df8c7a7487f1ae5d2c8d39e9d6
GET /dkcxUEYXJVI9eRd6U3YzBCsMdXQwYgMWIkc3Bjc2QzAIZzNBMwZ+JRooRDQgBChfJGgYIkV1dDB/UmIqIx5lNxc0LV4YBAEkcB0AAQZjYTYbEUY8EDc+Uh8QEQlkEQUsDHdhIQMERhUQNS18IAUnLHAzLiAEd2EUHRUAARU0PX8zDh4eeR53AQ1nASEBBkYGDiI+dBEEJHN2HCEeEnknLg4SAmUBJHVjFQUdCXMZMR4QdycfHAJZYQQhE14GDiMBawoQMxBgYD4YDklhBCEUfBkQHRFVMxA8cWc8Mh0AYGUOIgBSOg4jAWsaLhUjYBMuGhJgYSIhHxxhAzUsfB8LJw1lGAMOKnsnNjIQdgIUNRJ/CSUgCngWFzcqcxZyFQJpFhIQLHsKHyN/eAYUDjdkEWAcNF4+NksTdiIiRz1baSAVIHlhPB8 HTTP/1.1
Host: arthwhilearthu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1181
date: Tue, 29 Nov 2022 21:28:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: HXXerkErB1VqtFuIAYLHnUQbO_lvQE2TIjmmo0G1Qb_89eMBWeiqUg==
X-Firefox-Spdy: h2
arthwhilearthu.com/utx?cb=yVzBvj8DH47d&top=exee.app&tid=889494
204 No Content 0 B URL HTTP/2 arthwhilearthu.com/utx?cb=yVzBvj8DH47d&top=exee.app&tid=889494
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=yVzBvj8DH47d&top=exee.app&tid=889494 HTTP/1.1
Host: arthwhilearthu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 21:28:06 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 29 Nov 2022 21:29:06 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: tSEp82cUafoa7J4Ya5EcBU3dH_8UG1INqW4l7WfC8voZ71k3i2yB-w==
X-Firefox-Spdy: h2
arthwhilearthu.com/TVlHaDUsOyQFCixkJU5APzV6TQcLfHUuUXwpcA9FeC5+X0B6LXBGViE2MgxTPzYpHBsjPDNNBwttExJZBggQG0YbMBYGYwktFiRbNQ0jH3doawUNc3QpEhJeOBsTUHAMGx4Gf3wIYlp3ABsoGH03bXAsBgQTJSsFBhARXQYXLnMAYiM9MDxmeD0MIE0rOBJYAwE+BRFjNBQsLVwDOAs8YC8SFVAQfx8OLmwkDy0pWg8gCTFXfhQzDV0pbx0uWWhrAS1hfTYFO0EaCRMieisILAN7GGx+K205IRUwDS48FiZ6KwgsUX4MD3IsYnQgDD9aATwtBFEoIT9ddH1sfithYD50PFs1bSJbcygAFgRfFx8rTQcLAS5QXAwaBgtQDD0dDkIlbyQ+RWhrAStydCMQEVkcFgQ5ewQcAR5WNGhiWncOAX4eYn81CgwGDH8tG1ojKXoiYgExKhxEPD8
200 OK 1.2 kB URL HTTP/2 arthwhilearthu.com/TVlHaDUsOyQFCixkJU5APzV6TQcLfHUuUXwpcA9FeC5+X0B6LXBGViE2MgxTPzYpHBsjPDNNBwttExJZBggQG0YbMBYGYwktFiRbNQ0jH3doawUNc3QpEhJeOBsTUHAMGx4Gf3wIYlp3ABsoGH03bXAsBgQTJSsFBhARXQYXLnMAYiM9MDxmeD0MIE0rOBJYAwE+BRFjNBQsLVwDOAs8YC8SFVAQfx8OLmwkDy0pWg8gCTFXfhQzDV0pbx0uWWhrAS1hfTYFO0EaCRMieisILAN7GGx+K205IRUwDS48FiZ6KwgsUX4MD3IsYnQgDD9aATwtBFEoIT9ddH1sfithYD50PFs1bSJbcygAFgRfFx8rTQcLAS5QXAwaBgtQDD0dDkIlbyQ+RWhrAStydCMQEVkcFgQ5ewQcAR5WNGhiWncOAX4eYn81CgwGDH8tG1ojKXoiYgExKhxEPD8
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 7ea5ed0e1ed5d02a12886b5d62461ea9
a5f898a4f8e2f65781d2f3a8338d78baa8bae489
26688f15b866ef43ae84e86c11de7dbd352c5dcb119330e96913f22198b642c7
GET /TVlHaDUsOyQFCixkJU5APzV6TQcLfHUuUXwpcA9FeC5+X0B6LXBGViE2MgxTPzYpHBsjPDNNBwttExJZBggQG0YbMBYGYwktFiRbNQ0jH3doawUNc3QpEhJeOBsTUHAMGx4Gf3wIYlp3ABsoGH03bXAsBgQTJSsFBhARXQYXLnMAYiM9MDxmeD0MIE0rOBJYAwE+BRFjNBQsLVwDOAs8YC8SFVAQfx8OLmwkDy0pWg8gCTFXfhQzDV0pbx0uWWhrAS1hfTYFO0EaCRMieisILAN7GGx+K205IRUwDS48FiZ6KwgsUX4MD3IsYnQgDD9aATwtBFEoIT9ddH1sfithYD50PFs1bSJbcygAFgRfFx8rTQcLAS5QXAwaBgtQDD0dDkIlbyQ+RWhrAStydCMQEVkcFgQ5ewQcAR5WNGhiWncOAX4eYn81CgwGDH8tG1ojKXoiYgExKhxEPD8 HTTP/1.1
Host: arthwhilearthu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1187
date: Tue, 29 Nov 2022 21:28:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: dDCEbUrSCB2gGlTEZpvgeYsL0xbbHTJQw2GluWqNf9PuwWg0CMcAyw==
X-Firefox-Spdy: h2
arthwhilearthu.com/cTdEQXEQVScsThAKJmcEA1t5ZEM3EnYHFUBHcyYBREB9dgRGQ3NvEh1YMSUXA1gqNV8fUjBkQzdAF3EdMm4REB47XjMJFAsPIwsdCQ8hGQVCYncDBThNAQ46G0N0BCUgBgNyGgt+LBBJOQUVFyEYDnQiGhJYDygSHW8DCAQ7TgIiFSYHKwsWPwIic0lDchcyFhV0Mwg4JX4oCCAoQAs4SBpxBxdDO3R0Iz0iVCgIQSMFABkJAmITB0QUYCsWPSJiMA0jKAQmLwUIcz4DBBQEDhAVNmFxG0A4cCYvBQhxLXEdFwQeBBUGWzciNzQPIhlAH2IjGwQUBGkIJTxacXcwQHV0JxwVThcGN0RSFxQ0O04FLCtAegckKR1NERkjR1IcDzQVWTc3Ogl6LA0iKAEWCSg/UgwLJBBZMDc/QE91ZxsCWCoxTCJiNRFBAHQUNic
200 OK 1.2 kB URL HTTP/2 arthwhilearthu.com/cTdEQXEQVScsThAKJmcEA1t5ZEM3EnYHFUBHcyYBREB9dgRGQ3NvEh1YMSUXA1gqNV8fUjBkQzdAF3EdMm4REB47XjMJFAsPIwsdCQ8hGQVCYncDBThNAQ46G0N0BCUgBgNyGgt+LBBJOQUVFyEYDnQiGhJYDygSHW8DCAQ7TgIiFSYHKwsWPwIic0lDchcyFhV0Mwg4JX4oCCAoQAs4SBpxBxdDO3R0Iz0iVCgIQSMFABkJAmITB0QUYCsWPSJiMA0jKAQmLwUIcz4DBBQEDhAVNmFxG0A4cCYvBQhxLXEdFwQeBBUGWzciNzQPIhlAH2IjGwQUBGkIJTxacXcwQHV0JxwVThcGN0RSFxQ0O04FLCtAegckKR1NERkjR1IcDzQVWTc3Ogl6LA0iKAEWCSg/UgwLJBBZMDc/QE91ZxsCWCoxTCJiNRFBAHQUNic
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash 5b5ea56192b8cddd7df159d54048d1bf
01d3b49891421349ea06fac4cae4eaa81acb0acc
3801e730d01e9b1c8c9c52d3208766eeacab1136c73c20a37f831e5dff8b94c3
GET /cTdEQXEQVScsThAKJmcEA1t5ZEM3EnYHFUBHcyYBREB9dgRGQ3NvEh1YMSUXA1gqNV8fUjBkQzdAF3EdMm4REB47XjMJFAsPIwsdCQ8hGQVCYncDBThNAQ46G0N0BCUgBgNyGgt+LBBJOQUVFyEYDnQiGhJYDygSHW8DCAQ7TgIiFSYHKwsWPwIic0lDchcyFhV0Mwg4JX4oCCAoQAs4SBpxBxdDO3R0Iz0iVCgIQSMFABkJAmITB0QUYCsWPSJiMA0jKAQmLwUIcz4DBBQEDhAVNmFxG0A4cCYvBQhxLXEdFwQeBBUGWzciNzQPIhlAH2IjGwQUBGkIJTxacXcwQHV0JxwVThcGN0RSFxQ0O04FLCtAegckKR1NERkjR1IcDzQVWTc3Ogl6LA0iKAEWCSg/UgwLJBBZMDc/QE91ZxsCWCoxTCJiNRFBAHQUNic HTTP/1.1
Host: arthwhilearthu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1188
date: Tue, 29 Nov 2022 21:28:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: hN6oowrN27CwOzoQr95jey6ou5rbelWRg1dbMRsAmypY19j09xkZHw==
X-Firefox-Spdy: h2
cutopporting.com/TTBWZzJiDzUUDxsAbwhmJ2Y7AWQlCRcgaHhnZVN3F14MNlYqdXATWykNblUAeAJiQUIkVGtWFD5ENxNHPg1nQVsjVjlaFDsNZ0kBeR5lVhx8FiNaA2tEJgZVcAFwF0Y5XGtWBHsJYVIFfwhjVAJ+
204 No Content 0 B URL HTTP/2 cutopporting.com/TTBWZzJiDzUUDxsAbwhmJ2Y7AWQlCRcgaHhnZVN3F14MNlYqdXATWykNblUAeAJiQUIkVGtWFD5ENxNHPg1nQVsjVjlaFDsNZ0kBeR5lVhx8FiNaA2tEJgZVcAFwF0Y5XGtWBHsJYVIFfwhjVAJ+
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TTBWZzJiDzUUDxsAbwhmJ2Y7AWQlCRcgaHhnZVN3F14MNlYqdXATWykNblUAeAJiQUIkVGtWFD5ENxNHPg1nQVsjVjlaFDsNZ0kBeR5lVhx8FiNaA2tEJgZVcAFwF0Y5XGtWBHsJYVIFfwhjVAJ+ HTTP/1.1
Host: cutopporting.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 21:28:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hb3b8uALUe9oEdhu5IDi%2FCEgE8qL4NkCJxPui8s2xSQbjPFCGU6x5JZjdoDYLttvDNOo2a1DgPrywUz4SuNYjCK65f4DW%2BiAfZcdqFVfdGbZ0aP8%2FG2PueyvgVBtA6rzte8A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e6e607e3ab51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 40ce48359a1c3a5f1a0347a5e1aa6cbe
50e7a1e47058334ce76d640feca3cfd616e69c18
f72a564ba72dccd6b3b12d077276ed88cf244d8439c1980eecefef9c2948baec
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F72A564BA72DCCD6B3B12D077276ED88CF244D8439C1980EECEFEF9C2948BAEC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3254
Expires: Tue, 29 Nov 2022 22:22:20 GMT
Date: Tue, 29 Nov 2022 21:28:06 GMT
Connection: keep-alive
cutopporting.com/U1NJWjR8bCopCR44eDRVYwIOPHIZNS0bQHZhCw9iYisKNFg2CwELEic6LWcMZ2B7bAV1IyA+CWJrbylAMic8KQlidSA0UjxubywJYn15dAZ9YW8vCWJ1PSpVNG54fEQnJyVnBWVlcG0BZGFxbwdkYA
204 No Content 0 B URL HTTP/2 cutopporting.com/U1NJWjR8bCopCR44eDRVYwIOPHIZNS0bQHZhCw9iYisKNFg2CwELEic6LWcMZ2B7bAV1IyA+CWJrbylAMic8KQlidSA0UjxubywJYn15dAZ9YW8vCWJ1PSpVNG54fEQnJyVnBWVlcG0BZGFxbwdkYA
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /U1NJWjR8bCopCR44eDRVYwIOPHIZNS0bQHZhCw9iYisKNFg2CwELEic6LWcMZ2B7bAV1IyA+CWJrbylAMic8KQlidSA0UjxubywJYn15dAZ9YW8vCWJ1PSpVNG54fEQnJyVnBWVlcG0BZGFxbwdkYA HTTP/1.1
Host: cutopporting.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 21:28:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XtU%2F4oEAnZL9WU3ULkI7zADsKYCZdwYG%2BjHazn97kaAmNuxVyU8ZZUFS84AYlRYEZlo076SeH6iOGjdFskpNsLndIFXU0pGsWhymppQhhOoPPoCJPu8PHpz2KPmB811DXYMk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e6e608e46b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cutopporting.com/Q2hkS2RsVwc4WRowCCIpBFkwHwggKTINCAo/ExEBFlgmGiUVA0I/DSdVXHNdd1FQbRQqDFl6QjAcBT8RMFVVbQ0tDgt2QjVVVWVXd0ZXekpyThF2VWUcFCoDfllCOxA3BFl6UnVRU35TcVBReFF3
204 No Content 0 B URL HTTP/2 cutopporting.com/Q2hkS2RsVwc4WRowCCIpBFkwHwggKTINCAo/ExEBFlgmGiUVA0I/DSdVXHNdd1FQbRQqDFl6QjAcBT8RMFVVbQ0tDgt2QjVVVWVXd0ZXekpyThF2VWUcFCoDfllCOxA3BFl6UnVRU35TcVBReFF3
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Q2hkS2RsVwc4WRowCCIpBFkwHwggKTINCAo/ExEBFlgmGiUVA0I/DSdVXHNdd1FQbRQqDFl6QjAcBT8RMFVVbQ0tDgt2QjVVVWVXd0ZXekpyThF2VWUcFCoDfllCOxA3BFl6UnVRU35TcVBReFF3 HTTP/1.1
Host: cutopporting.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 21:28:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Omj0%2BQiwDgQuluRgbt%2Fj%2B7fv4kx9Hbhx%2BeANNJLF%2BjsoVYtT6CPVlrd%2BbE4T9qlDsrGuoQi%2FWWh9l84aMOWbU1k7f2F76Y%2FlldFOj4zVD9EcIE9BGM1zlsp1J6fWt1ABMYbt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e6e609e6db51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash e5cfe106605866ea2309326d0d77b536
10760bfbf43611da5e1c2781a5427afc7d928c4a
e3c20d55bf19b34b99fe83cbd760e5f1cb034621863aebfa3f04df0a418b8447
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6377
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:06 GMT
Last-Modified: Tue, 29 Nov 2022 19:41:50 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash b9fbd71f67201a0428c19d6a726c89bf
ab8f474825fca13772639ab689c0f190ef2ee7d1
fdced6c4d035e8f40e719aaa50eb9ad071c404e78f71f99a3c2e7bf886283c91
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FDCED6C4D035E8F40E719AAA50EB9AD071C404E78F71F99A3C2E7BF886283C91"
Last-Modified: Tue, 29 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9570
Expires: Wed, 30 Nov 2022 00:07:36 GMT
Date: Tue, 29 Nov 2022 21:28:06 GMT
Connection: keep-alive
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP
File type ASCII text, with very long lines (37172), with no line terminators
Hash ee625c7915628bfb756ae56deda5318f
d2e468dc060e8cde71741812e03903bc198e83d1
c54079473993b5bd26ebff2c8e51c42bb5b361e93a5cadab401b7da63a0f7288
Analyzer Verdict Alert quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:28:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dc50d04b6b9e357ea3163605042db0e2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FMmq6v&tag=v-exee-app&domain=exee.app
200 OK 2.1 kB URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FMmq6v&tag=v-exee-app&domain=exee.app
IP
File type JSON data\012- , ASCII text, with very long lines (8589)
Hash 9900c12b8ed16bb10d1f49172954e6e9
7f45ffbe2baba17d5e252218d9813d8b2f215260
92dde70caab1013a4454b8108c228d5a90b6d18505c1ca2612f0ebbd8e067379
GET /allowed_url.php?type=json&url=exee.app%2FMmq6v&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:06 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8GHOz%2BUChjwSwMp1swuqOC0XJ6iZ4BUCQtr1WkK5cNZaJHIVw%2F6nFizg9QpkD43GF%2Ft45ZBDVnUBgW9SVXzZJCl5bEPYrKV4lAcrMd3SGsR3eSV2tDo1IQ4W6HYJcx6FTSts"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e6e620ba2746c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d1p7gp5w97u7t7.cloudfront.net/4TzlKQWssViQnVDtQLnxTdwB+eF9pUzkuBT8EABYnJ1Q+MBopHz47D3IJbC0KIV53Zw4hWndwTS5dKHxfaU06LgByVyMkEiNaLTUbKR8/IFYiVjAoByNYb3Mtehd6ZFl/ET0oBStWPTJOfQkkNU59CXtxRX8ceQNOfQk9KAV5DW9yKWoLejldexx5A059CT-g3Tnx4e3FeYQljZFl/Xi8iACAceAdZfwh6cVp/CG9zWylQOCQNIEFvcy1+CX9vW2lMd3A
200 OK 620 B URL HTTP/2 d1p7gp5w97u7t7.cloudfront.net/4TzlKQWssViQnVDtQLnxTdwB+eF9pUzkuBT8EABYnJ1Q+MBopHz47D3IJbC0KIV53Zw4hWndwTS5dKHxfaU06LgByVyMkEiNaLTUbKR8/IFYiVjAoByNYb3Mtehd6ZFl/ET0oBStWPTJOfQkkNU59CXtxRX8ceQNOfQk9KAV5DW9yKWoLejldexx5A059CT-g3Tnx4e3FeYQljZFl/Xi8iACAceAdZfwh6cVp/CG9zWylQOCQNIEFvcy1+CX9vW2lMd3A
IP
File type ASCII text, with very long lines (869), with no line terminators
Hash cfbdd6af427b1dbc56d5208e754c3e52
f54cc29da973e2f0618a93b89df3ccf6300787c1
6279b1e8a09e6a010d059b833e0976999c4cc96b2e751d18f7635296499cdd64
GET /4TzlKQWssViQnVDtQLnxTdwB+eF9pUzkuBT8EABYnJ1Q+MBopHz47D3IJbC0KIV53Zw4hWndwTS5dKHxfaU06LgByVyMkEiNaLTUbKR8/IFYiVjAoByNYb3Mtehd6ZFl/ET0oBStWPTJOfQkkNU59CXtxRX8ceQNOfQk9KAV5DW9yKWoLejldexx5A059CT-g3Tnx4e3FeYQljZFl/Xi8iACAceAdZfwh6cVp/CG9zWylQOCQNIEFvcy1+CX9vW2lMd3A HTTP/1.1
Host: d1p7gp5w97u7t7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://arthwhilearthu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 620
date: Tue, 29 Nov 2022 21:28:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UWyKwgaHVHe-bofbBnhRpzvg5TutOUa5eWrgTyoimpR1jNp6ZEVEng==
X-Firefox-Spdy: h2
d1p7gp5w97u7t7.cloudfront.net/wS0lCYUQoJiwHez8gJlx8eXt3U3BtIzEOKjt0ETQ1G3kzIhQ8H2QVPi90ckcoKiclXGIuJyFcdW0oJgN5f282ESsgdCwIITIlIQYwOy9kFCV2JC0bLSclI0R2DXxsUWF5eWoWLSUtLRY3bntyDzBue3JQdGV5Z1IGbntyFi0lf3ZEdwlscFE8fX1nUgZue3-ITMm56A1B0fmdySGF5eSUEJyAmZ1MCeXlzUXR6eXNEdnsvKxMhLSY6RHYNeHJUantvN1x1
200 OK 502 B URL HTTP/2 d1p7gp5w97u7t7.cloudfront.net/wS0lCYUQoJiwHez8gJlx8eXt3U3BtIzEOKjt0ETQ1G3kzIhQ8H2QVPi90ckcoKiclXGIuJyFcdW0oJgN5f282ESsgdCwIITIlIQYwOy9kFCV2JC0bLSclI0R2DXxsUWF5eWoWLSUtLRY3bntyDzBue3JQdGV5Z1IGbntyFi0lf3ZEdwlscFE8fX1nUgZue3-ITMm56A1B0fmdySGF5eSUEJyAmZ1MCeXlzUXR6eXNEdnsvKxMhLSY6RHYNeHJUantvN1x1
IP
File type ASCII text, with very long lines (698), with no line terminators
Hash 30b63fed326f8e65f3a990a0f892588b
9fe9344932ebbb2e2355e872aa99796ddd801295
b68ef0a04c79cb9940858419eed81c9c751aa94daf3be4209b22ab4138270115
GET /wS0lCYUQoJiwHez8gJlx8eXt3U3BtIzEOKjt0ETQ1G3kzIhQ8H2QVPi90ckcoKiclXGIuJyFcdW0oJgN5f282ESsgdCwIITIlIQYwOy9kFCV2JC0bLSclI0R2DXxsUWF5eWoWLSUtLRY3bntyDzBue3JQdGV5Z1IGbntyFi0lf3ZEdwlscFE8fX1nUgZue3-ITMm56A1B0fmdySGF5eSUEJyAmZ1MCeXlzUXR6eXNEdnsvKxMhLSY6RHYNeHJUantvN1x1 HTTP/1.1
Host: d1p7gp5w97u7t7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://arthwhilearthu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 502
date: Tue, 29 Nov 2022 21:28:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7ZV9atwRgoTN_BwK4WyatAin9pX1VFlaovkkmSFWrIc4ga3y1lD5ZA==
X-Firefox-Spdy: h2
d1p7gp5w97u7t7.cloudfront.net/8c2lUYTgQBjoHBwcAMFwAR1pmVwlVAycOVgNUACZKF1guCwEVCjMpCQkAchVCF1RkR1QSBzNcHhYHN1wJVQgwAwVHTyEABR4GLghUHwhxU35GR2RECkNBIwhWFwYjEh1BWToVHUFZZVEWQ0xnIx1BWSMIVkVdcVJ6VltkGQ5HTGcjHUFZJhcdQChlUQ1dWX-1ECkMOMQJTHExmJwpDWGRRCUNYcVMIFQAmBF4cEXFTfkJZYU8IVRxpUA
200 OK 185 B URL HTTP/2 d1p7gp5w97u7t7.cloudfront.net/8c2lUYTgQBjoHBwcAMFwAR1pmVwlVAycOVgNUACZKF1guCwEVCjMpCQkAchVCF1RkR1QSBzNcHhYHN1wJVQgwAwVHTyEABR4GLghUHwhxU35GR2RECkNBIwhWFwYjEh1BWToVHUFZZVEWQ0xnIx1BWSMIVkVdcVJ6VltkGQ5HTGcjHUFZJhcdQChlUQ1dWX-1ECkMOMQJTHExmJwpDWGRRCUNYcVMIFQAmBF4cEXFTfkJZYU8IVRxpUA
IP
File type ASCII text, with no line terminators
Hash 701fe9e785459060df55b6c9b8cd2714
dbb5bb05596deb8980b7765baa8c59a3e2e2c29c
0393bc9d3f1f380b89ddff014628c0424df0c89c3aba38034157db672fb0b070
GET /8c2lUYTgQBjoHBwcAMFwAR1pmVwlVAycOVgNUACZKF1guCwEVCjMpCQkAchVCF1RkR1QSBzNcHhYHN1wJVQgwAwVHTyEABR4GLghUHwhxU35GR2RECkNBIwhWFwYjEh1BWToVHUFZZVEWQ0xnIx1BWSMIVkVdcVJ6VltkGQ5HTGcjHUFZJhcdQChlUQ1dWX-1ECkMOMQJTHExmJwpDWGRRCUNYcVMIFQAmBF4cEXFTfkJZYU8IVRxpUA HTTP/1.1
Host: d1p7gp5w97u7t7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://arthwhilearthu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 185
date: Tue, 29 Nov 2022 21:28:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: miGs0tO4Rv-hFJhp9YhijIMSdYe2w-5BIxA2zQEO4qJ7IJ7RAn82qw==
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 6d4aa81497d78e8890f1833dfd810f3b
1a661b0ea7a2272d32a364d110f8b2525a13a72a
c3127cd2765f7a80a75f4000fbbd0680b93a944448f0260b6c4a1dd6b041bbfa
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 29 Nov 2022 21:28:06 GMT
Last-Modified: Tue, 29 Nov 2022 20:11:15 GMT
Server: ECS (bsa/EB11)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: aObNpk11QnU3TZZ-jxn0Twm_xqC9_-MdYKbzZ0l0vdi_ZCR7VSSOTw==
Age: 4611
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 1ad1728a052cc6847545f1985173d3dd
1c5f374dfa107828660ee327c5c84aaf7c30589f
69c2131aa410fdad3d6708c9e99f8adc21dc79591a55087d49040ddc2959416a
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:06 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=3a30e415-cf48-4a52-bec1-81ab6539a16a:3:1; expires=Fri, 26 Nov 2032 21:28:06 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 1d7846e2a7294173c85271c0da130678
102a56df28bfb864653439cf703e0d8ca45f23cf
2774004fdfb065b1b02763317038c875bbadcf79fb05b6979c220c1a129ed04c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:28:06 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 04:52:36 GMT
Expires: Mon, 05 Dec 2022 04:52:35 GMT
Etag: "102a56df28bfb864653439cf703e0d8ca45f23cf"
Cache-Control: max-age=458068,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771e6e622cb41bfa-OSL
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 900
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Tue, 29 Nov 2022 21:28:06 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
friendshipmale.com/sfp.js
200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash db2fc48b6b0d4e8b3858fdbd47d4e3d6
1301d3600639c099b9b1b6cc61c31701710b9257
cdd0b92d2de5100231f85edb7717ceebb4c8a729d5e64a03a8f69815751e9d3a
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:06 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 5bb89068bfc7825be47f1c27afc6e208
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 29 Nov 2022 21:28:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F9sj3XHIdDZA1kGkR8R2RRn5jaecOWdBeaIUVQ8wpi60NzoXDdYPDq884ZujAtqesUU%2FxOfFcMVPXedMfHGdcIrvPUwUiupUa1a8QrbfOX%2FKorLeTMgf96wSFWbIKL4IfZ6bFGE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e6e627e2171bd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash c3c6fcc1a6ec6e438b371359a220d437
646d2c502eb3579d0c394dbdd16ef10f60f43063
5e75d86847b64e661c218e63d1b4b2c4a9ade7506b3b50fce16dd39ebaa5c5fe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5092
Cache-Control: max-age=134831
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:07 GMT
Etag: "6385d132-1d7"
Expires: Thu, 01 Dec 2022 10:55:18 GMT
Last-Modified: Tue, 29 Nov 2022 09:30:26 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8f12114c5e4071a91936f049f8234c94
61ddffbc7f1154cc8a5fe6fabbd976fe71027d6f
5b700cd09f0aa11ec03e2fe0cba0d92444cf70a880eecc5825e99636a6fbab4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pogothere.xyz/asd100.bin
200 OK 122 kB IP
Size 122 kB (122467 bytes)
Hash 862f01f82e9090a221bd402cbcf4dc33
90c00c302c9ba9461210d51f1608f094f8814850
2683e0af6a035ec270966e40369226f7ddb1f7773a53d74e139724f1e0035f8e
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:06 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3874
last-modified: Tue, 29 Nov 2022 20:23:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3xZpLnZWNPtZUininiNXuccm9WL%2BH%2Fej2NXqDKZncuih4oaqYFBILZUWBJsPy8CMFHQ17ChA92wBrTiI5xjoiFJlcsaIHoGA099u4i2cIsB0vz0MLpoucShThnedctBW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e6e60a88672f6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8f12114c5e4071a91936f049f8234c94
61ddffbc7f1154cc8a5fe6fabbd976fe71027d6f
5b700cd09f0aa11ec03e2fe0cba0d92444cf70a880eecc5825e99636a6fbab4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
imasdk.googleapis.com/js/sdkloader/ima3.js
200 OK 127 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/ima3.js
IP
File type ASCII text, with very long lines (2791)
Size 127 kB (126568 bytes)
Hash d298ebea71faa19cd8237ddf8c37d550
628f6436cdc4db74ecda4fad134b4499f41ad4cb
f02e9221a17b677d0aa0b76876bd82931f57bf5dd1ff9aa24a1ab945838b0e64
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 126568
date: Tue, 29 Nov 2022 21:28:07 GMT
expires: Tue, 29 Nov 2022 21:28:07 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 392 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (382)
Hash 8ba3d66314be7b16edd750b06e7fa256
4eb4867448a20a9325def7a40ffb402a618aa34c
896035534c7913525f96d4c5005fb080fed980e51732ecb31f4b0b5a51fdcdba
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 29 Nov 2022 21:28:07 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1074726652%3A1669757287167491&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsT3eukAe5O4HgEXGcarvv8mauvbe6VTejJXM_8M4INWv9xhsiL6LHdp8cqbyAKpGQPCdvc
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-POIH1uVUooU_NwOh3Xi7EQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:CkdJva8pT5s-RXa2oFDu9tG_5Mp5qA:gRw2AOCro81yWiiK;Path=/;Expires=Thu, 28-Nov-2024 21:28:07 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 389 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash 0e90599a72da009402c1336002d9dcc0
e3117e54869d1341802e772308ccbb026a5cc772
71cb4bb2da2929e5034038ec99043c895e85658229e20fee118661f3312988d1
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 29 Nov 2022 21:28:07 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1022702696%3A1669757287221479&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuDohSZI-tJw9iIcOfBQn4nwt4OmzCbR-Qde012FoWOHzbqWpiEGggp0yP6Q2vexBLHcM3o
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-lFY8UinCympkqQSg_8eZRA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 389
server: GSE
set-cookie: __Host-GAPS=1:ZK1azaWomtAvQCEDHG3rWinim1tajQ:gejAC7KdoU1OioY_;Path=/;Expires=Thu, 28-Nov-2024 21:28:07 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 473 B IP
Hash 19a851006db37647c6826b29dab2123b
fbd350e4b260a00201ce1fbd3f8417db8564dffe
e495a81d6d3c65dc0cbdd8441149dda79dd6726a8142f46aa4691400d4003144
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 124
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:06 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gge5AQS6egJfcizZ7M7ktw0Al3pmQSmDma9muVicaZ%2FS%2F2LRF4vd6ufQ6m1BdkYt73jv99Kp%2F1D5eHV0ug1X5T3ICVwdw0HXT26aTUjA0sol0I%2FC22FR%2BTGr%2FpfTWfpVNW2q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e6e6208298e1e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash c3c6fcc1a6ec6e438b371359a220d437
646d2c502eb3579d0c394dbdd16ef10f60f43063
5e75d86847b64e661c218e63d1b4b2c4a9ade7506b3b50fce16dd39ebaa5c5fe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5092
Cache-Control: max-age=134831
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:07 GMT
Etag: "6385d132-1d7"
Expires: Thu, 01 Dec 2022 10:55:18 GMT
Last-Modified: Tue, 29 Nov 2022 09:30:26 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7805
Expires: Tue, 29 Nov 2022 23:38:12 GMT
Date: Tue, 29 Nov 2022 21:28:07 GMT
Connection: keep-alive
a.vdo.ai/core/v-exee-app/vdo.ai.js
200 OK 5.0 kB URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP
File type ASCII text, with very long lines (8481)
Hash ae851d070107fc798d1c736a72eeb119
608193251778ce0f073eb9c321bab1a8fe5c2f0a
7eb67d799f7272a879f682e213e6c96ab99c012084868c64732523ac1a1de8c2
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:06 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
vdo-server: Tag2
cache-control: public, max-age=1800
x-varnish: 75745582 3361537
via: 1.1 varnish-v4
x-cache: HIT
cf-cache-status: EXPIRED
last-modified: Tue, 29 Nov 2022 21:27:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1OKYFhBOTVt%2Bn6iaKAb3ahI6%2B0SyunRNZlb5L9FvMy3tHWS5pIuCHj1qkqbo9Xlb6nkl935UBbzOjpNT4AriVLgUjY%2FiOgatDeErjxPUf1QPQr2JSHGGMLAcVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e6e5fd9c97521-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7805
Expires: Tue, 29 Nov 2022 23:38:12 GMT
Date: Tue, 29 Nov 2022 21:28:07 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
200 OK 16 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP
Hash 0b53054c42706f9e08954b7d138786ac
eb255e0dc02d236e3dd79cedc3bfcdcf84f5b877
45ea7c67b6d6479150b36ef4afaf4feef1bd8cf1ac49af501dc1280b0e938ad6
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 29 Nov 2022 21:28:06 GMT
date: Tue, 29 Nov 2022 21:28:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4058fd62595d15c58b3d3266de9865a
d0dff35eb78f129b5da407043037bcf9c27e55c0
ab996c23d58871a2ad53f0c34688c87f0d7c0eac5d0c1d8265b86951248449fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4871
x-amzn-requestid: e2dfa7b8-ded7-4104-a913-1b84746a3c6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLDUUEy_oAMFgSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638118e8-0b229e0f60ff019d26800dd9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 19:35:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qh3WqWdBmMG3fzchn3OvxbEpwm2wl_CXi105CL4uJda47N9ZX3CyLA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 09:01:36 GMT
age: 44791
etag: "d0dff35eb78f129b5da407043037bcf9c27e55c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83c1fedec73299637cc7dc47c48af758
2e3f7326aeea6be8a34bf2c39b34862c07bfdc41
1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4916
x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrELFoAMFaeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:18:11 GMT
age: 65396
etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg
200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a2a5c8d4113d282600462749315f2c4f
e2b4d2e15bb7c086333c0da438873e4c139ba931
9b5d0e5dd11d4cbf1c78a71730cd63544170c91ab635bf3cf917827ac84874e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4417
x-amzn-requestid: 01de83c2-51d2-4329-98f6-09a0edf46942
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnGEcRIAMFaXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852960-34583b6c588a0e937fcfaa46;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wqEe45jzMOryT-E-vThc39-cLiZudKF4gn6cS3LBmeaJ2amJF5GPIA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:54 GMT
age: 85273
etag: "e2b4d2e15bb7c086333c0da438873e4c139ba931"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg
200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d574c4db20a68295dbd06cb08f5990b
433061bbb226048765a711deca3026ee3e52372f
8cc1a4d18e242f8bfc8ab94637f635b73554b903462c29b06d0ec67872542afb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9203
x-amzn-requestid: 8cba52d6-3c1c-495c-bb9d-3ba6f0adc7e1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cHcHmGmQoAMF6dQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fa6fd-73abfa592ff223061401af9a;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 17:16:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UmhWm03jrsV8dFagrzIA0E-8eL8dykoO5kw3cYOBd172dCGqNdAX-Q==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:49:48 GMT
age: 63499
etag: "433061bbb226048765a711deca3026ee3e52372f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 22:01:55 GMT
age: 84372
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f1cfa609ebdf236e2f3e3ff25dd05caf
c8117b0187d4d9021ed1a42907bd93d24ed4ebf0
7a2761aa36168d4f2c9034486777f5588aaf0fa1f7d1e55006db7320259303b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 21:07:57 GMT
expires: Tue, 29 Nov 2022 22:07:57 GMT
cache-control: public, max-age=3600
age: 1210
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f1cfa609ebdf236e2f3e3ff25dd05caf
c8117b0187d4d9021ed1a42907bd93d24ed4ebf0
7a2761aa36168d4f2c9034486777f5588aaf0fa1f7d1e55006db7320259303b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c8579883603b2787a37500439b26600c
91533086396ad77d82aab2a400ff318034601302
92a77d5a37fe0c6c8a3c663fb0b4680fec72e8352afbc45ac2a7c38d5fdee235
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92A77D5A37FE0C6C8A3C663FB0B4680FEC72E8352AFBC45AC2A7C38D5FDEE235"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3230
Expires: Tue, 29 Nov 2022 22:21:58 GMT
Date: Tue, 29 Nov 2022 21:28:08 GMT
Connection: keep-alive
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash d408a6e1bbc3d35236536361f0e5c37e
fb4e99c55de2136b51e5654643f3433bd8a8f447
dd303c1822ae32f81831821f791684475237232549851a6b27a67e2e76b42e64
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 29 Nov 2022 21:28:08 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 29 Nov 2022 18:23:42 GMT
Expires: Wed, 30 Nov 2022 18:23:42 GMT
ETag: "fb4e99c55de2136b51e5654643f3433bd8a8f447"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash d408a6e1bbc3d35236536361f0e5c37e
fb4e99c55de2136b51e5654643f3433bd8a8f447
dd303c1822ae32f81831821f791684475237232549851a6b27a67e2e76b42e64
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 29 Nov 2022 21:28:08 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 29 Nov 2022 18:23:42 GMT
Expires: Wed, 30 Nov 2022 18:23:42 GMT
ETag: "fb4e99c55de2136b51e5654643f3433bd8a8f447"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash d408a6e1bbc3d35236536361f0e5c37e
fb4e99c55de2136b51e5654643f3433bd8a8f447
dd303c1822ae32f81831821f791684475237232549851a6b27a67e2e76b42e64
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 29 Nov 2022 21:28:08 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 29 Nov 2022 18:23:42 GMT
Expires: Wed, 30 Nov 2022 18:23:42 GMT
ETag: "fb4e99c55de2136b51e5654643f3433bd8a8f447"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.16.1
Date: Tue, 29 Nov 2022 21:28:08 GMT
Connection: keep-alive
Expires: Wed, 29 Nov 2023 21:28:08 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
200 OK 7.7 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
IP
Hash 928d1e1d2c8615e123add5e629634f60
222ab4d2b2ea090da583b3dc356f0979f4d6801c
9be36bbf2e0af17b45c5347c4917a457db6165f11070bf0d9410961268a6ae23
GET /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Tue, 29 Nov 2022 21:28:08 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d3b-bf8c"
Expires: Wed, 29 Nov 2023 21:28:08 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
yearbookhobblespinal.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=3a30e415-cf48-4a52-bec1-81ab6539a16a%3A3%3A1
200 OK 3.3 kB URL HTTP/1.1 yearbookhobblespinal.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=3a30e415-cf48-4a52-bec1-81ab6539a16a%3A3%3A1
IP
File type JSON data\012- , ASCII text, with very long lines (5833), with no line terminators
Hash d5bafdea622d99b8499b4d809a57cd3b
7fb90be9d153cd482a33aeb2b9ffdc402473fae7
bf38fe5f3f35efa924475f76905936774842f393274235d691cec1e745459b85
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=3a30e415-cf48-4a52-bec1-81ab6539a16a%3A3%3A1 HTTP/1.1
Host: yearbookhobblespinal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:28:08 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://exee.app
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Wed, 30 Nov 2022 21:28:08 GMT; secure; SameSite=None
uid_id2=3a30e415-cf48-4a52-bec1-81ab6539a16a:3:1; expires=Tue, 06 Dec 2022 21:28:08 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 30 Nov 2022 21:28:08 GMT; secure; SameSite=None
uncs=1; expires=Wed, 30 Nov 2022 21:28:08 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 30 Nov 2022 21:28:08 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 30 Nov 2022 21:28:08 GMT; secure; SameSite=None
slecf585f65c6c65123b95dd09be324de3bb=[3760951]; expires=Tue, 29 Nov 2022 21:28:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4b5c0657dd804552cd4a385ffe5d70bd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/16494291789562504aba5f866.png
200 OK 69 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/16494291789562504aba5f866.png
IP
File type PNG image data, 320 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash b49d6e91482e1db917958f2a32a0b1bc
38c5ad2beec3f2cd782da2ee1a9f300a57a5115e
4ef36c7fb595d9e325c5d15b8143c03774407dc5da6c9a77ff9160580136a46d
GET /media_file/v-exee-app/source/uploads/thumbnails/16494291789562504aba5f866.png HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Tue, 29 Nov 2022 21:28:08 GMT
Content-Type: image/png
Content-Length: 69290
Last-Modified: Fri, 08 Apr 2022 14:46:21 GMT
Connection: keep-alive
ETag: "62504abd-10eaa"
Expires: Wed, 29 Nov 2023 21:28:08 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.16.1
Date: Tue, 29 Nov 2022 21:28:08 GMT
Connection: keep-alive
Expires: Wed, 29 Nov 2023 21:28:08 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
ocsp.digicert.com/
200 OK 55 B IP
File type HTML document, ASCII text
Hash 9f073354411bbaf7a319b1519f10b4b7
571498f38548829bf186f49f5be9d5fa6e689a68
4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6574
Cache-Control: max-age=168398
Content-Type: text/html
Date: Tue, 29 Nov 2022 21:28:08 GMT
Etag: "63864e88-118"
Expires: Thu, 01 Dec 2022 20:14:46 GMT
Last-Modified: Tue, 29 Nov 2022 18:25:12 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 55
yearbookhobblespinal.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRitTtaLelDJxYMyiIiCO9s9PT07Y4TFNSYu5o8kkptQfz1bTk1XU9U9PTsgLAZCDh5GPOix981mF2MIxqMQlVkvYUDMeJA9uJCzIIKYs8zuwOJ3qO%2Breu%2Fwvffq5lZ%2BQHzkdP%2FyBTNQWtOlqOpXXr%2BuEmEKV7l4rRL4Vf905bpKGvXTlf7ssL23Aj%2Bq%2Bm9UzkneMUs1P%2FD9wA8qZ5WVsekvHaJQ6d1WUG351XqtGkR19O3%2F7y734KgH0TsgL0CJ6VPrD%2B9D8TGS7rdnpOtkJn3zvW6uaWYsemL3w6STmCJB93iMrYc42Z2zYdyUkK9OwCS7cwUwve2ZAjA1Jd7vAViyO18TrHf7aFOmIRMw8QyK3hhSj6HoGNzcgBKPCMAFLl5C0t25aGxBN45QOkOnZOHJP1DFlCz8cQpJ996qVv3KVaPzTJnEoR%2BXUP0xVHuMNN9DNvCgij3w7FMo8QtZenIeSXf7ktMGSuy%2FGtLQl%2FUgWuRxvblYp1FtkUkeLDYDyhpR2KJBgx5apNQYKh5DyyGoO4nceciVhzz2kKceumK%2FQqNW7PvLMYvDsFnnnIch51GzISIR1puxj5zPNAyRpUNwPQS3m0jtJjpqCJv%2FBLdewgkPLiPoiRKFJCgcQUEJCkVQZARFr7wttKu5ckdol7Ng3mvzHpYjk7W36G2TtWVCttID8vzMOO%2B5O6fQkfuVOGpGcSPiDd6IglrIWpEQfovJsFYXMmQMTpVQ7gSo8zBQU3Lykz%2BRqik5sboERvfg9B64egU0fwm0GC3XfND1Ub3pY5DsyL6sKgNhSqTZArINb0sfkBcPo2vxZUg%2BWfnr2bXvP4pWwG2J1Jb4WP1M0Na3RldMQbavmMKR%2B5fSTHXVgM5ivZrRTC7c%2BUBuFMaKtTNu%2BPU7fAbMxrvXpMvO00SopO3IN6tKCGnPGsslebDmrkt2OXfrq7lN8vT85XfPrnVTK51TJhmDqkfLX4CrKXn6wubhh335s4dQdgybl%2BjmEzIvKLMHnm7CpZOVx%2BfunRo8fh%2FOEFh9zGGphyIvR7bGjh%2B1mpLwtX%2Bh5WTluy9%2F7Tz44W1QVsLJYxuYnPz49xF%2Fy91C23qg2Q0k3RI9W6KnS1A9hMtPjrLUTlZ%2BCw8LTHsjpq23zbTVnx%2FZ69R%2BRUaxH0u%2FJlncYvEy9UUrrrcYbQVymUU0QOam%2FObG%2Bn8AAAD%2F%2FwEAAP%2F%2FRXc0AYwEAAA%3D
200 OK 7 B URL HTTP/1.1 yearbookhobblespinal.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRitTtaLelDJxYMyiIiCO9s9PT07Y4TFNSYu5o8kkptQfz1bTk1XU9U9PTsgLAZCDh5GPOix981mF2MIxqMQlVkvYUDMeJA9uJCzIIKYs8zuwOJ3qO%2Breu%2Fwvffq5lZ%2BQHzkdP%2FyBTNQWtOlqOpXXr%2BuEmEKV7l4rRL4Vf905bpKGvXTlf7ssL23Aj%2Bq%2Bm9UzkneMUs1P%2FD9wA8qZ5WVsekvHaJQ6d1WUG351XqtGkR19O3%2F7y734KgH0TsgL0CJ6VPrD%2B9D8TGS7rdnpOtkJn3zvW6uaWYsemL3w6STmCJB93iMrYc42Z2zYdyUkK9OwCS7cwUwve2ZAjA1Jd7vAViyO18TrHf7aFOmIRMw8QyK3hhSj6HoGNzcgBKPCMAFLl5C0t25aGxBN45QOkOnZOHJP1DFlCz8cQpJ996qVv3KVaPzTJnEoR%2BXUP0xVHuMNN9DNvCgij3w7FMo8QtZenIeSXf7ktMGSuy%2FGtLQl%2FUgWuRxvblYp1FtkUkeLDYDyhpR2KJBgx5apNQYKh5DyyGoO4nceciVhzz2kKceumK%2FQqNW7PvLMYvDsFnnnIch51GzISIR1puxj5zPNAyRpUNwPQS3m0jtJjpqCJv%2FBLdewgkPLiPoiRKFJCgcQUEJCkVQZARFr7wttKu5ckdol7Ng3mvzHpYjk7W36G2TtWVCttID8vzMOO%2B5O6fQkfuVOGpGcSPiDd6IglrIWpEQfovJsFYXMmQMTpVQ7gSo8zBQU3Lykz%2BRqik5sboERvfg9B64egU0fwm0GC3XfND1Ub3pY5DsyL6sKgNhSqTZArINb0sfkBcPo2vxZUg%2BWfnr2bXvP4pWwG2J1Jb4WP1M0Na3RldMQbavmMKR%2B5fSTHXVgM5ivZrRTC7c%2BUBuFMaKtTNu%2BPU7fAbMxrvXpMvO00SopO3IN6tKCGnPGsslebDmrkt2OXfrq7lN8vT85XfPrnVTK51TJhmDqkfLX4CrKXn6wubhh335s4dQdgybl%2BjmEzIvKLMHnm7CpZOVx%2BfunRo8fh%2FOEFh9zGGphyIvR7bGjh%2B1mpLwtX%2Bh5WTluy9%2F7Tz44W1QVsLJYxuYnPz49xF%2Fy91C23qg2Q0k3RI9W6KnS1A9hMtPjrLUTlZ%2BCw8LTHsjpq23zbTVnx%2FZ69R%2BRUaxH0u%2FJlncYvEy9UUrrrcYbQVymUU0QOam%2FObG%2Bn8AAAD%2F%2FwEAAP%2F%2FRXc0AYwEAAA%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRitTtaLelDJxYMyiIiCO9s9PT07Y4TFNSYu5o8kkptQfz1bTk1XU9U9PTsgLAZCDh5GPOix981mF2MIxqMQlVkvYUDMeJA9uJCzIIKYs8zuwOJ3qO%2Breu%2Fwvffq5lZ%2BQHzkdP%2FyBTNQWtOlqOpXXr%2BuEmEKV7l4rRL4Vf905bpKGvXTlf7ssL23Aj%2Bq%2Bm9UzkneMUs1P%2FD9wA8qZ5WVsekvHaJQ6d1WUG351XqtGkR19O3%2F7y734KgH0TsgL0CJ6VPrD%2B9D8TGS7rdnpOtkJn3zvW6uaWYsemL3w6STmCJB93iMrYc42Z2zYdyUkK9OwCS7cwUwve2ZAjA1Jd7vAViyO18TrHf7aFOmIRMw8QyK3hhSj6HoGNzcgBKPCMAFLl5C0t25aGxBN45QOkOnZOHJP1DFlCz8cQpJ996qVv3KVaPzTJnEoR%2BXUP0xVHuMNN9DNvCgij3w7FMo8QtZenIeSXf7ktMGSuy%2FGtLQl%2FUgWuRxvblYp1FtkUkeLDYDyhpR2KJBgx5apNQYKh5DyyGoO4nceciVhzz2kKceumK%2FQqNW7PvLMYvDsFnnnIch51GzISIR1puxj5zPNAyRpUNwPQS3m0jtJjpqCJv%2FBLdewgkPLiPoiRKFJCgcQUEJCkVQZARFr7wttKu5ckdol7Ng3mvzHpYjk7W36G2TtWVCttID8vzMOO%2B5O6fQkfuVOGpGcSPiDd6IglrIWpEQfovJsFYXMmQMTpVQ7gSo8zBQU3Lykz%2BRqik5sboERvfg9B64egU0fwm0GC3XfND1Ub3pY5DsyL6sKgNhSqTZArINb0sfkBcPo2vxZUg%2BWfnr2bXvP4pWwG2J1Jb4WP1M0Na3RldMQbavmMKR%2B5fSTHXVgM5ivZrRTC7c%2BUBuFMaKtTNu%2BPU7fAbMxrvXpMvO00SopO3IN6tKCGnPGsslebDmrkt2OXfrq7lN8vT85XfPrnVTK51TJhmDqkfLX4CrKXn6wubhh335s4dQdgybl%2BjmEzIvKLMHnm7CpZOVx%2BfunRo8fh%2FOEFh9zGGphyIvR7bGjh%2B1mpLwtX%2Bh5WTluy9%2F7Tz44W1QVsLJYxuYnPz49xF%2Fy91C23qg2Q0k3RI9W6KnS1A9hMtPjrLUTlZ%2BCw8LTHsjpq23zbTVnx%2FZ69R%2BRUaxH0u%2FJlncYvEy9UUrrrcYbQVymUU0QOam%2FObG%2Bn8AAAD%2F%2FwEAAP%2F%2FRXc0AYwEAAA%3D HTTP/1.1
Host: yearbookhobblespinal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=3a30e415-cf48-4a52-bec1-81ab6539a16a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:28:08 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4220e7f327c605ca6b1decf7bba756d8
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 9023f7c58094afb6679b8203371347f2
e4e0913494d8ef22785d0ac1ea37a6ccd07e7814
d8b439484d97223421026fbf662741696bb6e573273bfd2cff066b1c1e08e871
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D8B439484D97223421026FBF662741696BB6E573273BFD2CFF066B1C1E08E871"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12350
Expires: Wed, 30 Nov 2022 00:53:58 GMT
Date: Tue, 29 Nov 2022 21:28:08 GMT
Connection: keep-alive
yearbookhobblespinal.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Findex.html&l=1525&fd=69
200 OK 0 B URL HTTP/1.1 yearbookhobblespinal.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Findex.html&l=1525&fd=69
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Findex.html&l=1525&fd=69 HTTP/1.1
Host: yearbookhobblespinal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=3a30e415-cf48-4a52-bec1-81ab6539a16a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:28:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
206 Partial Content 391 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
IP
Size 391 kB (391040 bytes)
Hash 1b12fa9a67b15135ee51bd1adfdd5831
6803487aeb9c8614bcb7d5173fd5c8e8d99e8cbd
6c90bfc07e47febe7dd92eb1bc86b7f67d54a6cbad30577c9efe629eeeb24a22
GET /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-391039
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.16.1
Date: Tue, 29 Nov 2022 21:28:08 GMT
Content-Type: video/mp2t
Content-Length: 391040
Last-Modified: Sat, 30 Jul 2022 00:37:15 GMT
Connection: keep-alive
ETag: "62e47d3b-113cda88"
Expires: Wed, 29 Nov 2023 21:28:08 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-391039/289200776
cdn.yourwebbars.com/sb/notifications/software/multi/browsers/ff/3/index.html
200 OK 3.4 kB URL HTTP/2 cdn.yourwebbars.com/sb/notifications/software/multi/browsers/ff/3/index.html
IP
File type HTML document text\012- HTML document, ASCII text
Hash e4328edf191fcdf9bd23c103d68137bc
7c16d517c38514874e75961349e4844ef09cb82d
7dee5279af5518ea6dc9d95bcad53bd4b8fe3b98afe4156bb309963960d20559
GET /sb/notifications/software/multi/browsers/ff/3/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:08 GMT
content-type: text/html
last-modified: Thu, 08 Sep 2022 07:49:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 620942
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZlzsRbViE%2BzpdAPKCta9PWh4%2B2yEn8iVt1Lvr6KeuJoia7eqApOUYoQlWA2xLBevt7xFFRGfSwAKzr577x2GLmrdvegG%2BxHt1cdDdkAKE%2BuiSXsG%2FfxY81tL6o5KLImUvXnh4qI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e6e6d5cb8b4f7-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/close.png
200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/close.png
IP
Hash e0c20a68d57ab5cc845436c274193a82
0b28c059907d46d86cf814ef1990e51b7e18fe0f
ee302ba17f9c0546684792a36932c44fac843767ed3d7ab179df6d0c8bebc56a
GET /sb/notifications/software/multi/browsers/ff/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:09 GMT
content-type: image/png
content-length: 5982
last-modified: Thu, 08 Sep 2022 07:49:57 GMT
etag: "63199ea5-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fri9BQeimJI3Pq6bbt%2FB6gXYcxmNTd8depF7ztxr2%2BZBYbo0reIHvzShIVUGtB3Zt0RaGSjziTKXPd5hQLnPLAWTPnR%2F%2Bjpj0qZsx7TL2OkmnsICZdCYFRfGcRG%2B2r4lzRdJsUjOUBK2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e6e6eebd0744f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 30462b52571c91f089bed4de98462a46
7e2b322ea5b8f97b2fa76751bcffe2a420f872eb
c5403dfefa9d043ac501963ff09a6d3d70e21f6e6a1b9728183a3490060a4bfc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 1.1 kB IP
File type gzip compressed data, max compression\012- data
Hash 6e6b01c041eaba2ca2b34492f5fddb0c
c883b45e6ce3eb67883aaaee5af1e0b0ccbf4c21
37750d6ed703ea608ec139f2eb2d2b573e31a92af41d9e10798b4297545c3efe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 9023f7c58094afb6679b8203371347f2
e4e0913494d8ef22785d0ac1ea37a6ccd07e7814
d8b439484d97223421026fbf662741696bb6e573273bfd2cff066b1c1e08e871
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D8B439484D97223421026FBF662741696BB6E573273BFD2CFF066B1C1E08E871"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12349
Expires: Wed, 30 Nov 2022 00:53:58 GMT
Date: Tue, 29 Nov 2022 21:28:09 GMT
Connection: keep-alive
s0.2mdn.net/instream/video/client.js
200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Tue, 29 Nov 2022 21:28:09 GMT
expires: Tue, 29 Nov 2022 21:28:09 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=exee.app
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 29 Nov 2022 21:28:09 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 30462b52571c91f089bed4de98462a46
7e2b322ea5b8f97b2fa76751bcffe2a420f872eb
c5403dfefa9d043ac501963ff09a6d3d70e21f6e6a1b9728183a3490060a4bfc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:28:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yearbookhobblespinal.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fmagic.css&l=45250&fd=351
200 OK 0 B URL HTTP/1.1 yearbookhobblespinal.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fmagic.css&l=45250&fd=351
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fmagic.css&l=45250&fd=351 HTTP/1.1
Host: yearbookhobblespinal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=3a30e415-cf48-4a52-bec1-81ab6539a16a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:28:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
yearbookhobblespinal.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fstyle.css&l=3735&fd=352
200 OK 0 B URL HTTP/1.1 yearbookhobblespinal.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fstyle.css&l=3735&fd=352
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fstyle.css&l=3735&fd=352 HTTP/1.1
Host: yearbookhobblespinal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=3a30e415-cf48-4a52-bec1-81ab6539a16a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:28:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/update-icon.png
200 OK 175 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/update-icon.png
IP
Size 175 kB (175403 bytes)
Hash 804284add4656a2acb363d5b55612568
67a33b411a158bc1bb29f661849b786bd08c5cdf
1171a5e8fe5d30559867fa6701a83f37d02b0b1417c7630814fa68244f80f8c2
GET /sb/notifications/software/multi/browsers/ff/3/img/update-icon.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:09 GMT
content-type: image/png
content-length: 174730
last-modified: Thu, 08 Sep 2022 07:49:58 GMT
etag: "63199ea6-2aa8a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AyPgg0%2F25dwsI6KuN0TsC3zovUbrUq1S79OYyuviIynWUWLvjMCaIGwQRUZulx6JLlG8ekXirxJpnQet3vxyKd1dwgTrePNVZrWr9ajJdRs2i0i%2BMsFhSDn4wkZdmIS7xq7WFodvIwBA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e6e6eebd6744f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/js/script.js
200 OK 5.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/js/script.js
IP
Hash 88172556a5f2506104d2150531abdd69
ebb23264dbedfa415cbc753a0cecb73b5f1f0946
08d457dc0209aa82fc8a5f1dfefef7477877371a638f3bc89ec215f0c1fae3e2
GET /sb/notifications/software/multi/browsers/ff/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:09 GMT
content-type: application/javascript
last-modified: Thu, 08 Sep 2022 07:49:59 GMT
etag: W/"63199ea7-2ae2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gzXHix7KE59VnXXM3JWrq04XbzzMSPfK1ayLaU5MWDvdsY4PgtjldBMgyztwALGNBwX67qMZw1OfU2%2Bq4KHVh%2BULtqV0b65BobvDCz5l%2B8NTXMcHL0K1SN0V42xQqDej9F6JXPzuTUuL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e6e7228f3744f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
yearbookhobblespinal.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fjs%2Fscript.js&l=8814&fd=248
200 OK 0 B URL HTTP/1.1 yearbookhobblespinal.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fjs%2Fscript.js&l=8814&fd=248
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fjs%2Fscript.js&l=8814&fd=248 HTTP/1.1
Host: yearbookhobblespinal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=3a30e415-cf48-4a52-bec1-81ab6539a16a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:28:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:33:54 GMT
expires: Thu, 23 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 525255
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:15 GMT
expires: Thu, 23 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 525234
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
yearbookhobblespinal.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRitTtaLelDJxYMyiIiCO9s93T0%2FRlhcY%2BJi%2FkgiuQn117vl1nQ1Vd3TswvCYiDk4GHEgx5732x2MYZgPApRmfUSBsSMB9mDCzkLIog5y%2BwOLH6H%2Br6q9w7fe69ubhUHxEdB9y9fMBtKa7oQ1%2F3a69dVKkzpahev1QK%2F7p%2BuXVdpMzpd608P23sr8OO6%2F0btnORrZqHhB74f%2BEHtrLIyMf2FQxQqu9sJ6h2%2FHjXqQRyhb%2F9%2Fd4UHRz2I3gF5AUpMnlp9eB%2BKj5B2vz0j3Vpusjff6xaa5saiJ3Y%2FTNdSU6boHo%2BJ9ZCkuzM2jJsQ8tUJmHR3pgCmtz1VAKYmxPs9AEt3Z2uC9W4fbco0ZAomnkHZG0HqERQdgZsbUOIRAbjAxUtIuzsXjS3p%2BhFKp%2BiEzD35B6qckLk%2FTiHt3lvSql%2B7anSRK5M69JMKqj%2BCWhkhK%2FaQb3hQ5R54%2FimU%2BIUsPDmPtLt9yWkDJfZfDWnoyyiI53kStecjGjfmmeTBfDugrBmHHRo06aFFSo2gkhG0HIC6kyich0J5KBIPReahK%2FZrNO4kvt9KWBKG7YhzHoacx%2B2miEUYtRMfBZ9qGCDPBuB6AG43kdlNrKkBbPET3GoFJzy4nKAnKpSSoHQEJSUoFUGZE5S96rbQruGqHaFdwYJZb8x6WA1NvrJFb5t8RaZkKzsgz0%2BN8567cwprcr%2BWxO04aca8yZtx0AhZJxbC7zAZNiIhQ8bgVAXlToA6DxtqQk5%2B8icyNSEnlhbA6B6c3gNXr4AWL4GWw1bDB10dRm0fG%2BmO7Mu6MhCmQpbPIV%2F3tvQBefEwug5vQfLx4l%2FPLn%2F%2FUbwIbitktsLH6meCFX1reMWUZPuKKR25fynLVVdt0GmsV3Oay7k7H8j10lixfMYNvn6HT4HpePeadPl5mgqVrjjyzZISQtqzxnJJHiy765JdLtzqUmHTIjt%2F%2Bd2zy93MSueUSUeg6lHrC3A1IU9f2Dz8sC9%2F9hDKjmCLCt1iTGYFZfbAs024bLz4%2BNy9UxuP34czBFYfc1jmoSyqoW2w40etJiR87V9oOV787stf1x788DYoq%2BDksQ1Mjn%2F8%2B4i%2F5W5hxXqg%2BQ2k3Qo9W6GnK1A9gCtODvPMjhd%2FCw8LTHtDpq23zbTVnx%2FZ69R%2BLQ4i2WbtFheCSS6CViNsh77fECJqdWTQQe4m%2FOb66n8AAAD%2F%2FwEAAP%2F%2FUX%2B654wEAAA%3D
200 OK 7 B URL HTTP/1.1 yearbookhobblespinal.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRitTtaLelDJxYMyiIiCO9s93T0%2FRlhcY%2BJi%2FkgiuQn117vl1nQ1Vd3TswvCYiDk4GHEgx5732x2MYZgPApRmfUSBsSMB9mDCzkLIog5y%2BwOLH6H%2Br6q9w7fe69ubhUHxEdB9y9fMBtKa7oQ1%2F3a69dVKkzpahev1QK%2F7p%2BuXVdpMzpd608P23sr8OO6%2F0btnORrZqHhB74f%2BEHtrLIyMf2FQxQqu9sJ6h2%2FHjXqQRyhb%2F9%2Fd4UHRz2I3gF5AUpMnlp9eB%2BKj5B2vz0j3Vpusjff6xaa5saiJ3Y%2FTNdSU6boHo%2BJ9ZCkuzM2jJsQ8tUJmHR3pgCmtz1VAKYmxPs9AEt3Z2uC9W4fbco0ZAomnkHZG0HqERQdgZsbUOIRAbjAxUtIuzsXjS3p%2BhFKp%2BiEzD35B6qckLk%2FTiHt3lvSql%2B7anSRK5M69JMKqj%2BCWhkhK%2FaQb3hQ5R54%2FimU%2BIUsPDmPtLt9yWkDJfZfDWnoyyiI53kStecjGjfmmeTBfDugrBmHHRo06aFFSo2gkhG0HIC6kyich0J5KBIPReahK%2FZrNO4kvt9KWBKG7YhzHoacx%2B2miEUYtRMfBZ9qGCDPBuB6AG43kdlNrKkBbPET3GoFJzy4nKAnKpSSoHQEJSUoFUGZE5S96rbQruGqHaFdwYJZb8x6WA1NvrJFb5t8RaZkKzsgz0%2BN8567cwprcr%2BWxO04aca8yZtx0AhZJxbC7zAZNiIhQ8bgVAXlToA6DxtqQk5%2B8icyNSEnlhbA6B6c3gNXr4AWL4GWw1bDB10dRm0fG%2BmO7Mu6MhCmQpbPIV%2F3tvQBefEwug5vQfLx4l%2FPLn%2F%2FUbwIbitktsLH6meCFX1reMWUZPuKKR25fynLVVdt0GmsV3Oay7k7H8j10lixfMYNvn6HT4HpePeadPl5mgqVrjjyzZISQtqzxnJJHiy765JdLtzqUmHTIjt%2F%2Bd2zy93MSueUSUeg6lHrC3A1IU9f2Dz8sC9%2F9hDKjmCLCt1iTGYFZfbAs024bLz4%2BNy9UxuP34czBFYfc1jmoSyqoW2w40etJiR87V9oOV787stf1x788DYoq%2BDksQ1Mjn%2F8%2B4i%2F5W5hxXqg%2BQ2k3Qo9W6GnK1A9gCtODvPMjhd%2FCw8LTHtDpq23zbTVnx%2FZ69R%2BLQ4i2WbtFheCSS6CViNsh77fECJqdWTQQe4m%2FOb66n8AAAD%2F%2FwEAAP%2F%2FUX%2B654wEAAA%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRitTtaLelDJxYMyiIiCO9s93T0%2FRlhcY%2BJi%2FkgiuQn117vl1nQ1Vd3TswvCYiDk4GHEgx5732x2MYZgPApRmfUSBsSMB9mDCzkLIog5y%2BwOLH6H%2Br6q9w7fe69ubhUHxEdB9y9fMBtKa7oQ1%2F3a69dVKkzpahev1QK%2F7p%2BuXVdpMzpd608P23sr8OO6%2F0btnORrZqHhB74f%2BEHtrLIyMf2FQxQqu9sJ6h2%2FHjXqQRyhb%2F9%2Fd4UHRz2I3gF5AUpMnlp9eB%2BKj5B2vz0j3Vpusjff6xaa5saiJ3Y%2FTNdSU6boHo%2BJ9ZCkuzM2jJsQ8tUJmHR3pgCmtz1VAKYmxPs9AEt3Z2uC9W4fbco0ZAomnkHZG0HqERQdgZsbUOIRAbjAxUtIuzsXjS3p%2BhFKp%2BiEzD35B6qckLk%2FTiHt3lvSql%2B7anSRK5M69JMKqj%2BCWhkhK%2FaQb3hQ5R54%2FimU%2BIUsPDmPtLt9yWkDJfZfDWnoyyiI53kStecjGjfmmeTBfDugrBmHHRo06aFFSo2gkhG0HIC6kyich0J5KBIPReahK%2FZrNO4kvt9KWBKG7YhzHoacx%2B2miEUYtRMfBZ9qGCDPBuB6AG43kdlNrKkBbPET3GoFJzy4nKAnKpSSoHQEJSUoFUGZE5S96rbQruGqHaFdwYJZb8x6WA1NvrJFb5t8RaZkKzsgz0%2BN8567cwprcr%2BWxO04aca8yZtx0AhZJxbC7zAZNiIhQ8bgVAXlToA6DxtqQk5%2B8icyNSEnlhbA6B6c3gNXr4AWL4GWw1bDB10dRm0fG%2BmO7Mu6MhCmQpbPIV%2F3tvQBefEwug5vQfLx4l%2FPLn%2F%2FUbwIbitktsLH6meCFX1reMWUZPuKKR25fynLVVdt0GmsV3Oay7k7H8j10lixfMYNvn6HT4HpePeadPl5mgqVrjjyzZISQtqzxnJJHiy765JdLtzqUmHTIjt%2F%2Bd2zy93MSueUSUeg6lHrC3A1IU9f2Dz8sC9%2F9hDKjmCLCt1iTGYFZfbAs024bLz4%2BNy9UxuP34czBFYfc1jmoSyqoW2w40etJiR87V9oOV787stf1x788DYoq%2BDksQ1Mjn%2F8%2B4i%2F5W5hxXqg%2BQ2k3Qo9W6GnK1A9gCtODvPMjhd%2FCw8LTHtDpq23zbTVnx%2FZ69R%2BLQ4i2WbtFheCSS6CViNsh77fECJqdWTQQe4m%2FOb66n8AAAD%2F%2FwEAAP%2F%2FUX%2B654wEAAA%3D HTTP/1.1
Host: yearbookhobblespinal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=3a30e415-cf48-4a52-bec1-81ab6539a16a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:28:09 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9b63faf224af795dad8e55ff9d51d455
Strict-Transport-Security: max-age=0; includeSubdomains
yearbookhobblespinal.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 yearbookhobblespinal.com/pixel/sbs?c=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: yearbookhobblespinal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=3a30e415-cf48-4a52-bec1-81ab6539a16a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:28:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dd71cb59bfd5e31191d61da63fec244a
998886e4743fc393838dbee7a6632d392e268e73
54672c525e2462ddbb2e84b80945daede2e13469b8817d636dc12d5bb0b3bc47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54672C525E2462DDBB2E84B80945DAEDE2E13469B8817D636DC12D5BB0B3BC47"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17089
Expires: Wed, 30 Nov 2022 02:12:58 GMT
Date: Tue, 29 Nov 2022 21:28:09 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=3a30e415-cf48-4a52-bec1-81ab6539a16a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=3a30e415-cf48-4a52-bec1-81ab6539a16a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=3a30e415-cf48-4a52-bec1-81ab6539a16a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 29 Nov 2022 21:28:10 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2f128c7a37c002c0d22a54e412cbd692
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/js/jquery.min.js
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/js/jquery.min.js
IP
GET /sb/notifications/software/multi/browsers/ff/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:09 GMT
content-type: application/javascript
last-modified: Thu, 08 Sep 2022 07:49:59 GMT
etag: W/"63199ea7-149a0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XbPAaerocJtSAVz9f3nbHLdLJ0LEKgwXs3T4sMfkD7pWNoO%2Fr7%2FA8Vz4ZZP2F2bkKcCu%2FaQTV%2B4g3B8qDEzSum7tP2Pve2Y93LOlMUG7%2BDlJZ%2Fy8E8KRueFe3LwqY%2FCWJKsnWIfc8USn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e6e6eebdb744f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:06 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3874
last-modified: Tue, 29 Nov 2022 20:23:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FnJuHFftD%2F4m8jQPvj4Gz%2B7JVLdJwZWHgq2h1wkVAkWMxW3aBjIjyRHUBYNQ36AnVqrzw4cHLVFTJ%2FQxaDjbYQody3Ak5jSnKi8YXqX%2F0OWBEFzK85hS9kknHt7BJT4n"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e6e60b88a72f6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exe.io/Mmq6v
302 Found 0 B IP
GET /Mmq6v HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 29 Nov 2022 21:28:05 GMT
content-type: text/html; charset=UTF-8
location: https://exee.app/Mmq6v
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=27a85ea9b1b32f958d3b615f0a69166e; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YTtJ2ZabQP63TfNXQ8D9zmY5V6bIjWMjKJsb8Dw%2B%2FhpK9iZdpJXkH7dku%2BDMJzEq3wMzoYSTNMxqt8QqXXHj%2F5rzoR%2BN3S50p10hdQSmcwhs2tHRDjKxMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e6e5b1adfb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: fuOdV+xBFGPSSmvTRtp1e7cgsD15sjo1HAlAjKQvJVnNH78397TBgUTy9I5i2dMeZOtt+m3eRgZZHpaziiQDEA==
date: Tue, 29 Nov 2022 21:28:07 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/css/style.css
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/css/style.css
IP
GET /sb/notifications/software/multi/browsers/ff/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:09 GMT
content-type: text/css
last-modified: Thu, 08 Sep 2022 07:49:56 GMT
etag: W/"63199ea4-e97"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gd8OUgl0MKBXEdcJCI3qg01OFhzvlbzRZYKynqzthdHHggrOdUnqpDEtSi5mcPUOKqPjJYX22UTHOwgda%2B31XRIuoNZ%2BHJ%2F8PbjuLrKW7tcQtKrY%2BX3%2Bcxz4lhcXuMiM2U84g%2BHfhpEk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e6e6eebc3744f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:28:06 GMT
content-type: text/plain
set-cookie: csu=765487772486018@1@1669757286; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4XW3xgXJ77jMfsqYB1DO%2BOzjiQske6CcH91GjfZhTz8k9ShYNG5QU8SO5Et5NbbjT0Tq%2B%2BdN6dC4iKu6IMaQNM3cHfX%2FPwd7%2BVTmpUHQvR3gvRQQlP%2BbSkZtg8v1R8%2BO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e6e60985172f6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
172.67.71.40
23.36.77.32
37.48.68.71
52.28.211.11
93.184.220.29
104.21.33.48
31.13.72.36
51.79.81.36