exe.io/socpulic0
301 Moved Permanently 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socpulic0 HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 02 Dec 2022 19:35:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 02 Dec 2022 20:35:06 GMT
Location: https://exe.io/socpulic0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hjv2PBiNaU5jnUD0OaeGBEYh0r%2F6tPbFZLqk0OqJ0QcMqCfmaYTDulGuAUxwbLK347G3V7XqtsUvNh4nDz7yx4SVnIklN3QMzg1J0tjRKUwQj%2BJEqeeZtA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773680fc0fbfb4fa-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18215
Expires: Sat, 03 Dec 2022 00:38:42 GMT
Date: Fri, 02 Dec 2022 19:35:07 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3197
Cache-Control: max-age=143365
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:07 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 11:24:32 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 19:18:12 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1015
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3925
Expires: Fri, 02 Dec 2022 20:40:32 GMT
Date: Fri, 02 Dec 2022 19:35:07 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 278 B IP
Hash 312769c448c99b02c947fd72930b7d8f
99b140d3a86ba68eb8d4321a47db5796741f3b17
2f849796c0f4c80f8a23c821a8b1be26dfbb80ce8b5acc01da602df7a14d061b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2827
Cache-Control: max-age=94405
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:07 GMT
Etag: "63891625-116"
Expires: Sat, 03 Dec 2022 21:48:32 GMT
Last-Modified: Thu, 01 Dec 2022 21:01:25 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: wR9D2o+B923Aev6p47mkGIws4T7cYbWISzMx7Tgp824szMmA02I2yxYay9r7fbKFPSHiAs927ro=
x-amz-request-id: 2GTS70PF8ATYW502
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 18:46:48 GMT
age: 2899
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 19:35:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 312769c448c99b02c947fd72930b7d8f
99b140d3a86ba68eb8d4321a47db5796741f3b17
2f849796c0f4c80f8a23c821a8b1be26dfbb80ce8b5acc01da602df7a14d061b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2827
Cache-Control: max-age=94405
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:07 GMT
Etag: "63891625-116"
Expires: Sat, 03 Dec 2022 21:48:32 GMT
Last-Modified: Thu, 01 Dec 2022 21:01:25 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 4506652cf61d7778652f0a76a61494ba
41c953d3db39407685a841ffe8e23d80362e170d
9a9605bf0dbb67e3b4d6bdeea89e9efa97763e9f22fd46de185c6677d766f188
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9A9605BF0DBB67E3B4D6BDEEA89E9EFA97763E9F22FD46DE185C6677D766F188"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6439
Expires: Fri, 02 Dec 2022 21:22:26 GMT
Date: Fri, 02 Dec 2022 19:35:07 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 4506652cf61d7778652f0a76a61494ba
41c953d3db39407685a841ffe8e23d80362e170d
9a9605bf0dbb67e3b4d6bdeea89e9efa97763e9f22fd46de185c6677d766f188
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9A9605BF0DBB67E3B4D6BDEEA89E9EFA97763E9F22FD46DE185C6677D766F188"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6439
Expires: Fri, 02 Dec 2022 21:22:26 GMT
Date: Fri, 02 Dec 2022 19:35:07 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 05917f7542a781275c12d43562be1507
1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3
2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 19:11:16 GMT
cache-control: public,max-age=3600
age: 1431
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5a19d930c828616d43d93ac504b357d0
657339f85db8a6570283afb2134a4b9aa02add6e
f65b4f3aee717503ccca895f8d574c984e56e2df15fc799346fbfb8218f4ddaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F65B4F3AEE717503CCCA895F8D574C984E56E2DF15FC799346FBFB8218F4DDAF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6318
Expires: Fri, 02 Dec 2022 21:20:25 GMT
Date: Fri, 02 Dec 2022 19:35:07 GMT
Connection: keep-alive
www.googletagmanager.com/gtag/js?id=UA-135952122-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP
File type ASCII text, with very long lines (1921)
Hash 690c3eab44c4db4046a3814d98378c44
bfe92bb9537477b67ba0de170687c887b03b2569
7073fea3c75c849eb6f9071fc97d1ea15ffbc3e97709500b94bd98d2933a632c
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 19:35:07 GMT
expires: Fri, 02 Dec 2022 19:35:07 GMT
cache-control: private, max-age=900
last-modified: Fri, 02 Dec 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43573
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 44 kB IP
ASN #20940 Akamai International B.V.
Hash cc40a7948ce7467f9428e510554ad246
afd95d613774756a2f94491f53eec0c9e1283dad
ee5b0cb7d3dc41e4a96527fe314cf5b1ebf6fca74534b7fa7ee3325daa37a35c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9658E8DED15174A6F5DE101C65FD485F8F12723713683DFE58EBF2213D118F9C"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1890
Expires: Fri, 02 Dec 2022 20:06:37 GMT
Date: Fri, 02 Dec 2022 19:35:07 GMT
Connection: keep-alive
fn.deulspoorn.com/1clkn/29529
200 OK 26 B URL HTTP/1.1 fn.deulspoorn.com/1clkn/29529
IP
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: fn.deulspoorn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 19:35:07 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sat, 03-Dec-2022 19:35:07 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sat, 03-Dec-2022 19:35:07 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP
Hash 236bb5afa45070d15047232cd51dd665
b7da3f8ec21aca622692a41c890803d7b15097af
9f24e7ba2661266c2efe17f71707f240400c4e62210c920af172c7e166b0dac8
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 02 Dec 2022 19:35:07 GMT
date: Fri, 02 Dec 2022 19:35:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7355c762f64563188d049c306cecc4ec
8304a032dde4c8c9a1f930ec70aafc364a66f43d
ac1aea318eac25515262eed4e62a89adfbf2187a5ce41bdbab51bed86357be71
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC1AEA318EAC25515262EED4E62A89ADFBF2187A5CE41BDBAB51BED86357BE71"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6359
Expires: Fri, 02 Dec 2022 21:21:06 GMT
Date: Fri, 02 Dec 2022 19:35:07 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 279 B IP
Hash 83f78237b2463eaa7e40bd8329e16248
6de41d0061152b0a8bb92703f96eef56372fbeeb
8a4690f056756af9a44ba39c8bddb79a1e1d1c87ea92c158a6414a82fd24ba86
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1020
Cache-Control: max-age=139721
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:07 GMT
Etag: "6389ce38-117"
Expires: Sun, 04 Dec 2022 10:23:48 GMT
Last-Modified: Fri, 02 Dec 2022 10:06:48 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 471 B IP
Hash 7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3195
Cache-Control: max-age=138302
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:07 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 10:00:09 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
IP
Hash 906d574e342a8d8859ae7e5231600bda
a070bc208b6776c3cf28ed319cb9bdba05782cdc
2087e0930c9604c128ce26d4b08dcb82d2d810aeb980c57d533b90de6573d786
POST /s/gts1p5/dCF-Qj_WHqY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:07 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:56:05 GMT
expires: Tue, 28 Nov 2023 18:56:05 GMT
cache-control: public, max-age=31536000
age: 347942
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 1e667a2ef09b074335a72154b467b817
23bbe0ae105e2f7c68da2dc8b9f97aa2615a6f95
228f93b50ce9a919708078d7be6bee880bb4ba71acff797fda87421ec4f0b60f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "228F93B50CE9A919708078D7BE6BEE880BB4BA71ACFF797FDA87421EC4F0B60F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7259
Expires: Fri, 02 Dec 2022 21:36:07 GMT
Date: Fri, 02 Dec 2022 19:35:08 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 1e667a2ef09b074335a72154b467b817
23bbe0ae105e2f7c68da2dc8b9f97aa2615a6f95
228f93b50ce9a919708078d7be6bee880bb4ba71acff797fda87421ec4f0b60f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "228F93B50CE9A919708078D7BE6BEE880BB4BA71ACFF797FDA87421EC4F0B60F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7259
Expires: Fri, 02 Dec 2022 21:36:07 GMT
Date: Fri, 02 Dec 2022 19:35:08 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 1e667a2ef09b074335a72154b467b817
23bbe0ae105e2f7c68da2dc8b9f97aa2615a6f95
228f93b50ce9a919708078d7be6bee880bb4ba71acff797fda87421ec4f0b60f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "228F93B50CE9A919708078D7BE6BEE880BB4BA71ACFF797FDA87421EC4F0B60F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7259
Expires: Fri, 02 Dec 2022 21:36:07 GMT
Date: Fri, 02 Dec 2022 19:35:08 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 279 B IP
Hash 83f78237b2463eaa7e40bd8329e16248
6de41d0061152b0a8bb92703f96eef56372fbeeb
8a4690f056756af9a44ba39c8bddb79a1e1d1c87ea92c158a6414a82fd24ba86
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1021
Cache-Control: max-age=139721
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:08 GMT
Etag: "6389ce38-117"
Expires: Sun, 04 Dec 2022 10:23:49 GMT
Last-Modified: Fri, 02 Dec 2022 10:06:48 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:52:41 GMT
expires: Tue, 28 Nov 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 348147
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
airsanguages.com/utx?cb=I9FfbbdTLA3O&top=exee.app&tid=889494
204 No Content 0 B URL HTTP/2 airsanguages.com/utx?cb=I9FfbbdTLA3O&top=exee.app&tid=889494
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=I9FfbbdTLA3O&top=exee.app&tid=889494 HTTP/1.1
Host: airsanguages.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 19:35:08 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 02 Dec 2022 19:36:08 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: dDCCqwL1anANWfP_8naomu9Im16JMARZqi4SOvQwCI3Bgud5PTbjOQ==
X-Firefox-Spdy: h2
airsanguages.com/cFE5c0ERM1oefhFsW1U0Aj0EVnM2dAs1JUMlAUQuHz4JRXhHIQFdIhw+TBcnAj5XB28eNE1WczYgXSQTQwR8SxYzKVJBIjEUdzZzQWJoJSU2C1dGFTQ2aFZzNhhoJRs1PHxWczYbUTIJMwMBJA8KEEM3Bz0AfScTCQNsOiM9AnwgFiYUCDoTKgtrHRgFFGgpCioWUjIDJT4AOgBIH34JNgUEfyo5KgZ/NRAlB14pNjkfficQFxBRFxIpPwERBDYbUBVxIgRuJAMBA1ApEik/ATAFIj1UFnAyCXcrF0kDawsDKhZJNAscG1AVNhMCbB4MPwN/IQIWPwAQECV8bxQKMhBxOwVJIGsKCzYIcUYHJhRjFCccE24hOyk8ewQEIgFDFxAmO38bJ0ATciFyKWdqNRRWO0ocLwBsXEIxIyVJKhETAn4QAg
200 OK 1.2 kB URL HTTP/2 airsanguages.com/cFE5c0ERM1oefhFsW1U0Aj0EVnM2dAs1JUMlAUQuHz4JRXhHIQFdIhw+TBcnAj5XB28eNE1WczYgXSQTQwR8SxYzKVJBIjEUdzZzQWJoJSU2C1dGFTQ2aFZzNhhoJRs1PHxWczYbUTIJMwMBJA8KEEM3Bz0AfScTCQNsOiM9AnwgFiYUCDoTKgtrHRgFFGgpCioWUjIDJT4AOgBIH34JNgUEfyo5KgZ/NRAlB14pNjkfficQFxBRFxIpPwERBDYbUBVxIgRuJAMBA1ApEik/ATAFIj1UFnAyCXcrF0kDawsDKhZJNAscG1AVNhMCbB4MPwN/IQIWPwAQECV8bxQKMhBxOwVJIGsKCzYIcUYHJhRjFCccE24hOyk8ewQEIgFDFxAmO38bJ0ATciFyKWdqNRRWO0ocLwBsXEIxIyVJKhETAn4QAg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3023), with no line terminators
Hash a3ea2678f186590184730056052135c5
725e9b73860a83ad8c0cafaee2f41f9f63bfc198
8e6a27ae98ff4ec4f04cf179a6ec7ca4c5eb25a684cf27177f090dacd02bc76b
GET /cFE5c0ERM1oefhFsW1U0Aj0EVnM2dAs1JUMlAUQuHz4JRXhHIQFdIhw+TBcnAj5XB28eNE1WczYgXSQTQwR8SxYzKVJBIjEUdzZzQWJoJSU2C1dGFTQ2aFZzNhhoJRs1PHxWczYbUTIJMwMBJA8KEEM3Bz0AfScTCQNsOiM9AnwgFiYUCDoTKgtrHRgFFGgpCioWUjIDJT4AOgBIH34JNgUEfyo5KgZ/NRAlB14pNjkfficQFxBRFxIpPwERBDYbUBVxIgRuJAMBA1ApEik/ATAFIj1UFnAyCXcrF0kDawsDKhZJNAscG1AVNhMCbB4MPwN/IQIWPwAQECV8bxQKMhBxOwVJIGsKCzYIcUYHJhRjFCccE24hOyk8ewQEIgFDFxAmO38bJ0ATciFyKWdqNRRWO0ocLwBsXEIxIyVJKhETAn4QAg HTTP/1.1
Host: airsanguages.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1179
date: Fri, 02 Dec 2022 19:35:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: FU9mmgLAKV0j_T5w8VPNYAEWEXS_40LrRh7LRfu3_5iS1Ub4smqrvA==
X-Firefox-Spdy: h2
airsanguages.com/utx?cb=DwbIztMiS5s7&top=exee.app&tid=822524
204 No Content 0 B URL HTTP/2 airsanguages.com/utx?cb=DwbIztMiS5s7&top=exee.app&tid=822524
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=DwbIztMiS5s7&top=exee.app&tid=822524 HTTP/1.1
Host: airsanguages.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 19:35:08 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 02 Dec 2022 19:36:08 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: ktH1PEqWNcG51u5UKjsD8I-K4aNTSDRibgNZn4hZw9STAIjbdGzB4g==
X-Firefox-Spdy: h2
airsanguages.com/ZkVXNVUHJzRYagd4NRMgFClqEGcgYGVzMVUxbwI6CSpnA2xRNW8bNgoqIlEzFCo5QXsIICMQZyAWBE8cViQ6bDo+Ezh4AjJ8NWATAiA0QiYnEGZ/ITEANHMWIjYHYgMrIzRbE14JLkJwVAcPcy0/BBNSADcHFnYxAQwEdzIFKQFkOSsELmMHJRMjdB4KHwBjZCwxBV4EIAEPbwwyBA5wHDMtEH0yNzYRcBAqEi5vMTIiGn4fVwgFYhYkYGV3HScXB2MdFSQGQhgvCWYEESEQGQAUCioyZGYNBhVjJS8gL1YdLQAZABQNCBN2HVYCEmM+DScwdBAjKRUQZyADIBg2CRRkXhY0LS9xMC4IEWI5KCkWXWQ2Ex9BAzMUPHsfJCYQeRM0chZCBwcTZEYRIxM/YhkwMRBxIicuBF0TPwwfWhYnEAViNzMmHWIiQC8kWjsWeDoMLF8GH3AfEys/BzMV
200 OK 1.2 kB URL HTTP/2 airsanguages.com/ZkVXNVUHJzRYagd4NRMgFClqEGcgYGVzMVUxbwI6CSpnA2xRNW8bNgoqIlEzFCo5QXsIICMQZyAWBE8cViQ6bDo+Ezh4AjJ8NWATAiA0QiYnEGZ/ITEANHMWIjYHYgMrIzRbE14JLkJwVAcPcy0/BBNSADcHFnYxAQwEdzIFKQFkOSsELmMHJRMjdB4KHwBjZCwxBV4EIAEPbwwyBA5wHDMtEH0yNzYRcBAqEi5vMTIiGn4fVwgFYhYkYGV3HScXB2MdFSQGQhgvCWYEESEQGQAUCioyZGYNBhVjJS8gL1YdLQAZABQNCBN2HVYCEmM+DScwdBAjKRUQZyADIBg2CRRkXhY0LS9xMC4IEWI5KCkWXWQ2Ex9BAzMUPHsfJCYQeRM0chZCBwcTZEYRIxM/YhkwMRBxIicuBF0TPwwfWhYnEAViNzMmHWIiQC8kWjsWeDoMLF8GH3AfEys/BzMV
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash 33896e7f0ef50bb6f9c80a29596009a2
78b1191f31571db6aa9ceb804cbfc99b66291266
7f136c0aba9b3ea1b045bff1553f9c62a5735d5b3d1f1ed741b68419cc5a40f8
GET /ZkVXNVUHJzRYagd4NRMgFClqEGcgYGVzMVUxbwI6CSpnA2xRNW8bNgoqIlEzFCo5QXsIICMQZyAWBE8cViQ6bDo+Ezh4AjJ8NWATAiA0QiYnEGZ/ITEANHMWIjYHYgMrIzRbE14JLkJwVAcPcy0/BBNSADcHFnYxAQwEdzIFKQFkOSsELmMHJRMjdB4KHwBjZCwxBV4EIAEPbwwyBA5wHDMtEH0yNzYRcBAqEi5vMTIiGn4fVwgFYhYkYGV3HScXB2MdFSQGQhgvCWYEESEQGQAUCioyZGYNBhVjJS8gL1YdLQAZABQNCBN2HVYCEmM+DScwdBAjKRUQZyADIBg2CRRkXhY0LS9xMC4IEWI5KCkWXWQ2Ex9BAzMUPHsfJCYQeRM0chZCBwcTZEYRIxM/YhkwMRBxIicuBF0TPwwfWhYnEAViNzMmHWIiQC8kWjsWeDoMLF8GH3AfEys/BzMV HTTP/1.1
Host: airsanguages.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Fri, 02 Dec 2022 19:35:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: zdd45j6zjVMCI4fClbmPzuR0zyQWxKd26iqIobgvANdDWb-75mcFdg==
X-Firefox-Spdy: h2
ummerciseha.com/TzBmOW9gDwVKUgJ3U3s1GFsib1wFaDFeLRdUMH8KDVwKQzoJR0BNBisNXgFWewlSHx8mVFsISTxEB00aPA1XHwYhVgkESTkNVxdcex5VCEF+FhMEXmlEFlgIcgFASRs7XFsIWXgAVglWeABQCVt4
204 No Content 0 B URL HTTP/2 ummerciseha.com/TzBmOW9gDwVKUgJ3U3s1GFsib1wFaDFeLRdUMH8KDVwKQzoJR0BNBisNXgFWewlSHx8mVFsISTxEB00aPA1XHwYhVgkESTkNVxdcex5VCEF+FhMEXmlEFlgIcgFASRs7XFsIWXgAVglWeABQCVt4
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TzBmOW9gDwVKUgJ3U3s1GFsib1wFaDFeLRdUMH8KDVwKQzoJR0BNBisNXgFWewlSHx8mVFsISTxEB00aPA1XHwYhVgkESTkNVxdcex5VCEF+FhMEXmlEFlgIcgFASRs7XFsIWXgAVglWeABQCVt4 HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 19:35:08 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PVAy9Y%2Bpt6JOmezEId0qOId7J300aYho3iq9LSdgu96STGP5UX7Kr0ZTq%2BsOaTgbTvzss9H8D%2FAN00v6uEcdh0Pd2ohMCyu%2BC26zMbj%2B5oSNz4Ns9Nu%2BjTQZP7pCWmA6%2FpY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773681031f85b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ummerciseha.com/VmxLa0F5UygYfAdcJy4QAxQxDXJnFi4zGyEPEzF5MgJyEyQOG20fKDJRc1lzY15/TTE/CHZaZyUYKh80JVF6TSg4CiRWZyBRekVyYkJ4Wm9nSj5WcHAYOwoma11tGzUiAHZad2Fce1t4YVx+Unhl
204 No Content 0 B URL HTTP/2 ummerciseha.com/VmxLa0F5UygYfAdcJy4QAxQxDXJnFi4zGyEPEzF5MgJyEyQOG20fKDJRc1lzY15/TTE/CHZaZyUYKh80JVF6TSg4CiRWZyBRekVyYkJ4Wm9nSj5WcHAYOwoma11tGzUiAHZad2Fce1t4YVx+Unhl
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VmxLa0F5UygYfAdcJy4QAxQxDXJnFi4zGyEPEzF5MgJyEyQOG20fKDJRc1lzY15/TTE/CHZaZyUYKh80JVF6TSg4CiRWZyBRekVyYkJ4Wm9nSj5WcHAYOwoma11tGzUiAHZad2Fce1t4YVx+Unhl HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 19:35:08 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rx3pqcVTcvRhwHYz2JO56SCUPeh%2BYSByI1w%2FZCbXvgEXdQFur4UZWiQfbXxfLJ7WEAfypiLCXCYmLX%2F6jfNN5zF9y19KqpgAM9QTlAQVKBgq4avkqk0fWUI1tpV1qipGZlg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773681030f7cb4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
airsanguages.com/REt0MGYlKRddWSV2FhYTNidJFVQCbkZ2Anc/TAcJKyREBl9zO0weBSgkAVQANiQaREgqLgAVVAI8JnVWPhEgdQgNJ0R0Ii4KH2ZXIwEQXl4DHQNmDw57NXs+PhkDYg8sLTBHCQYdPAgzDQolWyA+CkdmVyMJLVkgFwhFalMlei18MyonTHY3Fh0+XicMGkRlVg0nHGkxPjwcZTd9BzpaChYKHFMeCApAeT4ufx9oESgaLWhfdR42CVYlCjJmIRAGH2g3Ai45SlITHQN1FwsZLmgnHB1NeDARHhBHXhMdA3UcDg1FZCQTDVECJCceNXQCAB4yZTQWeDBISx4TNWQ/cw0YahEgE0R3NTMNAFEnAh0iWSMxHDVfMyAsB3IwFQlEVjcOHTV3IGF5MnERChI6WQ4SCB9cDiJ4ImUnHA0ecVYKDhFoEWIhB18INHYBfQgPDEYBKBQmQ3E
200 OK 1.2 kB URL HTTP/2 airsanguages.com/REt0MGYlKRddWSV2FhYTNidJFVQCbkZ2Anc/TAcJKyREBl9zO0weBSgkAVQANiQaREgqLgAVVAI8JnVWPhEgdQgNJ0R0Ii4KH2ZXIwEQXl4DHQNmDw57NXs+PhkDYg8sLTBHCQYdPAgzDQolWyA+CkdmVyMJLVkgFwhFalMlei18MyonTHY3Fh0+XicMGkRlVg0nHGkxPjwcZTd9BzpaChYKHFMeCApAeT4ufx9oESgaLWhfdR42CVYlCjJmIRAGH2g3Ai45SlITHQN1FwsZLmgnHB1NeDARHhBHXhMdA3UcDg1FZCQTDVECJCceNXQCAB4yZTQWeDBISx4TNWQ/cw0YahEgE0R3NTMNAFEnAh0iWSMxHDVfMyAsB3IwFQlEVjcOHTV3IGF5MnERChI6WQ4SCB9cDiJ4ImUnHA0ecVYKDhFoEWIhB18INHYBfQgPDEYBKBQmQ3E
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3042), with no line terminators
Hash 6a0f79c373c8bf3b95b2ea4021e09d14
d92c53728365a83913748b10d3909f3f34a4443e
bcfed72ee579916e2e5bee4b6f5a4bf0b879852c1aca873e2354bed55788fda9
GET /REt0MGYlKRddWSV2FhYTNidJFVQCbkZ2Anc/TAcJKyREBl9zO0weBSgkAVQANiQaREgqLgAVVAI8JnVWPhEgdQgNJ0R0Ii4KH2ZXIwEQXl4DHQNmDw57NXs+PhkDYg8sLTBHCQYdPAgzDQolWyA+CkdmVyMJLVkgFwhFalMlei18MyonTHY3Fh0+XicMGkRlVg0nHGkxPjwcZTd9BzpaChYKHFMeCApAeT4ufx9oESgaLWhfdR42CVYlCjJmIRAGH2g3Ai45SlITHQN1FwsZLmgnHB1NeDARHhBHXhMdA3UcDg1FZCQTDVECJCceNXQCAB4yZTQWeDBISx4TNWQ/cw0YahEgE0R3NTMNAFEnAh0iWSMxHDVfMyAsB3IwFQlEVjcOHTV3IGF5MnERChI6WQ4SCB9cDiJ4ImUnHA0ecVYKDhFoEWIhB18INHYBfQgPDEYBKBQmQ3E HTTP/1.1
Host: airsanguages.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1189
date: Fri, 02 Dec 2022 19:35:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: YhtUg7BITyWsz0QCq5nZgr_AyLPe9j0uF40MbcIIHXrfJGqGJLLHIA==
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 1e667a2ef09b074335a72154b467b817
23bbe0ae105e2f7c68da2dc8b9f97aa2615a6f95
228f93b50ce9a919708078d7be6bee880bb4ba71acff797fda87421ec4f0b60f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "228F93B50CE9A919708078D7BE6BEE880BB4BA71ACFF797FDA87421EC4F0B60F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7259
Expires: Fri, 02 Dec 2022 21:36:07 GMT
Date: Fri, 02 Dec 2022 19:35:08 GMT
Connection: keep-alive
ummerciseha.com/ODk0M2MXBldAXnVsfmY3blpyVg5cDW5EC0JbfFsPeWF6XQd/cBJHClwEDAdQCg8FFRNRXQkCWx5KQFIXTUoJAkVRV1JcXh5PCQJNCBcGHVEeTAkCRUxJVVReCR9ERxdUBAUFVAgJBApUCA8EBVE
204 No Content 0 B URL HTTP/2 ummerciseha.com/ODk0M2MXBldAXnVsfmY3blpyVg5cDW5EC0JbfFsPeWF6XQd/cBJHClwEDAdQCg8FFRNRXQkCWx5KQFIXTUoJAkVRV1JcXh5PCQJNCBcGHVEeTAkCRUxJVVReCR9ERxdUBAUFVAgJBApUCA8EBVE
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ODk0M2MXBldAXnVsfmY3blpyVg5cDW5EC0JbfFsPeWF6XQd/cBJHClwEDAdQCg8FFRNRXQkCWx5KQFIXTUoJAkVRV1JcXh5PCQJNCBcGHVEeTAkCRUxJVVReCR9ERxdUBAUFVAgJBApUCA8EBVE HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 19:35:08 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mw6fXzqBZ712GP73OcTVMSAu7xNC5vV9H9Sl7KwVtEPxFJqx5NL6vTfsTlv0fAVVtLJNHALogpmBR8%2BhuhDMnHyeGxAh%2B2xm6jYMGDyzNglbvGMOPS46zeab2EyZLMlbwyQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773681035febb4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP
File type ASCII text, with very long lines (37183), with no line terminators
Hash 2d37ee9101632cd11a8090b5bba94401
56e9490ef856dd2af557f8142698e4897bbbf0f4
c18d95fdb8dfacdbd643ad879983b219edfd5ea432ceabea3a84a33742d814ce
Analyzer Verdict Alert quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 02 Dec 2022 19:35:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dbe81bef248206a8e76a3d98106c8d58
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
IP
Hash 906d574e342a8d8859ae7e5231600bda
a070bc208b6776c3cf28ed319cb9bdba05782cdc
2087e0930c9604c128ce26d4b08dcb82d2d810aeb980c57d533b90de6573d786
POST /s/gts1p5/dCF-Qj_WHqY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: af2OifVCLLfqePPmdn/2oA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hboStoJ990C6eleILNif/9EKgV4=
ocsp.sectigo.com/
200 OK 472 B IP
Hash e2ef0ef17169d7b35a7dd72be93b8a73
6aa14bfc09ce48513aafcf5a600ceffd2d35733d
2485f4e261456c25948ee0bb6665b448b63b08296692e629b8de26376bedd34e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 19:35:08 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 16:52:38 GMT
Expires: Thu, 08 Dec 2022 16:52:37 GMT
Etag: "6aa14bfc09ce48513aafcf5a600ceffd2d35733d"
Cache-Control: max-age=508048,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7736810488f4b4ff-OSL
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 908
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 02 Dec 2022 19:35:08 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 1f1beac7928ab3d37cedfb7e9db6de8c
dbec1313a709861142ee3b08c1031e4c297435d0
25faaa716072ce2493633a4252fde0606c5da842936e6f4874eb461c180367de
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "25FAAA716072CE2493633A4252FDE0606C5DA842936E6F4874EB461C180367DE"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9907
Expires: Fri, 02 Dec 2022 22:20:15 GMT
Date: Fri, 02 Dec 2022 19:35:08 GMT
Connection: keep-alive
d3t87ooo0697p8.cloudfront.net/wRE0zZTEnIl0DDjAkV1gJdn8GVwViJ0AKXzRwRihfDwoBVH8UIAQkFzA3V1gBYiFSC1Z5a1YLUnl8FQRVJnAHQ0U0IlhYWzwhUQ9LNjlRAhcxLA4IXj4kXwlQYX91UB90aAFVGTMkXQFeMz4WVwEqORZXAXV9HVUUdw8WVwEzJF1TBWF+cUADdDUFURR3Dx-ZXATY7FlZwdX0GSwFtaAFVViEuWAoUdgsBVQB0fQJVAGF/AwNYNihVCklhf3VUAXFjA0NEeXw
200 OK 501 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/wRE0zZTEnIl0DDjAkV1gJdn8GVwViJ0AKXzRwRihfDwoBVH8UIAQkFzA3V1gBYiFSC1Z5a1YLUnl8FQRVJnAHQ0U0IlhYWzwhUQ9LNjlRAhcxLA4IXj4kXwlQYX91UB90aAFVGTMkXQFeMz4WVwEqORZXAXV9HVUUdw8WVwEzJF1TBWF+cUADdDUFURR3Dx-ZXATY7FlZwdX0GSwFtaAFVViEuWAoUdgsBVQB0fQJVAGF/AwNYNihVCklhf3VUAXFjA0NEeXw
IP
File type ASCII text, with very long lines (696), with no line terminators
Hash 3c56ba1236f49718ae8df90787c1e9dd
ebdd5b3ec0d473ed6a6b9370d2581db6fee12052
e5a1b45350806e2892b8792118f9620d301bab644bbf8adf93014f97114b145b
GET /wRE0zZTEnIl0DDjAkV1gJdn8GVwViJ0AKXzRwRihfDwoBVH8UIAQkFzA3V1gBYiFSC1Z5a1YLUnl8FQRVJnAHQ0U0IlhYWzwhUQ9LNjlRAhcxLA4IXj4kXwlQYX91UB90aAFVGTMkXQFeMz4WVwEqORZXAXV9HVUUdw8WVwEzJF1TBWF+cUADdDUFURR3Dx-ZXATY7FlZwdX0GSwFtaAFVViEuWAoUdgsBVQB0fQJVAGF/AwNYNihVCklhf3VUAXFjA0NEeXw HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://airsanguages.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 501
date: Fri, 02 Dec 2022 19:35:08 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _dMo-Q6mD68Bf32qJosaqHnnp2lbcjkWl7Nm6kqvuvkB58enlPFO1A==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/qdWR3UE8WCxk2cAENE213QVdFZn5TDgQ/IQVZEmE/JhAHCR8WNzAzDFMQDTRyRUIbMSESWVE1IRZZRnYuEQZKZGkABUo9IA8NGzwuUFYxZWFFQUVgZwINGTQgAhdSYn8bEFJif0RUWWBqRiZSYn8CDRlme1BXNXV9RRxBZGpGJlJifwcSUmMORFRCfn9cQU-VgKBAHHD9qRyJFYH5FVEZgflBWRzYmBwERPzdQVjFhf0BKR3Y6SFU
200 OK 186 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/qdWR3UE8WCxk2cAENE213QVdFZn5TDgQ/IQVZEmE/JhAHCR8WNzAzDFMQDTRyRUIbMSESWVE1IRZZRnYuEQZKZGkABUo9IA8NGzwuUFYxZWFFQUVgZwINGTQgAhdSYn8bEFJif0RUWWBqRiZSYn8CDRlme1BXNXV9RRxBZGpGJlJifwcSUmMORFRCfn9cQU-VgKBAHHD9qRyJFYH5FVEZgflBWRzYmBwERPzdQVjFhf0BKR3Y6SFU
IP
File type ASCII text, with no line terminators
Hash f19a0bd64e077191f4e411d531df3d64
b2fe4c7c6319c27b95ccd87067f30b5491f9b0b2
08accb63d64c633d3af6a5a6e44e8d7ce4b8150c68017daafa400b8f12fbbb4e
GET /qdWR3UE8WCxk2cAENE213QVdFZn5TDgQ/IQVZEmE/JhAHCR8WNzAzDFMQDTRyRUIbMSESWVE1IRZZRnYuEQZKZGkABUo9IA8NGzwuUFYxZWFFQUVgZwINGTQgAhdSYn8bEFJif0RUWWBqRiZSYn8CDRlme1BXNXV9RRxBZGpGJlJifwcSUmMORFRCfn9cQU-VgKBAHHD9qRyJFYH5FVEZgflBWRzYmBwERPzdQVjFhf0BKR3Y6SFU HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://airsanguages.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 186
date: Fri, 02 Dec 2022 19:35:08 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0cY3gr9eYsaVfaXLWM3_RZN7TGXO_GIKk2tN4cT0WX48x18QzC-Z_w==
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 8be4570a1d9d09c7b793e97ee1f6edaf
cb101195afa0dbb473bcd5050ee2ab4a25af825f
b69ece6aab66eec92b6b3bd8c8e6febd027c8dac1a86faaed1b217dec8e784b1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=153806
Date: Fri, 02 Dec 2022 19:35:08 GMT
Etag: "6389fe18-1d7"
Expires: Sun, 04 Dec 2022 14:18:34 GMT
Last-Modified: Fri, 02 Dec 2022 13:31:04 GMT
Server: ECS (nyb/1D2C)
X-Cache: Miss from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: zkBKzrhPRBk2cGMMO8ARzwKwwMLJZjx4CiMJvtvaF09ovIZswBnu2Q==
Age: 2850
d3t87ooo0697p8.cloudfront.net/SSzI0amYoXVoMWT9bUFdecwsAU1JtWEcFCDsPWVMfcnF8Lyw+XFxYADgUQBACdgISBgclVQlMAyVRCVtAKlZWV1JtRkQFDXZYTAYEIUhGHgQsFEELWyZdTgMKJ1MRWCB+HARPVHsaQwMIL11DGUN5AloeQ3kCBVpIexcHKEN5AkMDCH0GEVkkbgAEElB/Fw-coQ3kCRhxDeHMFWlNlAh1PVHtVUQkNJBcGLFR7AwRaV3sDEVhWLVtGDwAkShFYIHoCAURWbUcJWw
200 OK 617 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/SSzI0amYoXVoMWT9bUFdecwsAU1JtWEcFCDsPWVMfcnF8Lyw+XFxYADgUQBACdgISBgclVQlMAyVRCVtAKlZWV1JtRkQFDXZYTAYEIUhGHgQsFEELWyZdTgMKJ1MRWCB+HARPVHsaQwMIL11DGUN5AloeQ3kCBVpIexcHKEN5AkMDCH0GEVkkbgAEElB/Fw-coQ3kCRhxDeHMFWlNlAh1PVHtVUQkNJBcGLFR7AwRaV3sDEVhWLVtGDwAkShFYIHoCAURWbUcJWw
IP
File type ASCII text, with very long lines (866), with no line terminators
Hash 20172bd2995a70a2e786210da40b8442
611fad9165b7e8aae20fb66ab4e9bc3c82eef155
700f24f2048c1b8bd2b623101f695fa686a56907f07096ce42845cae8ae3f8b2
GET /SSzI0amYoXVoMWT9bUFdecwsAU1JtWEcFCDsPWVMfcnF8Lyw+XFxYADgUQBACdgISBgclVQlMAyVRCVtAKlZWV1JtRkQFDXZYTAYEIUhGHgQsFEELWyZdTgMKJ1MRWCB+HARPVHsaQwMIL11DGUN5AloeQ3kCBVpIexcHKEN5AkMDCH0GEVkkbgAEElB/Fw-coQ3kCRhxDeHMFWlNlAh1PVHtVUQkNJBcGLFR7AwRaV3sDEVhWLVtGDwAkShFYIHoCAURWbUcJWw HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://airsanguages.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 617
date: Fri, 02 Dec 2022 19:35:08 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: E7l6kZlUknvIXZv68-6QPrFfa6O7RXJ3JA2Cm5_zcjopjOY6OnMDUw==
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ee65d33298ede4e84f996310ec6eefa
9f29417c7769c1e1bc59ace70271eb27cb29a6b5
58b8afe56af5cfbd1a551707dbe7519aa72360e77e9c5caff8531091511f0f37
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58B8AFE56AF5CFBD1A551707DBE7519AA72360E77E9C5CAFF8531091511F0F37"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15250
Expires: Fri, 02 Dec 2022 23:49:18 GMT
Date: Fri, 02 Dec 2022 19:35:08 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 40 B IP
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash b00bd3fddd84b69835ef93ebe8a4ed86
cbdd03499b270eb8d1c6814d69317fbb6a41283d
463e9f2e9809115c065319da4090b4444d6c3ccd52d124cb7719403ee4074299
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "185AC350702B58B7350B9ADA6D16E4D551DCD126D19B4EA4E6545EC8471358CF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2732
Expires: Fri, 02 Dec 2022 20:20:39 GMT
Date: Fri, 02 Dec 2022 19:35:07 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 1f1beac7928ab3d37cedfb7e9db6de8c
dbec1313a709861142ee3b08c1031e4c297435d0
25faaa716072ce2493633a4252fde0606c5da842936e6f4874eb461c180367de
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "25FAAA716072CE2493633A4252FDE0606C5DA842936E6F4874EB461C180367DE"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9907
Expires: Fri, 02 Dec 2022 22:20:15 GMT
Date: Fri, 02 Dec 2022 19:35:08 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash a26afaaadb2a0ed8f3adf3ba46f076b0
fd5066cc90bd627ab0cf7f2463ae71b26f7ebf38
0ef7ce87cf40f2eabf3daab6d1336bfd51f0539f6d174a5f66afdd898acd1d06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 6acc582e88a49b8d0a4c05705f9c6af2
7cd445187fc02c97202cde41ee450d0c078cfd9c
41dc74b2ddf000db6ff024819614df835bb6092f78bba04e409b11f05e645348
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4256
Cache-Control: max-age=120655
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:08 GMT
Etag: "6389771b-1d7"
Expires: Sun, 04 Dec 2022 05:06:03 GMT
Last-Modified: Fri, 02 Dec 2022 03:55:07 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash a26afaaadb2a0ed8f3adf3ba46f076b0
fd5066cc90bd627ab0cf7f2463ae71b26f7ebf38
0ef7ce87cf40f2eabf3daab6d1336bfd51f0539f6d174a5f66afdd898acd1d06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 02 Dec 2022 18:41:08 GMT
expires: Fri, 02 Dec 2022 20:41:08 GMT
cache-control: public, max-age=7200
age: 3240
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
imasdk.googleapis.com/js/sdkloader/ima3.js
200 OK 127 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/ima3.js
IP
File type ASCII text, with very long lines (2791)
Size 127 kB (126620 bytes)
Hash f641dae66d812e803cbfc91d689e2ea8
96372a7ba661528d13bc774536d04ab3e03b82d6
e78b718ac77697fbb92e88ac394141adc4e016830eb04d53279238cbcd65435b
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 126620
date: Fri, 02 Dec 2022 19:35:08 GMT
expires: Fri, 02 Dec 2022 19:35:08 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 392 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash cc910f399c66e42e29efcd5aac94230d
b5fb44e6503f1f4fbd0887dd4dcb0c38240f8e9d
25fea113bbe5d0c6e7a6a3b9df6a07c2d8c54b85b26215061c8dbb39460a08a7
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 02 Dec 2022 19:35:08 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1410302518%3A1670009708652705&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAswp-6Vtp53CTQ6Rqqe2macqbSVuM7skys0K0iLdslHGwB6KZgXKPYmV90o-4Brvh5n7HWWRQ
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-Dwxlu83jmeGv6--n4JlwQA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:7c_Sy4QDxo9VPWxa5G24BDuY4CYNPQ:i8q0vcGEefpaV9e5;Path=/;Expires=Sun, 01-Dec-2024 19:35:08 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j98&a=1137245366&t=timing&_s=1&dl=https%3A%2F%2Fexee.app%2Fsocpulic0&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=224&_u=YEDAAUABCAAAACAAI~&jid=1392490866&gjid=1524588153&cid=1003121394.1670009707&tid=UA-113932176-41&_gid=401178281.1670009707&_r=1>m=2oubu0&z=2061341721
200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=1137245366&t=timing&_s=1&dl=https%3A%2F%2Fexee.app%2Fsocpulic0&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=224&_u=YEDAAUABCAAAACAAI~&jid=1392490866&gjid=1524588153&cid=1003121394.1670009707&tid=UA-113932176-41&_gid=401178281.1670009707&_r=1>m=2oubu0&z=2061341721
IP
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=1137245366&t=timing&_s=1&dl=https%3A%2F%2Fexee.app%2Fsocpulic0&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=224&_u=YEDAAUABCAAAACAAI~&jid=1392490866&gjid=1524588153&cid=1003121394.1670009707&tid=UA-113932176-41&_gid=401178281.1670009707&_r=1>m=2oubu0&z=2061341721 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://exee.app
date: Fri, 02 Dec 2022 19:35:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash 939edc116ad2e59d98d96f46241e31f9
59f753ab73ac673c452ec95de1da74b6ce872e96
704ed8aebba3902b27a1412f9d09ad2527d7592d3c6beb5a9480797d481596c0
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 02 Dec 2022 19:35:08 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S973414849%3A1670009708677267&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsr_EtS2SZ8Kqx6pB3lmaG04Px8xcpLIZ7H-7irXLe-Nr0o8xp56RzWwmb1xk7Mxll72owf9g
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-KoXRLsDvS9Tqc2lpcOithQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:32lhHBPaNOP34N8FEs_eeIZ5EbEe:OyLQ1fC_abLi7dzC;Path=/;Expires=Sun, 01-Dec-2024 19:35:08 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a6ad57d839c4b452d7118cf2052f9d35
50afdbe46f04c7611c1a0111bce3a76775e50272
4c5c20573601bde0f5c3567e02d02d74ab22d4ffe12f632e1def1b87dc86ad3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/v3/signin/identifier?dsh=S973414849%3A1670009708677267&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsr_EtS2SZ8Kqx6pB3lmaG04Px8xcpLIZ7H-7irXLe-Nr0o8xp56RzWwmb1xk7Mxll72owf9g
403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S973414849%3A1670009708677267&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsr_EtS2SZ8Kqx6pB3lmaG04Px8xcpLIZ7H-7irXLe-Nr0o8xp56RzWwmb1xk7Mxll72owf9g
IP
Hash 84a3e0d1abb98ac0e5a8598806b2544e
94f2dc562cc4d6dde4ba52fba398df5e63524613
141618661c5289d9fede8b3b4cdde34223dde412475d55ff82109e36828774c2
GET /v3/signin/identifier?dsh=S973414849%3A1670009708677267&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsr_EtS2SZ8Kqx6pB3lmaG04Px8xcpLIZ7H-7irXLe-Nr0o8xp56RzWwmb1xk7Mxll72owf9g HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 02 Dec 2022 19:35:08 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce--v-eFvVAT4KM3KkphnRx6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tractorfoolproofstandard.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
200 OK 29 kB URL HTTP/1.1 tractorfoolproofstandard.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 4faa30697e6d39b970be5364f2d2b6f2
f56200e1a1aa2340df0b59d3b0f4e1b83ab15e6c
0f2c46a75dcb976c7b2c274297445c15327aad76d70538fcb96b9022ce6e3511
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/ed/da/e3edda287db626ee1ba52321f203a61e.js HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 19:35:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 688c6c5f1d44c9de90077589dc7f8600
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 976ec0477aa30cbf00f53b05c49663ff
0d333f4aab7f1286c2e68480ba986915f0188b8d
e6eb3a90890b38211a9cfad8c78fd23978e2f855829c4e0cde29feccf1d8950a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E6EB3A90890B38211A9CFAD8C78FD23978E2F855829C4E0CDE29FECCF1D8950A"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17292
Expires: Sat, 03 Dec 2022 00:23:21 GMT
Date: Fri, 02 Dec 2022 19:35:09 GMT
Connection: keep-alive
tallysaturatesnare.com/pixel/purst?dl=0&th=0&sc=0&rs=2072&rd=2072&fd=676&bv=22.10.v.10&tmpl=136
200 OK 35 B URL HTTP/1.1 tallysaturatesnare.com/pixel/purst?dl=0&th=0&sc=0&rs=2072&rd=2072&fd=676&bv=22.10.v.10&tmpl=136
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2072&rd=2072&fd=676&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 02 Dec 2022 19:35:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tractorfoolproofstandard.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=e7cd360d-ec2c-45cf-a6ff-f785e92dafe0%3A3%3A1
200 OK 3.9 kB URL HTTP/1.1 tractorfoolproofstandard.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=e7cd360d-ec2c-45cf-a6ff-f785e92dafe0%3A3%3A1
IP
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5939), with no line terminators
Hash 02866ab3be91f17a59d155cb49cecd89
164f96c71c749757f3fc7f463096a37ec5eace16
43419cbf6c9fac49d7229111ba4328bbef70f4cdb199186d0eb2220c707355e1
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=e7cd360d-ec2c-45cf-a6ff-f785e92dafe0%3A3%3A1 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 19:35:09 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://exee.app
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Sat, 03 Dec 2022 19:35:08 GMT; secure; SameSite=None
uid_id2=e7cd360d-ec2c-45cf-a6ff-f785e92dafe0:3:1; expires=Fri, 09 Dec 2022 19:35:08 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 03 Dec 2022 19:35:09 GMT; secure; SameSite=None
uncs=1; expires=Sat, 03 Dec 2022 19:35:09 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 03 Dec 2022 19:35:09 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 03 Dec 2022 19:35:09 GMT; secure; SameSite=None
slecf585f65c6c65123b95dd09be324de3bb=[3789938]; expires=Fri, 02 Dec 2022 19:35:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 96c1366e881ee7bd587223d611d2f9a1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
friendshipmale.com/sfp.js
200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 4a1679710f58df35566b8072f469373d
47bcdc6af28f75fce676bb834f467475814faafa
8a5ecdb19900f257a1f3f5d72ab94343aba99632b8dbb05121dc498dd404b7e2
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 19:35:08 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: e02b8528b9e1fbd457ae4e94099a2809
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 02 Dec 2022 19:35:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mn6SqZ7PQopMqgWsscRh1Ljcb7THlyN2vvTMcLMf3K5DO3%2BMtHMDS38C5WnohH7lSBLQIbdhY%2BJzg99cw76dQS7igbR%2Bd50Ct3tgVHlUrbkuQUnySwJ83leDLYOcqEco26Z2Yxs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773681053d9075de-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.vdo.ai/core/v-exee-app/vdo.ai.js
200 OK 4.9 kB URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP
File type ASCII text, with very long lines (8481)
Hash fac9b1483327f3179f2bf676fdd986d3
63436270df84431d85b41c2426f782fc2764de5c
cc01b4ffc3dc4c8462983ca49e122420741dd7ff8442c96b078432ddd82102f6
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 19:35:07 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
vdo-server: Tag2
cache-control: public, max-age=1800
x-varnish: 3881003 681577
age: 717
via: 1.1 varnish-v4
x-cache: HIT
cf-cache-status: HIT
last-modified: Fri, 02 Dec 2022 19:23:10 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wwag8pluFF%2FwgzCnHoHZ3gs0Kf3JsoLMCCGOUJsPvQDkVkPAE6ylrLv0rprhxkwJCDaCk5u4GrsgrZ5sF8yssbdfZMDNEFJ5XczB4CLg3xuvPVTudTpkvMs8ww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773681026d65068a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash fccc019c3c61476f4bd06573b15a1de4
5d5ce77892a0cba0b49a9f882ad4a5e93109f344
6b7bf3afc4af3b0676896650ff90478f6c7e640de094d1ded2da1dd1805ed8da
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 19:35:09 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 02 Dec 2022 18:27:19 GMT
Expires: Sat, 03 Dec 2022 18:27:19 GMT
ETag: "5d5ce77892a0cba0b49a9f882ad4a5e93109f344"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash fccc019c3c61476f4bd06573b15a1de4
5d5ce77892a0cba0b49a9f882ad4a5e93109f344
6b7bf3afc4af3b0676896650ff90478f6c7e640de094d1ded2da1dd1805ed8da
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 19:35:09 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 02 Dec 2022 18:27:19 GMT
Expires: Sat, 03 Dec 2022 18:27:19 GMT
ETag: "5d5ce77892a0cba0b49a9f882ad4a5e93109f344"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash fccc019c3c61476f4bd06573b15a1de4
5d5ce77892a0cba0b49a9f882ad4a5e93109f344
6b7bf3afc4af3b0676896650ff90478f6c7e640de094d1ded2da1dd1805ed8da
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 19:35:09 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 02 Dec 2022 18:27:19 GMT
Expires: Sat, 03 Dec 2022 18:27:19 GMT
ETag: "5d5ce77892a0cba0b49a9f882ad4a5e93109f344"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13099
Expires: Fri, 02 Dec 2022 23:13:28 GMT
Date: Fri, 02 Dec 2022 19:35:09 GMT
Connection: keep-alive
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 19:35:09 GMT
Connection: keep-alive
Expires: Sat, 02 Dec 2023 19:35:09 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
pogothere.xyz/
200 OK 1.2 kB IP
File type ASCII text, with no line terminators
Hash 07ed2185c22b7a35d08a399a1b51c5be
24a45b0565c2ee49835b4902042c0dcafb7ea43c
5a3641cbe5bc0e44b61e4377534323bbe66ccc534ce5647b946b42c33be98987
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 19:35:08 GMT
content-type: text/plain
set-cookie: csu=1345280630094975@1@1670009708; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PRuyXW19%2FfIif1Xd%2FEUnRtpfuDOUAE3swAHkjTbgxweYOAbkgkR1oiJ0ViQkE3m0BajzYJyHHNy1PNOXuR8qDFteOZ8u3H4g89XCaD1l3RJbqyhAL18gBIk9rZsYrMWv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773681035b2576de-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13099
Expires: Fri, 02 Dec 2022 23:13:28 GMT
Date: Fri, 02 Dec 2022 19:35:09 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13099
Expires: Fri, 02 Dec 2022 23:13:28 GMT
Date: Fri, 02 Dec 2022 19:35:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
Hash 90017abe314ba1935299e490c121ff79
8157494146032e78084414db2c842f750aa107c9
8db73d080de13d3e14a53a985e62de35255174b06315d48f88d8396cb9600a4e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 00:54:54 GMT
age: 67215
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb30f254-1327-487b-a297-00361bfd5c02.jpeg
200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb30f254-1327-487b-a297-00361bfd5c02.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd78aa69439c995167f32b8a41a1f4f6
d07d6145182f312f3ed86ecf96b4ffa175416fa0
3b08cf3fad31ee0cf3ee25abc2484fb4283543865a42dfc568b14f9856fd3bb5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb30f254-1327-487b-a297-00361bfd5c02.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7722
x-amzn-requestid: 8d7c4800-6c06-43ed-afa1-94840d42f591
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGy2Gr1IAMFWeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e78-429ae3135d47e3b020c4c7a1;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Z8thSamrCRejcAcQEGAp4WpSMzMEvstuZtVpKAjiCH4dyJyf1yihBA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:50:11 GMT
age: 78298
etag: "d07d6145182f312f3ed86ecf96b4ffa175416fa0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jM-fTqLsmU3c_gc9Wle-lvCwXelA9Sid9axtzJQDsfOHv23yUbKsBw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 23:43:28 GMT
age: 71501
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c770ed8e1043091817cf67c2338116d2
eb799e23dbf7d7fd82d63ec0220007e5b8196e48
addff025294dc6a89ff5f686910eb51ba8791c40f50b1c6b63ddc4c8db5808cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADDFF025294DC6A89FF5F686910EB51BA8791C40F50B1C6B63DDC4C8DB5808CF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5723
Expires: Fri, 02 Dec 2022 21:10:32 GMT
Date: Fri, 02 Dec 2022 19:35:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cgj3fw3lpngosMNOK7cZUZO94T__4RTy_p7wa6rI62OOvhI5E9wMSw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 13:09:50 GMT
age: 23119
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg
200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg
IP
Hash 63d7e85c179cb36e6c18fcd9272a74eb
22aaabad5bf2e26ecf9b2809ba0e1c1262ab9db6
16ae9830f17205c97e942973fe38ad9565ec2206139478dc924c518e13c9f7cd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4834
x-amzn-requestid: 63a0b8b5-5cb3-4a1f-aa46-47c84abe726f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQrjEeAIAMF3sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7e3-0032799009f893ba79f314db;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:02:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bBj-TXtavCuORZ9qBoZeVj-GXeRljAeW-98HY7lTk5_VRSKF4_07VQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 04:22:38 GMT
age: 54751
etag: "0de97f3a4964038222bd751e043e413113e6db9d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 291127b670135b42b6e9687aa2a13237
99b5ef2d6a4d1a1251a06d9d9f989b01d089a8d1
49b082a738bcd15a0bb4e9f96a180797ffcfa368977ac1927df882a0343664d3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10437
x-amzn-requestid: 2a8183c4-47ec-42bb-8e67-3e742dc3750c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb0YpEeooAMFfvg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cdd0-2014fd4d49dcd4087bf1db4d;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:40:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wQc8gdA6brp46QVd0ee9cBtnmA9q1j3nUO2ou9MDIhecNINtmphq0Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:15:09 GMT
age: 76800
etag: "99b5ef2d6a4d1a1251a06d9d9f989b01d089a8d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tractorfoolproofstandard.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST2hc1RfH72vz2%2FzcqHTjQhmkiwpm8t7MvPljF9XYVooxCU0lmy68%2F97kmvvefdz73rxJQAgWQnHjuHP58p38wVrEbtxJZeJGAkLHggQxuHcjFLsTZJKB4Fm8c877nMX5fs%2Fd3slPiI%2BcHi9%2FYDaV1nQurPqVK6sqEaZwlcU7lcCv%2BlcrqyppNq5W%2BpOP7b0V%2BGHVf6PynuTrZq7mB74f%2BEHlprIyMv25UwqVPuwE1Y5fbdSqQdhA3%2F63d7kHRz2I3gl5GUqM%2F7f20yMoPkISf3tduvXMpG%2FeiHNNM2PREwcfJuuJKRLE52VkPUTJwXQaxo0J%2BfICTHIwVQDT250oAFNj4v0agCUH0zXBentnmzINmYCJF1D0RpB6BEVH4OYelHhCAC6wuIQk3l80tqAbZ5RO6JjMPH8GVYzJzO%2BXkMTfzGvVr6wYnWfKJA79qITqj6C6I6T5IbJND6o4BM8%2BhRI%2Fk7nnC0ji3SWnDZQ4vixbXNSbvpiVvMZnGyGPZmkzimajVjuUnZqgkfRPLVJqBBWNoOUA1F1E7jzkykMeechTD7E4rtCwE%2Fl%2BK2JRvd5ucM7rdc7DdlOEot5oRz5yPtEwQJYOwPUA3G4htVtYVwPY%2FAe4tRJOeHAZQU%2BUKCRB4QgKSlAogiIjKHrlntCu5sp9oV3OgmmuTXO9HJqsu0P3TNaVCdlJT8hLE%2BO8Fx9cwro8rkRhO4yaIW%2FyZhjU6qwTCuF3mKzXGkLWGYNTJZS7AOo8bKoxufjJn0jVmFyYnwOjh3D6EFy9Dpq%2FCloMWzUfdG3YaPvYTPZlX1aVgTAl0mwG2Ya3o0%2FIK6en6zy1kPzo7ct3r%2Fw9%2BvwuuC2R2hIfqx8Juvr%2B8LYpyO5tUzjyaCnNVKw26eSsKxnN5MyD9%2BVGYay4dd0NvnqHT8CkfHhHumyBJkIlXUe%2BnldCSHvTWC7J97fcqmTLuVubz22SpwvL7968FadWOqdMMgJVTz56DK7G5P%2Fx9umDfe23bSg7gs1LxPkRmQaUOQRPt%2BDSo2t%2FPP3n2Xc3AGcIrD6fYamHIi%2BHtsbOf2pFoOV5T1kJJ88tYPLo8V9nbMfdR9d6oNk9JHGJni3R0yWoHsDlF4dZao%2Bu%2FVI%2FDTDtDZm23i7TVn9xZq1TxxUZRn4k%2FZpkUYdFLeqLTtToMNoJZIuFNEDmxvyzlfhfAAAA%2F%2F8BAAD%2F%2F4SOlVqIBAAA
200 OK 7 B URL HTTP/1.1 tractorfoolproofstandard.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST2hc1RfH72vz2%2FzcqHTjQhmkiwpm8t7MvPljF9XYVooxCU0lmy68%2F97kmvvefdz73rxJQAgWQnHjuHP58p38wVrEbtxJZeJGAkLHggQxuHcjFLsTZJKB4Fm8c877nMX5fs%2Fd3slPiI%2BcHi9%2FYDaV1nQurPqVK6sqEaZwlcU7lcCv%2BlcrqyppNq5W%2BpOP7b0V%2BGHVf6PynuTrZq7mB74f%2BEHlprIyMv25UwqVPuwE1Y5fbdSqQdhA3%2F63d7kHRz2I3gl5GUqM%2F7f20yMoPkISf3tduvXMpG%2FeiHNNM2PREwcfJuuJKRLE52VkPUTJwXQaxo0J%2BfICTHIwVQDT250oAFNj4v0agCUH0zXBentnmzINmYCJF1D0RpB6BEVH4OYelHhCAC6wuIQk3l80tqAbZ5RO6JjMPH8GVYzJzO%2BXkMTfzGvVr6wYnWfKJA79qITqj6C6I6T5IbJND6o4BM8%2BhRI%2Fk7nnC0ji3SWnDZQ4vixbXNSbvpiVvMZnGyGPZmkzimajVjuUnZqgkfRPLVJqBBWNoOUA1F1E7jzkykMeechTD7E4rtCwE%2Fl%2BK2JRvd5ucM7rdc7DdlOEot5oRz5yPtEwQJYOwPUA3G4htVtYVwPY%2FAe4tRJOeHAZQU%2BUKCRB4QgKSlAogiIjKHrlntCu5sp9oV3OgmmuTXO9HJqsu0P3TNaVCdlJT8hLE%2BO8Fx9cwro8rkRhO4yaIW%2FyZhjU6qwTCuF3mKzXGkLWGYNTJZS7AOo8bKoxufjJn0jVmFyYnwOjh3D6EFy9Dpq%2FCloMWzUfdG3YaPvYTPZlX1aVgTAl0mwG2Ya3o0%2FIK6en6zy1kPzo7ct3r%2Fw9%2BvwuuC2R2hIfqx8Juvr%2B8LYpyO5tUzjyaCnNVKw26eSsKxnN5MyD9%2BVGYay4dd0NvnqHT8CkfHhHumyBJkIlXUe%2BnldCSHvTWC7J97fcqmTLuVubz22SpwvL7968FadWOqdMMgJVTz56DK7G5P%2Fx9umDfe23bSg7gs1LxPkRmQaUOQRPt%2BDSo2t%2FPP3n2Xc3AGcIrD6fYamHIi%2BHtsbOf2pFoOV5T1kJJ88tYPLo8V9nbMfdR9d6oNk9JHGJni3R0yWoHsDlF4dZao%2Bu%2FVI%2FDTDtDZm23i7TVn9xZq1TxxUZRn4k%2FZpkUYdFLeqLTtToMNoJZIuFNEDmxvyzlfhfAAAA%2F%2F8BAAD%2F%2F4SOlVqIBAAA
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SST2hc1RfH72vz2%2FzcqHTjQhmkiwpm8t7MvPljF9XYVooxCU0lmy68%2F97kmvvefdz73rxJQAgWQnHjuHP58p38wVrEbtxJZeJGAkLHggQxuHcjFLsTZJKB4Fm8c877nMX5fs%2Fd3slPiI%2BcHi9%2FYDaV1nQurPqVK6sqEaZwlcU7lcCv%2BlcrqyppNq5W%2BpOP7b0V%2BGHVf6PynuTrZq7mB74f%2BEHlprIyMv25UwqVPuwE1Y5fbdSqQdhA3%2F63d7kHRz2I3gl5GUqM%2F7f20yMoPkISf3tduvXMpG%2FeiHNNM2PREwcfJuuJKRLE52VkPUTJwXQaxo0J%2BfICTHIwVQDT250oAFNj4v0agCUH0zXBentnmzINmYCJF1D0RpB6BEVH4OYelHhCAC6wuIQk3l80tqAbZ5RO6JjMPH8GVYzJzO%2BXkMTfzGvVr6wYnWfKJA79qITqj6C6I6T5IbJND6o4BM8%2BhRI%2Fk7nnC0ji3SWnDZQ4vixbXNSbvpiVvMZnGyGPZmkzimajVjuUnZqgkfRPLVJqBBWNoOUA1F1E7jzkykMeechTD7E4rtCwE%2Fl%2BK2JRvd5ucM7rdc7DdlOEot5oRz5yPtEwQJYOwPUA3G4htVtYVwPY%2FAe4tRJOeHAZQU%2BUKCRB4QgKSlAogiIjKHrlntCu5sp9oV3OgmmuTXO9HJqsu0P3TNaVCdlJT8hLE%2BO8Fx9cwro8rkRhO4yaIW%2FyZhjU6qwTCuF3mKzXGkLWGYNTJZS7AOo8bKoxufjJn0jVmFyYnwOjh3D6EFy9Dpq%2FCloMWzUfdG3YaPvYTPZlX1aVgTAl0mwG2Ya3o0%2FIK6en6zy1kPzo7ct3r%2Fw9%2BvwuuC2R2hIfqx8Juvr%2B8LYpyO5tUzjyaCnNVKw26eSsKxnN5MyD9%2BVGYay4dd0NvnqHT8CkfHhHumyBJkIlXUe%2BnldCSHvTWC7J97fcqmTLuVubz22SpwvL7968FadWOqdMMgJVTz56DK7G5P%2Fx9umDfe23bSg7gs1LxPkRmQaUOQRPt%2BDSo2t%2FPP3n2Xc3AGcIrD6fYamHIi%2BHtsbOf2pFoOV5T1kJJ88tYPLo8V9nbMfdR9d6oNk9JHGJni3R0yWoHsDlF4dZao%2Bu%2FVI%2FDTDtDZm23i7TVn9xZq1TxxUZRn4k%2FZpkUYdFLeqLTtToMNoJZIuFNEDmxvyzlfhfAAAA%2F%2F8BAAD%2F%2F4SOlVqIBAAA HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=e7cd360d-ec2c-45cf-a6ff-f785e92dafe0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 19:35:09 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ef507ff3a00d8e177c4e70ad269efda9
Strict-Transport-Security: max-age=0; includeSubdomains
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
200 OK 7.7 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
IP
Hash d5e9791c6a93b55f61645f1c6d458f8d
6c13509e471d2c616b0037991bf515de17d0bc77
4b2244fecd11c0619d1213b38af69402d4e75cf7ef9eaf83a7f861cdc3abfb54
GET /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 19:35:09 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d3b-bf8c"
Expires: Sat, 02 Dec 2023 19:35:09 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
analytics.vdo.ai/logger
200 OK 69 kB IP
Hash a756c8e116701da51ca4afcc87725c8a
9fbd289b3e5becf83c8a5f2c147b701f9ca25385
7e50d732712e40bb257cdf294107abb7ebb1637e1d6f803005500586fe99d557
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 128
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 19:35:08 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HM8YrAvqI08ha5a1HgGKMlQ4BaPt2Gs5uJyk%2FzsBMUUCcnsQ2%2FWp5WXKr5Liz62ezHST7yEopDYuoIKvdqYx%2FvqcnCip%2BW0MWPJiYrsZ8yiLu3ncKrBSmjZPJbS4sOItJJjn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773681037900718c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 19:35:09 GMT
Connection: keep-alive
Expires: Sat, 02 Dec 2023 19:35:09 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 0f3fa70c4b85f9af8be81db15f2473b6
e5dadf573bde48707d00993b7a0301f7303f1a73
ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10277
Expires: Fri, 02 Dec 2022 22:26:26 GMT
Date: Fri, 02 Dec 2022 19:35:09 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 0f3fa70c4b85f9af8be81db15f2473b6
e5dadf573bde48707d00993b7a0301f7303f1a73
ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10277
Expires: Fri, 02 Dec 2022 22:26:26 GMT
Date: Fri, 02 Dec 2022 19:35:09 GMT
Connection: keep-alive
tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=150
200 OK 0 B URL HTTP/1.1 tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=150
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=150 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=e7cd360d-ec2c-45cf-a6ff-f785e92dafe0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 19:35:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 0f3fa70c4b85f9af8be81db15f2473b6
e5dadf573bde48707d00993b7a0301f7303f1a73
ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10276
Expires: Fri, 02 Dec 2022 22:26:26 GMT
Date: Fri, 02 Dec 2022 19:35:10 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
200 OK 322 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
IP
File type PNG image data, 729 x 331, 8-bit/color RGBA, non-interlaced\012- data
Size 322 kB (322399 bytes)
Hash 47b7ae41a98644de6d46d58a0e51a793
b0f736609af3c0b3214ee52cc9f0798dcc972df6
b2ad5bf8fc066203168fbceb53b7df6012e8897be344b240e94105af1b4ba0f2
GET /sb/notifications/games/nutaku/multi/2/img/girls.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 19:35:10 GMT
content-type: image/png
content-length: 322399
last-modified: Wed, 07 Sep 2022 14:37:32 GMT
etag: "6318acac-4eb5f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1489390
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sUeBeq%2BV7IJGRpp23WLPJaj8djwJuKJ8lsUkqJj0Wv3UJ3ybgSuDhwO90hNDknY7tNjySvzn4mVaiT%2F4cwoe7foGVr%2FoSuLV91aAZ25qY%2Fg1rnIxIUdNpCWEs2f27dTgPICuAHhMC7V6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736810fd880772c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
200 OK 32 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
IP
File type ASCII text, with very long lines (65451)
Hash c1fcfdd480feeb47a41cfc787b7346e4
e5fd5e809695ffc4c9ba9ac6fbc5a8bd79483e11
fb47644686a2ccbd35fd6316eabfff765993e80a872c3a16da6268c0cc36a879
GET /sb/notifications/games/nutaku/multi/2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 19:35:10 GMT
content-type: application/javascript
last-modified: Thu, 18 Aug 2022 08:55:27 GMT
etag: W/"62fdfe7f-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1489390
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1usTKv8Y15cl1BM7XySl%2FKnKzQFVKUw3hNxoWkAOwvbw2cu9oyHxCOfnD4hNohxI59lZYbZW2n9pHo0572cNj7y%2Bm6bOa9nNhNB3Ce37Jn%2BltIRaKBgGftmJvmwY2Rn%2BXbq9cWHb%2BjdW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736810f9804772c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=151
200 OK 0 B URL HTTP/1.1 tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=151
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=151 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=e7cd360d-ec2c-45cf-a6ff-f785e92dafe0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 19:35:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/main.js
200 OK 4.1 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/main.js
IP
Hash 4d35d2bc8d8e06a426e274716da2afa3
f96bc0fbfedfe4e6e03c5e6a6274e589c5a91e9f
30822752beb7c9938b81b1cacbcffe0a74096422f6132d2d67354ea3e133664f
GET /sb/notifications/games/nutaku/multi/2/js/main.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 19:35:10 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:29:33 GMT
etag: W/"632abd5d-20ea"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 974491
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oidmAhgLbv02GPDMAouZTABmo88%2BPAktgpvddd88%2FjMGCz9R6edMxccbCCtgjXGJkW0H2ehrf6TAbuFTuzON9yTzaJk0oe4SrY0T96Ag%2BLZS2mOF%2Foln4TtNc%2BtdDa31R0KGL8f9KlUD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736811029b0779d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
206 Partial Content 391 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
IP
Size 391 kB (391040 bytes)
Hash 1b12fa9a67b15135ee51bd1adfdd5831
6803487aeb9c8614bcb7d5173fd5c8e8d99e8cbd
6c90bfc07e47febe7dd92eb1bc86b7f67d54a6cbad30577c9efe629eeeb24a22
GET /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-391039
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 19:35:10 GMT
Content-Type: video/mp2t
Content-Length: 391040
Last-Modified: Sat, 30 Jul 2022 00:37:15 GMT
Connection: keep-alive
ETag: "62e47d3b-113cda88"
Expires: Sat, 02 Dec 2023 19:35:10 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-391039/289200776
tractorfoolproofstandard.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 tractorfoolproofstandard.com/pixel/sbs?c=1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=e7cd360d-ec2c-45cf-a6ff-f785e92dafe0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 19:35:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
200 OK 5.3 kB URL HTTP/2 cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
IP
ASN #39572 DataWeb Global Group B.V.
Hash 5573a3a2baf2dca77ac350d5ab766613
fb4b942847fa780890829121004ac38b7eb13731
3df87c8dfc14604dc7869c99e244f8ee4a7a5b1cc2ccd15e73a639d9a2578d0c
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/games/nutaku/multi/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 19:35:09 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 15 Sep 2022 10:38:26 GMT
etag: W/"632300a2-514"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 02 Dec 2022 20:35:09 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
200 OK 485 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash 9c804c1596c2779df49c783dde5df424
bc9211ee0f028c0f5e1604a9c48c1aee73f67296
3d9b57151b8bf6415cd656aa2da5423898109a8dd0237570617ce299123e42b2
GET /sb/notifications/games/nutaku/multi/2/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 19:35:10 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Aug 2022 08:55:17 GMT
etag: W/"62fdfe75-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1489390
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xEoSgszR3tor8dkKLHpdB0wLEmdP9mHbbUKGFRotlX%2BvQwCCqoA%2BA6MGBWcGTalM4UVgvk0Xc8yGm24lhVunEk5Eg9DRIkmEt5P7%2FHxI%2FdbO1ZoNFZjgQDtXIOA1TPjrYW5TnNsKP9KF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736810fd877772c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash da32e4b24f4f95e4e807cff2459f54c3
02db1c6d628b2f51fa0b46fcb79a71178780bc47
4d6ff368a64dc83f4a637fbf44b2256523ca7c43b824022f8f6428de6cfae368
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a6ad57d839c4b452d7118cf2052f9d35
50afdbe46f04c7611c1a0111bce3a76775e50272
4c5c20573601bde0f5c3567e02d02d74ab22d4ffe12f632e1def1b87dc86ad3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/instream/video/client.js
200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Fri, 02 Dec 2022 19:35:10 GMT
expires: Fri, 02 Dec 2022 19:35:10 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/iframe_api
200 OK 959 B URL HTTP/2 www.youtube.com/iframe_api
IP
File type ASCII text, with very long lines (509)
Hash e8ca88cd960f7d27e8bd64150be0ae7a
42faf9af7dca18012fbb83890e24c7b384cda597
6b9011c52ef128876397e4272bfb1ddeeac2d769cf392734f5dc80180fd6866b
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Fri, 02 Dec 2022 19:35:10 GMT
date: Fri, 02 Dec 2022 19:35:10 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=Y__1vicrFqc; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=Hu_XN9TF5u4; Domain=.youtube.com; Expires=Wed, 31-May-2023 19:35:10 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+650; expires=Sun, 01-Dec-2024 19:35:10 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=exee.app
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 02 Dec 2022 19:35:10 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2Fsocpulic0&tfcd=0&npa=0&correlator=2345977450016240&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2Fsocpulic0&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F5afbd26c-3cba-4967-b2fe-01ffca378c21&sid=29708BB7-2320-4D44-87BA-E72D8DB5A016&nel=0&eid=44748969%2C44765701%2C44777648&dlt=1670009705711&idt=1970&dt=1670009708907&cookie_enabled=1&scor=1359364413936124&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
200 OK 6.5 kB URL HTTP/2 pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2Fsocpulic0&tfcd=0&npa=0&correlator=2345977450016240&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2Fsocpulic0&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F5afbd26c-3cba-4967-b2fe-01ffca378c21&sid=29708BB7-2320-4D44-87BA-E72D8DB5A016&nel=0&eid=44748969%2C44765701%2C44777648&dlt=1670009705711&idt=1970&dt=1670009708907&cookie_enabled=1&scor=1359364413936124&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
IP
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (5548)
Hash f3554effc84a44b3334c0b42b5cec8c5
d3cea5104b7f83ad400c78f130e676774e1f57a5
aec39d7aa8917f193fad459a9841abfedf1b029c4b3650232531e807e9b86b5c
GET /gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2Fsocpulic0&tfcd=0&npa=0&correlator=2345977450016240&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2Fsocpulic0&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F5afbd26c-3cba-4967-b2fe-01ffca378c21&sid=29708BB7-2320-4D44-87BA-E72D8DB5A016&nel=0&eid=44748969%2C44765701%2C44777648&dlt=1670009705711&idt=1970&dt=1670009708907&cookie_enabled=1&scor=1359364413936124&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491 HTTP/1.1
Host: pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://imasdk.googleapis.com
google-lineitem-id: -1
google-creative-id: -1
date: Fri, 02 Dec 2022 19:35:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 6480
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 19:50:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 77a6b6638e0ee5ec4eeb988d3d3af050
219272781fc7a6ac331496b257c7976daa7b62de
d3092d8548c448fab08751eb00cce0ffb883786084d77320da1e0a858b70c5cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3092D8548C448FAB08751EB00CCE0FFB883786084D77320DA1E0A858B70C5CB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12893
Expires: Fri, 02 Dec 2022 23:10:04 GMT
Date: Fri, 02 Dec 2022 19:35:11 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 77a6b6638e0ee5ec4eeb988d3d3af050
219272781fc7a6ac331496b257c7976daa7b62de
d3092d8548c448fab08751eb00cce0ffb883786084d77320da1e0a858b70c5cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3092D8548C448FAB08751EB00CCE0FFB883786084D77320DA1E0A858B70C5CB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12893
Expires: Fri, 02 Dec 2022 23:10:04 GMT
Date: Fri, 02 Dec 2022 19:35:11 GMT
Connection: keep-alive
bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-Dw0VIiF9bUhL4_lkLbxYKU4CZT-VORZiBiXSGb199IxqtALVPXjs8NR0lmp5eR13jIZOukZOIJjBQ6xtjvSZU5g3fWhw&cry=1&dbm_d=AKAmf-Bu3I9_ez-ugKInnqqhUmS1K18Wu87WMWrsl9cSBXWZ33HpEDqWj6AGnIytgMToxVaaSy_qs_ZNoMacFRyrx4oRMWvwCcYMf1c3nSOi0oITsJUXNn5sUxBHWtwmnCEFIz5akfSlx7coAoSGpKzhmj6KH7biwj62sA940Z7HPJFwbXvgPrgRJzlkxHAVQdvh6vEp54EmKW4jsUVAIrfSpMC7qODccokoBWvNfwPdPAUXOo6OIMVEob7nZFLAxsg974fvn3No2vX3ZHhkPRuwBbe0Zi_g16QWqFh-tcox_Y6Wf3i5VJqRqDQX0soKEjNSRM9dpsx3sxsqpKyWdh746uwmyK1OkmR8KrLSkiWautv0B_RjJlquvbhYQWVrmi4xQbiZPrjDDICtORaYx17Ah-mIBAj7SDQ4bco44qIVCxSOmKtGFWFrWBdfecSKlMauMPqqsI-SLSdFgzHmprNhCrf2Aqfw-XNbwZYLR37Fz84YOJEr8pcXgAdfo_E8vxB6b8cQS0zUxkRkpy5D19bm2gR13CwC6b714pzOqgCKLHp4L02dAUh2Bg09DHCkVPSwMVgmRVbna6vE_u4Hgw3pjVmLbM5WXNfoTKwM86E1ioJBd6t3nXkdH97kVGiGUzgzsetvIehJJm-Gz6TRBpB2KTE7KXw-yIPx0TVQte2GNS3J5LE73wR13X6Y0nm4zRyXgIvRLiXNnVWvQwiLF52EMpSnPkKpMlrxMqhl7tBhJ0DCV_4Z_GAED7wAw5qy1grGd7Wwer1R0lzBMZDm6SpdsfJ2E7MfqJSJhF5YKc3OSMedWJdzRiQgHOgAwHVCK_2-D8dpZyCZWpkHrC3nqvXCvkR9_ocd0albLBui8Qt_iEE4TbYxKiX4uO1TWV71FdrR7aqVvHwZZmsNRWk3Er-WORUntV_84RXBotE0hW2hzGEKPlXLnio7upz61s34Nb2rX_RHGN-VecdHLT3IGZW-IraABfhvBDbaUlcmzXaWO1UHZ-_z9fvwsJfssQvr6vocO6QuMODmH5eqbmOjNCAuwNVK-LBoSkFeF0jN6ypiv-OzIeH17rERUA7NhLBRqQWbpQE2kJ0xFjV4rMaMC4QUEhAJyEjawZStMugBmR5VmVZ1MfwPoiVmthvlhMfh7EWmfWC6UnEVH4sUClokq2DNZI7PAU7HxswPNtGoJ-kMxjHvCEmnlRr50zYWXMu1SDi_ytB--epi_PdbzmbjEJ7evIRZBEg4Gc9nPEDaAVPnbIVENKbgR5Frrwrj7MomOTBBtTGmSpZCUZMUcMrCcKXQxkhYiSEoxeRnityGsvTllZrfW5Pa8aQJwA4MQIQTqsztEM0qWlOIt8eiMmi7VVU8p0vPtI4C1cVq7m2LXYaZK9yXGnhxourXwk0rmSk8-mnQfAN7aVtZ1r3ylafDP4rWADrNgRWVeJrEXIcXrSSWx5HYAFYFu2VAq_73lIgYd_F3bPS9BPv74vGFp2Yf8FG1IcFfS6f0A0I8wA5rjNhlg9pkb2eUEPC112jUBuMay7SAqErAtN5Ab3iZNDdLWhRFr0zmfRcnvfd8YcnDsKYecOWsJ7I0eAYqfn4rOBO_8l91Sun0Z_KrKBVfJ5cd7xVs0NqkNyxWQ7HuEfT4puzQ4L7q7nkE169uYldhgq4fZgCWAthCpXoNmAqT-euUsfr12wA-Cq7OKqIHdch7aS9f9lvCNIqX42UIQcq2Pu-eWsxsNvoivTO5vaFxkk6qt-l6RXvEXHv-XGr25_ijcY4EDDeYuvr-P8cWVDIPH5JiTnAdBqByNREbzpqKB0HPTzHa75nBeqXEHa7LVofq-ZaSnHeuPLcP5tgtzX7nfikqrFY5UmXgNSWB4Z561iBG9y8z5ysVJ_wWsNGIl3SR8o323SgupCxuIeKEy2i0ZQ8kD7H36-mlbcmp8LQrk8-kTW0E-Lal4n9ZFxiWdI2pkVvHuEyyVTvxRnTNtOZuLvYH03ODlctIGUKG7oT7mNJclYhRoo_XoMKGcBqVsdBHnT3oxDiiAzLLbCu3kC_9ngRPdm5UNrys7Id7h9SckzQ8PZEkTzDYOFL99U8PgQwVhiArO-gMEbCRxvATgCy_stNFX4frt0IRnJdS8xZSKMgZwCme7UVEDk7vDSWK_0Md-6WwNwOOj9t0O2qJLQs1pL91iOHhjtkYCr0hOAlAjUh1D9_gkmQwfAGy8E7j1tnL50TL4ScoQoix9kzEPOKyZ37sQ7Hj2Vj9zMtzJ2JMgZSGEky5akEibeCRKjn4dtduEGWWsnVcsBAo6HFbhSj3oYPYZcZYRmwEljJc-XZpyUp48OUo05xXk1kqUQupr6VFS2PPHqm1fn9X2wu_iPM2n2qq9b2vSAB_mwPwCNP9JgHyBp7aiVPHx2YJ7SLXqIOLG6wZmpLVT03EgQLabK5Vy9hRkL0KWjGSxCpy_oelOfOKBE9KcuAAvNL5PpfQEo2LlqRW_TMhiI_7TLQNR9whiVuX1pBhcOh4j0cKIMz-RsqFVpWKzgzBNgfaD9Gj3vN5mFN9DEZvCErmISWsVmEcFL2dwbdOzGoxug5W4hqMan5hlZP0Qrx_2bvx2VkMG8SiifOB5BtOHWUjqlGxds9VAhpXFBSyKhaaX-nHOKN1y-lG-rTCZhyZsj5tyOPQg-t4cYUPzRPrYMPIBaOkM9WwLpaPUakbLMa9Eo85e93lI-4UDtFGD2HtkI6MXbCqHloeWFhMNHEv56uZSYDiggUk9PuBtkworKdgwTZRbHEtLBEhVPYvoas-B7PN7yJxdAYcI9MTmh_HD4oUa_0z1TFFt7emaM28PTsFYOBbeA-w81hnbEslW2ELPzIJ2vhKh2pDeCVdJqR-afuPzzqflH9cjbYfX0PDDLzI2v9gdAIZlXWOJlOFF9utsuD1_pRfwZJz0PZqIQBXKR-glt78vdW7JwyR4Sd1Fsdca9xn6DFJPTnl5EBSqx5vTSTwKccw_w47eAvGokfGsbEyRcSxYxiJLH0pYogE7xu4WY_PQaNqJfDZa5ReOvzdFVMSIBgG3-2pRMt2GQpVFIQ2UqbnZglvZArHBN5rS53dF8HpDTtjf9FHh08xbnqIBDdJ0qjaYliXq6okyYTtaYUEb6JPQXmZAg1QaglCp19tE0YNKLARUtPN5v206y9CY14Cu4fq2pBJjMCHBMPPiGksQDbEYjiZNnIWfEdI25E8RgCty73ne-DDR8z4sAb7dZr-kF46PoEqCiw3YkgQeqGrDhN2CWlVFyOxieg-H5hWYX1DuuicdiQ7CK3fAfV2QPUvlPbhcBk5RO_6vcVZbvLFlfUVrpcnd9m9jS3kxiFH2SuymiATd_PqySvzWeNE02pKXojXdmDWUNeXIkfyTqtXVcqwhKfqJBMbCSbQ2kPOMwZVFNwnpJemeSem8VELw19AT19RI9OlSoFpzStH2ak5oF_LFGA16-tbuPyF9ucfvp25VhwFXJK7cWtPzexCHHEbok5VidfwiL5a7NmZKE9vsJWxeW8VBkdlV2fTXG9Yz-Iz5isSAjWUhGFoygz-YP9hVit_tpEQuwm9ns3pdOWmuQtDmr5mwnI3ul6jmqZgcc5MURlPtalenkfJIlFnv2T0tl_TAifRaccicIVLWeObERva1YK6TO1n60WySizFG2NU1clOKGWyxBhzy5qhvlx8xOjlLpJmfT2U7gJEITpM1BfuxS5TIwFLbLaW_255M2o3&cid=CAQSPgDq26N9Bd_kKbvVhl_WZdVOrbP8_ZSyQ-RMEaPmiD7Uwc7oi09XI1elKvXYBUR7b6pqFh7xwEYZymmR5fBXGAEgEw&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F5afbd26c-3cba-4967-b2fe-01ffca378c21&sid=29708BB7-2320-4D44-87BA-E72D8DB5A016&nel=0&eid=44748969%2C44765701%2C44777648&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=https%3A%2F%2Fexee.app%2Fsocpulic0&dlt=1670009705711&idt=1970&dt=1670009709220&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_ts0_eb16491
200 OK 4.9 kB URL HTTP/2 bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-Dw0VIiF9bUhL4_lkLbxYKU4CZT-VORZiBiXSGb199IxqtALVPXjs8NR0lmp5eR13jIZOukZOIJjBQ6xtjvSZU5g3fWhw&cry=1&dbm_d=AKAmf-Bu3I9_ez-ugKInnqqhUmS1K18Wu87WMWrsl9cSBXWZ33HpEDqWj6AGnIytgMToxVaaSy_qs_ZNoMacFRyrx4oRMWvwCcYMf1c3nSOi0oITsJUXNn5sUxBHWtwmnCEFIz5akfSlx7coAoSGpKzhmj6KH7biwj62sA940Z7HPJFwbXvgPrgRJzlkxHAVQdvh6vEp54EmKW4jsUVAIrfSpMC7qODccokoBWvNfwPdPAUXOo6OIMVEob7nZFLAxsg974fvn3No2vX3ZHhkPRuwBbe0Zi_g16QWqFh-tcox_Y6Wf3i5VJqRqDQX0soKEjNSRM9dpsx3sxsqpKyWdh746uwmyK1OkmR8KrLSkiWautv0B_RjJlquvbhYQWVrmi4xQbiZPrjDDICtORaYx17Ah-mIBAj7SDQ4bco44qIVCxSOmKtGFWFrWBdfecSKlMauMPqqsI-SLSdFgzHmprNhCrf2Aqfw-XNbwZYLR37Fz84YOJEr8pcXgAdfo_E8vxB6b8cQS0zUxkRkpy5D19bm2gR13CwC6b714pzOqgCKLHp4L02dAUh2Bg09DHCkVPSwMVgmRVbna6vE_u4Hgw3pjVmLbM5WXNfoTKwM86E1ioJBd6t3nXkdH97kVGiGUzgzsetvIehJJm-Gz6TRBpB2KTE7KXw-yIPx0TVQte2GNS3J5LE73wR13X6Y0nm4zRyXgIvRLiXNnVWvQwiLF52EMpSnPkKpMlrxMqhl7tBhJ0DCV_4Z_GAED7wAw5qy1grGd7Wwer1R0lzBMZDm6SpdsfJ2E7MfqJSJhF5YKc3OSMedWJdzRiQgHOgAwHVCK_2-D8dpZyCZWpkHrC3nqvXCvkR9_ocd0albLBui8Qt_iEE4TbYxKiX4uO1TWV71FdrR7aqVvHwZZmsNRWk3Er-WORUntV_84RXBotE0hW2hzGEKPlXLnio7upz61s34Nb2rX_RHGN-VecdHLT3IGZW-IraABfhvBDbaUlcmzXaWO1UHZ-_z9fvwsJfssQvr6vocO6QuMODmH5eqbmOjNCAuwNVK-LBoSkFeF0jN6ypiv-OzIeH17rERUA7NhLBRqQWbpQE2kJ0xFjV4rMaMC4QUEhAJyEjawZStMugBmR5VmVZ1MfwPoiVmthvlhMfh7EWmfWC6UnEVH4sUClokq2DNZI7PAU7HxswPNtGoJ-kMxjHvCEmnlRr50zYWXMu1SDi_ytB--epi_PdbzmbjEJ7evIRZBEg4Gc9nPEDaAVPnbIVENKbgR5Frrwrj7MomOTBBtTGmSpZCUZMUcMrCcKXQxkhYiSEoxeRnityGsvTllZrfW5Pa8aQJwA4MQIQTqsztEM0qWlOIt8eiMmi7VVU8p0vPtI4C1cVq7m2LXYaZK9yXGnhxourXwk0rmSk8-mnQfAN7aVtZ1r3ylafDP4rWADrNgRWVeJrEXIcXrSSWx5HYAFYFu2VAq_73lIgYd_F3bPS9BPv74vGFp2Yf8FG1IcFfS6f0A0I8wA5rjNhlg9pkb2eUEPC112jUBuMay7SAqErAtN5Ab3iZNDdLWhRFr0zmfRcnvfd8YcnDsKYecOWsJ7I0eAYqfn4rOBO_8l91Sun0Z_KrKBVfJ5cd7xVs0NqkNyxWQ7HuEfT4puzQ4L7q7nkE169uYldhgq4fZgCWAthCpXoNmAqT-euUsfr12wA-Cq7OKqIHdch7aS9f9lvCNIqX42UIQcq2Pu-eWsxsNvoivTO5vaFxkk6qt-l6RXvEXHv-XGr25_ijcY4EDDeYuvr-P8cWVDIPH5JiTnAdBqByNREbzpqKB0HPTzHa75nBeqXEHa7LVofq-ZaSnHeuPLcP5tgtzX7nfikqrFY5UmXgNSWB4Z561iBG9y8z5ysVJ_wWsNGIl3SR8o323SgupCxuIeKEy2i0ZQ8kD7H36-mlbcmp8LQrk8-kTW0E-Lal4n9ZFxiWdI2pkVvHuEyyVTvxRnTNtOZuLvYH03ODlctIGUKG7oT7mNJclYhRoo_XoMKGcBqVsdBHnT3oxDiiAzLLbCu3kC_9ngRPdm5UNrys7Id7h9SckzQ8PZEkTzDYOFL99U8PgQwVhiArO-gMEbCRxvATgCy_stNFX4frt0IRnJdS8xZSKMgZwCme7UVEDk7vDSWK_0Md-6WwNwOOj9t0O2qJLQs1pL91iOHhjtkYCr0hOAlAjUh1D9_gkmQwfAGy8E7j1tnL50TL4ScoQoix9kzEPOKyZ37sQ7Hj2Vj9zMtzJ2JMgZSGEky5akEibeCRKjn4dtduEGWWsnVcsBAo6HFbhSj3oYPYZcZYRmwEljJc-XZpyUp48OUo05xXk1kqUQupr6VFS2PPHqm1fn9X2wu_iPM2n2qq9b2vSAB_mwPwCNP9JgHyBp7aiVPHx2YJ7SLXqIOLG6wZmpLVT03EgQLabK5Vy9hRkL0KWjGSxCpy_oelOfOKBE9KcuAAvNL5PpfQEo2LlqRW_TMhiI_7TLQNR9whiVuX1pBhcOh4j0cKIMz-RsqFVpWKzgzBNgfaD9Gj3vN5mFN9DEZvCErmISWsVmEcFL2dwbdOzGoxug5W4hqMan5hlZP0Qrx_2bvx2VkMG8SiifOB5BtOHWUjqlGxds9VAhpXFBSyKhaaX-nHOKN1y-lG-rTCZhyZsj5tyOPQg-t4cYUPzRPrYMPIBaOkM9WwLpaPUakbLMa9Eo85e93lI-4UDtFGD2HtkI6MXbCqHloeWFhMNHEv56uZSYDiggUk9PuBtkworKdgwTZRbHEtLBEhVPYvoas-B7PN7yJxdAYcI9MTmh_HD4oUa_0z1TFFt7emaM28PTsFYOBbeA-w81hnbEslW2ELPzIJ2vhKh2pDeCVdJqR-afuPzzqflH9cjbYfX0PDDLzI2v9gdAIZlXWOJlOFF9utsuD1_pRfwZJz0PZqIQBXKR-glt78vdW7JwyR4Sd1Fsdca9xn6DFJPTnl5EBSqx5vTSTwKccw_w47eAvGokfGsbEyRcSxYxiJLH0pYogE7xu4WY_PQaNqJfDZa5ReOvzdFVMSIBgG3-2pRMt2GQpVFIQ2UqbnZglvZArHBN5rS53dF8HpDTtjf9FHh08xbnqIBDdJ0qjaYliXq6okyYTtaYUEb6JPQXmZAg1QaglCp19tE0YNKLARUtPN5v206y9CY14Cu4fq2pBJjMCHBMPPiGksQDbEYjiZNnIWfEdI25E8RgCty73ne-DDR8z4sAb7dZr-kF46PoEqCiw3YkgQeqGrDhN2CWlVFyOxieg-H5hWYX1DuuicdiQ7CK3fAfV2QPUvlPbhcBk5RO_6vcVZbvLFlfUVrpcnd9m9jS3kxiFH2SuymiATd_PqySvzWeNE02pKXojXdmDWUNeXIkfyTqtXVcqwhKfqJBMbCSbQ2kPOMwZVFNwnpJemeSem8VELw19AT19RI9OlSoFpzStH2ak5oF_LFGA16-tbuPyF9ucfvp25VhwFXJK7cWtPzexCHHEbok5VidfwiL5a7NmZKE9vsJWxeW8VBkdlV2fTXG9Yz-Iz5isSAjWUhGFoygz-YP9hVit_tpEQuwm9ns3pdOWmuQtDmr5mwnI3ul6jmqZgcc5MURlPtalenkfJIlFnv2T0tl_TAifRaccicIVLWeObERva1YK6TO1n60WySizFG2NU1clOKGWyxBhzy5qhvlx8xOjlLpJmfT2U7gJEITpM1BfuxS5TIwFLbLaW_255M2o3&cid=CAQSPgDq26N9Bd_kKbvVhl_WZdVOrbP8_ZSyQ-RMEaPmiD7Uwc7oi09XI1elKvXYBUR7b6pqFh7xwEYZymmR5fBXGAEgEw&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F5afbd26c-3cba-4967-b2fe-01ffca378c21&sid=29708BB7-2320-4D44-87BA-E72D8DB5A016&nel=0&eid=44748969%2C44765701%2C44777648&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=https%3A%2F%2Fexee.app%2Fsocpulic0&dlt=1670009705711&idt=1970&dt=1670009709220&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_ts0_eb16491
IP
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1802)
Hash 0bc1150c577b21829e36e17e2c7a4b1e
f49d41c6de9dab246ff05083b67bb9d99eb6d5b9
46eb80390f99beae5ddcfc58818e941acdb90cff753335c289debfca6aef15a2
GET /dbm/vast?dbm_c=AKAmf-Dw0VIiF9bUhL4_lkLbxYKU4CZT-VORZiBiXSGb199IxqtALVPXjs8NR0lmp5eR13jIZOukZOIJjBQ6xtjvSZU5g3fWhw&cry=1&dbm_d=AKAmf-Bu3I9_ez-ugKInnqqhUmS1K18Wu87WMWrsl9cSBXWZ33HpEDqWj6AGnIytgMToxVaaSy_qs_ZNoMacFRyrx4oRMWvwCcYMf1c3nSOi0oITsJUXNn5sUxBHWtwmnCEFIz5akfSlx7coAoSGpKzhmj6KH7biwj62sA940Z7HPJFwbXvgPrgRJzlkxHAVQdvh6vEp54EmKW4jsUVAIrfSpMC7qODccokoBWvNfwPdPAUXOo6OIMVEob7nZFLAxsg974fvn3No2vX3ZHhkPRuwBbe0Zi_g16QWqFh-tcox_Y6Wf3i5VJqRqDQX0soKEjNSRM9dpsx3sxsqpKyWdh746uwmyK1OkmR8KrLSkiWautv0B_RjJlquvbhYQWVrmi4xQbiZPrjDDICtORaYx17Ah-mIBAj7SDQ4bco44qIVCxSOmKtGFWFrWBdfecSKlMauMPqqsI-SLSdFgzHmprNhCrf2Aqfw-XNbwZYLR37Fz84YOJEr8pcXgAdfo_E8vxB6b8cQS0zUxkRkpy5D19bm2gR13CwC6b714pzOqgCKLHp4L02dAUh2Bg09DHCkVPSwMVgmRVbna6vE_u4Hgw3pjVmLbM5WXNfoTKwM86E1ioJBd6t3nXkdH97kVGiGUzgzsetvIehJJm-Gz6TRBpB2KTE7KXw-yIPx0TVQte2GNS3J5LE73wR13X6Y0nm4zRyXgIvRLiXNnVWvQwiLF52EMpSnPkKpMlrxMqhl7tBhJ0DCV_4Z_GAED7wAw5qy1grGd7Wwer1R0lzBMZDm6SpdsfJ2E7MfqJSJhF5YKc3OSMedWJdzRiQgHOgAwHVCK_2-D8dpZyCZWpkHrC3nqvXCvkR9_ocd0albLBui8Qt_iEE4TbYxKiX4uO1TWV71FdrR7aqVvHwZZmsNRWk3Er-WORUntV_84RXBotE0hW2hzGEKPlXLnio7upz61s34Nb2rX_RHGN-VecdHLT3IGZW-IraABfhvBDbaUlcmzXaWO1UHZ-_z9fvwsJfssQvr6vocO6QuMODmH5eqbmOjNCAuwNVK-LBoSkFeF0jN6ypiv-OzIeH17rERUA7NhLBRqQWbpQE2kJ0xFjV4rMaMC4QUEhAJyEjawZStMugBmR5VmVZ1MfwPoiVmthvlhMfh7EWmfWC6UnEVH4sUClokq2DNZI7PAU7HxswPNtGoJ-kMxjHvCEmnlRr50zYWXMu1SDi_ytB--epi_PdbzmbjEJ7evIRZBEg4Gc9nPEDaAVPnbIVENKbgR5Frrwrj7MomOTBBtTGmSpZCUZMUcMrCcKXQxkhYiSEoxeRnityGsvTllZrfW5Pa8aQJwA4MQIQTqsztEM0qWlOIt8eiMmi7VVU8p0vPtI4C1cVq7m2LXYaZK9yXGnhxourXwk0rmSk8-mnQfAN7aVtZ1r3ylafDP4rWADrNgRWVeJrEXIcXrSSWx5HYAFYFu2VAq_73lIgYd_F3bPS9BPv74vGFp2Yf8FG1IcFfS6f0A0I8wA5rjNhlg9pkb2eUEPC112jUBuMay7SAqErAtN5Ab3iZNDdLWhRFr0zmfRcnvfd8YcnDsKYecOWsJ7I0eAYqfn4rOBO_8l91Sun0Z_KrKBVfJ5cd7xVs0NqkNyxWQ7HuEfT4puzQ4L7q7nkE169uYldhgq4fZgCWAthCpXoNmAqT-euUsfr12wA-Cq7OKqIHdch7aS9f9lvCNIqX42UIQcq2Pu-eWsxsNvoivTO5vaFxkk6qt-l6RXvEXHv-XGr25_ijcY4EDDeYuvr-P8cWVDIPH5JiTnAdBqByNREbzpqKB0HPTzHa75nBeqXEHa7LVofq-ZaSnHeuPLcP5tgtzX7nfikqrFY5UmXgNSWB4Z561iBG9y8z5ysVJ_wWsNGIl3SR8o323SgupCxuIeKEy2i0ZQ8kD7H36-mlbcmp8LQrk8-kTW0E-Lal4n9ZFxiWdI2pkVvHuEyyVTvxRnTNtOZuLvYH03ODlctIGUKG7oT7mNJclYhRoo_XoMKGcBqVsdBHnT3oxDiiAzLLbCu3kC_9ngRPdm5UNrys7Id7h9SckzQ8PZEkTzDYOFL99U8PgQwVhiArO-gMEbCRxvATgCy_stNFX4frt0IRnJdS8xZSKMgZwCme7UVEDk7vDSWK_0Md-6WwNwOOj9t0O2qJLQs1pL91iOHhjtkYCr0hOAlAjUh1D9_gkmQwfAGy8E7j1tnL50TL4ScoQoix9kzEPOKyZ37sQ7Hj2Vj9zMtzJ2JMgZSGEky5akEibeCRKjn4dtduEGWWsnVcsBAo6HFbhSj3oYPYZcZYRmwEljJc-XZpyUp48OUo05xXk1kqUQupr6VFS2PPHqm1fn9X2wu_iPM2n2qq9b2vSAB_mwPwCNP9JgHyBp7aiVPHx2YJ7SLXqIOLG6wZmpLVT03EgQLabK5Vy9hRkL0KWjGSxCpy_oelOfOKBE9KcuAAvNL5PpfQEo2LlqRW_TMhiI_7TLQNR9whiVuX1pBhcOh4j0cKIMz-RsqFVpWKzgzBNgfaD9Gj3vN5mFN9DEZvCErmISWsVmEcFL2dwbdOzGoxug5W4hqMan5hlZP0Qrx_2bvx2VkMG8SiifOB5BtOHWUjqlGxds9VAhpXFBSyKhaaX-nHOKN1y-lG-rTCZhyZsj5tyOPQg-t4cYUPzRPrYMPIBaOkM9WwLpaPUakbLMa9Eo85e93lI-4UDtFGD2HtkI6MXbCqHloeWFhMNHEv56uZSYDiggUk9PuBtkworKdgwTZRbHEtLBEhVPYvoas-B7PN7yJxdAYcI9MTmh_HD4oUa_0z1TFFt7emaM28PTsFYOBbeA-w81hnbEslW2ELPzIJ2vhKh2pDeCVdJqR-afuPzzqflH9cjbYfX0PDDLzI2v9gdAIZlXWOJlOFF9utsuD1_pRfwZJz0PZqIQBXKR-glt78vdW7JwyR4Sd1Fsdca9xn6DFJPTnl5EBSqx5vTSTwKccw_w47eAvGokfGsbEyRcSxYxiJLH0pYogE7xu4WY_PQaNqJfDZa5ReOvzdFVMSIBgG3-2pRMt2GQpVFIQ2UqbnZglvZArHBN5rS53dF8HpDTtjf9FHh08xbnqIBDdJ0qjaYliXq6okyYTtaYUEb6JPQXmZAg1QaglCp19tE0YNKLARUtPN5v206y9CY14Cu4fq2pBJjMCHBMPPiGksQDbEYjiZNnIWfEdI25E8RgCty73ne-DDR8z4sAb7dZr-kF46PoEqCiw3YkgQeqGrDhN2CWlVFyOxieg-H5hWYX1DuuicdiQ7CK3fAfV2QPUvlPbhcBk5RO_6vcVZbvLFlfUVrpcnd9m9jS3kxiFH2SuymiATd_PqySvzWeNE02pKXojXdmDWUNeXIkfyTqtXVcqwhKfqJBMbCSbQ2kPOMwZVFNwnpJemeSem8VELw19AT19RI9OlSoFpzStH2ak5oF_LFGA16-tbuPyF9ucfvp25VhwFXJK7cWtPzexCHHEbok5VidfwiL5a7NmZKE9vsJWxeW8VBkdlV2fTXG9Yz-Iz5isSAjWUhGFoygz-YP9hVit_tpEQuwm9ns3pdOWmuQtDmr5mwnI3ul6jmqZgcc5MURlPtalenkfJIlFnv2T0tl_TAifRaccicIVLWeObERva1YK6TO1n60WySizFG2NU1clOKGWyxBhzy5qhvlx8xOjlLpJmfT2U7gJEITpM1BfuxS5TIwFLbLaW_255M2o3&cid=CAQSPgDq26N9Bd_kKbvVhl_WZdVOrbP8_ZSyQ-RMEaPmiD7Uwc7oi09XI1elKvXYBUR7b6pqFh7xwEYZymmR5fBXGAEgEw&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F5afbd26c-3cba-4967-b2fe-01ffca378c21&sid=29708BB7-2320-4D44-87BA-E72D8DB5A016&nel=0&eid=44748969%2C44765701%2C44777648&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=https%3A%2F%2Fexee.app%2Fsocpulic0&dlt=1670009705711&idt=1970&dt=1670009709220&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_ts0_eb16491 HTTP/1.1
Host: bid.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 19:35:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://imasdk.googleapis.com
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4854
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 19:50:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/interaction/?ai=Ckf0bblOKY5GfM-SNiQbSlrTYBb6hj95t2eSw48EQ_9GivcABEAEgrNaJRmDDhICAmBigAZie46QCyAEKqAMByAMTmAQAqgSPAk_QIKRT1TPMjcjJD8r95kMAWSU5GoDsfUU7HdH-qOReo7GPNYiB0tVwe8jA7p2x84N_49j54UZIk5N2YvV9EnwwQE0rMURfSLrGjj3az_Kez6VwUzWCMGeTZK-FmLnR037uIxm0xd3SOHn9qnIcqREOYBFZyG8TBAipUvarf6qcfIB3qriK8kT5N0gpcMg7z8O2FVxCzOvOwFeu1c7OZPs06fJ7GRqRepIRGERtis85c3kKAKP0j63jOLbQsfSaR1_7YeUg6ZmF611cjuo2GCLWcztMMnLbt1zANPUdW9snxP76wQuIokj_mkUIuXL2xFFDSwh4ujRgOikLpkO6B-N0RtjO1I9D_gSrUQx49j_ABKLVg-KWBOAEA5AGAaAGeoAH0OGc2wGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgdMgOqggE6AoBAgAoDyAsB4AsBgAwBsBPajLgR2BMNiBQC2BQB0BUB-BYBgBcB&sigh=Y2jK2smGJjY&label=show_ad&sdkv=h.3.547.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2MzgxMzU5MjI0MjFAkAIKbQgBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NDQ1NzE0ODEyCTE4MjcyOTUyMUB8UjMIvwIQByUAAPBBKAE6CzQ1OTM4MTUxNS0xQgRHREJNUABaEEVkV2NubVFVMjFYM0Y0RnYYAQ..
200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/interaction/?ai=Ckf0bblOKY5GfM-SNiQbSlrTYBb6hj95t2eSw48EQ_9GivcABEAEgrNaJRmDDhICAmBigAZie46QCyAEKqAMByAMTmAQAqgSPAk_QIKRT1TPMjcjJD8r95kMAWSU5GoDsfUU7HdH-qOReo7GPNYiB0tVwe8jA7p2x84N_49j54UZIk5N2YvV9EnwwQE0rMURfSLrGjj3az_Kez6VwUzWCMGeTZK-FmLnR037uIxm0xd3SOHn9qnIcqREOYBFZyG8TBAipUvarf6qcfIB3qriK8kT5N0gpcMg7z8O2FVxCzOvOwFeu1c7OZPs06fJ7GRqRepIRGERtis85c3kKAKP0j63jOLbQsfSaR1_7YeUg6ZmF611cjuo2GCLWcztMMnLbt1zANPUdW9snxP76wQuIokj_mkUIuXL2xFFDSwh4ujRgOikLpkO6B-N0RtjO1I9D_gSrUQx49j_ABKLVg-KWBOAEA5AGAaAGeoAH0OGc2wGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgdMgOqggE6AoBAgAoDyAsB4AsBgAwBsBPajLgR2BMNiBQC2BQB0BUB-BYBgBcB&sigh=Y2jK2smGJjY&label=show_ad&sdkv=h.3.547.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2MzgxMzU5MjI0MjFAkAIKbQgBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NDQ1NzE0ODEyCTE4MjcyOTUyMUB8UjMIvwIQByUAAPBBKAE6CzQ1OTM4MTUxNS0xQgRHREJNUABaEEVkV2NubVFVMjFYM0Y0RnYYAQ..
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/interaction/?ai=Ckf0bblOKY5GfM-SNiQbSlrTYBb6hj95t2eSw48EQ_9GivcABEAEgrNaJRmDDhICAmBigAZie46QCyAEKqAMByAMTmAQAqgSPAk_QIKRT1TPMjcjJD8r95kMAWSU5GoDsfUU7HdH-qOReo7GPNYiB0tVwe8jA7p2x84N_49j54UZIk5N2YvV9EnwwQE0rMURfSLrGjj3az_Kez6VwUzWCMGeTZK-FmLnR037uIxm0xd3SOHn9qnIcqREOYBFZyG8TBAipUvarf6qcfIB3qriK8kT5N0gpcMg7z8O2FVxCzOvOwFeu1c7OZPs06fJ7GRqRepIRGERtis85c3kKAKP0j63jOLbQsfSaR1_7YeUg6ZmF611cjuo2GCLWcztMMnLbt1zANPUdW9snxP76wQuIokj_mkUIuXL2xFFDSwh4ujRgOikLpkO6B-N0RtjO1I9D_gSrUQx49j_ABKLVg-KWBOAEA5AGAaAGeoAH0OGc2wGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgdMgOqggE6AoBAgAoDyAsB4AsBgAwBsBPajLgR2BMNiBQC2BQB0BUB-BYBgBcB&sigh=Y2jK2smGJjY&label=show_ad&sdkv=h.3.547.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2MzgxMzU5MjI0MjFAkAIKbQgBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NDQ1NzE0ODEyCTE4MjcyOTUyMUB8UjMIvwIQByUAAPBBKAE6CzQ1OTM4MTUxNS0xQgRHREJNUABaEEVkV2NubVFVMjFYM0Y0RnYYAQ.. HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 19:35:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
access-control-allow-origin: *
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 19:50:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=e7cd360d-ec2c-45cf-a6ff-f785e92dafe0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=e7cd360d-ec2c-45cf-a6ff-f785e92dafe0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=e7cd360d-ec2c-45cf-a6ff-f785e92dafe0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 19:35:11 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b42b4cc33876f444d0eed78cae0f5dc7
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=e7cd360d-ec2c-45cf-a6ff-f785e92dafe0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=e7cd360d-ec2c-45cf-a6ff-f785e92dafe0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=e7cd360d-ec2c-45cf-a6ff-f785e92dafe0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 19:35:11 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f45fbb97797cbb6f84cba8dd0375034f
Strict-Transport-Security: max-age=0; includeSubdomains
gcdn.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/id,itag,source,ctier,ip,ipbits,expire/signature/F4B2070B25D477C06E7AADDF93E4942BA756A8.1E3BA2433E7A33B54EAE60E2316297D8E931344D/key/ck2/file/file.mp3?cpn=EdWcnmQU21X3F4Fv
302 Found 652 B URL HTTP/2 gcdn.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/id,itag,source,ctier,ip,ipbits,expire/signature/F4B2070B25D477C06E7AADDF93E4942BA756A8.1E3BA2433E7A33B54EAE60E2316297D8E931344D/key/ck2/file/file.mp3?cpn=EdWcnmQU21X3F4Fv
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (475), with CRLF, LF line terminators
Hash e05599f1a031cfede058be05548fd432
6c1e3b955d0c3466c0527468b397353befaeb03c
cea300e47e54971e37ea40b75dd2e064d57c8861700f0561b867e8daf346c539
GET /videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/id,itag,source,ctier,ip,ipbits,expire/signature/F4B2070B25D477C06E7AADDF93E4942BA756A8.1E3BA2433E7A33B54EAE60E2316297D8E931344D/key/ck2/file/file.mp3?cpn=EdWcnmQU21X3F4Fv HTTP/1.1
Host: gcdn.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 02 Dec 2022 19:35:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
location: https://r5---sn-5go7ynlk.c.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/31DBD143BB6057E235B4650DBA1C75130D3AC212.4089D62FCA00C7CB3B9982D4686ED5769AECD29C/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5go7ynlk/ms/onc/mt/1670008662/mv/u/mvi/5/pl/21?cpn=EdWcnmQU21X3F4Fv&file=file.mp3
content-type: text/html; charset=UTF-8
server: ClientMapServer
content-length: 652
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 80fa6008da81e8712c6249d056d603ec
2a77b2e3f9933bee4d2080dcda82be0347e81a74
7cb2ab90b82e5be95929b5803de045ad9faabaab9bba6fa032d5fd0263f956a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 80fa6008da81e8712c6249d056d603ec
2a77b2e3f9933bee4d2080dcda82be0347e81a74
7cb2ab90b82e5be95929b5803de045ad9faabaab9bba6fa032d5fd0263f956a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 19:35:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r5---sn-5go7ynlk.c.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/31DBD143BB6057E235B4650DBA1C75130D3AC212.4089D62FCA00C7CB3B9982D4686ED5769AECD29C/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5go7ynlk/ms/onc/mt/1670008662/mv/u/mvi/5/pl/21?cpn=EdWcnmQU21X3F4Fv&file=file.mp3
206 Partial Content 1.2 MB URL HTTP/1.1 r5---sn-5go7ynlk.c.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/31DBD143BB6057E235B4650DBA1C75130D3AC212.4089D62FCA00C7CB3B9982D4686ED5769AECD29C/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5go7ynlk/ms/onc/mt/1670008662/mv/u/mvi/5/pl/21?cpn=EdWcnmQU21X3F4Fv&file=file.mp3
IP
File type MPEG ADTS, layer III, v1, 320 kbps, 44.1 kHz, Stereo\012- data
Size 1.2 MB (1204766 bytes)
Hash 4f1ca5415b4e51bad24263dc7d382b11
046e74e914f65a9f702c4b166f76f1c1a3940a2a
892ae392d580de00e186369e2fc995d7144385e18474223be3c2ff82fff9512d
GET /videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/31DBD143BB6057E235B4650DBA1C75130D3AC212.4089D62FCA00C7CB3B9982D4686ED5769AECD29C/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5go7ynlk/ms/onc/mt/1670008662/mv/u/mvi/5/pl/21?cpn=EdWcnmQU21X3F4Fv&file=file.mp3 HTTP/1.1
Host: r5---sn-5go7ynlk.c.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Last-Modified: Tue, 29 Nov 2022 14:20:57 GMT
Content-Type: audio/mpeg
Date: Fri, 02 Dec 2022 19:35:11 GMT
Expires: Fri, 02 Dec 2022 19:35:11 GMT
Cache-Control: private, max-age=86400
Content-Range: bytes 0-1204765/1204766
Accept-Ranges: bytes
Content-Length: 1204766
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Vary: Origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
ad.doubleclick.net/ddm/trackimp/N468401.3446421DISPLAY360/B22920954.353495029;dc_trk_aid=544408964;dc_trk_cid=183216483;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
200 OK 42 B URL HTTP/2 ad.doubleclick.net/ddm/trackimp/N468401.3446421DISPLAY360/B22920954.353495029;dc_trk_aid=544408964;dc_trk_cid=183216483;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ddm/trackimp/N468401.3446421DISPLAY360/B22920954.353495029;dc_trk_aid=544408964;dc_trk_cid=183216483;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 19:35:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 19:50:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /uploads/videos/16552732563362a977286fb00.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 19:35:11 GMT
Connection: keep-alive
Expires: Sat, 02 Dec 2023 19:35:11 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
ade.googlesyndication.com/ddm/activity/dc_oe=ChMI7qfr_Nbb-wIVAW0ZCh2w_g_mEAAYACCx9pBXQhMIkY7Y_Nbb-wIV5EbCCh1SCw1b;met=1;ecn1=1;etm1=0;eid1=200017;
200 OK 42 B URL HTTP/2 ade.googlesyndication.com/ddm/activity/dc_oe=ChMI7qfr_Nbb-wIVAW0ZCh2w_g_mEAAYACCx9pBXQhMIkY7Y_Nbb-wIV5EbCCh1SCw1b;met=1;ecn1=1;etm1=0;eid1=200017;
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ddm/activity/dc_oe=ChMI7qfr_Nbb-wIVAW0ZCh2w_g_mEAAYACCx9pBXQhMIkY7Y_Nbb-wIV5EbCCh1SCw1b;met=1;ecn1=1;etm1=0;eid1=200017; HTTP/1.1
Host: ade.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 19:35:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ade.googlesyndication.com/ddm/activity/dc_oe=ChMI7qfr_Nbb-wIVAW0ZCh2w_g_mEAAYACCx9pBXQhMIkY7Y_Nbb-wIV5EbCCh1SCw1b;met=1;ecn1=1;etm1=0;eid1=200022;
200 OK 42 B URL HTTP/2 ade.googlesyndication.com/ddm/activity/dc_oe=ChMI7qfr_Nbb-wIVAW0ZCh2w_g_mEAAYACCx9pBXQhMIkY7Y_Nbb-wIV5EbCCh1SCw1b;met=1;ecn1=1;etm1=0;eid1=200022;
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ddm/activity/dc_oe=ChMI7qfr_Nbb-wIVAW0ZCh2w_g_mEAAYACCx9pBXQhMIkY7Y_Nbb-wIV5EbCCh1SCw1b;met=1;ecn1=1;etm1=0;eid1=200022; HTTP/1.1
Host: ade.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 19:35:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
200 OK 1.3 kB URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
IP
Hash e4fa2d0ca2740699f072678c596e61bf
e93ebc97eae0ed2e360d06189cdc6b7fb0eb74cd
52d0c8c1a160dd54f991f9e88520769e0476ba00c6f19d9767ce5d11936f1e0f
GET /uploads/videos/16552732563362a977286fb00.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 19:35:11 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Fri, 29 Jul 2022 23:17:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e46a6c-25b6"
Expires: Sat, 02 Dec 2023 19:35:11 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
csi.gstatic.com/csi?v=2&s=ima&puid=1~lb6wntdl&c=1381014050452&slotId=690507025226&qqid=CJGO2PzW2_sCFeRGwgodUgsNWw&gqid=blOKY5njMdzwZMafkNgG&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&wta=1&ghmsh_eids=44748969%2C44765701%2C44777648&vmfc=3&vhc=0&ccc=1&ccrh=0&ccri=0&ccrs=1&ccru=0&ccrhc=false
204 No Content 1 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&puid=1~lb6wntdl&c=1381014050452&slotId=690507025226&qqid=CJGO2PzW2_sCFeRGwgodUgsNWw&gqid=blOKY5njMdzwZMafkNgG&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&wta=1&ghmsh_eids=44748969%2C44765701%2C44777648&vmfc=3&vhc=0&ccc=1&ccrh=0&ccri=0&ccrs=1&ccru=0&ccrhc=false
IP
File type very short file (no magic)
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
POST /csi?v=2&s=ima&puid=1~lb6wntdl&c=1381014050452&slotId=690507025226&qqid=CJGO2PzW2_sCFeRGwgodUgsNWw&gqid=blOKY5njMdzwZMafkNgG&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&wta=1&ghmsh_eids=44748969%2C44765701%2C44777648&vmfc=3&vhc=0&ccc=1&ccrh=0&ccri=0&ccrs=1&ccru=0&ccrhc=false HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Fri, 02 Dec 2022 19:35:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lb6wnste&c=1381014050452&slotId=690507025226&eee=missing-element&bi=missing-id
204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lb6wnste&c=1381014050452&slotId=690507025226&eee=missing-element&bi=missing-id
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&top=1&puid=1~lb6wnste&c=1381014050452&slotId=690507025226&eee=missing-element&bi=missing-id HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: *
date: Fri, 02 Dec 2022 19:35:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /uploads/videos/16552732563362a977286fb00.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 19:35:12 GMT
Connection: keep-alive
Expires: Sat, 02 Dec 2023 19:35:12 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
206 Partial Content 259 kB URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
IP
Size 259 kB (258688 bytes)
Hash 83788bd4cc603c61f79c652266ad1647
71e8aee6ef1aa1b667796c87d267187a7b3a136f
565960ae5ab4cb3ddd2eb5f29e1be7eba68ef345f09fca29b40bb6b248334ef4
GET /uploads/videos/16552732563362a977286fb00.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-258687
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 19:35:12 GMT
Content-Type: video/mp2t
Content-Length: 258688
Last-Modified: Fri, 29 Jul 2022 23:17:00 GMT
Connection: keep-alive
ETag: "62e46a6c-17b6408"
Expires: Sat, 02 Dec 2023 19:35:12 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-258687/24863752
cdntechone.com/stattag.js
200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 19:35:07 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4496
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wvw42YBF5ScJX%2BYhBqKCDb%2FrPQlKjYNyGT0SqlOGVCrJbcQ8qRUkyQurL0tlwzY9%2BM6c%2B%2FfwTVsL11ggV3Xu7szCaBs8ij%2BswUt9KTs9T%2F2e6pcGUUDNPP4eTDegQ2BYuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773681022ca5b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: J192eu/gAALhJxIU+M0aEZpkOLObcn9YV07PqwyJH6zkm/K2ebJ4K6d2s62vZ2/w6BeCEaS+cWv3TmDsYaZ1aw==
date: Fri, 02 Dec 2022 19:35:08 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
exe.io/socpulic0
302 Found 0 B IP
GET /socpulic0 HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Fri, 02 Dec 2022 19:35:07 GMT
content-type: text/html; charset=UTF-8
location: https://exee.app/socpulic0
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=4e530652b571bdecaa50d9793539c83a; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WOFk8kCMy7Ombf8%2Byr3z1cmhSDvr4K1VhUENnOHDqLyvPob%2B4%2BF5%2BLEFG9XE5wYkJgFxmLEzEPJIpfmtPHzs%2FGdZLFLTInSRbND73y%2BaWG8XhzbOwn43zw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773680fdea01b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1410302518%3A1670009708652705&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAswp-6Vtp53CTQ6Rqqe2macqbSVuM7skys0K0iLdslHGwB6KZgXKPYmV90o-4Brvh5n7HWWRQ
403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1410302518%3A1670009708652705&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAswp-6Vtp53CTQ6Rqqe2macqbSVuM7skys0K0iLdslHGwB6KZgXKPYmV90o-4Brvh5n7HWWRQ
IP
GET /v3/signin/identifier?dsh=S1410302518%3A1670009708652705&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAswp-6Vtp53CTQ6Rqqe2macqbSVuM7skys0K0iLdslHGwB6KZgXKPYmV90o-4Brvh5n7HWWRQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 02 Dec 2022 19:35:08 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-dATzXnEK8ijH7A6Xc7e0og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Dec 2022 19:35:08 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3548
last-modified: Fri, 02 Dec 2022 18:36:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rDjhqGhuY9Z4B4L%2BcESPPWuiBXHmyxR9Vk%2BTEzQN%2FOfAnhStGdb8DREkUGR0BX2R2fbxS93Y69STfjafZA0OrnPgH5rZQiFxDnsOmf0o5hdsoi5NTsQ44PyyWPBhA%2FJ8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773681036b4576de-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Dec 2022 19:35:08 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3548
last-modified: Fri, 02 Dec 2022 18:36:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pi6VZt3WVkZ%2Bs8f6%2BHIDeNtLW0hGsNFWg4FrJNg5gKRj29j7F8iy75TpqPRF0YrlBGbBsW13eKPe%2ByMdtjEKeTd2lkgWhwj8cgnw728NofhMgLfQ02Xn5l2m8KV4%2B1Dt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773681038b6176de-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2Fsocpulic0&tag=v-exee-app&domain=exee.app
200 OK 0 B URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2Fsocpulic0&tag=v-exee-app&domain=exee.app
IP
GET /allowed_url.php?type=json&url=exee.app%2Fsocpulic0&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 19:35:08 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WNQOA50GM0Gk5eFQ9diauGCH8TsPo2nj6%2FMuesVpVCcmmk0bsdlroHNcwJIz14xCZezJbfJJ4LfXVUpB5hlyTXmW%2BX7h2oatqrGzfcjre80koERZTMqYSqcjhJZ6XOfOWiHx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773681038aef7300-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
IP
GET /sb/notifications/games/nutaku/multi/2/css/styles.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 19:35:09 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 08:03:32 GMT
etag: W/"632ac554-2c89"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 974490
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vuc513z84voXM9kbTskDzcSvlDfic54By3gSBnTScNFBkBNZRrfRe7ENydwbxROZoaSZnxaYqeSjwQsJLXShVU5CqdFnTPJywAvshN37SJfwmlTCCYfX%2Bu%2FjiA3t%2BB0ay%2FEzs2x47KJw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736810f581b779d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
104.26.2.103
15.235.85.92
37.48.68.71
23.36.76.226
104.21.71.102
93.184.220.29