exeo.app/w5DnToh
172.67.74.139301 Moved Permanently 0 B IP 172.67.74.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /w5DnToh HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Mar 2023 17:43:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 25 Mar 2023 18:43:13 GMT
Location: https://exeo.app/w5DnToh
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YTXE7ASsX9t1x6RVpEwV8F9lDdT7r6%2FtJR051T6xR4hyUdrr2zSLuYNeLE6%2BM7%2BfdSZL09N8Wd2rBeN%2FRetBGi0DU5eby7%2FdpvBVnKL%2FAFCTgTJPcvc6fxFa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad8f47368c7fab8-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfd491ebe7381221b3674c2c8bf9e566
d2ac5badf17f348c28a52e9db10e6eb80e5a231a
34a026664386054b0b73c36cd1ddfce023551ee41963df0e38248bac1e1eb56c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "34A026664386054B0B73C36CD1DDFCE023551EE41963DF0E38248BAC1E1EB56C"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7743
Expires: Sat, 25 Mar 2023 19:52:16 GMT
Date: Sat, 25 Mar 2023 17:43:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5d9435c884bf4a0777fdf4b57079ae09
7f04b9db47ffeec90ac6397416b7553e5336a550
fe77420ec3a11f547cf5172b68d30faa4fe0c13165ae305f0013b02914e61084
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE77420EC3A11F547CF5172B68D30FAA4FE0C13165AE305F0013B02914E61084"
Last-Modified: Sat, 25 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12594
Expires: Sat, 25 Mar 2023 21:13:07 GMT
Date: Sat, 25 Mar 2023 17:43:13 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Mar 2023 17:15:28 GMT
content-type: application/json
age: 1665
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1313ee2f06606d09c45b06ff9e8e1001
285ca89d1d3ea45d35832bc6d9827f834b3bfe21
63463447d29550c3734f621be02ec85290fbdf4612f79f9fad7e94f7e066dcb0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63463447D29550C3734F621BE02EC85290FBDF4612F79F9FAD7E94F7E066DCB0"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2214
Expires: Sat, 25 Mar 2023 18:20:07 GMT
Date: Sat, 25 Mar 2023 17:43:13 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 96hzb1V4Nmv3dHHBIx8yFde1AmB4DfD2mM7iGQ7uykQFQkkimuGGZ9L9poj8R5Os+1CfAfUOZcg=
x-amz-request-id: PDTRJ3CBJCAANHRA
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Mar 2023 16:54:59 GMT
age: 2894
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 17:43:13 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
exe.io/img/logo_sm.png
188.114.96.1200 OK 11 kB IP 188.114.96.1:0
File type PNG image data, 262 x 110, 8-bit/color RGBA, non-interlaced\012- data
Hash babf1df3467cca81bd9fdd5540a70b3d
ab768d826851da1b84b22e14f4facfda137500f4
c63f2781570d012d67b1e5ed27544bf90097a71ca5ddbbcd86a98a0f52871534
GET /img/logo_sm.png HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:13 GMT
content-type: image/png
content-length: 10989
x-frame-options: SAMEORIGIN
last-modified: Sun, 28 Mar 2021 18:01:57 GMT
cache-control: max-age=31536000
expires: Wed, 06 Mar 2024 17:35:17 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 1555676
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7zky5qlUKGbJjD3p1EMGhE1lQlv8eKCao47y7AQjC4VueRfTiRqIBgQ4b0muMVYIw2f0EC0C4Eh%2BnSNcWithjBTN3Wg7%2Bb70NIRBWpbOPWTpJBB4T28%2B4Cs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad8f476dd2cfab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 63ca8c4e17e0b692d1829cd62b9af3af
d0bbecbe0b93ea21026898dbd13edee5fc071cb2
1208545ecf01edb7bcef0b3c288d9edd34d2034c7404ba68a64c2ef251cb42f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
exeo.app/css/continue.css
104.26.8.233200 OK 42 kB URL HTTP/2 exeo.app/css/continue.css
IP 104.26.8.233:0
File type ASCII text, with very long lines (65079)
Hash cbe5384698bf313dcde14fb4edead4af
5f17fd6e2d35e540c5e80cf043e8150b89da5f66
6913c193ad0eb6a1a2754aad542d6f71a3abf5aadc8a45cdb2da62b6f6b3a32c
GET /css/continue.css HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/w5DnToh
Cookie: AppSession=084fbe2d2d112f112c74bde35ea098a4; csrfToken=d2419c5160095a760444df7c05a2986560001150cafaf86b25384cf96a54751f9b3eb18281e15e50c7dcba49298903c993cf8ad14a63883dd45000a4ab3bb3d6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:13 GMT
content-type: text/css
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=211688
expires: Wed, 12 Apr 2023 08:47:06 GMT
last-modified: Mon, 12 Dec 2022 17:28:40 GMT
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1068967
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rEiRaY%2BBq5v1B2%2FjCJNAWCTBGo6SE%2FFtFcagmPaTkCvpnP0b%2BFDyxLc9lstVrIk1xPk%2F%2BpfnhsVOkqTzaanYzywocZ8YbAr6oEpgbL9LEoDPK4XqKDseGnvm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad8f4768d4d0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-135952122-1
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2206)
Hash 1acd6b6595b9c5f914c26817f05d3f23
a6be37755477b7a5c8fecd06f381a901aa616bc4
d890451a1d0253d470b8f9d2245fb0bad795436156d6518c5ff4ae333e876ea1
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 25 Mar 2023 17:43:13 GMT
expires: Sat, 25 Mar 2023 17:43:13 GMT
cache-control: private, max-age=900
last-modified: Sat, 25 Mar 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44777
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
172.217.21.170200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 172.217.21.170:0
Hash 012d975bfa2f42af57dad1c092ffd2d2
9edf61c021be7f4938806716195ee4ecd345b6ef
55496a0c39b8c5b74fef2d8bfb61f2b3ebdcd37f2735b07b4dcc5a310ee708b6
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Mar 2023 17:43:13 GMT
date: Sat, 25 Mar 2023 17:43:13 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4355291ec58b85ddde02c2446ecb2bb4
4ad43e10f82193f83e862e8a78f3e46de9490ac4
e32fd5635627751770ee13e8f77b14b2555163cfc2d7db98aa8edb5b4bae4d9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdntechone.com/stattag.js
188.114.97.1200 OK 7.7 kB URL HTTP/2 cdntechone.com/stattag.js
IP 188.114.97.1:0
File type ASCII text, with very long lines (17823)
Hash 0a7fd890d50ab9266dff8f38add7cfc7
6a8764e3fca133a7000a77f6bfef3e8b58653666
b22d6f36e19de7749abd44b6e0da1e6b468a2a226d8d72d6449bcc226e276883
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:13 GMT
content-type: application/javascript
last-modified: Mon, 06 Mar 2023 09:49:58 GMT
etag: W/"6405b746-4829"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5856
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LfdVUwk8LbFq2%2FJqbFSNkjEog4OdsGv1FvHzJqUtWFKivKUP5kdkimTYciiSf5JScMsPxeQvZOKPcVnEj5IqY1Td%2BMHy6VB0Dmo6zsDmErFJfLFQQuTrQ6hzLi46mQ25rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8f477bb880b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b644abd1d83faa6f0327486dae33b18d
cb745aa55db6976159ef31ff8835e2b26fd32109
784e1b0a41a50629890a6fd6f58beb9f3a6eb5ba56aa35c671e5217d839aeeac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:42 GMT
expires: Sat, 23 Mar 2024 10:26:42 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 112592
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
oo.onlapmynas.com/1clkn/29529
172.255.6.144200 OK 26 B URL HTTP/1.1 oo.onlapmynas.com/1clkn/29529
IP 172.255.6.144:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: oo.onlapmynas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Mar 2023 17:43:14 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sun, 26-Mar-2023 17:43:14 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Sun, 26-Mar-2023 17:43:14 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ce6948c57f579a85042a4388c45514d6
4b3002c036034ef0cb8d9eb73b7bf7f561862b99
85e655e198ac1724ffca7bf4efc4f98de8c436cebf41ed665cc397fbb02a243a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nheappyrincenev.com/ZUlCZGkEKyEJVgR0IEIcFyV/QVsjbHAiDVYhNF0RAzg4HBBRfy1KCgkmNwAPFyYsEEcLLDZBWyMQIFYZMBsEKSQnHS0NCyc6BikhCTsVVQUIKi8uIyQKIRY5N3AaKjgkKwoyXQkPAD1RIgslVCEfJQ8tLVF6FwgZHAIGLSshHi4NJwIMCAUxM3gGA11XLBUAIy0zFFE5AggTNDoCbHAiLQ5wLyUEPwsVCi9XEHIHDTUaLVcoJ3ksPT4jLwAnKw0QFF0LPw4yDjoJIhU9PiMvCjBZFBMUEDk/PhhWMTMmMQcEAQIVNjMNEBRcMCwkBAMlCT0pBzFULxNXRCN7GxMONQc7XFE2JSU3DQgHJzMEN3gbVVw1Eyw1WCchJRwgDz4aMFs8ChsIUAMsLDZYIiUmCE8POi0KGVgoBiwbUTgSIToXBTIoPw
108.157.214.84200 OK 1.2 kB URL HTTP/2 nheappyrincenev.com/ZUlCZGkEKyEJVgR0IEIcFyV/QVsjbHAiDVYhNF0RAzg4HBBRfy1KCgkmNwAPFyYsEEcLLDZBWyMQIFYZMBsEKSQnHS0NCyc6BikhCTsVVQUIKi8uIyQKIRY5N3AaKjgkKwoyXQkPAD1RIgslVCEfJQ8tLVF6FwgZHAIGLSshHi4NJwIMCAUxM3gGA11XLBUAIy0zFFE5AggTNDoCbHAiLQ5wLyUEPwsVCi9XEHIHDTUaLVcoJ3ksPT4jLwAnKw0QFF0LPw4yDjoJIhU9PiMvCjBZFBMUEDk/PhhWMTMmMQcEAQIVNjMNEBRcMCwkBAMlCT0pBzFULxNXRCN7GxMONQc7XFE2JSU3DQgHJzMEN3gbVVw1Eyw1WCchJRwgDz4aMFs8ChsIUAMsLDZYIiUmCE8POi0KGVgoBiwbUTgSIToXBTIoPw
IP 108.157.214.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3025), with no line terminators
Hash 581d019eae5b0072b061bd5583f6f938
ca0ef6f17736776b64ef476f021c4fef76ab6e23
e7a888acdbf6530cbe65519ea7f53deee017768f8bf168fea549265f1c79c483
GET /ZUlCZGkEKyEJVgR0IEIcFyV/QVsjbHAiDVYhNF0RAzg4HBBRfy1KCgkmNwAPFyYsEEcLLDZBWyMQIFYZMBsEKSQnHS0NCyc6BikhCTsVVQUIKi8uIyQKIRY5N3AaKjgkKwoyXQkPAD1RIgslVCEfJQ8tLVF6FwgZHAIGLSshHi4NJwIMCAUxM3gGA11XLBUAIy0zFFE5AggTNDoCbHAiLQ5wLyUEPwsVCi9XEHIHDTUaLVcoJ3ksPT4jLwAnKw0QFF0LPw4yDjoJIhU9PiMvCjBZFBMUEDk/PhhWMTMmMQcEAQIVNjMNEBRcMCwkBAMlCT0pBzFULxNXRCN7GxMONQc7XFE2JSU3DQgHJzMEN3gbVVw1Eyw1WCchJRwgDz4aMFs8ChsIUAMsLDZYIiUmCE8POi0KGVgoBiwbUTgSIToXBTIoPw HTTP/1.1
Host: nheappyrincenev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1179
date: Sat, 25 Mar 2023 17:43:14 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 ae2eaf89e0d81cd8867df60807612b22.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: W1F9bDjVl8nGptVdkQRQrJ5saRc82RPcm8pDr28IO8r1W7OmJem-mA==
X-Firefox-Spdy: h2
tpeoplesho.info/NDV1cVkbChYCZFFfHT4Uc3M5NWoMdyNBYX9TNCMPYGRMQhtyXlMFMFAITUVqBgNEVyldUUhAYRJGARAtQUZIQH9dWxMeZBJDSEB3BBtHX2oSQEhAf0BFFBZkBRMFBS1YCERHbg0CQ0drBAJBR2s
188.114.96.1204 No Content 0 B URL HTTP/2 tpeoplesho.info/NDV1cVkbChYCZFFfHT4Uc3M5NWoMdyNBYX9TNCMPYGRMQhtyXlMFMFAITUVqBgNEVyldUUhAYRJGARAtQUZIQH9dWxMeZBJDSEB3BBtHX2oSQEhAf0BFFBZkBRMFBS1YCERHbg0CQ0drBAJBR2s
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NDV1cVkbChYCZFFfHT4Uc3M5NWoMdyNBYX9TNCMPYGRMQhtyXlMFMFAITUVqBgNEVyldUUhAYRJGARAtQUZIQH9dWxMeZBJDSEB3BBtHX2oSQEhAf0BFFBZkBRMFBS1YCERHbg0CQ0drBAJBR2s HTTP/1.1
Host: tpeoplesho.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 25 Mar 2023 17:43:14 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=loITkhUNLwPLOJfkLrtn9oVWw52%2FYUCyl8uZN8QBpLFYZZZxCtSLXN6QqG06ir0wl3HOb3Xxz2e8%2FSvyQO0CYo%2FWUi9Dipv5pcUPuW6hL6bnJGGDklSztNFCmhru50Qi%2FNo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad8f4786f06b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
nheappyrincenev.com/utx?cb=Rke26yBz4QeU&top=exeo.app&tid=889494
108.157.214.84204 No Content 0 B URL HTTP/2 nheappyrincenev.com/utx?cb=Rke26yBz4QeU&top=exeo.app&tid=889494
IP 108.157.214.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=Rke26yBz4QeU&top=exeo.app&tid=889494 HTTP/1.1
Host: nheappyrincenev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 25 Mar 2023 17:43:14 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 25 Mar 2023 17:44:14 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 ae2eaf89e0d81cd8867df60807612b22.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: VuO1psdMC3LljBaUt8j9cw_2HlOrkL75Sw6INGb8Pz1bQy-oE-vktg==
X-Firefox-Spdy: h2
tpeoplesho.info/Z0JuZUJIfQ0WfwNxJFYWLxgqNHIlZ1wnEzIQKjQKUgU8VQAoJwUoZBMrClh6VXBbV3ZBMgcBf1ZkHREjEzcdWHNBKwADLVpkGFhzSXFaS3FVbFxDN1pzSBEyBiVTVGQXNhoJf1Z0WVx1UXRcVXVTclk
188.114.96.1204 No Content 0 B URL HTTP/2 tpeoplesho.info/Z0JuZUJIfQ0WfwNxJFYWLxgqNHIlZ1wnEzIQKjQKUgU8VQAoJwUoZBMrClh6VXBbV3ZBMgcBf1ZkHREjEzcdWHNBKwADLVpkGFhzSXFaS3FVbFxDN1pzSBEyBiVTVGQXNhoJf1Z0WVx1UXRcVXVTclk
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Z0JuZUJIfQ0WfwNxJFYWLxgqNHIlZ1wnEzIQKjQKUgU8VQAoJwUoZBMrClh6VXBbV3ZBMgcBf1ZkHREjEzcdWHNBKwADLVpkGFhzSXFaS3FVbFxDN1pzSBEyBiVTVGQXNhoJf1Z0WVx1UXRcVXVTclk HTTP/1.1
Host: tpeoplesho.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 25 Mar 2023 17:43:14 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=76qwAym%2BIks4J7zf%2Fk0jLVcqGsQaPCeU1DtjAMC%2FepGvA6XYfZ7O9P8iWE5iJDLLLNq2LqYist65lZyLvSA5OJGLdcJ2b2Q3CcWZQfat6chLQis8iBd65thi2B1gxKYh6x0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad8f4785f05b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
nheappyrincenev.com/V2N6bzM2ARkCDDZeGElGJQ9HSgERRkgpV2QLDFZLMRIAF0pjVRVBUDsMDwtVJQwUGx05Bg5KARFQLxV5Bzk+PkQPMD8scC4HGCQCPC4jPnFhNR0tAgAnDSNkPi4qP18VBzs5cWEhLwteMzAvInItFx8OYRUsNBgKclE8Pl8wGiIsWw0mEDVQGyURKVcBLggtVDsNPCtAAjQACGMHFDw4YzsIQydmHlQiKFgFNS1aVR4hTwtjZlcPPmIONThddQImLSpwDRs0C2MBOh0qAzNROycLHDIyNnIxUi8qVQYpCzkADVE7JwsDOy5fdjJTPyd2BQdDOXYvDzgCHic7HgFqFgUCNXAzBD8gZQYxFyd7bi0/OHYUKDspaxglSx5lOSkSLl1iNjgoehQFESp0DlIrAnU7Jks3ZzMhOAdmEwVLKlIOGytZZAY2XAVAOA0KUkJjCigNBjYQTyhZP1QSAw
108.157.214.84200 OK 1.2 kB URL HTTP/2 nheappyrincenev.com/V2N6bzM2ARkCDDZeGElGJQ9HSgERRkgpV2QLDFZLMRIAF0pjVRVBUDsMDwtVJQwUGx05Bg5KARFQLxV5Bzk+PkQPMD8scC4HGCQCPC4jPnFhNR0tAgAnDSNkPi4qP18VBzs5cWEhLwteMzAvInItFx8OYRUsNBgKclE8Pl8wGiIsWw0mEDVQGyURKVcBLggtVDsNPCtAAjQACGMHFDw4YzsIQydmHlQiKFgFNS1aVR4hTwtjZlcPPmIONThddQImLSpwDRs0C2MBOh0qAzNROycLHDIyNnIxUi8qVQYpCzkADVE7JwsDOy5fdjJTPyd2BQdDOXYvDzgCHic7HgFqFgUCNXAzBD8gZQYxFyd7bi0/OHYUKDspaxglSx5lOSkSLl1iNjgoehQFESp0DlIrAnU7Jks3ZzMhOAdmEwVLKlIOGytZZAY2XAVAOA0KUkJjCigNBjYQTyhZP1QSAw
IP 108.157.214.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Hash 41cf94559b38ba0b41f980f757810d66
497c61a311c2550e7dcb620ea29f69324f23a0c6
06ec4550f471e27c698b2d185b5ac48c6023acd39e8046402df874b7bd2a4298
GET /V2N6bzM2ARkCDDZeGElGJQ9HSgERRkgpV2QLDFZLMRIAF0pjVRVBUDsMDwtVJQwUGx05Bg5KARFQLxV5Bzk+PkQPMD8scC4HGCQCPC4jPnFhNR0tAgAnDSNkPi4qP18VBzs5cWEhLwteMzAvInItFx8OYRUsNBgKclE8Pl8wGiIsWw0mEDVQGyURKVcBLggtVDsNPCtAAjQACGMHFDw4YzsIQydmHlQiKFgFNS1aVR4hTwtjZlcPPmIONThddQImLSpwDRs0C2MBOh0qAzNROycLHDIyNnIxUi8qVQYpCzkADVE7JwsDOy5fdjJTPyd2BQdDOXYvDzgCHic7HgFqFgUCNXAzBD8gZQYxFyd7bi0/OHYUKDspaxglSx5lOSkSLl1iNjgoehQFESp0DlIrAnU7Jks3ZzMhOAdmEwVLKlIOGytZZAY2XAVAOA0KUkJjCigNBjYQTyhZP1QSAw HTTP/1.1
Host: nheappyrincenev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1198
date: Sat, 25 Mar 2023 17:43:14 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 ae2eaf89e0d81cd8867df60807612b22.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 8KPRRBcO3EmVKss3NniZmwoJl2RwYZwRD24uXspur9_hiGc-bZMPNQ==
X-Firefox-Spdy: h2
tpeoplesho.info/SnBna1FlTwQYbBgkPRsFD0kfKgcMQAEzAAsoLwNiLhc1OTQCSEEfOC5NX1NofklTTSEjFFpadzkEBh8kOU1WTTgkFghWdzxNVkVifl5UWX94VhJWYGwEFwo2d0FBGyU+HFpaZ31JUF1neEBQX2Vz
188.114.96.1204 No Content 0 B URL HTTP/2 tpeoplesho.info/SnBna1FlTwQYbBgkPRsFD0kfKgcMQAEzAAsoLwNiLhc1OTQCSEEfOC5NX1NofklTTSEjFFpadzkEBh8kOU1WTTgkFghWdzxNVkVifl5UWX94VhJWYGwEFwo2d0FBGyU+HFpaZ31JUF1neEBQX2Vz
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /SnBna1FlTwQYbBgkPRsFD0kfKgcMQAEzAAsoLwNiLhc1OTQCSEEfOC5NX1NofklTTSEjFFpadzkEBh8kOU1WTTgkFghWdzxNVkVifl5UWX94VhJWYGwEFwo2d0FBGyU+HFpaZ31JUF1neEBQX2Vz HTTP/1.1
Host: tpeoplesho.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 25 Mar 2023 17:43:14 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h3lD5%2FkOku%2Fp3I4gEJWwO5uZgEi6MWwvmRXZI6fePLa%2BX82TRnMVgOd6mhyVCsV2oLWyeMI6Sy8MfyzermvAtQTCRij03no86fE%2Fsv7PzA%2FUxiT3R%2F%2BlFfYBW1BFpn9AK9k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad8f4786f15b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
nheappyrincenev.com/utx?cb=6cljICtrz7LX&top=exeo.app&tid=822524
108.157.214.84204 No Content 0 B URL HTTP/2 nheappyrincenev.com/utx?cb=6cljICtrz7LX&top=exeo.app&tid=822524
IP 108.157.214.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=6cljICtrz7LX&top=exeo.app&tid=822524 HTTP/1.1
Host: nheappyrincenev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 25 Mar 2023 17:43:14 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 25 Mar 2023 17:44:14 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 ae2eaf89e0d81cd8867df60807612b22.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: RcOmt1DehdW0WV0XiVSWWXzqMKc_UXiC6rc0ErfHTtK-VoEsaxEZhQ==
X-Firefox-Spdy: h2
nheappyrincenev.com/NzZBVWxWVCI4U1YLI3MZRVp8cF5xE3MTCAReN2wUUUc7LRUDAC57D1tZNDEKRVkvIUJZUzVwXnEPJAIIe2MVFA10dRRmKEAGDhleQH8QA1kSBAc0LWVQBQELEgQDDQtbVwlnJnRzEwBJBXQYOz0SBAcTFlxjGREmdWY4ITllcCUhPGFzGRQkbQUXBw9yUiwUO3B3DCUOdmQnEBZEE3MXOwdnGRkGeVIEPTlOfHAyNGZidSIoZWcIGDhfVQcENkJvcg8hZG41ZS1cWhEFKF9TCQQLD38pAyBhTxQ5KmJCGTABclMSACYDczkDIGFMNmE0XA8VNwF9TxkTOgB9EA8iZlhsMjhxYzUNI2RVFwYFbQAYBDpvYHMfXHZdKhQgXXwjEwd9AwciJn1gLyEEdmMtAg5aewAdGwMDDxM1YH5zYAZTXSkNClkOAA0UfQQYFEpdRS47HApicicERUNyESpHRAQ5Jw
108.157.214.84200 OK 1.2 kB URL HTTP/2 nheappyrincenev.com/NzZBVWxWVCI4U1YLI3MZRVp8cF5xE3MTCAReN2wUUUc7LRUDAC57D1tZNDEKRVkvIUJZUzVwXnEPJAIIe2MVFA10dRRmKEAGDhleQH8QA1kSBAc0LWVQBQELEgQDDQtbVwlnJnRzEwBJBXQYOz0SBAcTFlxjGREmdWY4ITllcCUhPGFzGRQkbQUXBw9yUiwUO3B3DCUOdmQnEBZEE3MXOwdnGRkGeVIEPTlOfHAyNGZidSIoZWcIGDhfVQcENkJvcg8hZG41ZS1cWhEFKF9TCQQLD38pAyBhTxQ5KmJCGTABclMSACYDczkDIGFMNmE0XA8VNwF9TxkTOgB9EA8iZlhsMjhxYzUNI2RVFwYFbQAYBDpvYHMfXHZdKhQgXXwjEwd9AwciJn1gLyEEdmMtAg5aewAdGwMDDxM1YH5zYAZTXSkNClkOAA0UfQQYFEpdRS47HApicicERUNyESpHRAQ5Jw
IP 108.157.214.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash e288337e2f94f5520cc9591b001ff7ca
8051500375da89e870df2d67cf18f746be04f299
0936ef2a2088faef6e3fa0d6d455ecde644aeb40b23c1611828c28d2704d4281
GET /NzZBVWxWVCI4U1YLI3MZRVp8cF5xE3MTCAReN2wUUUc7LRUDAC57D1tZNDEKRVkvIUJZUzVwXnEPJAIIe2MVFA10dRRmKEAGDhleQH8QA1kSBAc0LWVQBQELEgQDDQtbVwlnJnRzEwBJBXQYOz0SBAcTFlxjGREmdWY4ITllcCUhPGFzGRQkbQUXBw9yUiwUO3B3DCUOdmQnEBZEE3MXOwdnGRkGeVIEPTlOfHAyNGZidSIoZWcIGDhfVQcENkJvcg8hZG41ZS1cWhEFKF9TCQQLD38pAyBhTxQ5KmJCGTABclMSACYDczkDIGFMNmE0XA8VNwF9TxkTOgB9EA8iZlhsMjhxYzUNI2RVFwYFbQAYBDpvYHMfXHZdKhQgXXwjEwd9AwciJn1gLyEEdmMtAg5aewAdGwMDDxM1YH5zYAZTXSkNClkOAA0UfQQYFEpdRS47HApicicERUNyESpHRAQ5Jw HTTP/1.1
Host: nheappyrincenev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1198
date: Sat, 25 Mar 2023 17:43:14 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 ae2eaf89e0d81cd8867df60807612b22.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: kWE-EOBzPEnkDL7ZYNm8DgR24sje4Yk6bXV1dF52gxE6T1GDHjdJxQ==
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Mar 2023 17:17:24 GMT
age: 1550
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 9ed124a1b77baaecf923ab0828f4befd
372d71395e45bbf43e61c51cd61bb125fba93bc7
7411b7e1c9874a934b2fa1b3c5555d5d5b3e5a4fc66815e062befe67115dd032
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:43:14 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 23 Mar 2023 14:07:12 GMT
Expires: Thu, 30 Mar 2023 14:07:11 GMT
Etag: "372d71395e45bbf43e61c51cd61bb125fba93bc7"
Cache-Control: max-age=418436,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ad8f47abbf4b529-OSL
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
139.45.195.253200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1187
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 25 Mar 2023 17:43:14 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exeo.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 70300b32357c46f3448d567189b64cb3
6ba66a5cf63cdbfeaec59b936151cc812bac56df
5a2b4f9fc5ebaa8062058bf68eae75fc28e06c6ef6a0e79c3c761c1d92f81cb9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A2B4F9FC5EBAA8062058BF68EAE75FC28E06C6EF6A0E79C3C761C1D92F81CB9"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6066
Expires: Sat, 25 Mar 2023 19:24:20 GMT
Date: Sat, 25 Mar 2023 17:43:14 GMT
Connection: keep-alive
pogothere.xyz/
172.64.172.27200 OK 217 B IP 172.64.172.27:0
File type ASCII text, with no line terminators
Hash d76b07f794ba375fe6de41f7f213255e
018254f24b99ece07bb06fee002f71045c231ddd
e84822f5b55985f73d09e08a07245c547b79490b5ab1aef20b5d4f1d56a09da5
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:14 GMT
content-type: text/plain
set-cookie: csu=608535584831089@1@1679766194; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m9sdO3vBt0nRhigR0lB94Vsd%2BS1YAtMlytKl%2FiLDCYtw3tq6gBYSQ2HtUCJtOIzHef0oX4m8ba4ubRd3uTIhGK8c4uM9QRKxjPmcuWF%2FxC3V6hENGoEFlUaez%2B4NqSFl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad8f478c8f4779b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d3hv9xfqzxy46o.cloudfront.net/9eWdLUTAaCCU3Dw0OL2wIQV5/aARfDTg+XglaH2JCERU+YnQ/FzkUXDJBPytURFdtPVEXAHZ3VRcEdmAWGAMpbARfEzs+W0QXLjNdEhUyJ1gXQT4wDRQIMThcFQZuY3ZMSXt0AklPPDheHQg8IhVLVyUlFUtXemEeSUJ4ExVLVzw4Xk9TbmJyXFV7KQZNQn-gTFUtXOScVSiZ6YQVXV2J0AkkALjJbFkJ5FwJJVnthAUlWbmMAHw45NFYWH25jdkhXfn8AXxJ2YA
54.230.245.84200 OK 659 B URL HTTP/2 d3hv9xfqzxy46o.cloudfront.net/9eWdLUTAaCCU3Dw0OL2wIQV5/aARfDTg+XglaH2JCERU+YnQ/FzkUXDJBPytURFdtPVEXAHZ3VRcEdmAWGAMpbARfEzs+W0QXLjNdEhUyJ1gXQT4wDRQIMThcFQZuY3ZMSXt0AklPPDheHQg8IhVLVyUlFUtXemEeSUJ4ExVLVzw4Xk9TbmJyXFV7KQZNQn-gTFUtXOScVSiZ6YQVXV2J0AkkALjJbFkJ5FwJJVnthAUlWbmMAHw45NFYWH25jdkhXfn8AXxJ2YA
IP 54.230.245.84:0
Hash ff3f4226a6d23716a6ca5affda63966f
c56277cc4867e5bac95174c2894a7c5541cdf80f
344f55fbf29d88514994487bb8173b7578ff66e7c7ece84632a6b5eb80504007
GET /9eWdLUTAaCCU3Dw0OL2wIQV5/aARfDTg+XglaH2JCERU+YnQ/FzkUXDJBPytURFdtPVEXAHZ3VRcEdmAWGAMpbARfEzs+W0QXLjNdEhUyJ1gXQT4wDRQIMThcFQZuY3ZMSXt0AklPPDheHQg8IhVLVyUlFUtXemEeSUJ4ExVLVzw4Xk9TbmJyXFV7KQZNQn-gTFUtXOScVSiZ6YQVXV2J0AkkALjJbFkJ5FwJJVnthAUlWbmMAHw45NFYWH25jdkhXfn8AXxJ2YA HTTP/1.1
Host: d3hv9xfqzxy46o.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nheappyrincenev.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 630
date: Sat, 25 Mar 2023 17:43:14 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4lbJg3YVZSe92OjMZSkUhpdeZSOXLRQe_64vkGGf0I101BzKIikEiQ==
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
216.58.207.206200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.58.207.206:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 25 Mar 2023 16:05:11 GMT
expires: Sat, 25 Mar 2023 18:05:11 GMT
cache-control: public, max-age=7200
age: 5883
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash def1dbdfc3019fb787c5363a9db07e30
8319917266514767014b3efe9cbe94a3dbf4e28c
dd547a9803c12b2b44551a5fa5ecd5a4095b52d13a5e6e72717fcce1bf7ced91
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
192.229.221.95200 OK 914 B IP 192.229.221.95:0
Hash a7b4e9ceea8b098a0be784aef1997713
e6b4f3684a88029a369e7b70b4f238295405d66a
8f5a0d156a03929eb4d80586de220a6fa71f677ff7db6579e5d08c4cadda960a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 413
Cache-Control: max-age=90726
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:14 GMT
Etag: "641df07b-1d7"
Expires: Sun, 26 Mar 2023 18:55:20 GMT
Last-Modified: Fri, 24 Mar 2023 18:48:27 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash def1dbdfc3019fb787c5363a9db07e30
8319917266514767014b3efe9cbe94a3dbf4e28c
dd547a9803c12b2b44551a5fa5ecd5a4095b52d13a5e6e72717fcce1bf7ced91
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash eef4409d0ad90e2899e538028bd3fa76
2d6edd13cbd2d201ef921fc33c053aec8f8b740c
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.130200 OK 27 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (39604)
Hash 787cdb264a5705484cfa225555aa5863
f269890440771b14118eb22b6154f389b7159b3b
1e401c817aab137463477bfa800d72be03c824f91ca627ec73654823f7dd90c3
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27418
date: Sat, 25 Mar 2023 17:43:14 GMT
expires: Sat, 25 Mar 2023 17:43:14 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1521 / 906 of 1000 / last-modified: 1679695651"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
d3hv9xfqzxy46o.cloudfront.net/3UzJPZDQwXSECCydbK1kMYQB6VgB1WDwLWiMPPlBdAVB6BUdmdSUMAzteaRBONw9/QlgyXChZEjZcLFkFdVMrBglnFDsUWzgPPwFWPlk9HUI7XGkRVW5fIB5dP14uQQYVB2FUEWECZxNdPVYgE0d2AH8KQHYAf1UEfQJqV3Z2AH8TXT0Ee0EHERd9VExlBm-pXdnYAfxZCdgEOVQRmHH9NEWECKAFXOF1qVnJhAn5UBGICfkEGY1QmFlE1XTdBBhUDf1EaYxQ6WQU
54.230.245.84200 OK 518 B URL HTTP/2 d3hv9xfqzxy46o.cloudfront.net/3UzJPZDQwXSECCydbK1kMYQB6VgB1WDwLWiMPPlBdAVB6BUdmdSUMAzteaRBONw9/QlgyXChZEjZcLFkFdVMrBglnFDsUWzgPPwFWPlk9HUI7XGkRVW5fIB5dP14uQQYVB2FUEWECZxNdPVYgE0d2AH8KQHYAf1UEfQJqV3Z2AH8TXT0Ee0EHERd9VExlBm-pXdnYAfxZCdgEOVQRmHH9NEWECKAFXOF1qVnJhAn5UBGICfkEGY1QmFlE1XTdBBhUDf1EaYxQ6WQU
IP 54.230.245.84:0
File type ASCII text, with very long lines (711), with no line terminators
Hash 38750ccfab249f994f0c415ca9b9159b
2436431435e478f6467b2ace21a352ddb4f5346c
2f3f0dcf118af581a8d6a344c7171bd75aa02089ed70c3f58cbb18e203b98f8f
GET /3UzJPZDQwXSECCydbK1kMYQB6VgB1WDwLWiMPPlBdAVB6BUdmdSUMAzteaRBONw9/QlgyXChZEjZcLFkFdVMrBglnFDsUWzgPPwFWPlk9HUI7XGkRVW5fIB5dP14uQQYVB2FUEWECZxNdPVYgE0d2AH8KQHYAf1UEfQJqV3Z2AH8TXT0Ee0EHERd9VExlBm-pXdnYAfxZCdgEOVQRmHH9NEWECKAFXOF1qVnJhAn5UBGICfkEGY1QmFlE1XTdBBhUDf1EaYxQ6WQU HTTP/1.1
Host: d3hv9xfqzxy46o.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nheappyrincenev.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 518
date: Sat, 25 Mar 2023 17:43:14 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MOGaVHWFvOTriXtgXiiILrBnucLGNg2cAlmkhwrfWH-HdzfNI8oiyg==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5716bd17f0cc1d649bcba4a6400ad0fa
752def7b1cf7d2f2e8213b28cb17f93e1015d333
ef78bd37975cc2a43c78562c8fcd9977f92a2ef525b87cfcef89f114f28eac3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7TCjPIdizZtjtoQG_rhAZPAWKntQsx1ks1SbSWdhCc6mv8Mrzx1ZPV9kvuMkbomy-PfwFU-yA
216.58.207.205302 Found 395 B URL HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7TCjPIdizZtjtoQG_rhAZPAWKntQsx1ks1SbSWdhCc6mv8Mrzx1ZPV9kvuMkbomy-PfwFU-yA
IP 216.58.207.205:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 7fa508b1b45b41ea3a329a463c2df78e
568a4952e3c8344a25cbcbbdf2f7751ce5a6a4f2
841b97d658c0ceeb92c45ee400a9de29293810aca0aa8bbe3e9d7b8338592d22
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7TCjPIdizZtjtoQG_rhAZPAWKntQsx1ks1SbSWdhCc6mv8Mrzx1ZPV9kvuMkbomy-PfwFU-yA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 Mar 2023 17:43:14 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1074619952%3A1679766194636218&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7T9DkVbd_bQe0ZfwwlDqeGGejFhs7ylGYHgNbUhQLMISyJEaIXCJEAKQEik_qaRokWxG3THRw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-2a3MRNzLZMkURX1X2shHyg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:Wxank-w0VsfRdiKvprNmmktSFyHe3g:Q63dmGnv3ChKxT1C;Path=/;Expires=Mon, 24-Mar-2025 17:43:14 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7RYOji70Sex22aF1WenL3HICpYQ3wd2kddb8X4YDzBNmJrYLfUQ-ARKhLuwSdCNoSTRWCPGUA
216.58.207.205302 Found 400 B URL HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7RYOji70Sex22aF1WenL3HICpYQ3wd2kddb8X4YDzBNmJrYLfUQ-ARKhLuwSdCNoSTRWCPGUA
IP 216.58.207.205:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 640c6eb6f8bf28befb0a915770dd5093
35be31951b70afe31afc5675cd266e14c4ede17b
48a6bb371142f579b965470d2de0c9e39e940f43642c31e8ef5f63cc35e3e744
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7RYOji70Sex22aF1WenL3HICpYQ3wd2kddb8X4YDzBNmJrYLfUQ-ARKhLuwSdCNoSTRWCPGUA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 Mar 2023 17:43:14 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1225247873%3A1679766194646137&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7Tl4Vpq9jAf4giymvaEUMyROZBf5qlWLnXrsn6lwwYXOf107LBa2ZS-RKHx4JKOIG1juXSy-w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-2ozmEQWJBhXh6CpW9Mud1g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 400
server: GSE
set-cookie: __Host-GAPS=1:zEbOfYdQ8SbWTkQWnPFnbOOTSRDF1Q:ne74y5FPZAUlrsVs;Path=/;Expires=Mon, 24-Mar-2025 17:43:14 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7e3ff6b78faf64b75d13e5e4c390f7c5
1ec395988633a280be5876ea74b91b994ca88bda
470501dd8e4cb351f2b3effe7507b9582758ecf492d587545f740c13527289d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
192.229.221.95200 OK 506 B IP 192.229.221.95:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash f87e6f47d9c9183a99add6fe95e47756
5f1b5d357d2f5135f2d5afb2811eed2d34825224
4dfca453f2f64fbc94f57411deb927f9e145784b17b3b58a8fcff8dbc1c5457b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 431
Cache-Control: max-age=90744
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:14 GMT
Etag: "641df07b-1d7"
Expires: Sun, 26 Mar 2023 18:55:38 GMT
Last-Modified: Fri, 24 Mar 2023 18:48:27 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.238.134.247101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.134.247:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zWBuJG8maoNroTDKi36+Bg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XrHExIr4O/IyltUIphZ9PphRgD4=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f0f306ea49f1bd3f358f7579513e7377
c2845c696f6685a211bc040895d28ebf23fa1bc0
cda7588d5040ef3c8e83955838618a0ed0a6ee242d24abf5af697b2289fc8bdb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 248b003a4a6dda3d2c481cfd45e49176
ae6e1dbc704dbe302549888e545689eb88e83bb9
14df223924711cca8488c64942b656023cb6e69cb83863ccd0f9cdb8ac4682fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=exeo.app
142.250.74.130200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=exeo.app
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exeo.app HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 25 Mar 2023 17:43:14 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=exeo.app
142.250.74.130200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exeo.app
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exeo.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 25 Mar 2023 17:43:14 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 248b003a4a6dda3d2c481cfd45e49176
ae6e1dbc704dbe302549888e545689eb88e83bb9
14df223924711cca8488c64942b656023cb6e69cb83863ccd0f9cdb8ac4682fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
172.217.21.161200 OK 2.7 kB URL HTTP/2 500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: 500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Sat, 25 Mar 2023 17:43:14 GMT
expires: Sun, 24 Mar 2024 17:43:14 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023032101&st=env
216.58.211.2200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023032101&st=env
IP 216.58.211.2:0
File type JSON data\012- , ASCII text, with very long lines (14795), with no line terminators
Hash 933615d73676ff204a0543ffda7a2ed9
e4ffa671054d91f9ef8ab5541d188fef0665f2f9
dcdecbe26cce1e87dc7156352108d1d055f3397a005b7e1c370f4e344edb43f8
GET /getconfig/sodar?sv=200&tid=gpt&tv=2023032101&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Sat, 25 Mar 2023 17:43:15 GMT
server: cafe
content-length: 11169
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 1faaa6e2a96df65e726bea8a873f5a1d
11b1d41aecbf8830cef3bb3d79667c3ae14fb7e5
ca8c2aeb31c285308a18a4eb8680fb9a1f52d26a61f83e2ca4a83b921aa49552
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.65200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.65:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sat, 25 Mar 2023 17:43:15 GMT
expires: Sat, 25 Mar 2023 17:43:15 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
142.250.74.65200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Mar 2023 02:02:12 GMT
expires: Fri, 22 Mar 2024 02:02:12 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
vary: Accept-Encoding
age: 229263
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.205302 Found 13 kB URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.205:0
Hash aa0d659527895657d948e42377549e82
1c70f1198a21611ad53021c068af4574203bb033
5bf89a6239f19b2569b8171eb19dd6b2b1f33fcf23748c6b0121c08ecc609cfb
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 Mar 2023 17:43:14 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7RYOji70Sex22aF1WenL3HICpYQ3wd2kddb8X4YDzBNmJrYLfUQ-ARKhLuwSdCNoSTRWCPGUA
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-7JO28D4NZPBHIBkpk8Up_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
content-type: application/binary
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: __Host-GAPS=1:DZoJLD2nL8HmInCgnvsJSamWEBYHkg:JFzqpcsZm1fdwlST; Expires=Mon, 24-Mar-2025 17:43:14 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9b762efe5751eb25cd26ca67ad6dcf22
661f1247ecc842236957d05747967ec4f20835a2
c51c54e54ffc33cc7643bb0a64da2265f93efaf38838351ec0f2a2fe102efa2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
216.58.207.228200 OK 512 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 216.58.207.228:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 6da15a83d3634514259fb268447c1085
e0fb15ae58db96fdc0da293d59f5a532c0f4205a
21474a0ec82107fb54ffd1fdd449e8091cb177e43a23dd95123bed480a3141b8
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 25 Mar 2023 17:43:15 GMT
date: Sat, 25 Mar 2023 17:43:15 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-Jnnruq8oM_kkd4hzdT-1bA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.prod.uidapi.com/uid2SecureSignal.js
54.230.80.236200 OK 1.9 kB URL HTTP/1.1 cdn.prod.uidapi.com/uid2SecureSignal.js
IP 54.230.80.236:0
File type ASCII text, with very long lines (1859), with no line terminators
Hash aded621b17723f487b3c9d0e43cf2f94
90fbec381aa4a6ae2a2bb37eb082291432a1ab18
71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde
GET /uid2SecureSignal.js HTTP/1.1
Host: cdn.prod.uidapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 1859
Connection: keep-alive
Last-Modified: Mon, 23 Jan 2023 04:07:36 GMT
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Server: AmazonS3
Date: Sat, 25 Mar 2023 05:18:47 GMT
ETag: "aded621b17723f487b3c9d0e43cf2f94"
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ibBH1oRMObPCX4mZ2l_Uflyljz-cXA07Y1wmLcpbpLPmh9eUIBFLvQ==
Age: 44668
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 678d29248aa32ac654d461a9453b0bcb
4bfd729759e57cf5444488ca7a7fb637d79c6f9f
90203638d9d2afd2de6de65e8884a8aba4396212df76357380172b0053f6dd53
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "90203638D9D2AFD2DE6DE65E8884A8ABA4396212DF76357380172B0053F6DD53"
Last-Modified: Sat, 25 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7053
Expires: Sat, 25 Mar 2023 19:40:48 GMT
Date: Sat, 25 Mar 2023 17:43:15 GMT
Connection: keep-alive
id5-sync.com/api/esp/increment?counter=no-config
162.19.138.120204 0 B URL HTTP/1.1 id5-sync.com/api/esp/increment?counter=no-config
IP 162.19.138.120:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/esp/increment?counter=no-config HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
date: Sat, 25 Mar 2023 17:43:15 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0i9noZ2fh-8mtecNTxf6GNI&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/w5DnToh&DVP_PP_BUNDLE_ID=
95.101.11.123200 OK 3.3 kB URL HTTP/1.1 cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0i9noZ2fh-8mtecNTxf6GNI&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/w5DnToh&DVP_PP_BUNDLE_ID=
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (8016)
Hash e072d49341cffb322fdd359541b9e969
de1b7189b03b1aea898af405c0211a80cd25ec95
bd955388ecf026cba6c91f799b23a110cf0b3bc0cebe97ee5ed188c8f92558a2
GET /dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0i9noZ2fh-8mtecNTxf6GNI&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/w5DnToh&DVP_PP_BUNDLE_ID= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 21 Mar 2023 12:11:05 GMT
Accept-Ranges: bytes
ETag: "8012f935ee5bd91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 3337
Date: Sat, 25 Mar 2023 17:43:15 GMT
Connection: keep-alive
cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=5182811&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0i9noZ2fh-8mtecNTxf6GNI&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/w5DnToh&DVP_PP_BUNDLE_ID=
95.101.11.123200 OK 1.2 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=5182811&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0i9noZ2fh-8mtecNTxf6GNI&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/w5DnToh&DVP_PP_BUNDLE_ID=
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type HTML document, ASCII text, with very long lines (536)
Hash 9b0ef0e5b912683035f3ec3dc7a6ba88
ac08726b04e33d671ac1f77cba8462992ff4b932
1a57cc629965b4fd2cb6e1f764fc5fda00b2ed9cdf9c653bdb03fc49e9ce273f
GET /dvbs_src.js?ctx=1828362&cmp=115750&plc=5182811&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0i9noZ2fh-8mtecNTxf6GNI&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/w5DnToh&DVP_PP_BUNDLE_ID= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 10:59:51 GMT
Accept-Ranges: bytes
ETag: "2d4a10aae224d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Timing-Allow-Origin: *
Content-Length: 1170
Date: Sat, 25 Mar 2023 17:43:15 GMT
Connection: keep-alive
bcp.crwdcntrl.net/6/map
52.51.192.217200 OK 60 B IP 52.51.192.217:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ede3d37c91a4d99a465e8470ce2a78b3
89d2f3425c3c3b7992955b9d3a23143f20e0aea9
2305f958d1a68d8dc65d81c7e846770f96cbd633d8769d4733cb1dcd627cff71
POST /6/map HTTP/1.1
Host: bcp.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 50
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:15 GMT
content-type: application/json;charset=utf-8
content-length: 60
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.15.193
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
server: Jetty(9.4.38.v20210224)
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6130
Expires: Sat, 25 Mar 2023 19:25:25 GMT
Date: Sat, 25 Mar 2023 17:43:15 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5773974a7341690f006b052ad02c94db
1b11316c952e2195da1646dd94671669e7e3bc2b
a06b72138745500cacc919fea29536ebd4188a1c483f6123e3402458e299f16a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7800
x-amzn-requestid: bad99b1e-3923-4de9-8bea-4dd04e96f7cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTigfFGcIAMFdBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e179c-0826b92d4c4af16553503600;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 9AGLmjvUSTKIsYIWECOR8QwdF4PP1tP1TweUm0VYvxQ0qskqj3YuLA==
via: 1.1 3698a5f586d9ecca74d570e41f4c8516.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:40:18 GMT
age: 72177
etag: "1b11316c952e2195da1646dd94671669e7e3bc2b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b6f4d1-af89-4aaf-acec-609bb76366de.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b6f4d1-af89-4aaf-acec-609bb76366de.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70169fbc493bf12f91f072aa3a30ddde
4cd24b81bd6ade3ab5ff90fc88b0f7497e93391d
8b5fc3c8421d5696522231c3490a0853709897f5c9b645bd5e84398cf84089aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b6f4d1-af89-4aaf-acec-609bb76366de.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12071
x-amzn-requestid: 02bb2a93-c0aa-4d43-aa99-759a0418bc20
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTigfGHYoAMF8BQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e179c-2258162e1901b5cd6e7144d3;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: JviLRALJFla17_jzjfSJ_krfBT1kOqoPPt03e8ymXPQGRlLXmrERsQ==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 536063cb28bfc05fcb7a78183dd89b72.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:40:28 GMT
age: 72167
etag: "4cd24b81bd6ade3ab5ff90fc88b0f7497e93391d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dd191e3a122d6e31f81e6e9d434c58d6
aec88022970c93289434f8097e4a663da33e5271
1f00c901ef479637ec703d7924526a970cb13dd2635b2bbb68b285df9d98e011
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6185
x-amzn-requestid: 223de50b-9a7e-4ac7-9305-336658eec4ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTiwYHoLoAMFXtg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e1802-226bd8524ade75234053ff50;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:37:06 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: tMnTFkK-AtSlEsQskvoxwwCjddndz5GBLHiV5RHi3QumyL6MVC9ovg==
via: 1.1 3698a5f586d9ecca74d570e41f4c8516.cloudfront.net (CloudFront), 1.1 34f8ef0e4c880df0650a814412a26ea6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:40:28 GMT
age: 72167
etag: "aec88022970c93289434f8097e4a663da33e5271"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 73f9697594d173d623b331b5c35eab8d
6323f751f6b7517f062a0442480f672086ea02a1
116cb71658b31e87f19c390b242c684f6505cc8edf90b7fc934ac726fc7ddd18
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8635
x-amzn-requestid: fc715b03-f48f-4300-b752-ab157a684f08
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTihcETyIAMFhYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17a2-68f685ec0f50dae026ea3f64;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: ogff88YPb_ia9BPyBI0afIy9cWym7eDnXHKykpTS3NVG4EY_SUENDA==
via: 1.1 ba490acb2ea716cd57876286ed686786.cloudfront.net (CloudFront), 1.1 aa623e134417515bd2496cb01d5e5626.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:40:28 GMT
etag: "6323f751f6b7517f062a0442480f672086ea02a1"
content-type: image/jpeg
age: 72167
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Ncagzm12kJaHQtYhhjUUhcfXVfbwMdonoNYqpK-QXEmLfyyENgFnFA==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 08:51:06 GMT
age: 31929
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aecd210f66f83c73c3450d047ae7448a
d68861e96e12e8a3f293dbae8b687f05b6e15afb
22b69c41c56e5538d91f824d5dc2e63ab5563f99ae8e429c9166f4b397cacd0e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5296
x-amzn-requestid: 11fdf0c8-244c-4cd5-bfa7-4c77d777174f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTiuzEqkIAMFXOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17f8-5c241d63598dbf595b54ead5;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:36:56 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: b1KWFmKdRQ4DU0v5JmC7AJatpv2B5FAHKVWL7pFiyh13fqYDA5qydA==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:40:28 GMT
age: 72167
etag: "d68861e96e12e8a3f293dbae8b687f05b6e15afb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.id5-sync.com/api/1.0/esp.js
172.67.38.106200 OK 56 kB URL HTTP/2 cdn.id5-sync.com/api/1.0/esp.js
IP 172.67.38.106:0
Hash 1ee91449b835c4293a64c4dcd048be75
8ac221db19ab9388e8d42fe3cd27813927834ee5
1e159779216a5fe94789471f888745de5a2ad67ce57edd98d84aa52643b78509
GET /api/1.0/esp.js HTTP/1.1
Host: cdn.id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:15 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: ZjWvYdCQ+n+8pVPo4fgjrkJtLsHSUGhVHJHK8qr0o38/ZNHeA+tbvOrvX+a5AuqVu4Tgr//ghOk=
x-amz-request-id: PETS1203JXCZQ7S0
last-modified: Mon, 13 Feb 2023 11:21:55 GMT
etag: W/"b988c8d91b8a22dcd50f129d3a9d67f1"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 1031
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 7ad8f480e85b1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash fa363658b10afd87af493d2c443e3106
6d1f5da75206662432381be4dd22e72fb3cb968a
f0d0e2a38e51f762415e65b7f49f2acd09b4651b5c111875ff9184a58f0cc8f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
142.250.74.70200 OK 38 kB URL HTTP/2 s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
IP 142.250.74.70:0
File type ASCII text, with very long lines (3095)
Hash 4f9b890a6c4cfbbfd0fb7eff98bf4dde
2db204fb0ee448842b40f84463234ea496763130
8e0d4c67a688228e1ba10b1e1dc367c078edf7e9bc35be0bd4ae8c0ce980647c
GET /879366/express_html_inpage_rendering_lib_200_276.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 37872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 18:05:11 GMT
expires: Sat, 25 Mar 2023 18:05:11 GMT
cache-control: public, max-age=86400
age: 85084
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash fa363658b10afd87af493d2c443e3106
6d1f5da75206662432381be4dd22e72fb3cb968a
f0d0e2a38e51f762415e65b7f49f2acd09b4651b5c111875ff9184a58f0cc8f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 17:43:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.doubleverify.com/dvbs_src_internal117.js
95.101.11.123200 OK 19 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src_internal117.js
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2636), with CRLF, LF line terminators
Hash cf93b15de9d1c76c1bc6fdaee5382496
26e52f0a242bff375cc54d8d33a1a416d89e2813
c290ae68279e0685c13650d1534a0cd86997420399bb67288046e61b13defb53
GET /dvbs_src_internal117.js HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=946080000
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 11:00:18 GMT
Accept-Ranges: bytes
ETag: "0cda5b9e224d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 18840
Date: Sat, 25 Mar 2023 17:43:15 GMT
Connection: keep-alive
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvRXYeRqHIgKai1NR6efXSLp6wLo8iEpQanCFhJjA0DXbqhUeYpCHZ6HCHCyJzbY_WL234zY-indw_riO1xlE4uM-4X_8_aE-WLPGqY9tvco6yHFrjtYwR4SnGqkYZ9xQPmPoPrOd0RNTUbZ9lPB61HL-95Xm_FqtY6T5IS_k6XRxZcv3A-JnQrAWArEemb0rpS4Au33meuyQ3xFQKchnI7DvtonkxD3oydUbwWVjTTdmiIs8rVcF1Bp17B1sIgxIE1gaa169WVYHkd0Ubjv6b5ZkqRTqiW9iBVsQMMkhp-9ANzCNpjbHvfwvfa59f4uDeuERNoK9_7N1SPpueMYckT6rFuAPNwJwzU4gZJn4E8XyWGWD7VZuDHlV5eVkmnaaQfBj_IBqTkBOIizYdP_Qx_sdx9N5_Zk1A7OE85DWft9MNVzbO0-6-SCgV0H2_0vRL6d_BtTaciGzMpFiS8bfeq5bwMxriCbaqF0jk_sRhOCFL2ACGrnvW3CtL9LMpfkdpBInLfKKzxBzgPU9FE03Wz8_Rw6IF3BvLmaytEADygRtrTETgm1jJhJ7dpXntKQILRMk6VXcTvoZ_b_GsV6RsfaaEs3hTDzOPr_diHKWKSOo2gWFM7XJud1ucNsJSZnTNQ4SGej5Izzgy4hCq1VWYyuC8EPgpd3fpM6ekeVBg97Uh4jNTKcFvWrgj15uVn7sKxyaFQ1aZHWxLpeZt4UEwlysewP6aSCEQF0nv2cSU4mFuYh5duXC2APOp30mSL8IYl8KwzAk5Ju_Jyhci1kPISPryUYJTsqsa1ffgQFC5izG6W7NfXJNEh--WkGqfEGlmxTb8X8FMnVy_XDgCl8orTSfOEMoWGO1FVALljgGYcwTmxV6oQCqEZeYsjX1EqKQ3X5qWNfRmeiWdBgygb-depN5QbyCqgxgJJ2nL50NuWx_DBQLZrPXHBWJWS6wB0jPWLClS4ybFaYXD3PYuaWKykfwE20_YjWxIwJWDFU0NtPRD9WxMmNDRXMFym8uGSddccmlHlpWTpEEYhVEqLQL_KkvWYFFzSmqvlBFW6Ei1NxhAkUeknpNIJfLCiLLnrv0REUdecMTjQz1uktjexhXNL4uoOQSuK8cIKOEOpi42hgRsjAOF5zIdtWfQZ0FRRB_nE5HcKEBrtghdDAOqc7S3qG_gLXCYwh_eH78SHqQns_372XwpFYR8wRK9qVzHJGv_L2sRxCufSF_mL-JwZbE0fYQ&sai=AMfl-YQ4CdZAj-jZpAdQ3J9xk7ASzo3_pMNzNplWLOOb8gHYfEWfpbPjn0nYNd5DfYQtXXJNvm2EKKdZ8AJq5W_oB-kcouhKjSk-YkzFh0P-aeHLF3FR6RQ5FzJ0lDLOk4iYg0aOMzDZYGpE1kdUEAz5-SXHNtoVjCcWQnUFujjbUWlokOuTXT0TtR99vgy3w9403fAFnqf3UcXw83NwwpLWyBRhTaTmtNMQZjdbjBH7u9uSSBuZdGfDIDCt_AkrEwRLe-qm76zqITST-fY87Pat-bORLIRmeOjJvmNQjJMosA&sig=Cg0ArKJSzAnK6E3Ss5PFEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=128&cbvp=1&cisv=r20230322.19819&arae=0&ftch=1&adurl=
142.250.74.130200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvRXYeRqHIgKai1NR6efXSLp6wLo8iEpQanCFhJjA0DXbqhUeYpCHZ6HCHCyJzbY_WL234zY-indw_riO1xlE4uM-4X_8_aE-WLPGqY9tvco6yHFrjtYwR4SnGqkYZ9xQPmPoPrOd0RNTUbZ9lPB61HL-95Xm_FqtY6T5IS_k6XRxZcv3A-JnQrAWArEemb0rpS4Au33meuyQ3xFQKchnI7DvtonkxD3oydUbwWVjTTdmiIs8rVcF1Bp17B1sIgxIE1gaa169WVYHkd0Ubjv6b5ZkqRTqiW9iBVsQMMkhp-9ANzCNpjbHvfwvfa59f4uDeuERNoK9_7N1SPpueMYckT6rFuAPNwJwzU4gZJn4E8XyWGWD7VZuDHlV5eVkmnaaQfBj_IBqTkBOIizYdP_Qx_sdx9N5_Zk1A7OE85DWft9MNVzbO0-6-SCgV0H2_0vRL6d_BtTaciGzMpFiS8bfeq5bwMxriCbaqF0jk_sRhOCFL2ACGrnvW3CtL9LMpfkdpBInLfKKzxBzgPU9FE03Wz8_Rw6IF3BvLmaytEADygRtrTETgm1jJhJ7dpXntKQILRMk6VXcTvoZ_b_GsV6RsfaaEs3hTDzOPr_diHKWKSOo2gWFM7XJud1ucNsJSZnTNQ4SGej5Izzgy4hCq1VWYyuC8EPgpd3fpM6ekeVBg97Uh4jNTKcFvWrgj15uVn7sKxyaFQ1aZHWxLpeZt4UEwlysewP6aSCEQF0nv2cSU4mFuYh5duXC2APOp30mSL8IYl8KwzAk5Ju_Jyhci1kPISPryUYJTsqsa1ffgQFC5izG6W7NfXJNEh--WkGqfEGlmxTb8X8FMnVy_XDgCl8orTSfOEMoWGO1FVALljgGYcwTmxV6oQCqEZeYsjX1EqKQ3X5qWNfRmeiWdBgygb-depN5QbyCqgxgJJ2nL50NuWx_DBQLZrPXHBWJWS6wB0jPWLClS4ybFaYXD3PYuaWKykfwE20_YjWxIwJWDFU0NtPRD9WxMmNDRXMFym8uGSddccmlHlpWTpEEYhVEqLQL_KkvWYFFzSmqvlBFW6Ei1NxhAkUeknpNIJfLCiLLnrv0REUdecMTjQz1uktjexhXNL4uoOQSuK8cIKOEOpi42hgRsjAOF5zIdtWfQZ0FRRB_nE5HcKEBrtghdDAOqc7S3qG_gLXCYwh_eH78SHqQns_372XwpFYR8wRK9qVzHJGv_L2sRxCufSF_mL-JwZbE0fYQ&sai=AMfl-YQ4CdZAj-jZpAdQ3J9xk7ASzo3_pMNzNplWLOOb8gHYfEWfpbPjn0nYNd5DfYQtXXJNvm2EKKdZ8AJq5W_oB-kcouhKjSk-YkzFh0P-aeHLF3FR6RQ5FzJ0lDLOk4iYg0aOMzDZYGpE1kdUEAz5-SXHNtoVjCcWQnUFujjbUWlokOuTXT0TtR99vgy3w9403fAFnqf3UcXw83NwwpLWyBRhTaTmtNMQZjdbjBH7u9uSSBuZdGfDIDCt_AkrEwRLe-qm76zqITST-fY87Pat-bORLIRmeOjJvmNQjJMosA&sig=Cg0ArKJSzAnK6E3Ss5PFEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=128&cbvp=1&cisv=r20230322.19819&arae=0&ftch=1&adurl=
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsvRXYeRqHIgKai1NR6efXSLp6wLo8iEpQanCFhJjA0DXbqhUeYpCHZ6HCHCyJzbY_WL234zY-indw_riO1xlE4uM-4X_8_aE-WLPGqY9tvco6yHFrjtYwR4SnGqkYZ9xQPmPoPrOd0RNTUbZ9lPB61HL-95Xm_FqtY6T5IS_k6XRxZcv3A-JnQrAWArEemb0rpS4Au33meuyQ3xFQKchnI7DvtonkxD3oydUbwWVjTTdmiIs8rVcF1Bp17B1sIgxIE1gaa169WVYHkd0Ubjv6b5ZkqRTqiW9iBVsQMMkhp-9ANzCNpjbHvfwvfa59f4uDeuERNoK9_7N1SPpueMYckT6rFuAPNwJwzU4gZJn4E8XyWGWD7VZuDHlV5eVkmnaaQfBj_IBqTkBOIizYdP_Qx_sdx9N5_Zk1A7OE85DWft9MNVzbO0-6-SCgV0H2_0vRL6d_BtTaciGzMpFiS8bfeq5bwMxriCbaqF0jk_sRhOCFL2ACGrnvW3CtL9LMpfkdpBInLfKKzxBzgPU9FE03Wz8_Rw6IF3BvLmaytEADygRtrTETgm1jJhJ7dpXntKQILRMk6VXcTvoZ_b_GsV6RsfaaEs3hTDzOPr_diHKWKSOo2gWFM7XJud1ucNsJSZnTNQ4SGej5Izzgy4hCq1VWYyuC8EPgpd3fpM6ekeVBg97Uh4jNTKcFvWrgj15uVn7sKxyaFQ1aZHWxLpeZt4UEwlysewP6aSCEQF0nv2cSU4mFuYh5duXC2APOp30mSL8IYl8KwzAk5Ju_Jyhci1kPISPryUYJTsqsa1ffgQFC5izG6W7NfXJNEh--WkGqfEGlmxTb8X8FMnVy_XDgCl8orTSfOEMoWGO1FVALljgGYcwTmxV6oQCqEZeYsjX1EqKQ3X5qWNfRmeiWdBgygb-depN5QbyCqgxgJJ2nL50NuWx_DBQLZrPXHBWJWS6wB0jPWLClS4ybFaYXD3PYuaWKykfwE20_YjWxIwJWDFU0NtPRD9WxMmNDRXMFym8uGSddccmlHlpWTpEEYhVEqLQL_KkvWYFFzSmqvlBFW6Ei1NxhAkUeknpNIJfLCiLLnrv0REUdecMTjQz1uktjexhXNL4uoOQSuK8cIKOEOpi42hgRsjAOF5zIdtWfQZ0FRRB_nE5HcKEBrtghdDAOqc7S3qG_gLXCYwh_eH78SHqQns_372XwpFYR8wRK9qVzHJGv_L2sRxCufSF_mL-JwZbE0fYQ&sai=AMfl-YQ4CdZAj-jZpAdQ3J9xk7ASzo3_pMNzNplWLOOb8gHYfEWfpbPjn0nYNd5DfYQtXXJNvm2EKKdZ8AJq5W_oB-kcouhKjSk-YkzFh0P-aeHLF3FR6RQ5FzJ0lDLOk4iYg0aOMzDZYGpE1kdUEAz5-SXHNtoVjCcWQnUFujjbUWlokOuTXT0TtR99vgy3w9403fAFnqf3UcXw83NwwpLWyBRhTaTmtNMQZjdbjBH7u9uSSBuZdGfDIDCt_AkrEwRLe-qm76zqITST-fY87Pat-bORLIRmeOjJvmNQjJMosA&sig=Cg0ArKJSzAnK6E3Ss5PFEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=128&cbvp=1&cisv=r20230322.19819&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: private
content-type: image/gif
x-content-type-options: nosniff
date: Sat, 25 Mar 2023 17:43:15 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 25-Mar-2023 17:58:15 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 25 Mar 2023 17:43:15 GMT
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvRXYeRqHIgKai1NR6efXSLp6wLo8iEpQanCFhJjA0DXbqhUeYpCHZ6HCHCyJzbY_WL234zY-indw_riO1xlE4uM-4X_8_aE-WLPGqY9tvco6yHFrjtYwR4SnGqkYZ9xQPmPoPrOd0RNTUbZ9lPB61HL-95Xm_FqtY6T5IS_k6XRxZcv3A-JnQrAWArEemb0rpS4Au33meuyQ3xFQKchnI7DvtonkxD3oydUbwWVjTTdmiIs8rVcF1Bp17B1sIgxIE1gaa169WVYHkd0Ubjv6b5ZkqRTqiW9iBVsQMMkhp-9ANzCNpjbHvfwvfa59f4uDeuERNoK9_7N1SPpueMYckT6rFuAPNwJwzU4gZJn4E8XyWGWD7VZuDHlV5eVkmnaaQfBj_IBqTkBOIizYdP_Qx_sdx9N5_Zk1A7OE85DWft9MNVzbO0-6-SCgV0H2_0vRL6d_BtTaciGzMpFiS8bfeq5bwMxriCbaqF0jk_sRhOCFL2ACGrnvW3CtL9LMpfkdpBInLfKKzxBzgPU9FE03Wz8_Rw6IF3BvLmaytEADygRtrTETgm1jJhJ7dpXntKQILRMk6VXcTvoZ_b_GsV6RsfaaEs3hTDzOPr_diHKWKSOo2gWFM7XJud1ucNsJSZnTNQ4SGej5Izzgy4hCq1VWYyuC8EPgpd3fpM6ekeVBg97Uh4jNTKcFvWrgj15uVn7sKxyaFQ1aZHWxLpeZt4UEwlysewP6aSCEQF0nv2cSU4mFuYh5duXC2APOp30mSL8IYl8KwzAk5Ju_Jyhci1kPISPryUYJTsqsa1ffgQFC5izG6W7NfXJNEh--WkGqfEGlmxTb8X8FMnVy_XDgCl8orTSfOEMoWGO1FVALljgGYcwTmxV6oQCqEZeYsjX1EqKQ3X5qWNfRmeiWdBgygb-depN5QbyCqgxgJJ2nL50NuWx_DBQLZrPXHBWJWS6wB0jPWLClS4ybFaYXD3PYuaWKykfwE20_YjWxIwJWDFU0NtPRD9WxMmNDRXMFym8uGSddccmlHlpWTpEEYhVEqLQL_KkvWYFFzSmqvlBFW6Ei1NxhAkUeknpNIJfLCiLLnrv0REUdecMTjQz1uktjexhXNL4uoOQSuK8cIKOEOpi42hgRsjAOF5zIdtWfQZ0FRRB_nE5HcKEBrtghdDAOqc7S3qG_gLXCYwh_eH78SHqQns_372XwpFYR8wRK9qVzHJGv_L2sRxCufSF_mL-JwZbE0fYQ&sai=AMfl-YQ4CdZAj-jZpAdQ3J9xk7ASzo3_pMNzNplWLOOb8gHYfEWfpbPjn0nYNd5DfYQtXXJNvm2EKKdZ8AJq5W_oB-kcouhKjSk-YkzFh0P-aeHLF3FR6RQ5FzJ0lDLOk4iYg0aOMzDZYGpE1kdUEAz5-SXHNtoVjCcWQnUFujjbUWlokOuTXT0TtR99vgy3w9403fAFnqf3UcXw83NwwpLWyBRhTaTmtNMQZjdbjBH7u9uSSBuZdGfDIDCt_AkrEwRLe-qm76zqITST-fY87Pat-bORLIRmeOjJvmNQjJMosA&sig=Cg0ArKJSzAnK6E3Ss5PFEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=402&vt=11&dtpt=274&dett=4&cstd=395&cisv=r20230322.19819&arae=0&ftch=1&adurl=
142.250.74.130200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvRXYeRqHIgKai1NR6efXSLp6wLo8iEpQanCFhJjA0DXbqhUeYpCHZ6HCHCyJzbY_WL234zY-indw_riO1xlE4uM-4X_8_aE-WLPGqY9tvco6yHFrjtYwR4SnGqkYZ9xQPmPoPrOd0RNTUbZ9lPB61HL-95Xm_FqtY6T5IS_k6XRxZcv3A-JnQrAWArEemb0rpS4Au33meuyQ3xFQKchnI7DvtonkxD3oydUbwWVjTTdmiIs8rVcF1Bp17B1sIgxIE1gaa169WVYHkd0Ubjv6b5ZkqRTqiW9iBVsQMMkhp-9ANzCNpjbHvfwvfa59f4uDeuERNoK9_7N1SPpueMYckT6rFuAPNwJwzU4gZJn4E8XyWGWD7VZuDHlV5eVkmnaaQfBj_IBqTkBOIizYdP_Qx_sdx9N5_Zk1A7OE85DWft9MNVzbO0-6-SCgV0H2_0vRL6d_BtTaciGzMpFiS8bfeq5bwMxriCbaqF0jk_sRhOCFL2ACGrnvW3CtL9LMpfkdpBInLfKKzxBzgPU9FE03Wz8_Rw6IF3BvLmaytEADygRtrTETgm1jJhJ7dpXntKQILRMk6VXcTvoZ_b_GsV6RsfaaEs3hTDzOPr_diHKWKSOo2gWFM7XJud1ucNsJSZnTNQ4SGej5Izzgy4hCq1VWYyuC8EPgpd3fpM6ekeVBg97Uh4jNTKcFvWrgj15uVn7sKxyaFQ1aZHWxLpeZt4UEwlysewP6aSCEQF0nv2cSU4mFuYh5duXC2APOp30mSL8IYl8KwzAk5Ju_Jyhci1kPISPryUYJTsqsa1ffgQFC5izG6W7NfXJNEh--WkGqfEGlmxTb8X8FMnVy_XDgCl8orTSfOEMoWGO1FVALljgGYcwTmxV6oQCqEZeYsjX1EqKQ3X5qWNfRmeiWdBgygb-depN5QbyCqgxgJJ2nL50NuWx_DBQLZrPXHBWJWS6wB0jPWLClS4ybFaYXD3PYuaWKykfwE20_YjWxIwJWDFU0NtPRD9WxMmNDRXMFym8uGSddccmlHlpWTpEEYhVEqLQL_KkvWYFFzSmqvlBFW6Ei1NxhAkUeknpNIJfLCiLLnrv0REUdecMTjQz1uktjexhXNL4uoOQSuK8cIKOEOpi42hgRsjAOF5zIdtWfQZ0FRRB_nE5HcKEBrtghdDAOqc7S3qG_gLXCYwh_eH78SHqQns_372XwpFYR8wRK9qVzHJGv_L2sRxCufSF_mL-JwZbE0fYQ&sai=AMfl-YQ4CdZAj-jZpAdQ3J9xk7ASzo3_pMNzNplWLOOb8gHYfEWfpbPjn0nYNd5DfYQtXXJNvm2EKKdZ8AJq5W_oB-kcouhKjSk-YkzFh0P-aeHLF3FR6RQ5FzJ0lDLOk4iYg0aOMzDZYGpE1kdUEAz5-SXHNtoVjCcWQnUFujjbUWlokOuTXT0TtR99vgy3w9403fAFnqf3UcXw83NwwpLWyBRhTaTmtNMQZjdbjBH7u9uSSBuZdGfDIDCt_AkrEwRLe-qm76zqITST-fY87Pat-bORLIRmeOjJvmNQjJMosA&sig=Cg0ArKJSzAnK6E3Ss5PFEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=402&vt=11&dtpt=274&dett=4&cstd=395&cisv=r20230322.19819&arae=0&ftch=1&adurl=
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsvRXYeRqHIgKai1NR6efXSLp6wLo8iEpQanCFhJjA0DXbqhUeYpCHZ6HCHCyJzbY_WL234zY-indw_riO1xlE4uM-4X_8_aE-WLPGqY9tvco6yHFrjtYwR4SnGqkYZ9xQPmPoPrOd0RNTUbZ9lPB61HL-95Xm_FqtY6T5IS_k6XRxZcv3A-JnQrAWArEemb0rpS4Au33meuyQ3xFQKchnI7DvtonkxD3oydUbwWVjTTdmiIs8rVcF1Bp17B1sIgxIE1gaa169WVYHkd0Ubjv6b5ZkqRTqiW9iBVsQMMkhp-9ANzCNpjbHvfwvfa59f4uDeuERNoK9_7N1SPpueMYckT6rFuAPNwJwzU4gZJn4E8XyWGWD7VZuDHlV5eVkmnaaQfBj_IBqTkBOIizYdP_Qx_sdx9N5_Zk1A7OE85DWft9MNVzbO0-6-SCgV0H2_0vRL6d_BtTaciGzMpFiS8bfeq5bwMxriCbaqF0jk_sRhOCFL2ACGrnvW3CtL9LMpfkdpBInLfKKzxBzgPU9FE03Wz8_Rw6IF3BvLmaytEADygRtrTETgm1jJhJ7dpXntKQILRMk6VXcTvoZ_b_GsV6RsfaaEs3hTDzOPr_diHKWKSOo2gWFM7XJud1ucNsJSZnTNQ4SGej5Izzgy4hCq1VWYyuC8EPgpd3fpM6ekeVBg97Uh4jNTKcFvWrgj15uVn7sKxyaFQ1aZHWxLpeZt4UEwlysewP6aSCEQF0nv2cSU4mFuYh5duXC2APOp30mSL8IYl8KwzAk5Ju_Jyhci1kPISPryUYJTsqsa1ffgQFC5izG6W7NfXJNEh--WkGqfEGlmxTb8X8FMnVy_XDgCl8orTSfOEMoWGO1FVALljgGYcwTmxV6oQCqEZeYsjX1EqKQ3X5qWNfRmeiWdBgygb-depN5QbyCqgxgJJ2nL50NuWx_DBQLZrPXHBWJWS6wB0jPWLClS4ybFaYXD3PYuaWKykfwE20_YjWxIwJWDFU0NtPRD9WxMmNDRXMFym8uGSddccmlHlpWTpEEYhVEqLQL_KkvWYFFzSmqvlBFW6Ei1NxhAkUeknpNIJfLCiLLnrv0REUdecMTjQz1uktjexhXNL4uoOQSuK8cIKOEOpi42hgRsjAOF5zIdtWfQZ0FRRB_nE5HcKEBrtghdDAOqc7S3qG_gLXCYwh_eH78SHqQns_372XwpFYR8wRK9qVzHJGv_L2sRxCufSF_mL-JwZbE0fYQ&sai=AMfl-YQ4CdZAj-jZpAdQ3J9xk7ASzo3_pMNzNplWLOOb8gHYfEWfpbPjn0nYNd5DfYQtXXJNvm2EKKdZ8AJq5W_oB-kcouhKjSk-YkzFh0P-aeHLF3FR6RQ5FzJ0lDLOk4iYg0aOMzDZYGpE1kdUEAz5-SXHNtoVjCcWQnUFujjbUWlokOuTXT0TtR99vgy3w9403fAFnqf3UcXw83NwwpLWyBRhTaTmtNMQZjdbjBH7u9uSSBuZdGfDIDCt_AkrEwRLe-qm76zqITST-fY87Pat-bORLIRmeOjJvmNQjJMosA&sig=Cg0ArKJSzAnK6E3Ss5PFEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=402&vt=11&dtpt=274&dett=4&cstd=395&cisv=r20230322.19819&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sat, 25 Mar 2023 17:43:16 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 25-Mar-2023 17:58:16 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 25 Mar 2023 17:43:16 GMT
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash 05230f165248b445c7c3ee1f9f2a755c
059412f8cc6388a63215d9b8d7a3a5cf44f92583
9761c974d515a702db51b065c51aa3b0fd347d818c153582dfedb528d73fb1c3
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=136720
Date: Sat, 25 Mar 2023 17:43:16 GMT
Etag: "641e9ab7-1d7"
Expires: Mon, 27 Mar 2023 07:41:56 GMT
Last-Modified: Sat, 25 Mar 2023 06:54:47 GMT
Server: ECAcc (nya/7970)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: sRo2n3Q7DimO4FMvU4sAoXkuHZRWm_LG1uR9yWs5TLCGRbMExhWngQ==
Age: 2829
c.bannerflow.net/a/63d93264fd735093c1eadae7?did=5ced17d285b1c200019c3fe1&deeplink=on&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsupPNUQNh5rBdG1QaziCrQRBECCfsa1_x9msf0eLTIrQeJ54L97wt7JaSeST6kUpKeaFVbh0Ed3c7Th5lBdTSHXQI7nIW1Yj0mURzDcNZYT-L3v3Uv_EBYCTzamvEw9XZGLXRWhjqM5jMYFqYkpaX_7lUynYTxds-UeIlqeKx9sn00BdiwD0yZ9vXuK1cvN-DWk7YMKLis8ThIPZT9KI30DOVjPHTJc6VBGTUo73g8DQwzB2KoJC7GC-lIIlUczHnsan8JdH_HeUmBCPlenW23hqWf18GbCCoqdFiK14OBY1YIJlftSIunvxTsWxRrQlbxx0HAVxIcabPOxQl-w9gzaWno0Tm_gs3lgFbdVlKquWrNIbezzZYk6dJAmQGuvH-f1Qz4RDKfNpzkRW9fD5XPhsLtL331dI90kCCTCS7tbyk_1J0e_RBjruLa_k11nWhnlafdK10sttq8NCBQOLfm472r9sW2-KqoSLl8N7V9u0GyxrshlFFPTtAiJdn7vqi8-jBNPPjOSMI9E16XWGmN1WQZeKoWJ5d-PorTQE7sHY5TjjCdcakzY2q3HZAITudnX2ONQRVHLH0ADvafj6ytkR2URV3PE6FtaNdrZM6TtP4f0C7OLsVzLMDpVHzuIktrXn00_R3JaT8Wco4hB4t8GakXiKe1DpSRXBHE-cQ0I54HUzYyrWRNLxnFMmhDqYuW_dEBrUMWMOgZ88MsDkLG2IyHbiUEBgrjGtP-iCljZvcUhX9m8ccMDyAuSoFh00DMcJHRgvpsvRteWcAE2lb3-6IMIa0THVa3nVklZMAZWU1H0AQstWt56TJVmI6EZXZdq8qIVOHdkT2bhwUs3KF8k-z3AQaOfvZfbzpMPZRgawxuk5s0TTKp5v0hcOfEHma3RTjZ_gzjBixrJHgONpgCpfNVGJ3KcO2SaAc6mopI6g82pdRboON6HnXEWoclsG6cRvlkqhaBbyf0-gIjlKYuXxLfGoNJLHRTFoqypAS6rzSWlA9vU-dssg8KznVQi-vYsuRQXzePs_sf96QXeckQ8XKOw_xL87JTp8xPK3JUBUMaJaNIOkGfI6l-szoVr2n7CHkV_HUuwYNY6Z8Js7Zvqy_6urjUuIvmWL1hG0I7EArViCyYQN02FFbd-VgjQR2oRblxF9D1npVTYMKgwW1eIY5Lkhiet4lWtgnMzWuku-LOvmolzsgp82bAm5tP9qR0W%26sai%3DAMfl-YQotJJoLscJjMAeRcyZ9vfOcpYYEH6JKeGR2lhGxm3MPaVOrUhNIK7nMmujYoobmCHbS4kcGQbjvl_8JR_WgENOUROyt72qt6QBxoPezC3hPNdkBDzfSrbechdrgB0AyLRTqr4EM02EOjt8WEiF5a35Vi2dt4-lUEwR2I9UU1Whvd_umpdAC5dYHQtcYMx4e4uBUjPuzmeklPqB6-Rmn3ym88vPLN4LI6zhMjfG_NErNhOwq4t-NHgJ2Zdj20Z3mRbb__h8jR01AQ0wPrj8zeXN6lRdxztUoCEexuMU9_0bReIug-zG%26sig%3DCg0ArKJSzIrHQWPOjDU7EAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D5323271%26adurl%3Dhttps%253A%252F%252Fwww.ajprodukter.no%252F%253Futm_campaign%253Dp-aj-no-betterworkday-prospecting-industry-prog_display-2023_w06%2526utm_source%253Dbanner%2526utm_medium%253Dcpm%2526utm_content%253Dp-aj-no-betterworkday-prospecting-industry-display-728x90-html5%2526dclid%253D%2525edclid!
104.18.210.44200 OK 24 kB URL HTTP/2 c.bannerflow.net/a/63d93264fd735093c1eadae7?did=5ced17d285b1c200019c3fe1&deeplink=on&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsupPNUQNh5rBdG1QaziCrQRBECCfsa1_x9msf0eLTIrQeJ54L97wt7JaSeST6kUpKeaFVbh0Ed3c7Th5lBdTSHXQI7nIW1Yj0mURzDcNZYT-L3v3Uv_EBYCTzamvEw9XZGLXRWhjqM5jMYFqYkpaX_7lUynYTxds-UeIlqeKx9sn00BdiwD0yZ9vXuK1cvN-DWk7YMKLis8ThIPZT9KI30DOVjPHTJc6VBGTUo73g8DQwzB2KoJC7GC-lIIlUczHnsan8JdH_HeUmBCPlenW23hqWf18GbCCoqdFiK14OBY1YIJlftSIunvxTsWxRrQlbxx0HAVxIcabPOxQl-w9gzaWno0Tm_gs3lgFbdVlKquWrNIbezzZYk6dJAmQGuvH-f1Qz4RDKfNpzkRW9fD5XPhsLtL331dI90kCCTCS7tbyk_1J0e_RBjruLa_k11nWhnlafdK10sttq8NCBQOLfm472r9sW2-KqoSLl8N7V9u0GyxrshlFFPTtAiJdn7vqi8-jBNPPjOSMI9E16XWGmN1WQZeKoWJ5d-PorTQE7sHY5TjjCdcakzY2q3HZAITudnX2ONQRVHLH0ADvafj6ytkR2URV3PE6FtaNdrZM6TtP4f0C7OLsVzLMDpVHzuIktrXn00_R3JaT8Wco4hB4t8GakXiKe1DpSRXBHE-cQ0I54HUzYyrWRNLxnFMmhDqYuW_dEBrUMWMOgZ88MsDkLG2IyHbiUEBgrjGtP-iCljZvcUhX9m8ccMDyAuSoFh00DMcJHRgvpsvRteWcAE2lb3-6IMIa0THVa3nVklZMAZWU1H0AQstWt56TJVmI6EZXZdq8qIVOHdkT2bhwUs3KF8k-z3AQaOfvZfbzpMPZRgawxuk5s0TTKp5v0hcOfEHma3RTjZ_gzjBixrJHgONpgCpfNVGJ3KcO2SaAc6mopI6g82pdRboON6HnXEWoclsG6cRvlkqhaBbyf0-gIjlKYuXxLfGoNJLHRTFoqypAS6rzSWlA9vU-dssg8KznVQi-vYsuRQXzePs_sf96QXeckQ8XKOw_xL87JTp8xPK3JUBUMaJaNIOkGfI6l-szoVr2n7CHkV_HUuwYNY6Z8Js7Zvqy_6urjUuIvmWL1hG0I7EArViCyYQN02FFbd-VgjQR2oRblxF9D1npVTYMKgwW1eIY5Lkhiet4lWtgnMzWuku-LOvmolzsgp82bAm5tP9qR0W%26sai%3DAMfl-YQotJJoLscJjMAeRcyZ9vfOcpYYEH6JKeGR2lhGxm3MPaVOrUhNIK7nMmujYoobmCHbS4kcGQbjvl_8JR_WgENOUROyt72qt6QBxoPezC3hPNdkBDzfSrbechdrgB0AyLRTqr4EM02EOjt8WEiF5a35Vi2dt4-lUEwR2I9UU1Whvd_umpdAC5dYHQtcYMx4e4uBUjPuzmeklPqB6-Rmn3ym88vPLN4LI6zhMjfG_NErNhOwq4t-NHgJ2Zdj20Z3mRbb__h8jR01AQ0wPrj8zeXN6lRdxztUoCEexuMU9_0bReIug-zG%26sig%3DCg0ArKJSzIrHQWPOjDU7EAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D5323271%26adurl%3Dhttps%253A%252F%252Fwww.ajprodukter.no%252F%253Futm_campaign%253Dp-aj-no-betterworkday-prospecting-industry-prog_display-2023_w06%2526utm_source%253Dbanner%2526utm_medium%253Dcpm%2526utm_content%253Dp-aj-no-betterworkday-prospecting-industry-display-728x90-html5%2526dclid%253D%2525edclid!
IP 104.18.210.44:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 180366d5719c20bf15611319a0d6dc00
074369bb61f3910e89919784c8eee4b92fadecc5
4ced90ad9fe1532ef838a2162fda8b737e2112e090d75777a6950852e60aebb9
GET /a/63d93264fd735093c1eadae7?did=5ced17d285b1c200019c3fe1&deeplink=on&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsupPNUQNh5rBdG1QaziCrQRBECCfsa1_x9msf0eLTIrQeJ54L97wt7JaSeST6kUpKeaFVbh0Ed3c7Th5lBdTSHXQI7nIW1Yj0mURzDcNZYT-L3v3Uv_EBYCTzamvEw9XZGLXRWhjqM5jMYFqYkpaX_7lUynYTxds-UeIlqeKx9sn00BdiwD0yZ9vXuK1cvN-DWk7YMKLis8ThIPZT9KI30DOVjPHTJc6VBGTUo73g8DQwzB2KoJC7GC-lIIlUczHnsan8JdH_HeUmBCPlenW23hqWf18GbCCoqdFiK14OBY1YIJlftSIunvxTsWxRrQlbxx0HAVxIcabPOxQl-w9gzaWno0Tm_gs3lgFbdVlKquWrNIbezzZYk6dJAmQGuvH-f1Qz4RDKfNpzkRW9fD5XPhsLtL331dI90kCCTCS7tbyk_1J0e_RBjruLa_k11nWhnlafdK10sttq8NCBQOLfm472r9sW2-KqoSLl8N7V9u0GyxrshlFFPTtAiJdn7vqi8-jBNPPjOSMI9E16XWGmN1WQZeKoWJ5d-PorTQE7sHY5TjjCdcakzY2q3HZAITudnX2ONQRVHLH0ADvafj6ytkR2URV3PE6FtaNdrZM6TtP4f0C7OLsVzLMDpVHzuIktrXn00_R3JaT8Wco4hB4t8GakXiKe1DpSRXBHE-cQ0I54HUzYyrWRNLxnFMmhDqYuW_dEBrUMWMOgZ88MsDkLG2IyHbiUEBgrjGtP-iCljZvcUhX9m8ccMDyAuSoFh00DMcJHRgvpsvRteWcAE2lb3-6IMIa0THVa3nVklZMAZWU1H0AQstWt56TJVmI6EZXZdq8qIVOHdkT2bhwUs3KF8k-z3AQaOfvZfbzpMPZRgawxuk5s0TTKp5v0hcOfEHma3RTjZ_gzjBixrJHgONpgCpfNVGJ3KcO2SaAc6mopI6g82pdRboON6HnXEWoclsG6cRvlkqhaBbyf0-gIjlKYuXxLfGoNJLHRTFoqypAS6rzSWlA9vU-dssg8KznVQi-vYsuRQXzePs_sf96QXeckQ8XKOw_xL87JTp8xPK3JUBUMaJaNIOkGfI6l-szoVr2n7CHkV_HUuwYNY6Z8Js7Zvqy_6urjUuIvmWL1hG0I7EArViCyYQN02FFbd-VgjQR2oRblxF9D1npVTYMKgwW1eIY5Lkhiet4lWtgnMzWuku-LOvmolzsgp82bAm5tP9qR0W%26sai%3DAMfl-YQotJJoLscJjMAeRcyZ9vfOcpYYEH6JKeGR2lhGxm3MPaVOrUhNIK7nMmujYoobmCHbS4kcGQbjvl_8JR_WgENOUROyt72qt6QBxoPezC3hPNdkBDzfSrbechdrgB0AyLRTqr4EM02EOjt8WEiF5a35Vi2dt4-lUEwR2I9UU1Whvd_umpdAC5dYHQtcYMx4e4uBUjPuzmeklPqB6-Rmn3ym88vPLN4LI6zhMjfG_NErNhOwq4t-NHgJ2Zdj20Z3mRbb__h8jR01AQ0wPrj8zeXN6lRdxztUoCEexuMU9_0bReIug-zG%26sig%3DCg0ArKJSzIrHQWPOjDU7EAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D5323271%26adurl%3Dhttps%253A%252F%252Fwww.ajprodukter.no%252F%253Futm_campaign%253Dp-aj-no-betterworkday-prospecting-industry-prog_display-2023_w06%2526utm_source%253Dbanner%2526utm_medium%253Dcpm%2526utm_content%253Dp-aj-no-betterworkday-prospecting-industry-display-728x90-html5%2526dclid%253D%2525edclid! HTTP/1.1
Host: c.bannerflow.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s0.2mdn.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:16 GMT
content-type: application/javascript
cache-control: public, s-maxage=10
request-context: appId=cid-v1:1a5f66bd-0229-467a-a946-b3753e659ecb
last-modified: Sat, 25 Mar 2023 17:43:16 GMT
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8f4866a86b4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2
fw.adsafeprotected.com/rjss/st/1369729/69763379/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010907265&ias_pubId=pub-3831894559014614&ias_chanId=1&ias_placementId=19726429869&bidurl=https://exeo.app/w5DnToh&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hKGY9chiNbt0xSeAP7pZL2
54.246.193.169200 OK 67 kB URL HTTP/2 fw.adsafeprotected.com/rjss/st/1369729/69763379/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010907265&ias_pubId=pub-3831894559014614&ias_chanId=1&ias_placementId=19726429869&bidurl=https://exeo.app/w5DnToh&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hKGY9chiNbt0xSeAP7pZL2
IP 54.246.193.169:0
Hash 861b0e06020335a0da53ee199f3d6908
efdf4639c200b5bbf161522660a6a882651fb361
a789cf336b6c0f912d2e5dcb94bd629692404ebf3a7a378dc2d72563013fbaa0
GET /rjss/st/1369729/69763379/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010907265&ias_pubId=pub-3831894559014614&ias_chanId=1&ias_placementId=19726429869&bidurl=https://exeo.app/w5DnToh&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hKGY9chiNbt0xSeAP7pZL2 HTTP/1.1
Host: fw.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:16 GMT
content-type: application/javascript;charset=utf-8
pragma: no-cache
cache-control: no-cache
expires: Wed, 31 Dec 1969 23:59:59 GMT
access-control-allow-origin: fw.adsafeprotected.com
access-control-allow-credentials: true
vary: accept-encoding
content-encoding: gzip
X-Firefox-Spdy: h2
static.adsafeprotected.com/main.19.8.400.js
54.230.111.114200 OK 73 kB URL HTTP/2 static.adsafeprotected.com/main.19.8.400.js
IP 54.230.111.114:0
Hash dfff7f6a4b2dc13273820f48e3e314be
597098fb119de606bc436ba3e64a23f215110220
fe527a64013710ea60fa59aa832d1a48f0184e4a3923237d44b44983da7cf0d4
GET /main.19.8.400.js HTTP/1.1
Host: static.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Tue, 21 Mar 2023 20:30:35 GMT
x-amz-replication-status: COMPLETED
last-modified: Tue, 21 Mar 2023 18:43:44 GMT
etag: W/"2e8e5f6f251e442e71ad1eeec0beab78"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: 9BUnpPANWGwKG0lesMwpAnHwbT.x8zbq
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: CTJbj8JyG-vMcYCmH2UQJr_VTDzVHzZMDCiSQptIVcR-d6o4tVsJvw==
age: 335561
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 69b7e1e99f877ed33485b270ad7036f9
e2e6f069085934f87a6e9d4736f7093cc9baaddf
240bc06bbdabf78bd4668b555ee4ae1ac1398542f63ae2a7c99bfe6db30c1975
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 25 Mar 2023 17:43:16 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 24 Mar 2023 19:22:20 GMT
Expires: Sat, 25 Mar 2023 19:22:20 GMT
ETag: "e2e6f069085934f87a6e9d4736f7093cc9baaddf"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
fw.adsafeprotected.com/rfw/st/1369729/69763379/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010907265&ias_pubId=pub-3831894559014614&ias_chanId=1&ias_placementId=19726429869&bidurl=https://exeo.app/w5DnToh&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hKGY9chiNbt0xSeAP7pZL2&adsafe_url=https%3A%2F%2Fexeo.app%2F&adsafe_type=c&adsafe_url=https%3A%2F%2F500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=bd&adsafe_jsinfo=,id:b00e3e8f-ff9a-477b-9eef-6ca6bb25fb4c,c:7TDmCz,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-rpzgk,rg:ie,pt:1-5-15,wc:0.0.1280.1024,ac:0.0.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:g,bru:g,an:n,oam:0,mtim:230,mot:0,app:0,maw:0,fm:tzxtPy0+11%7C12%7C13%7C141*.1369729-69763379%7C1411%7C1412%7C151%7C152%7C1531%7C1532%7C1611,idMap:141*,pl:,rmeas:1,rend:0,renddet:IMG.us.bi,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:247,oid:85d28f16-cb34-11ed-b85f-9a52ad59ed62,v:19.8.400,sp:1,st:0,fwm:1,wr:1280.1024,sr:1280.1024,ov:0
54.246.193.169302 Found 0 B URL HTTP/2 fw.adsafeprotected.com/rfw/st/1369729/69763379/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010907265&ias_pubId=pub-3831894559014614&ias_chanId=1&ias_placementId=19726429869&bidurl=https://exeo.app/w5DnToh&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hKGY9chiNbt0xSeAP7pZL2&adsafe_url=https%3A%2F%2Fexeo.app%2F&adsafe_type=c&adsafe_url=https%3A%2F%2F500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=bd&adsafe_jsinfo=,id:b00e3e8f-ff9a-477b-9eef-6ca6bb25fb4c,c:7TDmCz,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-rpzgk,rg:ie,pt:1-5-15,wc:0.0.1280.1024,ac:0.0.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:g,bru:g,an:n,oam:0,mtim:230,mot:0,app:0,maw:0,fm:tzxtPy0+11%7C12%7C13%7C141*.1369729-69763379%7C1411%7C1412%7C151%7C152%7C1531%7C1532%7C1611,idMap:141*,pl:,rmeas:1,rend:0,renddet:IMG.us.bi,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:247,oid:85d28f16-cb34-11ed-b85f-9a52ad59ed62,v:19.8.400,sp:1,st:0,fwm:1,wr:1280.1024,sr:1280.1024,ov:0
IP 54.246.193.169:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rfw/st/1369729/69763379/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010907265&ias_pubId=pub-3831894559014614&ias_chanId=1&ias_placementId=19726429869&bidurl=https://exeo.app/w5DnToh&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hKGY9chiNbt0xSeAP7pZL2&adsafe_url=https%3A%2F%2Fexeo.app%2F&adsafe_type=c&adsafe_url=https%3A%2F%2F500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=bd&adsafe_jsinfo=,id:b00e3e8f-ff9a-477b-9eef-6ca6bb25fb4c,c:7TDmCz,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-rpzgk,rg:ie,pt:1-5-15,wc:0.0.1280.1024,ac:0.0.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:g,bru:g,an:n,oam:0,mtim:230,mot:0,app:0,maw:0,fm:tzxtPy0+11%7C12%7C13%7C141*.1369729-69763379%7C1411%7C1412%7C151%7C152%7C1531%7C1532%7C1611,idMap:141*,pl:,rmeas:1,rend:0,renddet:IMG.us.bi,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:247,oid:85d28f16-cb34-11ed-b85f-9a52ad59ed62,v:19.8.400,sp:1,st:0,fwm:1,wr:1280.1024,sr:1280.1024,ov:0 HTTP/1.1
Host: fw.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 25 Mar 2023 17:43:16 GMT
content-length: 0
location: https://static.adsafeprotected.com/passback_300x250.js
server: nginx
p3p: CP="COM NAV INT STA NID OUR IND NOI"
pragma: no-cache
cache-control: no-cache
x-server-name: app09.ie.303net.net
X-Firefox-Spdy: h2
rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_343422306255&jsTagObjCallback=__tagObject_callback_343422306255&num=6&ctx=1828362&cmp=115750&plc=5182811&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=343422306255&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/w5DnToh&chro=0&hist=2&winh=280&winw=940&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0i9noZ2fh-8mtecNTxf6GNI&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=7&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauHds%3F%25%409&dvp_exetime=9.00&callbackName=__verify_callback_343422306255
34.149.12.213200 OK 265 B URL HTTP/1.1 rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_343422306255&jsTagObjCallback=__tagObject_callback_343422306255&num=6&ctx=1828362&cmp=115750&plc=5182811&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=343422306255&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/w5DnToh&chro=0&hist=2&winh=280&winw=940&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0i9noZ2fh-8mtecNTxf6GNI&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=7&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauHds%3F%25%409&dvp_exetime=9.00&callbackName=__verify_callback_343422306255
IP 34.149.12.213:0
Hash 6df6026239b0999a25842b6dd0cf6484
ef581a0b4718ce42ad346de648dae3fee0e6fafa
d670cfcd111c37cdec0954623ad1b48c4c2eec556e45e61b11fda598a628903a
GET /verify.js?flvr=0&jsCallback=__verify_callback_343422306255&jsTagObjCallback=__tagObject_callback_343422306255&num=6&ctx=1828362&cmp=115750&plc=5182811&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=343422306255&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/w5DnToh&chro=0&hist=2&winh=280&winw=940&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0i9noZ2fh-8mtecNTxf6GNI&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=7&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauHds%3F%25%409&dvp_exetime=9.00&callbackName=__verify_callback_343422306255 HTTP/1.1
Host: rtb0.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:43:16 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 03/24/2023 17:43:16
Pragma: no-cache
Vary: Accept-Encoding
X-DV-Response: 0
c.bannerflow.net/tr/v2/pixel/
104.18.210.44200 OK 0 B URL HTTP/2 c.bannerflow.net/tr/v2/pixel/
IP 104.18.210.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /tr/v2/pixel/ HTTP/1.1
Host: c.bannerflow.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 527
Origin: https://s0.2mdn.net
Connection: keep-alive
Referer: https://s0.2mdn.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:16 GMT
content-length: 0
request-context: appId=cid-v1:1d9bcaa3-5ddc-4e5d-973c-949d7ceab63e
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7ad8f4887e08b4f4-OSL
X-Firefox-Spdy: h2
static.adsafeprotected.com/IAS_PassbackAds_300x250.png
54.230.111.114200 OK 14 kB URL HTTP/2 static.adsafeprotected.com/IAS_PassbackAds_300x250.png
IP 54.230.111.114:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 65a8b98b798ce416d94c2847aca40c71
fbb1f41bcff86b4b38c8ec877fb7923bcfdd41fb
f6adb794eda0e31a163ed517d8e63d388dbb762031a189349c72af2bc37bb4f2
GET /IAS_PassbackAds_300x250.png HTTP/1.1
Host: static.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 14233
date: Tue, 21 Mar 2023 12:56:11 GMT
x-amz-replication-status: COMPLETED
last-modified: Fri, 18 Feb 2022 23:28:59 GMT
etag: "65a8b98b798ce416d94c2847aca40c71"
x-amz-server-side-encryption: AES256
cache-control: max-age=604800
x-amz-version-id: 5gVOAFoF.BCvnrybv6D.a4lGJXzJNSyO
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7wrzpoTTdoWvMQJtlOPxBFYDJEd0hHxdn8fUtbZAs6OJdjbSA6AorA==
age: 362826
X-Firefox-Spdy: h2
cdn.doubleverify.com/dv-measurements3590.js
95.101.11.123200 OK 109 kB URL HTTP/1.1 cdn.doubleverify.com/dv-measurements3590.js
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 109 kB (108664 bytes)
Hash 1641a9065f775579eb36e560f8aece4e
1177a3cde5acfc8733c283dc7cb0799f94980b76
6448dbc00141d6bd237f6081e7eab33bfa16a4be59140d3adedd379984e7d1e0
GET /dv-measurements3590.js HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=946080900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 21 Mar 2023 10:20:26 GMT
Accept-Ranges: bytes
ETag: "011d2c0de5bd91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 108664
Date: Sat, 25 Mar 2023 17:43:16 GMT
Connection: keep-alive
servedby.flashtalking.com/imp/8/115750;5182811;201;jsappend;DV360;DV360FY20AcrobatCTXCustomAffinityBlendedNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2F500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&us_privacy=${US_PRIVACY}&cachebuster=559740.8050202946&ft_dv=%5B%25ft_dv%25%5D
104.88.10.141200 OK 821 B URL HTTP/1.1 servedby.flashtalking.com/imp/8/115750;5182811;201;jsappend;DV360;DV360FY20AcrobatCTXCustomAffinityBlendedNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2F500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&us_privacy=${US_PRIVACY}&cachebuster=559740.8050202946&ft_dv=%5B%25ft_dv%25%5D
IP 104.88.10.141:0
File type ASCII text, with CRLF, CR, LF line terminators
Hash 6d638cca38939d10b8e173c998987c68
2c8a9af01bfa4f5c88b6b1c6b6a631ac28fd9398
7de0c83f5f6dadb3a2dbfadaf5e1ba6865b14a6aa69398ddbbceb740274b07cb
GET /imp/8/115750;5182811;201;jsappend;DV360;DV360FY20AcrobatCTXCustomAffinityBlendedNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2F500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&us_privacy=${US_PRIVACY}&cachebuster=559740.8050202946&ft_dv=%5B%25ft_dv%25%5D HTTP/1.1
Host: servedby.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=ISO-8859-1
Server: prod-xre-app7.frk11
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Sat, 25 Mar 2023 17:43:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 25 Mar 2023 17:43:16 GMT
Content-Length: 821
Connection: keep-alive
Strict-Transport-Security: max-age=86400
cdn.flashtalking.com/xre/518/5182811/4069576/js/j-5182811-4069576.js
2.18.172.49200 OK 17 kB URL HTTP/1.1 cdn.flashtalking.com/xre/518/5182811/4069576/js/j-5182811-4069576.js
IP 2.18.172.49:0
File type ASCII text, with very long lines (2897), with CRLF, CR, LF line terminators
Hash bc5e76a2ed8f659d5939221ba35d0ae0
0c30f55af5557eb4489877dd20bd9d8f7871f7f4
9638ae51d741b9b7879832f24670c93f9954ff14ecc2acd0582b39a19e00cbc5
GET /xre/518/5182811/4069576/js/j-5182811-4069576.js HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Wed, 05 Oct 2022 19:27:08 GMT
Content-Type: text/javascript; charset=utf-8
ETag: W/"4ffdcdc17bf13b2a2dd6b816e4e59837"
X-Varnish: 722497523
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=485
Expires: Sat, 25 Mar 2023 17:51:21 GMT
Date: Sat, 25 Mar 2023 17:43:16 GMT
Content-Length: 17005
Connection: keep-alive
Server: Flashtalking (AKA)
cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182811&num=&adid=&advid=&adsrv=29&btreg=5182811&btadsrv=flashtalking&crt=4069576&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=99666C6F-D962-E516-7CDA-6BA310EE9939&auevent=&72755664
95.101.11.123200 OK 3.3 kB URL HTTP/1.1 cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182811&num=&adid=&advid=&adsrv=29&btreg=5182811&btadsrv=flashtalking&crt=4069576&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=99666C6F-D962-E516-7CDA-6BA310EE9939&auevent=&72755664
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (8016)
Hash e072d49341cffb322fdd359541b9e969
de1b7189b03b1aea898af405c0211a80cd25ec95
bd955388ecf026cba6c91f799b23a110cf0b3bc0cebe97ee5ed188c8f92558a2
GET /dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182811&num=&adid=&advid=&adsrv=29&btreg=5182811&btadsrv=flashtalking&crt=4069576&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=99666C6F-D962-E516-7CDA-6BA310EE9939&auevent=&72755664 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 21 Mar 2023 12:11:05 GMT
Accept-Ranges: bytes
ETag: "8012f935ee5bd91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 3337
Date: Sat, 25 Mar 2023 17:43:16 GMT
Connection: keep-alive
cdn.flashtalking.com/116327/4069576/index.html
2.18.172.49200 OK 19 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/index.html
IP 2.18.172.49:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1453), with CRLF, LF line terminators
Hash 50024c0c8744cf0d839a0af265ce8691
68563f17d04f62ce32fb04131ec0bb4bc6ec6161
3927dd64ab55ab7043e98ac95d3ac1f4bb9cd4713b8215ad30a9b71602583b83
GET /116327/4069576/index.html HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
Last-Modified: Wed, 18 Jan 2023 23:51:17 GMT
Content-Type: text/html
ETag: W/"b16406a76bb9bdccb7ab3599fd9c5105"
X-Varnish: 217065962
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=256
Expires: Sat, 25 Mar 2023 17:47:32 GMT
Date: Sat, 25 Mar 2023 17:43:16 GMT
Content-Length: 19164
Connection: keep-alive
Server: Flashtalking (AKA)
pogothere.xyz/asd100.bin
172.64.172.27200 OK 104 kB IP 172.64.172.27:0
Size 104 kB (103708 bytes)
Hash f8d1027002b1043c3f73946be53d7ce5
5d159b86ab997564f5da76fa05376d4dd0e14741
56dee5c66f26d8b03fe74f32709af550fba405cf2be7d8be0ed9cc1e4a7c6c76
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:14 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6311
last-modified: Sat, 25 Mar 2023 15:58:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6bE0t474%2Bfi7n1zsKCoA6S0d9xQZ9qPnWeOzKDpBwYqJ4SsvvF3ssVTlBjxJ%2BYmcu%2Bv4y1XqpXmjmsvFZ95%2FIVmilszD6wk7wOr5egGgfE7vPG1ipPkwY39G3YOulBJs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8f478b8e8779b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash fb0598a2d2687343b54d61f7ffef85ff
4788fbb3d5f548d3aca4e2e194ce80e705860679
da1d1476c7789b1fadc5eaee4b5600197b012001b65c8a089cf1a482cbbcbfb5
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 25 Mar 2023 17:43:17 GMT
Last-Modified: Sat, 25 Mar 2023 16:40:22 GMT
Server: ECAcc (bsa/EB2E)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: x9o5rP8jpd72QoeEtdZYQAkk-U6CjI7tXiG6wY8WwcnJKO9DGtVftQ==
Age: 3775
secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
2.18.172.49200 OK 6.0 kB URL HTTP/1.1 secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
IP 2.18.172.49:0
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash d675694ab4d4d2eb56cca854c25d9c36
34174b9397a3cb289f892f1f98ccc51a63698360
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98
GET /oba/icon/consumer-privacy-logo.png HTTP/1.1
Host: secure.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Thu, 11 Feb 2021 15:39:51 GMT
Content-Type: image/png
ETag: W/"d675694ab4d4d2eb56cca854c25d9c36"
X-Varnish: 721542519 721664610
Accept-Ranges: bytes
Content-Length: 5953
Cache-Control: max-age=401
Expires: Sat, 25 Mar 2023 17:49:58 GMT
Date: Sat, 25 Mar 2023 17:43:17 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
cdn.flashtalking.com/116327/4069576/images/acrobat_create_2.jpg
2.18.172.49200 OK 15 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/images/acrobat_create_2.jpg
IP 2.18.172.49:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 710x444, components 3\012- data
Hash 296f9ed86795c8b1f2a1554742a0485a
8899d835a9478a5161299ba357c50b3598501f40
f07b31ea4c345d978d4748fb71a680ef2861368279ccb491f78fc86380c0e37a
GET /116327/4069576/images/acrobat_create_2.jpg HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069576/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
Last-Modified: Wed, 18 Jan 2023 23:51:16 GMT
Content-Type: image/jpeg
ETag: W/"296f9ed86795c8b1f2a1554742a0485a"
X-Varnish: 253569160
Accept-Ranges: bytes
Content-Length: 15071
Cache-Control: max-age=255
Expires: Sat, 25 Mar 2023 17:47:32 GMT
Date: Sat, 25 Mar 2023 17:43:17 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
cdn.flashtalking.com/116327/4069576/images/acrobat_screen_large_2.jpg
2.18.172.49200 OK 180 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/images/acrobat_screen_large_2.jpg
IP 2.18.172.49:0
File type JPEG image data, progressive, precision 8, 926x531, components 3\012- data
Size 180 kB (179684 bytes)
Hash 64376c876f34130eb00d7c0338667dcf
2d77b890330e48c93dac67fbcceb3a89fa7ad24e
7e1d65ca11e16f00cba0b4870172a6a854e7f6d73e88b4691e80e25ecdf3161c
GET /116327/4069576/images/acrobat_screen_large_2.jpg HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069576/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
Last-Modified: Thu, 29 Sep 2022 00:27:04 GMT
Content-Type: image/jpeg
ETag: W/"64376c876f34130eb00d7c0338667dcf"
X-Varnish: 433345616 441073308
Accept-Ranges: bytes
Content-Length: 179684
Cache-Control: max-age=255
Expires: Sat, 25 Mar 2023 17:47:32 GMT
Date: Sat, 25 Mar 2023 17:43:17 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
cdn.flashtalking.com/116327/4069576/images/Image2.png
2.18.172.49200 OK 5.2 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/images/Image2.png
IP 2.18.172.49:0
File type PNG image data, 92 x 131, 8-bit/color RGBA, non-interlaced\012- data
Hash 36b54eb1631f1be795a0567fc7f6034f
c574b46865c60d9e654333e29b070ea802a54a2d
8856deebcedfa5f528c116f29edc1d31e54f16f7cc4841f9875b4910703d4445
GET /116327/4069576/images/Image2.png HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069576/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
Last-Modified: Wed, 18 Jan 2023 23:51:16 GMT
Content-Type: image/png
ETag: W/"36b54eb1631f1be795a0567fc7f6034f"
X-Varnish: 451369834 451532879
Accept-Ranges: bytes
Content-Length: 5192
Cache-Control: max-age=255
Expires: Sat, 25 Mar 2023 17:47:32 GMT
Date: Sat, 25 Mar 2023 17:43:17 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
cdn.flashtalking.com/116327/4069576/images/notebook.png
2.18.172.49200 OK 99 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/images/notebook.png
IP 2.18.172.49:0
File type PNG image data, 1102 x 1102, 8-bit/color RGBA, non-interlaced\012- data
Hash 6072c623d256e1ede016076a14baa64b
754753da0a2a3202d775f71277a77417466bef14
01f6632e73c7e0f8ab3448cc32d557a93f469a4bd2db2e6a1a128af59344f74d
GET /116327/4069576/images/notebook.png HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069576/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
Last-Modified: Wed, 18 Jan 2023 23:51:17 GMT
Content-Type: image/png
ETag: W/"6072c623d256e1ede016076a14baa64b"
X-Varnish: 240358948
Accept-Ranges: bytes
Content-Length: 98859
Cache-Control: max-age=255
Expires: Sat, 25 Mar 2023 17:47:32 GMT
Date: Sat, 25 Mar 2023 17:43:17 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
c.bannerflow.net/accounts/aj-produkter/55f6c9c5163b58e2a8681ac3/published/3877133/4906344/document.0000002D49710D.js
104.18.210.44200 OK 2.0 kB URL HTTP/2 c.bannerflow.net/accounts/aj-produkter/55f6c9c5163b58e2a8681ac3/published/3877133/4906344/document.0000002D49710D.js
IP 104.18.210.44:0
File type Unicode text, UTF-8 text, with very long lines (9376), with no line terminators
Hash 49c909f26aa2dde1dc5cc850539dbddd
b073831be88239f0360cfb5c8de8f8d8cc50a7ca
36893b624be638a54425c5b3d93de9f8f9151d2749ead30fcce4059734d92021
GET /accounts/aj-produkter/55f6c9c5163b58e2a8681ac3/published/3877133/4906344/document.0000002D49710D.js HTTP/1.1
Host: c.bannerflow.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s0.2mdn.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:16 GMT
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
cf-bgj: minify
cf-polished: origSize=10601
content-md5: 74gR29Eak9RjJZqqGXnm7A==
etag: W/"0x8DB21751A4598F6"
last-modified: Fri, 10 Mar 2023 14:38:23 GMT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 32865ac4-401e-0063-5f5d-5370dd000000
x-ms-version: 2011-08-18
cf-cache-status: HIT
age: 1307081
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8f4870b92b4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash fa5e3b6cf36629a7c16072be2150c119
248e6c1b8c4f2ea85e629f8d0af62beab6a5dd51
b6981766d45cf5cfe1a991f163e4602b3f5dba2ca77b1724a98a8a240c96bc36
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 25 Mar 2023 17:43:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 24 Mar 2023 19:58:23 GMT
Expires: Sat, 25 Mar 2023 19:58:23 GMT
ETag: "248e6c1b8c4f2ea85e629f8d0af62beab6a5dd51"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash fa5e3b6cf36629a7c16072be2150c119
248e6c1b8c4f2ea85e629f8d0af62beab6a5dd51
b6981766d45cf5cfe1a991f163e4602b3f5dba2ca77b1724a98a8a240c96bc36
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 25 Mar 2023 17:43:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 24 Mar 2023 19:58:23 GMT
Expires: Sat, 25 Mar 2023 19:58:23 GMT
ETag: "248e6c1b8c4f2ea85e629f8d0af62beab6a5dd51"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=124&ttfrms=14&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauHds%3F%25%409&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1534&ddur=11&uid=1679766210666432&jsCallback=dvCallback_1679766210666501&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3590&tgjsver=3590&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=90&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182811&crt=4069576&btreg=5182811&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=99666C6F-D962-E516-7CDA-6BA310EE9939&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=28909144.369679786&dvp_tukv=8410745811.650167&dvp_tuid=1511747847218&jurtd=1256856340
34.149.12.213200 OK 1.2 kB URL HTTP/1.1 tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=124&ttfrms=14&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauHds%3F%25%409&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1534&ddur=11&uid=1679766210666432&jsCallback=dvCallback_1679766210666501&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3590&tgjsver=3590&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=90&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182811&crt=4069576&btreg=5182811&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=99666C6F-D962-E516-7CDA-6BA310EE9939&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=28909144.369679786&dvp_tukv=8410745811.650167&dvp_tuid=1511747847218&jurtd=1256856340
IP 34.149.12.213:0
File type ASCII text, with very long lines (3044), with no line terminators
Hash 5f2a09aa39a94a69b12172e24409b68b
0dae595520132f04da3b450aa23e8a483ac72537
209bf13c140e08aa023f793138e47a3c265e8aa9adbe3ab740e63463741c3bd1
GET /visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=124&ttfrms=14&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauHds%3F%25%409&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1534&ddur=11&uid=1679766210666432&jsCallback=dvCallback_1679766210666501&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3590&tgjsver=3590&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=90&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182811&crt=4069576&btreg=5182811&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=99666C6F-D962-E516-7CDA-6BA310EE9939&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=28909144.369679786&dvp_tukv=8410745811.650167&dvp_tuid=1511747847218&jurtd=1256856340 HTTP/1.1
Host: tps.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:43:17 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 03/24/2023 17:43:17
Pragma: no-cache
Vary: Accept-Encoding
cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=7d07e8706c2949c892f67bd34ab8aa3b&dup=&eoid=1000&cbust=1679766211004109
95.101.11.123302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=7d07e8706c2949c892f67bd34ab8aa3b&dup=&eoid=1000&cbust=1679766211004109
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-eu3¶m=akipv6&impid=7d07e8706c2949c892f67bd34ab8aa3b&dup=&eoid=1000&cbust=1679766211004109 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-eu3.doubleverify.com/event.png?impid=7d07e8706c2949c892f67bd34ab8aa3b&akipv6=&dup=&eoid=1000
Date: Sat, 25 Mar 2023 17:43:17 GMT
Connection: keep-alive
tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=213&ttfrms=19&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauHds%3F%25%409&srcurlD=0&aUrlD=-1&ssl=https:&uid=1679766210375397&jsCallback=dvCallback_1679766210375249&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3590&tgjsver=3590&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=90&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://exeo.app/w5DnToh&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0i9noZ2fh-8mtecNTxf6GNI&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=28909144.369679786&dvp_tukv=136535024308.05957&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=1313702296942&jurtd=2251836082
34.149.12.213200 OK 680 B URL HTTP/1.1 tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=213&ttfrms=19&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauHds%3F%25%409&srcurlD=0&aUrlD=-1&ssl=https:&uid=1679766210375397&jsCallback=dvCallback_1679766210375249&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3590&tgjsver=3590&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=90&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://exeo.app/w5DnToh&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0i9noZ2fh-8mtecNTxf6GNI&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=28909144.369679786&dvp_tukv=136535024308.05957&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=1313702296942&jurtd=2251836082
IP 34.149.12.213:0
File type ASCII text, with very long lines (1184), with no line terminators
Hash a90661d37950fa9835ef966280fdcf92
ba5bcef08150e397e0e639656dc7930087f0092a
84b13669e5b62ec8b9449b945118040aebf61875c07d2920fd3ee192c178c1da
GET /visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=213&ttfrms=19&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATauHds%3F%25%409&srcurlD=0&aUrlD=-1&ssl=https:&uid=1679766210375397&jsCallback=dvCallback_1679766210375249&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3590&tgjsver=3590&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=90&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://exeo.app/w5DnToh&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0i9noZ2fh-8mtecNTxf6GNI&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170491623&DVP_DBM_4=396449270&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=28909144.369679786&dvp_tukv=136535024308.05957&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=1313702296942&jurtd=2251836082 HTTP/1.1
Host: tps.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 17:43:17 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 03/24/2023 17:43:17
Pragma: no-cache
Vary: Accept-Encoding
cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=3cac295fa2fd4f4dbef37618050586fb&dup=&eoid=1000&cbust=1679766211019426
95.101.11.123302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=3cac295fa2fd4f4dbef37618050586fb&dup=&eoid=1000&cbust=1679766211019426
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-eu3¶m=akipv6&impid=3cac295fa2fd4f4dbef37618050586fb&dup=&eoid=1000&cbust=1679766211019426 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-eu3.doubleverify.com/event.png?impid=3cac295fa2fd4f4dbef37618050586fb&akipv6=&dup=&eoid=1000
Date: Sat, 25 Mar 2023 17:43:17 GMT
Connection: keep-alive
tpsc-eu3.doubleverify.com/event.png?impid=3cac295fa2fd4f4dbef37618050586fb&akipv6=&dup=&eoid=1000
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=3cac295fa2fd4f4dbef37618050586fb&akipv6=&dup=&eoid=1000
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=3cac295fa2fd4f4dbef37618050586fb&akipv6=&dup=&eoid=1000 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sat, 25 Mar 2023 17:43:17 GMT
Connection: keep-alive
Cache-Control: max-age=0
Expires: 03/24/2023 17:43:17
Pragma: no-cache
tpsc-eu3.doubleverify.com/event.png?impid=7d07e8706c2949c892f67bd34ab8aa3b&akipv6=&dup=&eoid=1000
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=7d07e8706c2949c892f67bd34ab8aa3b&akipv6=&dup=&eoid=1000
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=7d07e8706c2949c892f67bd34ab8aa3b&akipv6=&dup=&eoid=1000 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sat, 25 Mar 2023 17:43:17 GMT
Connection: keep-alive
Cache-Control: max-age=0
Expires: 03/24/2023 17:43:17
Pragma: no-cache
dt.adsafeprotected.com/dt?advEntityId=1369729&asId=b00e3e8f-ff9a-477b-9eef-6ca6bb25fb4c&tv=%7Bc:7TDmJf,pingTime:-10,time:661,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEwMDJ8fDEyODB8fDF8fDF8fDI0fHwxMDI0fHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDMvMiUlNzEvNDAlJTY2Ny8zNTclJTE2LzklJTQvMyUlMTcvMTAlJTUvMyUlMjU2LzEzNSUlMzcvMjAlJTIzOS8xMDAlJTgvNSUlMjM3LzEwMCUlMTc3LzEwMCUlMTc4LzEwMCUlMS8xJSU1LzQlJTE0My8xMDAlJTE0MS8xMDAlJTExLzglJTYvNSUlODA5LzUwMCUlNjkvMjUlJTEyMDcvNTAwJSU0Ny8yMCUlMTEvNSUlMi8xJSUxNC85JSUxMzcvMTAwJSUxOS8xNiUlNy80JSU1MS8yMCUlMjU5LzEwMCUlMTcxLzEwMCUlNDAvMjclJTI2Ny8xNjAlJTY4My8zODQlJTY2Ny8zMzUlJTE4My8xMDMlJTU3LzMyJSU4NS80OCUlMTA5My82MTQlJTEwOTMvNjE1JSU5NjIvNjAxJSUxMDI0LzgxOSUlMTI4Lzc1JSU2ODMvNTEyJSUxMzAxLzczMSUlNzE5LzQwNCUlMjU2LzIwNSUlMTA2Ny82MDAlJTYyMS8zNDklJTU2OS8zMjAlJTc0LzQ1JSUzOS8xOCUlODEyLzM3NXx8NS80fHwwfHwxMjgw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDEwMDEwMXx8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fDF8fDF8fG58fG4-,ch:n,fsc:17.6.2v222220222000022202200000220002000220002002220222222202000222000220200000000000222202200002202222200000000000020020000022200022222220022200000222202022200002020222002222202202222202022222022220000220200000022222222220222222222222202222222222222222222222222222222222222200000022022020020202222222202002022022222222000000000020222202022222220002220022020000220200000002000022202220000022200202202220022000200222022220220022020222200222222020002200200022222222202222002002022002222200000000020200000000000000202220,asp:1679766210468%7C%7Cf3c296b188f14e242c8f9c91d45fe33a%7C%7Cdf16c081c25306654a0efb89b8761a08%7C%7Ce37accc741c5c9aed5d2aedc9a6a293b%7C%7Cae78c9c26aeefd262fbd3f90b7ef819a%7C%7C70444c25787df3bde43efdcb9d0e7cb1%7C%7C78f4578076c15e38723bbba564fb8f09%7C%7Cbaf5e5fa680cb75d32a83015cf775562%7C%7C1663701684%7D
54.68.198.83200 OK 43 B URL HTTP/2 dt.adsafeprotected.com/dt?advEntityId=1369729&asId=b00e3e8f-ff9a-477b-9eef-6ca6bb25fb4c&tv=%7Bc:7TDmJf,pingTime:-10,time:661,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEwMDJ8fDEyODB8fDF8fDF8fDI0fHwxMDI0fHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDMvMiUlNzEvNDAlJTY2Ny8zNTclJTE2LzklJTQvMyUlMTcvMTAlJTUvMyUlMjU2LzEzNSUlMzcvMjAlJTIzOS8xMDAlJTgvNSUlMjM3LzEwMCUlMTc3LzEwMCUlMTc4LzEwMCUlMS8xJSU1LzQlJTE0My8xMDAlJTE0MS8xMDAlJTExLzglJTYvNSUlODA5LzUwMCUlNjkvMjUlJTEyMDcvNTAwJSU0Ny8yMCUlMTEvNSUlMi8xJSUxNC85JSUxMzcvMTAwJSUxOS8xNiUlNy80JSU1MS8yMCUlMjU5LzEwMCUlMTcxLzEwMCUlNDAvMjclJTI2Ny8xNjAlJTY4My8zODQlJTY2Ny8zMzUlJTE4My8xMDMlJTU3LzMyJSU4NS80OCUlMTA5My82MTQlJTEwOTMvNjE1JSU5NjIvNjAxJSUxMDI0LzgxOSUlMTI4Lzc1JSU2ODMvNTEyJSUxMzAxLzczMSUlNzE5LzQwNCUlMjU2LzIwNSUlMTA2Ny82MDAlJTYyMS8zNDklJTU2OS8zMjAlJTc0LzQ1JSUzOS8xOCUlODEyLzM3NXx8NS80fHwwfHwxMjgw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDEwMDEwMXx8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fDF8fDF8fG58fG4-,ch:n,fsc:17.6.2v222220222000022202200000220002000220002002220222222202000222000220200000000000222202200002202222200000000000020020000022200022222220022200000222202022200002020222002222202202222202022222022220000220200000022222222220222222222222202222222222222222222222222222222222222200000022022020020202222222202002022022222222000000000020222202022222220002220022020000220200000002000022202220000022200202202220022000200222022220220022020222200222222020002200200022222222202222002002022002222200000000020200000000000000202220,asp:1679766210468%7C%7Cf3c296b188f14e242c8f9c91d45fe33a%7C%7Cdf16c081c25306654a0efb89b8761a08%7C%7Ce37accc741c5c9aed5d2aedc9a6a293b%7C%7Cae78c9c26aeefd262fbd3f90b7ef819a%7C%7C70444c25787df3bde43efdcb9d0e7cb1%7C%7C78f4578076c15e38723bbba564fb8f09%7C%7Cbaf5e5fa680cb75d32a83015cf775562%7C%7C1663701684%7D
IP 54.68.198.83:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /dt?advEntityId=1369729&asId=b00e3e8f-ff9a-477b-9eef-6ca6bb25fb4c&tv=%7Bc:7TDmJf,pingTime:-10,time:661,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEwMDJ8fDEyODB8fDF8fDF8fDI0fHwxMDI0fHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDMvMiUlNzEvNDAlJTY2Ny8zNTclJTE2LzklJTQvMyUlMTcvMTAlJTUvMyUlMjU2LzEzNSUlMzcvMjAlJTIzOS8xMDAlJTgvNSUlMjM3LzEwMCUlMTc3LzEwMCUlMTc4LzEwMCUlMS8xJSU1LzQlJTE0My8xMDAlJTE0MS8xMDAlJTExLzglJTYvNSUlODA5LzUwMCUlNjkvMjUlJTEyMDcvNTAwJSU0Ny8yMCUlMTEvNSUlMi8xJSUxNC85JSUxMzcvMTAwJSUxOS8xNiUlNy80JSU1MS8yMCUlMjU5LzEwMCUlMTcxLzEwMCUlNDAvMjclJTI2Ny8xNjAlJTY4My8zODQlJTY2Ny8zMzUlJTE4My8xMDMlJTU3LzMyJSU4NS80OCUlMTA5My82MTQlJTEwOTMvNjE1JSU5NjIvNjAxJSUxMDI0LzgxOSUlMTI4Lzc1JSU2ODMvNTEyJSUxMzAxLzczMSUlNzE5LzQwNCUlMjU2LzIwNSUlMTA2Ny82MDAlJTYyMS8zNDklJTU2OS8zMjAlJTc0LzQ1JSUzOS8xOCUlODEyLzM3NXx8NS80fHwwfHwxMjgw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDEwMDEwMXx8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fDF8fDF8fG58fG4-,ch:n,fsc:17.6.2v222220222000022202200000220002000220002002220222222202000222000220200000000000222202200002202222200000000000020020000022200022222220022200000222202022200002020222002222202202222202022222022220000220200000022222222220222222222222202222222222222222222222222222222222222200000022022020020202222222202002022022222222000000000020222202022222220002220022020000220200000002000022202220000022200202202220022000200222022220220022020222200222222020002200200022222222202222002002022002222200000000020200000000000000202220,asp:1679766210468%7C%7Cf3c296b188f14e242c8f9c91d45fe33a%7C%7Cdf16c081c25306654a0efb89b8761a08%7C%7Ce37accc741c5c9aed5d2aedc9a6a293b%7C%7Cae78c9c26aeefd262fbd3f90b7ef819a%7C%7C70444c25787df3bde43efdcb9d0e7cb1%7C%7C78f4578076c15e38723bbba564fb8f09%7C%7Cbaf5e5fa680cb75d32a83015cf775562%7C%7C1663701684%7D HTTP/1.1
Host: dt.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:17 GMT
content-type: image/gif
content-length: 43
server: nginx
p3p: CP="COM NAV INT STA NID OUR IND NOI"
pragma: no-cache
cache-control: no-cache
x-server-name: dt13.or.303net.net
X-Firefox-Spdy: h2
ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1679766213109679
142.250.74.134302 Found 0 B URL HTTP/2 ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1679766213109679
IP 142.250.74.134:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1679766213109679 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 17:43:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/p/src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1%7Chttps://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1679766213109679&~oref=https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 25-Mar-2023 17:58:19 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1|https://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1679766213110597
142.250.74.134302 Found 0 B URL HTTP/2 ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1|https://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1679766213110597
IP 142.250.74.134:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1|https://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1679766213110597 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 17:43:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/p/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1%7Chttps://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1679766213110597&~oref=https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 25-Mar-2023 17:58:19 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpsc-eu3.doubleverify.com/event.png?impid=7d07e8706c2949c892f67bd34ab8aa3b&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=330&eoid=15&msrjs=3590&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=11&tetms=4&msltms=21&vltms=330&sei=146&vetms=8&tuviims=139&tuviems=477&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=968&msrcannum=4&ismms=21&isumms=20&nvr=6&isgmmims=21&isgmv4mims=21&elmtp=1&isbxdms=2407&b0=100&b11=2388&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2488&sftb=2488&msrdp=0&naral=704&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1094&isuiabvms=1094&isgmpims=136&isgmv4dpims=1094&ispmxpms=1094&engalms=20&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3351&cbust=1679766214004607
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=7d07e8706c2949c892f67bd34ab8aa3b&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=330&eoid=15&msrjs=3590&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=11&tetms=4&msltms=21&vltms=330&sei=146&vetms=8&tuviims=139&tuviems=477&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=968&msrcannum=4&ismms=21&isumms=20&nvr=6&isgmmims=21&isgmv4mims=21&elmtp=1&isbxdms=2407&b0=100&b11=2388&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2488&sftb=2488&msrdp=0&naral=704&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1094&isuiabvms=1094&isgmpims=136&isgmv4dpims=1094&ispmxpms=1094&engalms=20&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3351&cbust=1679766214004607
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /event.png?impid=7d07e8706c2949c892f67bd34ab8aa3b&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=330&eoid=15&msrjs=3590&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=11&tetms=4&msltms=21&vltms=330&sei=146&vetms=8&tuviims=139&tuviems=477&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=968&msrcannum=4&ismms=21&isumms=20&nvr=6&isgmmims=21&isgmv4mims=21&elmtp=1&isbxdms=2407&b0=100&b11=2388&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2488&sftb=2488&msrdp=0&naral=704&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1094&isuiabvms=1094&isgmpims=136&isgmv4dpims=1094&ispmxpms=1094&engalms=20&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3351&cbust=1679766214004607 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Sat, 25 Mar 2023 17:43:21 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 03/24/2023 17:43:21
Pragma: no-cache
tpsc-eu3.doubleverify.com/event.png?impid=3cac295fa2fd4f4dbef37618050586fb&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=633&eoid=14&msrjs=3590&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=11&tetms=4&msltms=17&vltms=633&sei=145&vetms=12&tuviims=233&tuviems=878&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=904&msrcannum=3&ismms=1032&isumms=1031&nvr=6&isgmmims=1032&isgmv4mims=1032&elmtp=1&isbxdms=2738&b0=100&b11=1710&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1810&sftb=1810&msrdp=2&naral=640&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2036&isuiabvms=2036&isgmpims=1132&isgmv4dpims=2036&ispmxpms=2036&engalms=1030&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3663&cbust=1679766214020816
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=3cac295fa2fd4f4dbef37618050586fb&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=633&eoid=14&msrjs=3590&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=11&tetms=4&msltms=17&vltms=633&sei=145&vetms=12&tuviims=233&tuviems=878&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=904&msrcannum=3&ismms=1032&isumms=1031&nvr=6&isgmmims=1032&isgmv4mims=1032&elmtp=1&isbxdms=2738&b0=100&b11=1710&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1810&sftb=1810&msrdp=2&naral=640&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2036&isuiabvms=2036&isgmpims=1132&isgmv4dpims=2036&ispmxpms=2036&engalms=1030&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3663&cbust=1679766214020816
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /event.png?impid=3cac295fa2fd4f4dbef37618050586fb&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=633&eoid=14&msrjs=3590&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=11&tetms=4&msltms=17&vltms=633&sei=145&vetms=12&tuviims=233&tuviems=878&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=904&msrcannum=3&ismms=1032&isumms=1031&nvr=6&isgmmims=1032&isgmv4mims=1032&elmtp=1&isbxdms=2738&b0=100&b11=1710&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1810&sftb=1810&msrdp=2&naral=640&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2036&isuiabvms=2036&isgmpims=1132&isgmv4dpims=2036&ispmxpms=2036&engalms=1030&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3663&cbust=1679766214020816 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Sat, 25 Mar 2023 17:43:21 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 03/24/2023 17:43:21
Pragma: no-cache
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:14 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6311
last-modified: Sat, 25 Mar 2023 15:58:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kknrXGKJmZjcyGuBSC94cOwEHK5VS0dT3%2BhAugvVuL162UAyooV0ZXXzVKmyNDvN44k7WwXLFmrvz%2BK%2FL2XSYxHqcTsVaPUydfalcg4dXd54J%2FMF85kb0IHK0PLZaXf9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8f478c8f9779b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
c.bannerflow.net/accounts/aj-produkter/55f6c9c5163b58e2a8681ac3/images/365f7b07-4eae-47ff-be3b-4999016c5c61.svg
104.18.210.44200 OK 0 B URL HTTP/2 c.bannerflow.net/accounts/aj-produkter/55f6c9c5163b58e2a8681ac3/images/365f7b07-4eae-47ff-be3b-4999016c5c61.svg
IP 104.18.210.44:0
GET /accounts/aj-produkter/55f6c9c5163b58e2a8681ac3/images/365f7b07-4eae-47ff-be3b-4999016c5c61.svg HTTP/1.1
Host: c.bannerflow.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:16 GMT
content-type: image/svg+xml
content-md5: 80p3UrO9omM2HVF8h+GnDg==
last-modified: Wed, 21 Dec 2022 09:03:17 GMT
etag: W/"0x8DAE332338B0D60"
x-ms-request-id: 788aac84-b01e-0058-08d4-383579000000
x-ms-version: 2011-08-18
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 1047
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8f487fd2eb4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2
c.bannerflow.net/accounts/aj-produkter/55f6c9c5163b58e2a8681ac3/images/d27a6aae-76f2-487a-a7bd-4379e5f2edb7.svg
104.18.210.44200 OK 0 B URL HTTP/2 c.bannerflow.net/accounts/aj-produkter/55f6c9c5163b58e2a8681ac3/images/d27a6aae-76f2-487a-a7bd-4379e5f2edb7.svg
IP 104.18.210.44:0
GET /accounts/aj-produkter/55f6c9c5163b58e2a8681ac3/images/d27a6aae-76f2-487a-a7bd-4379e5f2edb7.svg HTTP/1.1
Host: c.bannerflow.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:16 GMT
content-type: image/svg+xml
content-md5: OYyELuT55ZgxZccJPok3fA==
last-modified: Mon, 19 Dec 2022 14:50:50 GMT
etag: W/"0x8DAE1D06BAEC754"
x-ms-request-id: cf7577d0-401e-0001-6ad4-38b2fa000000
x-ms-version: 2011-08-18
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5392
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad8f487fd38b4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2
exeo.app/w5DnToh
104.26.8.233200 OK 0 B IP 104.26.8.233:0
Analyzer Verdict Alert fortinet Malware
GET /w5DnToh HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:13 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=084fbe2d2d112f112c74bde35ea098a4; path=/; HttpOnly
csrfToken=d2419c5160095a760444df7c05a2986560001150cafaf86b25384cf96a54751f9b3eb18281e15e50c7dcba49298903c993cf8ad14a63883dd45000a4ab3bb3d6; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Un5LcLfucgIeeY9XBS%2FSaAS3osQdO2yOH%2FYHegdsMhDktYvM9%2BPK0FQ%2FKN%2FNK1m3uVSwWxzbvHn%2BQ34w7mNAezN2EMdvc%2FVxz3%2FUdw%2FD3ulT8%2FpInmX3%2BcQS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad8f474caf10b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
exeo.app/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679760000
104.26.8.233200 OK 0 B URL HTTP/2 exeo.app/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679760000
IP 104.26.8.233:0
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679760000 HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: AppSession=084fbe2d2d112f112c74bde35ea098a4; csrfToken=d2419c5160095a760444df7c05a2986560001150cafaf86b25384cf96a54751f9b3eb18281e15e50c7dcba49298903c993cf8ad14a63883dd45000a4ab3bb3d6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:13 GMT
content-type: application/javascript; charset=UTF-8
x-control-type-options: nosniff
vary: accept-encoding
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cMruNSFRW1BB99f8btA5f5Y4lECWV3nSjz0IQ52qZsA8ONXYN1Q%2BYLBTA7OAYhTj%2Bn1j0OJdd4%2BRMi4qPp7ddYxrLzQ7CALemLlNZjiKHTLl2si0AV7aic9A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad8f4786fef0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
live.demand.supply/up.js
104.16.134.22200 OK 0 B IP 104.16.134.22:0
GET /up.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:14 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 7ad8f477baa3b4f4-OSL
age: 727
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
etag: W/"80cb6d37c081c52264f3bc093c1c886c-ssl-df"
link: <https://live.demand.supply/impl.v16.5.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v16-2-0/ZXhlby5hcHAv>; rel=preload; as=script
vary: Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
cf-polished: origSize=4391
timing-allow-origin: *
x-nf-request-id: 01GSTTFB4JV28SJ9RRAV4DKHJV
set-cookie: demandSupplyTi=5c1707fd-a583-4f88-94eb-fb962deb7c2a; demandSupplyTc = null; demandSupplyTcI = null; SameSite=None; Secure; Max-Age=63072000
__cf_bm=VGcfPa8ADrXd8boHwqZv2pAYd6yO6c68LHUBKG4BHiA-1679766194-0-AfBOos98tKclmpi9ZDLgrB7U20UGmfaLrwEhe5FYjg8vPlaIJbYLDyuxm9YxMtZC92eG0bsKVO6Tm/Cr2u8ugSE=; path=/; expires=Sat, 25-Mar-23 18:13:14 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.205.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.205.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: nPqMzlb+RU6c5/1EXOBHvs7JAFgjTU/KVgXAMyQEMOc0+qvccAXUV6sN+EJvUHyKNl8WRyy//hfPGTOv0UWKmA==
date: Sat, 25 Mar 2023 17:43:14 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
exeo.app/fv.ico
104.26.8.233200 OK 0 B IP 104.26.8.233:0
Analyzer Verdict Alert fortinet Malware
GET /fv.ico HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/w5DnToh
Cookie: AppSession=084fbe2d2d112f112c74bde35ea098a4; csrfToken=d2419c5160095a760444df7c05a2986560001150cafaf86b25384cf96a54751f9b3eb18281e15e50c7dcba49298903c993cf8ad14a63883dd45000a4ab3bb3d6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 17:43:14 GMT
content-type: image/x-icon
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Aug 2019 06:50:33 GMT
cache-control: max-age=31536000
expires: Mon, 12 Feb 2024 09:27:53 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3572121
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HwIqwviL38SCtVxdJtAMHRcc2hwSZ6XveXZCNJLGhAUKWxJyTgkyw9kv41PsfQ%2FdtiLJQbiU9AW21vQVvqAXKJgSn2YSv5e%2Bbl11TfDE8muAz2z%2FGAgPv0P1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad8f47b9cdd0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.205302 Found 0 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.205:0
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 Mar 2023 17:43:14 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7TCjPIdizZtjtoQG_rhAZPAWKntQsx1ks1SbSWdhCc6mv8Mrzx1ZPV9kvuMkbomy-PfwFU-yA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-eOrRXNOjUjgWdpMyHja7KQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, require-trusted-types-for 'script';report-uri /cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-type: application/binary
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: __Host-GAPS=1:yyTTHq_ZQh2ya8e5oOj0DIQhn7e1-g:zQ0X2k7zxqKHnFAa; Expires=Mon, 24-Mar-2025 17:43:14 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tags.crwdcntrl.net/lt/c/16589/sync.min.js
54.230.111.37200 OK 0 B URL HTTP/2 tags.crwdcntrl.net/lt/c/16589/sync.min.js
IP 54.230.111.37:0
GET /lt/c/16589/sync.min.js HTTP/1.1
Host: tags.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
last-modified: Wed, 22 Mar 2023 22:36:59 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Fri, 24 Mar 2023 22:50:07 GMT
cache-control: public, max-age=86400
etag: W/"4fd6c99ca40fed5d11cbd9e1b76a92f1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FhedpeckU2D4CQQRSPC92E0wb25jIVXgy3QytbbAa_c5NF3y28Ut7w==
age: 67989
X-Firefox-Spdy: h2
static.adsafeprotected.com/passback_300x250.js
54.230.111.114200 OK 0 B URL HTTP/2 static.adsafeprotected.com/passback_300x250.js
IP 54.230.111.114:0
GET /passback_300x250.js HTTP/1.1
Host: static.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://500230dc450f8a05a602a452d68edf37.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Sat, 25 Mar 2023 02:21:05 GMT
x-amz-replication-status: COMPLETED
last-modified: Fri, 18 Feb 2022 23:29:42 GMT
etag: W/"44f0ac540dc9c11f94344414c879b658"
x-amz-server-side-encryption: AES256
cache-control: max-age=604800
x-amz-version-id: vr1Fa3eAVtG7AGe6kPa1Y0WAZAHvQkII
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VfzaP84oZTZaFow7_764fJieQ4mEUF0_7cPlHfgqEixj8RW5BNTVzQ==
age: 55332
X-Firefox-Spdy: h2
code.createjs.com/1.0.0/createjs.min.js
95.101.10.9200 OK 0 B URL HTTP/2 code.createjs.com/1.0.0/createjs.min.js
IP 95.101.10.9:0
ASN #20940 Akamai International B.V.
GET /1.0.0/createjs.min.js HTTP/1.1
Host: code.createjs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
accept-ranges: bytes
content-type: text/javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=900
expires: Sat, 25 Mar 2023 17:58:17 GMT
date: Sat, 25 Mar 2023 17:43:17 GMT
x-n: S
X-Firefox-Spdy: h2