r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 43ad67f241ee3692a9c9c1da080dae58
6a024f7d71eeee257edc91ba9273416f634aaae5
636635b57f9e6d2ad9b1b949298ee7d3b5b7e251a63516ff68bfb1eceded5688
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "636635B57F9E6D2AD9B1B949298EE7D3B5B7E251A63516FF68BFB1ECEDED5688"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8157
Expires: Mon, 12 Dec 2022 01:45:40 GMT
Date: Sun, 11 Dec 2022 23:29:43 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 430f1651125c14bfa4924aa1f1a392e9
304141c5fe7ac8b370a67912b2592f9622de9600
315d77a9956f34b1615e38f5f1971dd05146980f8a36b35a8108d47ebba7e8e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "315D77A9956F34B1615E38F5F1971DD05146980F8A36B35A8108D47EBBA7E8E5"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15684
Expires: Mon, 12 Dec 2022 03:51:07 GMT
Date: Sun, 11 Dec 2022 23:29:43 GMT
Connection: keep-alive
exee.app/BeErc
200 OK 165 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61748)
Size 165 kB (164919 bytes)
Hash c86cefb5bc61b910a7ec6c70d4b7d4ee
350eb36ddf083dca9b774d94f89a2d797aa44249
cdcc9d2c5a7c7920ed7d4dae6e3214f6f600518cdfc825290c63d6ce7e650202
GET /BeErc HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 23:29:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding,User-Agent
Set-Cookie: AppSession=a21d9554295ebc1de3eb8e6aa7da9fbf; path=/; HttpOnly
csrfToken=9b85c17254a1ffec7d1e4a58b474fedb1545e5b095e3f863c702ca533373257938b8019d3165c760627916858002ad0c89bc7724972a6463bc76eba793a7b170; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=00yW3aCQXtIObZtNXhhjDO45F%2F46SvTFKgAtaIkY%2FD8jVbojDi4CxHsO4oSdoYic5PtUWsFS4bQf7ZJUrVg%2Bw21F4toroqXFHG5NQ707W%2FbybUlbWnOedU6GJA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7782010379451c12-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 11 Dec 2022 22:33:37 GMT
content-type: application/json
age: 3366
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dbd022fec0a71226daaf29b7563a8896
c37d14dc7b3849a4bb815fa325fb5e70fae54039
22da5e6e3f9507688fc8cb02183d52cf38f4adf8b2c6c52eaf5f88182471efeb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22DA5E6E3F9507688FC8CB02183D52CF38F4ADF8B2C6C52EAF5F88182471EFEB"
Last-Modified: Sun, 11 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2368
Expires: Mon, 12 Dec 2022 00:09:11 GMT
Date: Sun, 11 Dec 2022 23:29:43 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: xslx0s66ZOVREYHqprD9slw4uV9oKlDd/NcpVAE/gUmDoDzR6/sBY2Ye3vLXKvMPjZ6Fb8I6LAo=
x-amz-request-id: Y7NR36YCSMKB5FZY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 11 Dec 2022 22:49:22 GMT
age: 2421
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Dec 2022 23:29:43 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
exee.app/css/continue.css
200 OK 43 kB URL HTTP/1.1 exee.app/css/continue.css
IP
File type assembler source, ASCII text
Hash 86f2690abb402da57ec94426944f117d
090dd2289eff354b4ae54490f2f8060df48c9d0c
e1f10c833a7a0f58158484857fe22a7c6efdcb7e4636df1cc9e2c4a5d3d1dafa
GET /css/continue.css HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/BeErc
Cookie: AppSession=a21d9554295ebc1de3eb8e6aa7da9fbf; csrfToken=9b85c17254a1ffec7d1e4a58b474fedb1545e5b095e3f863c702ca533373257938b8019d3165c760627916858002ad0c89bc7724972a6463bc76eba793a7b170
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 23:29:43 GMT
Content-Type: text/css
Content-Length: 43033
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 20 Nov 2020 17:25:47 GMT
Cache-Control: max-age=2592000
Expires: Mon, 09 Jan 2023 22:50:15 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Age: 88768
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qGisc%2F5phk5K25s2lmTafYAo9rEVuz%2FE3D%2BdbdzpnWWiqwyxIvaOFJ6bwg5%2BNGDS9wRrF%2BKx1KnhGCqiTHk9opO%2BUFp%2BaRZikhG9hU%2FqeVG8g23S1ii2ZlOXtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 778201061abd1c12-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 74d82b5960e5e12af402b01fa10b0829
4b80baad99eaafa43a8a78dbcd8e0df4141b3dd7
328abed4a3d2ea1d745c64c5c40925ae5efca25846d2e1c8457a030347473b51
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash a33409f980e81b54f660035dd9c14cfb
8399645bbd14b6a968328c6552b837e3368948a3
9cf6b1845f29636c04e711a6bf1e7937773c6c4522e2ba66dd6c43bfef34b33b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP
File type ASCII text, with very long lines (1921)
Hash 2c5384bc4e1f5456328fdcfa692e8407
f412953bb78ce1c8af3f87f08f18879bb847c334
617fe5b4a51396918f567fedd13f0ac910f0a1d18c082da9be2f3d915961cd3b
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 11 Dec 2022 23:29:43 GMT
expires: Sun, 11 Dec 2022 23:29:43 GMT
cache-control: private, max-age=900
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43635
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0f3dad0d025c4b6b8abd5d698f00cfbd
3a82ecac8709c7acd620316502a0e774ac3b1170
8d98454c05e1bfb1e534913e69fe76f4b0cb619c02626bcdc163f7be48b1621f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2bbc2a332da069e062c141b6755efb07
e7cb19a32562264a6858b73f90caff1fe7887a29
5fad6e64460cced764a9d312bc67cf858e5b28e5b2e107dc790bc5973f1ecd1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 8fea2d3bcb0ff2ae2719d151626aedd2
4f463254293dca1a96e4e4f572599f3bc20fb1ea
b0752251cd001fbc22d3693295c253dbc276bd2a5ca0b3bae51ed48a69f88d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B0752251CD001FBC22D3693295C253DBC276BD2A5CA0B3BAE51ED48A69F88D49"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1662
Expires: Sun, 11 Dec 2022 23:57:25 GMT
Date: Sun, 11 Dec 2022 23:29:43 GMT
Connection: keep-alive
a.vdo.ai/core/v-exee-app/vdo.ai.js
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 23:29:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Dec 2022 00:29:43 GMT
Location: https://a.vdo.ai/core/v-exee-app/vdo.ai.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hlmwsFiMTFHtlwLtyMg%2FY5eoNSzaOkLrw2YQg1jtSXkgyghXc029yRw16VQpbi6SEjLlR7ndw66KOaIAid6mnr7%2BOJMqJQTVvCbln82bryULpLIPp81LiHTX0w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 778201075fbc23e3-LHR
alt-svc: h2=":443"; ma=60
qj.wimplesbooklet.com/1clkn/29529
200 OK 26 B URL HTTP/1.1 qj.wimplesbooklet.com/1clkn/29529
IP
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: qj.wimplesbooklet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 23:29:43 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 12-Dec-2022 23:29:43 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Mon, 12-Dec-2022 23:29:43 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash dc2b4d77e5a3f58cf290e2836e13138a
46e445967430cd03e746a4662594b795f3731934
84fb5e5a676bd0a52c8b13d298acbc4792e9829d094abc2c6075b813ddccddf9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "84FB5E5A676BD0A52C8B13D298ACBC4792E9829D094ABC2C6075B813DDCCDDF9"
Last-Modified: Fri, 09 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3998
Expires: Mon, 12 Dec 2022 00:36:21 GMT
Date: Sun, 11 Dec 2022 23:29:43 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 7d7d32ac5320d741b3763e2a56c171fd
6b96fb9b49ced7635332c282e8343b03102093b5
f63c09c36d4cb17e3781a90118de486b23ee5e33ec96f63ba1b2f3826a4dc9ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F63C09C36D4CB17E3781A90118DE486B23EE5E33EC96F63BA1B2F3826A4DC9AB"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4278
Expires: Mon, 12 Dec 2022 00:41:01 GMT
Date: Sun, 11 Dec 2022 23:29:43 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash f34d5d5ef96bb69bcd8a13ea1ff45645
dde3db64eacaa03bfba2f4e59689a7d0c9f04602
f639a67a5e3072de1a52591ab6a32ce08418be093f73bbe1ae21a1dc4f643f78
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F639A67A5E3072DE1A52591AB6A32CE08418BE093F73BBE1AE21A1DC4F643F78"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4480
Expires: Mon, 12 Dec 2022 00:44:23 GMT
Date: Sun, 11 Dec 2022 23:29:43 GMT
Connection: keep-alive
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37162), with no line terminators
Hash 7a9d510fabe19032d055b3282d6fdf32
fdd9925b7b0f67bc7f52bc7a0d459648ed5b2414
77d54b15f8252c027614d4efd93555c8084a6b38a79d66bf80705fc517a822c6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:29:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 248ede1a8a623984e2864111dfe95026
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 7d7d32ac5320d741b3763e2a56c171fd
6b96fb9b49ced7635332c282e8343b03102093b5
f63c09c36d4cb17e3781a90118de486b23ee5e33ec96f63ba1b2f3826a4dc9ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F63C09C36D4CB17E3781A90118DE486B23EE5E33EC96F63BA1B2F3826A4DC9AB"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4278
Expires: Mon, 12 Dec 2022 00:41:01 GMT
Date: Sun, 11 Dec 2022 23:29:43 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 784e0439ec6be7b4ca1312cd7cfae85b
18dad06db451855d3009aa3207d868895c577666
6369a3e27c976088b4dda95da9422fdb201979fedfcb4edf9db60089fd9ea53b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 784e0439ec6be7b4ca1312cd7cfae85b
18dad06db451855d3009aa3207d868895c577666
6369a3e27c976088b4dda95da9422fdb201979fedfcb4edf9db60089fd9ea53b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
keterrehepren.xyz/clVuamZdag0ZWz8BL18zJDIoKAFLJQw7DTQWAwIUMzIrID8lMkgeDxZoVlhUR2daTBYbMVNbQAEhDx4TAWhfTA8cMwFXQARoX0RVRntdW0hDcxtXV1QhHgsBT2RIGhIGOVNbUEVlVlpXQW1fU1ZL
204 No Content 0 B URL HTTP/2 keterrehepren.xyz/clVuamZdag0ZWz8BL18zJDIoKAFLJQw7DTQWAwIUMzIrID8lMkgeDxZoVlhUR2daTBYbMVNbQAEhDx4TAWhfTA8cMwFXQARoX0RVRntdW0hDcxtXV1QhHgsBT2RIGhIGOVNbUEVlVlpXQW1fU1ZL
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /clVuamZdag0ZWz8BL18zJDIoKAFLJQw7DTQWAwIUMzIrID8lMkgeDxZoVlhUR2daTBYbMVNbQAEhDx4TAWhfTA8cMwFXQARoX0RVRntdW0hDcxtXV1QhHgsBT2RIGhIGOVNbUEVlVlpXQW1fU1ZL HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 23:29:43 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XQTZhrd2AYZZgkza3nXZqM572NAwVLc%2BkK0qShB8KvweqsS4xzsdfAbAbg53zgyIazTBJI%2Fh8hTV%2F0hX6pWxdEyYT6RColiS1vf9GpZ7cCPdohuxMR1rcMJpMbzaXGjG0SO20w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7782010809990b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
superjuryger.xyz/TGQ2YjctBlUPCC1ZVERCPggLRwUKQQQkU30XRxRDf1JbBQQ4VVRMVCALQwZRPgtYFhkiAUJHBQo3eDRhAjZyLGADDXsLcwkhDilvJyh0UFN4AFEBYxweAhBvGTJZKXZ1JWAVYhkHBCxgCSdaGlYaAEwtY3k8dSVhPi9wKFUBCnQLYSAXBAF/GTJgJnI6AWcBYwUwBhBgDQMBMk55JmMbfnspWiR6Lx5RDnMgAwAsTn0CYTZlIwBYN3YpVwcKdh0yDy1efQBjNlh6Kk47fxY3exVxKwBaBH8dAHQ6dWlWdCBfFSxsNlg4PGcsXy0sUhpyCwAPMnYZJlUqGngjcAVTIDRMK2AODGRaUw09VDhgHgx3M2I1L3UGbhsKdEcFCiVRJ3EWLAdSdisyXQN/FSBjGEBpVnArYRoFejVffgBnMFspI1kmcjUmQQZmag5FDVk8WVMpRC40b1VnLyFSV20u
200 OK 1.2 kB URL HTTP/1.1 superjuryger.xyz/TGQ2YjctBlUPCC1ZVERCPggLRwUKQQQkU30XRxRDf1JbBQQ4VVRMVCALQwZRPgtYFhkiAUJHBQo3eDRhAjZyLGADDXsLcwkhDilvJyh0UFN4AFEBYxweAhBvGTJZKXZ1JWAVYhkHBCxgCSdaGlYaAEwtY3k8dSVhPi9wKFUBCnQLYSAXBAF/GTJgJnI6AWcBYwUwBhBgDQMBMk55JmMbfnspWiR6Lx5RDnMgAwAsTn0CYTZlIwBYN3YpVwcKdh0yDy1efQBjNlh6Kk47fxY3exVxKwBaBH8dAHQ6dWlWdCBfFSxsNlg4PGcsXy0sUhpyCwAPMnYZJlUqGngjcAVTIDRMK2AODGRaUw09VDhgHgx3M2I1L3UGbhsKdEcFCiVRJ3EWLAdSdisyXQN/FSBjGEBpVnArYRoFejVffgBnMFspI1kmcjUmQQZmag5FDVk8WVMpRC40b1VnLyFSV20u
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash 589a2183510cbfe7eac27774cb6097e2
6df1bfdbe623d6741ce89296812432ae3b80d7e9
90a86c8b4f59fcaff11f2b4e82e3e54ede753832450a3794cb90b8439e809c84
GET /TGQ2YjctBlUPCC1ZVERCPggLRwUKQQQkU30XRxRDf1JbBQQ4VVRMVCALQwZRPgtYFhkiAUJHBQo3eDRhAjZyLGADDXsLcwkhDilvJyh0UFN4AFEBYxweAhBvGTJZKXZ1JWAVYhkHBCxgCSdaGlYaAEwtY3k8dSVhPi9wKFUBCnQLYSAXBAF/GTJgJnI6AWcBYwUwBhBgDQMBMk55JmMbfnspWiR6Lx5RDnMgAwAsTn0CYTZlIwBYN3YpVwcKdh0yDy1efQBjNlh6Kk47fxY3exVxKwBaBH8dAHQ6dWlWdCBfFSxsNlg4PGcsXy0sUhpyCwAPMnYZJlUqGngjcAVTIDRMK2AODGRaUw09VDhgHgx3M2I1L3UGbhsKdEcFCiVRJ3EWLAdSdisyXQN/FSBjGEBpVnArYRoFejVffgBnMFspI1kmcjUmQQZmag5FDVk8WVMpRC40b1VnLyFSV20u HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1197
Connection: keep-alive
Date: Sun, 11 Dec 2022 23:29:43 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 9448fc1c48817eb327c6aba5fe8c8544.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: WAW51-P2
X-Amz-Cf-Id: iw_4xRjjyzknbnmkBjGCSeYmyvtMxNVraTuhZPF1KBTzUiopiECA_A==
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:52:41 GMT
expires: Tue, 05 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 535022
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:56:07 GMT
expires: Tue, 05 Dec 2023 18:56:07 GMT
cache-control: public, max-age=31536000
age: 534816
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash dc2b4d77e5a3f58cf290e2836e13138a
46e445967430cd03e746a4662594b795f3731934
84fb5e5a676bd0a52c8b13d298acbc4792e9829d094abc2c6075b813ddccddf9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "84FB5E5A676BD0A52C8B13D298ACBC4792E9829D094ABC2C6075B813DDCCDDF9"
Last-Modified: Fri, 09 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3998
Expires: Mon, 12 Dec 2022 00:36:21 GMT
Date: Sun, 11 Dec 2022 23:29:43 GMT
Connection: keep-alive
keterrehepren.xyz/RDNoM21rDAtAUBJYBEojdgoPVigNYz9kCTxhDwo3HXsQdy8Sak5HBCAOUAtUcApcFR0tV1UCSzdHCUcYNw5ZFQQqVQcOSzIOWR1ecB1bAkN1FR0OXGJHGFIKeQJOQxkwX1UCW3MDUANcdwtZClh2
204 No Content 0 B URL HTTP/2 keterrehepren.xyz/RDNoM21rDAtAUBJYBEojdgoPVigNYz9kCTxhDwo3HXsQdy8Sak5HBCAOUAtUcApcFR0tV1UCSzdHCUcYNw5ZFQQqVQcOSzIOWR1ecB1bAkN1FR0OXGJHGFIKeQJOQxkwX1UCW3MDUANcdwtZClh2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RDNoM21rDAtAUBJYBEojdgoPVigNYz9kCTxhDwo3HXsQdy8Sak5HBCAOUAtUcApcFR0tV1UCSzdHCUcYNw5ZFQQqVQcOSzIOWR1ecB1bAkN1FR0OXGJHGFIKeQJOQxkwX1UCW3MDUANcdwtZClh2 HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 23:29:43 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BNoJ%2BpYzJMqPo7Ld7yrf1KAT%2ByrVEe9CUs9aKMWWMDKs4JPUlnUDBDjfLmHDF3INkXTpvN3WVFm7CtVQKG3ds3rfSNFnMPGnPtTHgGMVIyazSMjExc7U3qOH2cBBQ92sYiKdXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7782010869c40b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
keterrehepren.xyz/ZXJzQjNKTRAxDjEnH3BWIiBEJ3YrPSYaQ1wjNjJlAzoHDWAJBVU2WgFPS3YAV0RCZEMMFk5zC0MBByNHEAFOcxUMHBUtDkMETnMdVVxBbAFDB05zFRECEiUOVFQDNkcJT0J0BFVKQ3MAXUNKdAU
204 No Content 0 B URL HTTP/2 keterrehepren.xyz/ZXJzQjNKTRAxDjEnH3BWIiBEJ3YrPSYaQ1wjNjJlAzoHDWAJBVU2WgFPS3YAV0RCZEMMFk5zC0MBByNHEAFOcxUMHBUtDkMETnMdVVxBbAFDB05zFRECEiUOVFQDNkcJT0J0BFVKQ3MAXUNKdAU
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZXJzQjNKTRAxDjEnH3BWIiBEJ3YrPSYaQ1wjNjJlAzoHDWAJBVU2WgFPS3YAV0RCZEMMFk5zC0MBByNHEAFOcxUMHBUtDkMETnMdVVxBbAFDB05zFRECEiUOVFQDNkcJT0J0BFVKQ3MAXUNKdAU HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 23:29:43 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZMoh4oA1bADADUxxW1VnuVO41jQ3P3L%2FoP2F3HKydt%2FNXG1dEOsxYbBbq2YNl0Zic8AR%2BeY6vMCXINN7kkJGwCtGXiWDvWxrCn9XUhJICD%2BFSYoPH66hMnX7ywk67C43AHbNHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7782010869c60b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 784e0439ec6be7b4ca1312cd7cfae85b
18dad06db451855d3009aa3207d868895c577666
6369a3e27c976088b4dda95da9422fdb201979fedfcb4edf9db60089fd9ea53b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 280 B IP
Hash d8b6288aa182c59316c39ea8777fd31c
7e3a9cb2ee6f53c063161b881f99ab8b20851252
d188c187297ca0c01966dbc10159090ebbe8e0c96f5d7adc725fc2d3ee25f9c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3417
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:43 GMT
Last-Modified: Sun, 11 Dec 2022 22:32:47 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
superjuryger.xyz/cktBb2ITKSICXRN2I0kXACd8SlA0bnMpBkM4MBkWQX0sCFEGeiNBAR4kNAsEACQvG0wcLjVKUDQ8IF8GJhgUIis5D3EZBDBzNCFRIHwUXFccKAkLLD4YAAIuID93KggVHBYWDRwEAl8oPjN1HiszKCctD0p4BDwsBy4WOio4IXEaBBl7KD8xAm5zLTUfDjgjMTQcIlw3SwY2PhEQIiIXIyYecD8IJy8LPBIEBSYfVCIiGFojGzhkXSQ5DBs1IyURLwxSR3oYXSdCCigEUTghEDY7Hw10IzBLIhg3DgsccwMIEAMAHzsfDXQhIzs7GzdTHxwAOVAXeAw7ASVmJRwBMScoNjoZMwk4KBUICSUAESVwWgMZfnA2G0YmAiwVSikJKhYWHA9bAUM/czZRGiYWNwFDAgUqLTsfNhc4HiADNgweeRM3BkMbCVoDVCEyAAwCdgAeN0ImNR4MECMMDAEeExQ
200 OK 1.2 kB URL HTTP/1.1 superjuryger.xyz/cktBb2ITKSICXRN2I0kXACd8SlA0bnMpBkM4MBkWQX0sCFEGeiNBAR4kNAsEACQvG0wcLjVKUDQ8IF8GJhgUIis5D3EZBDBzNCFRIHwUXFccKAkLLD4YAAIuID93KggVHBYWDRwEAl8oPjN1HiszKCctD0p4BDwsBy4WOio4IXEaBBl7KD8xAm5zLTUfDjgjMTQcIlw3SwY2PhEQIiIXIyYecD8IJy8LPBIEBSYfVCIiGFojGzhkXSQ5DBs1IyURLwxSR3oYXSdCCigEUTghEDY7Hw10IzBLIhg3DgsccwMIEAMAHzsfDXQhIzs7GzdTHxwAOVAXeAw7ASVmJRwBMScoNjoZMwk4KBUICSUAESVwWgMZfnA2G0YmAiwVSikJKhYWHA9bAUM/czZRGiYWNwFDAgUqLTsfNhc4HiADNgweeRM3BkMbCVoDVCEyAAwCdgAeN0ImNR4MECMMDAEeExQ
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3051), with no line terminators
Hash 4528644cf8cfde13a99418ae57c32735
fb9d7fc9eff938d1721ccd7a5e2bbd35669b3f54
97930256db4472f39b9ec63b901ef2265c77d16853e127d05ff13cad48fee86c
GET /cktBb2ITKSICXRN2I0kXACd8SlA0bnMpBkM4MBkWQX0sCFEGeiNBAR4kNAsEACQvG0wcLjVKUDQ8IF8GJhgUIis5D3EZBDBzNCFRIHwUXFccKAkLLD4YAAIuID93KggVHBYWDRwEAl8oPjN1HiszKCctD0p4BDwsBy4WOio4IXEaBBl7KD8xAm5zLTUfDjgjMTQcIlw3SwY2PhEQIiIXIyYecD8IJy8LPBIEBSYfVCIiGFojGzhkXSQ5DBs1IyURLwxSR3oYXSdCCigEUTghEDY7Hw10IzBLIhg3DgsccwMIEAMAHzsfDXQhIzs7GzdTHxwAOVAXeAw7ASVmJRwBMScoNjoZMwk4KBUICSUAESVwWgMZfnA2G0YmAiwVSikJKhYWHA9bAUM/czZRGiYWNwFDAgUqLTsfNhc4HiADNgweeRM3BkMbCVoDVCEyAAwCdgAeN0ImNR4MECMMDAEeExQ HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1199
Connection: keep-alive
Date: Sun, 11 Dec 2022 23:29:43 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 9448fc1c48817eb327c6aba5fe8c8544.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: WAW51-P2
X-Amz-Cf-Id: 2d-C3Y9mJUG86_wVZva2aBFLDwfxJgeKVmqLAVHv26S6Pe1MCGO1Vg==
superjuryger.xyz/Wm1penE7DwoXTjtQC1wEKAFUX0McSFs8FWseGAwFaVsEHUIuXAtUEjYCHB4XKAIHDl80CB1fQxw3OxYnCzRbNx0VB108KR4kUTQ3bw8KFyszOz8wFgoUJDc1DjcGODI+NSQ+RDcpBT9JEl4wIjYJJwYjNA89IwACaTUCLxsVFycfJDcsWTQwHAgKFDw2LAVOAxUEBjE1IwJZHicfAQpJBT0/BTxDPD4KMTUJJF8wCRgqDT0kf18rPEEAXTMtNw45MSAGAxQvPRUdOAc5FmsaMCInCyQ+NB8DLx0sEjQvAzMkAF0zKTgMPwcvJAM7Jy0QHTtcKB0cXyQQXA8sKjkdLTQALCM+ADsdJGsnWyA5DD88AzBiJA4jNxE+WEskCTtaICYMIzxIMD0PPzNXMB4GFAFnOS1OBzFbBEgLEA
200 OK 1.2 kB URL HTTP/1.1 superjuryger.xyz/Wm1penE7DwoXTjtQC1wEKAFUX0McSFs8FWseGAwFaVsEHUIuXAtUEjYCHB4XKAIHDl80CB1fQxw3OxYnCzRbNx0VB108KR4kUTQ3bw8KFyszOz8wFgoUJDc1DjcGODI+NSQ+RDcpBT9JEl4wIjYJJwYjNA89IwACaTUCLxsVFycfJDcsWTQwHAgKFDw2LAVOAxUEBjE1IwJZHicfAQpJBT0/BTxDPD4KMTUJJF8wCRgqDT0kf18rPEEAXTMtNw45MSAGAxQvPRUdOAc5FmsaMCInCyQ+NB8DLx0sEjQvAzMkAF0zKTgMPwcvJAM7Jy0QHTtcKB0cXyQQXA8sKjkdLTQALCM+ADsdJGsnWyA5DD88AzBiJA4jNxE+WEskCTtaICYMIzxIMD0PPzNXMB4GFAFnOS1OBzFbBEgLEA
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3016), with no line terminators
Hash 78f50fc1838c68a50afddb6809fb81a1
a0081a8d08fda1e790c7900950f5a824db00a0ae
2dc8212da87cb99dc9ac2f2466baa8eabf9de476e4d7fdba8111f91a8da7a399
GET /Wm1penE7DwoXTjtQC1wEKAFUX0McSFs8FWseGAwFaVsEHUIuXAtUEjYCHB4XKAIHDl80CB1fQxw3OxYnCzRbNx0VB108KR4kUTQ3bw8KFyszOz8wFgoUJDc1DjcGODI+NSQ+RDcpBT9JEl4wIjYJJwYjNA89IwACaTUCLxsVFycfJDcsWTQwHAgKFDw2LAVOAxUEBjE1IwJZHicfAQpJBT0/BTxDPD4KMTUJJF8wCRgqDT0kf18rPEEAXTMtNw45MSAGAxQvPRUdOAc5FmsaMCInCyQ+NB8DLx0sEjQvAzMkAF0zKTgMPwcvJAM7Jy0QHTtcKB0cXyQQXA8sKjkdLTQALCM+ADsdJGsnWyA5DD88AzBiJA4jNxE+WEskCTtaICYMIzxIMD0PPzNXMB4GFAFnOS1OBzFbBEgLEA HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1171
Connection: keep-alive
Date: Sun, 11 Dec 2022 23:29:43 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 c73ba817df235d3fd61faf087b3d3f54.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: WAW51-P2
X-Amz-Cf-Id: 54pLS1EUq1VwRavlOygor6w056TnvQQdQbY5mV7JZpzoI02Yk_3ONg==
superjuryger.xyz/utx?cb=KSm9r63NZDdf&top=exee.app&tid=822524
204 No Content 0 B URL HTTP/2 superjuryger.xyz/utx?cb=KSm9r63NZDdf&top=exee.app&tid=822524
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=KSm9r63NZDdf&top=exee.app&tid=822524 HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 23:29:43 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 11 Dec 2022 23:30:43 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ba172beaa058835048fe52f15497da64.cloudfront.net (CloudFront)
x-amz-cf-pop: WAW51-P2
x-amz-cf-id: 1bltr1mP71zaOwFQQvYvoyNAqNu1bMoVbeOAWM9yS8aFFOXJOv_bew==
X-Firefox-Spdy: h2
superjuryger.xyz/utx?cb=2WV2WM5M6utF&top=exee.app&tid=889494
204 No Content 0 B URL HTTP/2 superjuryger.xyz/utx?cb=2WV2WM5M6utF&top=exee.app&tid=889494
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=2WV2WM5M6utF&top=exee.app&tid=889494 HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 23:29:43 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 11 Dec 2022 23:30:43 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ba172beaa058835048fe52f15497da64.cloudfront.net (CloudFront)
x-amz-cf-pop: WAW51-P2
x-amz-cf-id: YEJ8Twbxzqhb8U31HLg4ITFd99Qqit1H8wcQG9CxLwr9weq5ZzP4WA==
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 23:29:43 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 38972ff9e8dd946f3472494cc20324c5
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sun, 11 Dec 2022 23:29:43 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dYiDg%2BVR3Ym41SuNLA76laWlF8ur96owkNNgp0qwx5Aeo0vwZwuxEEaB2epZmJ7IzEo0ii4idg48OHS1rwH%2BUCCFwvf0JzpCl6PDfFrR85kOGm2Ptg02CmGg%2FXS5soGVcuL5Lbo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 778201090df87437-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash f0b47065b11cbea51cb76d12a9bfa1fb
e4297c96b6395dd7d35cac31717d3153fb3d95a4
7e851c843752269d2e3efd2908be5074cdd273eb839bf91bb7fbf57dacba5855
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=137796
Date: Sun, 11 Dec 2022 23:29:43 GMT
Etag: "6395db96-1d7"
Expires: Tue, 13 Dec 2022 13:46:19 GMT
Last-Modified: Sun, 11 Dec 2022 13:31:02 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4psAElCM_3JUIycfzci-3VmESM64JCGwjV0zV5THUCrUHz1kxKNo_Q==
Age: 917
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 7d7d32ac5320d741b3763e2a56c171fd
6b96fb9b49ced7635332c282e8343b03102093b5
f63c09c36d4cb17e3781a90118de486b23ee5e33ec96f63ba1b2f3826a4dc9ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F63C09C36D4CB17E3781A90118DE486B23EE5E33EC96F63BA1B2F3826A4DC9AB"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4277
Expires: Mon, 12 Dec 2022 00:41:01 GMT
Date: Sun, 11 Dec 2022 23:29:44 GMT
Connection: keep-alive
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 1cb96fd0ec77be81dad6bbe081a75522
854f300aec9853f1a02b1f0b32b9bbaca3078cfd
42356c5b42d31804b936f3a6219b0a02c45c8f332212acbb58004896d1ec61f1
Analyzer Verdict Alert fortinet Malware
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:29:44 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=13bab80f-e390-47c0-954c-7f229f2df5c6:2:1; expires=Wed, 08 Dec 2032 23:29:44 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
d1sqvt36mg3t1b.cloudfront.net/SNVVNRDNWOiMiDEE8KXkLB2d4dgcTPz4rXUVoKA9AVwUUc2NWEClxaVdzOT5XCGVrKFJbMnBiVls2cHUVVDEveQcTIT0rWAg7Py5BUyI7MlFMczglDlg6Ny1fWTRodnUAe31hAQV9Oi1dUTo6NxYHZSMwFgdlfHQdBXB+BhYHZTotXQNhaHdxEGd9PAUBcH-4GFgdlPzIWBhR8dAYbZWRhAQUyKCdYWnB/AgEFZH10AgVkaHYDUzw/IVVaLWh2dQRleGoDEyBwdQ
200 OK 516 B URL HTTP/1.1 d1sqvt36mg3t1b.cloudfront.net/SNVVNRDNWOiMiDEE8KXkLB2d4dgcTPz4rXUVoKA9AVwUUc2NWEClxaVdzOT5XCGVrKFJbMnBiVls2cHUVVDEveQcTIT0rWAg7Py5BUyI7MlFMczglDlg6Ny1fWTRodnUAe31hAQV9Oi1dUTo6NxYHZSMwFgdlfHQdBXB+BhYHZTotXQNhaHdxEGd9PAUBcH-4GFgdlPzIWBhR8dAYbZWRhAQUyKCdYWnB/AgEFZH10AgVkaHYDUzw/IVVaLWh2dQRleGoDEyBwdQ
IP
File type ASCII text, with very long lines (706), with no line terminators
Hash f21340166adf838fb3816c91078d6123
a57a36c3901227c67c10f1703635f536be902a8c
3828f868933dd403b6b6374715c8abb1d9bbc1598bb987be89f410679cb69414
GET /SNVVNRDNWOiMiDEE8KXkLB2d4dgcTPz4rXUVoKA9AVwUUc2NWEClxaVdzOT5XCGVrKFJbMnBiVls2cHUVVDEveQcTIT0rWAg7Py5BUyI7MlFMczglDlg6Ny1fWTRodnUAe31hAQV9Oi1dUTo6NxYHZSMwFgdlfHQdBXB+BhYHZTotXQNhaHdxEGd9PAUBcH-4GFgdlPzIWBhR8dAYbZWRhAQUyKCdYWnB/AgEFZH10AgVkaHYDUzw/IVVaLWh2dQRleGoDEyBwdQ HTTP/1.1
Host: d1sqvt36mg3t1b.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://superjuryger.xyz/
HTTP/1.1 200 OK
Content-Length: 516
Connection: keep-alive
Date: Sun, 11 Dec 2022 23:29:44 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8hc-pHxLJiixYx-icZ368hvIfEwmoxz3kGWtOvmAO8oKgNxT7Ye0Tg==
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 11 Dec 2022 23:07:56 GMT
age: 1308
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
temperrunnersdale.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
200 OK 29 kB URL HTTP/1.1 temperrunnersdale.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 329936a6abf27ed0e0eff156740e8b0a
9e3506e571cc8d19c824ccd82b9d3d396c3202d0
93bd1c9f9d35b6a9319a85a3cf2065bf99281bd46c4d2cff61d2e10deae22da7
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/ed/da/e3edda287db626ee1ba52321f203a61e.js HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:29:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: eb0cd1543b0b2742379744ec434cfe9b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
200 OK 280 B IP
Hash d8b6288aa182c59316c39ea8777fd31c
7e3a9cb2ee6f53c063161b881f99ab8b20851252
d188c187297ca0c01966dbc10159090ebbe8e0c96f5d7adc725fc2d3ee25f9c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3418
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:44 GMT
Last-Modified: Sun, 11 Dec 2022 22:32:47 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 1cb96fd0ec77be81dad6bbe081a75522
854f300aec9853f1a02b1f0b32b9bbaca3078cfd
42356c5b42d31804b936f3a6219b0a02c45c8f332212acbb58004896d1ec61f1
Analyzer Verdict Alert fortinet Malware
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Cookie: uid_id2=13bab80f-e390-47c0-954c-7f229f2df5c6:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:29:44 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
X-Firefox-Spdy: h2
d1sqvt36mg3t1b.cloudfront.net/ZRlVQY2MlOj4FXDI8NF5bcmZiVVJgPyMMDTZoBCdXMD5mDlE8H3YXGSJoYEUPJzs3XkUjOzNeUmA0NAFecnMlAl4rOioKDyo0dVElc3tgRlF2fScKDSI6JxBGdGU+F0Z0ZWFTTXZwYyFGdGUnCg1wYXVQIWNnYBtVcnBjIUZ0ZSIVRnUUYVNWaGV5RlF2Mj-UACClwYiVRdmRgU1J2ZHVRUyA8IgYFKS11USV3ZWVNU2AgbVI
200 OK 189 B URL HTTP/1.1 d1sqvt36mg3t1b.cloudfront.net/ZRlVQY2MlOj4FXDI8NF5bcmZiVVJgPyMMDTZoBCdXMD5mDlE8H3YXGSJoYEUPJzs3XkUjOzNeUmA0NAFecnMlAl4rOioKDyo0dVElc3tgRlF2fScKDSI6JxBGdGU+F0Z0ZWFTTXZwYyFGdGUnCg1wYXVQIWNnYBtVcnBjIUZ0ZSIVRnUUYVNWaGV5RlF2Mj-UACClwYiVRdmRgU1J2ZHVRUyA8IgYFKS11USV3ZWVNU2AgbVI
IP
File type ASCII text, with no line terminators
Hash 204fa04527c30fa922ff2d91a055d1ae
dd3b3dbc55e616ea4c57994c8efa6ac2f26a2ef1
1272872704c9d8b8354852caecbcef72bcd48e2181064c690c67a19ff621d16c
GET /ZRlVQY2MlOj4FXDI8NF5bcmZiVVJgPyMMDTZoBCdXMD5mDlE8H3YXGSJoYEUPJzs3XkUjOzNeUmA0NAFecnMlAl4rOioKDyo0dVElc3tgRlF2fScKDSI6JxBGdGU+F0Z0ZWFTTXZwYyFGdGUnCg1wYXVQIWNnYBtVcnBjIUZ0ZSIVRnUUYVNWaGV5RlF2Mj-UACClwYiVRdmRgU1J2ZHVRUyA8IgYFKS11USV3ZWVNU2AgbVI HTTP/1.1
Host: d1sqvt36mg3t1b.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://superjuryger.xyz/
HTTP/1.1 200 OK
Content-Length: 189
Connection: keep-alive
Date: Sun, 11 Dec 2022 23:29:44 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: XOWhaZMK_s1cEvE-znhrSH1NlrS5_0LQTrGDvohx2pLhefVX7vrdvQ==
ocsp.digicert.com/
200 OK 471 B IP
Hash e12bb655426d080117693ba116f398cf
8fe1f7f8d0b191baed2decba3523656da97077f5
2c25ba0d1c806de98d5489934acd8e2f17487e4f7e40c7f0d39094ce49f91b8d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2831
Cache-Control: max-age=123863
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:44 GMT
Etag: "63959db0-1d7"
Expires: Tue, 13 Dec 2022 09:54:07 GMT
Last-Modified: Sun, 11 Dec 2022 09:06:56 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
d1sqvt36mg3t1b.cloudfront.net/wa0dTSUMIKD0vfB8uN3R7U35ncHdNLSAmLRt6EjgWWyonOC0JLx4qIAcfBm83ESNueWUHJj0ufk0iPSp+WmEyLSFWc3U9MwQsbicxATU1PjUdJSpvNgp6PiY5Ais/KGZZAWZnc051Y2E0Aik3JjQYYmF5LR9iYXlyW2ljbHApYmF5NAIpZX1mWAV2e3MTcW-dscCliYXkxHWJgCHJbcn15ak51Yy4mCCw8bHEtdWN4c1t2Y3hmWXc1IDEOITwxZlkBYnl2RXd1PH5a
200 OK 610 B URL HTTP/1.1 d1sqvt36mg3t1b.cloudfront.net/wa0dTSUMIKD0vfB8uN3R7U35ncHdNLSAmLRt6EjgWWyonOC0JLx4qIAcfBm83ESNueWUHJj0ufk0iPSp+WmEyLSFWc3U9MwQsbicxATU1PjUdJSpvNgp6PiY5Ais/KGZZAWZnc051Y2E0Aik3JjQYYmF5LR9iYXlyW2ljbHApYmF5NAIpZX1mWAV2e3MTcW-dscCliYXkxHWJgCHJbcn15ak51Yy4mCCw8bHEtdWN4c1t2Y3hmWXc1IDEOITwxZlkBYnl2RXd1PH5a
IP
File type ASCII text, with very long lines (876), with no line terminators
Hash 6365ac7457fea649a8872aade1b6e40f
83e2b0093b63b368058f4f40dea67bfc33100c0a
ea2539eb05ec70c6ed3dcdb3f460f5bdd846c66e1c6d07b19b097fb0ef10f25a
GET /wa0dTSUMIKD0vfB8uN3R7U35ncHdNLSAmLRt6EjgWWyonOC0JLx4qIAcfBm83ESNueWUHJj0ufk0iPSp+WmEyLSFWc3U9MwQsbicxATU1PjUdJSpvNgp6PiY5Ais/KGZZAWZnc051Y2E0Aik3JjQYYmF5LR9iYXlyW2ljbHApYmF5NAIpZX1mWAV2e3MTcW-dscCliYXkxHWJgCHJbcn15ak51Yy4mCCw8bHEtdWN4c1t2Y3hmWXc1IDEOITwxZlkBYnl2RXd1PH5a HTTP/1.1
Host: d1sqvt36mg3t1b.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://superjuryger.xyz/
HTTP/1.1 200 OK
Content-Length: 610
Connection: keep-alive
Date: Sun, 11 Dec 2022 23:29:44 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: u2elEyLBJompaTatfczrS-suFVFs-GHgLSS0zmZ8ZBILdYBYqZPS1A==
temperrunnersdale.com/pixel/purst?dl=0&th=0&sc=0&rs=1228&rd=1228&fd=336&bv=22.10.v.10&tmpl=136
200 OK 0 B URL HTTP/1.1 temperrunnersdale.com/pixel/purst?dl=0&th=0&sc=0&rs=1228&rd=1228&fd=336&bv=22.10.v.10&tmpl=136
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1228&rd=1228&fd=336&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:29:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
addresseepaper.com/sfp.js
200 OK 2.6 kB URL HTTP/1.1 addresseepaper.com/sfp.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Hash 41f66bb0ac50f2d851236170e7c71341
59bcec216302151922219b51be8ad8ab6d0b8384
ec99cca58b612ce268e6ada818dfcec0acc22dd1bbe372487be9abbdd07ce073
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 11 Dec 2022 23:29:44 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:37 GMT
ETag: "638fbf09-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_ksH1sTc9EjXCmWZup74uFSR+dkwy0KAqHyDjqCX5+b0zeGjsBDwHGeUXqHO1YTnGXNMqi9DZqRg/7nsDREvaAw
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google
ocsp.sectigo.com/
200 OK 472 B IP
Hash 8db5e5fdd6de1be318e1e2eb919fb0e7
8258c78d87a302be368193b851b55c8e32107c82
143d463b64c5b6772aa9f446e7ea1bb201fe8ce57b25779a6c99dd416a660c7f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 23:29:44 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Dec 2022 16:52:37 GMT
Expires: Thu, 15 Dec 2022 16:52:36 GMT
Etag: "8258c78d87a302be368193b851b55c8e32107c82"
Cache-Control: max-age=321171,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7782010a7e4db4ed-OSL
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 899
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 11 Dec 2022 23:29:44 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: http://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 614762d0c6240816d632e1caf7f41f07
0279336a498eba511933690a438e058654169c6e
3b04fd0c54b824c922c8db2c4e79ff54234ace47d9e2cfdc354263e77a87e1e3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3B04FD0C54B824C922C8DB2C4E79FF54234ACE47D9E2CFDC354263E77A87E1E3"
Last-Modified: Sun, 11 Dec 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2729
Expires: Mon, 12 Dec 2022 00:15:13 GMT
Date: Sun, 11 Dec 2022 23:29:44 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 165cab5e8773c2efa14c92a3e9c175bd
b748989dd5e6d57aee46e27eb8eb2c377e736550
a704116ea736ca16ace060115930624785b33e0f0ba8819e60406336561ced34
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A704116EA736CA16ACE060115930624785B33E0F0BA8819E60406336561CED34"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15662
Expires: Mon, 12 Dec 2022 03:50:46 GMT
Date: Sun, 11 Dec 2022 23:29:44 GMT
Connection: keep-alive
a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/dependencies_hbv4_latest/vdo.min.js?v=v2.2 HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 23:29:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Dec 2022 00:29:44 GMT
Location: https://a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8p96hrcqplqfvN5cVIsw3P6Isi3Ye0P3WWDqhCpe0pU73FKpUNu9Dbc4sDJyWYuvuabgH92CpLpdCuyZsrm9FiECqIAn84ESNf7xVBzaBnxEKp%2FJ0Ve8VvwPEA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7782010d3e7323e3-LHR
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: sKBxGfPaSxS+qr+aZfpXTw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Hkr8hJcOLKxqOISZ0S0824+XyHU=
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 11 Dec 2022 21:34:02 GMT
expires: Sun, 11 Dec 2022 23:34:02 GMT
cache-control: public, max-age=7200
age: 6942
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4f59766c2fbd3c45359e028feba76529
01ca4b880afac47af0d6c0cd7d996ffccff57132
d54cf91ffbf4c5147cc6ea9c5cae537d3ae442513a34e9c1fe6a5169aa13174d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 3a1942bd2fc7c60d1cfffd1b72f202c1
2b95e8b0f97322d14ba4797016bf34314795771f
219bdf287c5cd0a9141d291c0d07db3831f095f2be854cbfe654ac57f2b7e49e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5393
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:44 GMT
Last-Modified: Sun, 11 Dec 2022 21:59:51 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
pogothere.xyz/asd100.bin
200 OK 103 kB IP
Size 103 kB (102872 bytes)
Hash 5bdff286f776efbc0b84d7a4f50852e5
213cc70e17ef97a7bca4ace982c565382a6d8543
de088476deecf45dfa72881f870957ee1f84d827388996654de03f0c7aa67225
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:29:43 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Sun, 11 Dec 2022 23:29:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SiH%2B%2B8LJ4fSpkXHv17aRLlrXY%2Fwpy5LyxRnCnzffxdXdYxq0qxN2u4BP88X9P5yaBRwV7D1AblU38HZj9D2HUcfIrwL9Wl3%2BeT5mVGUUL53MKbBLSDYyjbdHq6rKJ7Wr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77820108bc9076c6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 165cab5e8773c2efa14c92a3e9c175bd
b748989dd5e6d57aee46e27eb8eb2c377e736550
a704116ea736ca16ace060115930624785b33e0f0ba8819e60406336561ced34
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A704116EA736CA16ACE060115930624785B33E0F0BA8819E60406336561CED34"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15662
Expires: Mon, 12 Dec 2022 03:50:46 GMT
Date: Sun, 11 Dec 2022 23:29:44 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 8e5cff5d4f138e56f8da9eb3eb16c721
be80c527d1487e4688b1e5735e386c0441d64961
071418adb6435af341b58e68afba9e252e6dc043c35365b949221120cab219db
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 11 Dec 2022 23:29:44 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-620299711%3A1670801384569155&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5J2X-3vYQUbXKX-8A-zuDoOTW1gLWDBXwtCKm72c8nJeRiBfqa_fovcs2cBkcrTNJycQI1sw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-z1TPDR7T_yLFnfLaSfF6OA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:j88UNejU7PSkk4oC_f21FPgoMq-7-Q:qOnAxHdhT5aUkvkA;Path=/;Expires=Tue, 10-Dec-2024 23:29:44 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 389 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash ccf61261160a4d68b2e4fb2f7f6ac9df
27a222848073f61b7ab555469639bdbfc4462045
2f174743db853b041df3b9795d5bb881bbbce7e99294e891f738a4fc2cf22d9e
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 11 Dec 2022 23:29:44 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S890208080%3A1670801384618758&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh6fAJo4q1v0IIAsqDTEBInvaAkQ63kPH9f0CnZYB0DS3IYnGQjGWNpJo9nGlTaL8B64-Sem-g
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-7E8WKpWdgXbRq3fgf13i7g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 389
server: GSE
set-cookie: __Host-GAPS=1:-LHlYqBdJvwNg7hrlM9zg_nk_d-lsw:fw33M_oHiy8Af1rJ;Path=/;Expires=Tue, 10-Dec-2024 23:29:44 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7064f6619ec94ac742915441ddf9be63
07864ef6316dfb3bfd38d602d2c38d237da8e61e
501f0b2261360de41668fde33f0518321c9335d5e1eab0f4a1014f75e061cca1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
keterrehepren.xyz/popunder.gif
301 Moved Permanently 0 B URL HTTP/1.1 keterrehepren.xyz/popunder.gif
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 23:29:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Dec 2022 00:29:44 GMT
Location: https://keterrehepren.xyz/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uFjZcJMSn5LZXrMi%2BucjqxGHQ9z7sokAT0qOezlg%2FAesX7tX%2BUKhEyfuI0MUvxSErzcXgmj%2FVCcYuezNkGDdQMdIjNcHUuckj1yaKpwq0OfKUsIsYQ4nvgKRQqPTYlymJJ5psA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7782010e2a151c16-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
200 OK 506 B IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 850fd779b1bc1ef9eeceb3dc83bdc940
d005c01858d91534f37626bd23334dd21bee52b8
e39f5a01fe1c0602b12c8cda6e42fc25c733fc6081f3ed9a115870f9eba0c0c7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5393
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:44 GMT
Last-Modified: Sun, 11 Dec 2022 21:59:51 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
temperrunnersdale.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb
200 OK 4.0 kB URL HTTP/1.1 temperrunnersdale.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb
IP
File type JSON data\012- , ASCII text, with very long lines (5609), with no line terminators
Hash 1c3737c0b597d8e835c5dc9949c75b91
42f4d2ec0b421fd0f193b528086a073f17a29755
029234f023447fa928c9acbb4282d382d651e9bae0807c35820747abe55501fc
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:29:44 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://exee.app
Access-Control-Allow-Origin: http://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Mon, 12 Dec 2022 23:29:44 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 12 Dec 2022 23:29:44 GMT; secure; SameSite=None
uncs=1; expires=Mon, 12 Dec 2022 23:29:44 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 12 Dec 2022 23:29:44 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 12 Dec 2022 23:29:44 GMT; secure; SameSite=None
slecf585f65c6c65123b95dd09be324de3bb=[3364903]; expires=Sun, 11 Dec 2022 23:29:49 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2d47399d193378c19682c25b419aace1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
200 OK 279 B IP
Hash 25880c5debe9ae26baa02044822a1fbc
5ff23639c3183d18a20c5a3dbadaa0f809b080f0
2ecb24d2679e935e7ac85a3dfd9a0aad32138ca82764ae14263c6ebbf087a998
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6085
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:44 GMT
Last-Modified: Sun, 11 Dec 2022 21:48:19 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
temperrunnersdale.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s0PfuBFZS8KwuBFBZl0T08nGfewGNdIMJvE3ZV4tP71pEx1V1PVPT0JCMHFZY%2FjRTx2vskfdl3EBa%2BCTASRgGB7kBzMWfAkwp48yEwGRh9UvffV9w7f917dPyguiI%2BCnm%2FeMntKazofNf3Gq1sqFaZ0jfW7jcBv%2BtcbWypdaF9v9MeX7b0R%2BFHTf63xjuQ7Zr7lB74f%2BEFjRVkZm%2F78hIXKHneCZsdvtlvNIGqjb%2F%2BLXeHBUQ%2Bid0GehxL1%2F7Z%2FfALFR0iTr29Kt5Ob7PW3k0LT3Fj0xMn76U5qyhTJrIythzg9mXbDuJqQL67ApCdTBzC9w7EDMFUT79cALD2ZygTrHV0qZRoyBRPPoOyNIPUIio7AzT0o8TMBuMD6BtLkeN3Yku5esnTM1mTu6V9QZU3mfruGNPlqWat%2B447RRa5M6tCPK6j%2BCKo7QlacIt%2FzoMpT8PwTKPETmX%2B6hjQ53HDaQIlq4l6pEVQ8gpYDUOehGB%2FloYg9FJmHRJw3aNSJfX8xZnEYLrU552HIebS0ICIRtpdiHwUfyxsgzwbgegBu95HZfeyoAWzxHdx2BSc8uLwm3nv76IkKpSQoHUFJCUpFUOYEZa86Etq1XHUstCtYMM2taQ6rocm7B%2FTI5F2ZkoPsgjw3nov37KNr2JHnjThaiuKFiC%2FwhShohawTCeF3mAxbbSFDxuBUBeWuTKzuqZpc%2FfgPZKomV5bnwegpnD4FVy%2BDFi%2BBlsPFlg%2B6PWwv%2BdhLj2VfNpWBMBWyfA75rnegL8gLk82EH7wCyc9ufMhu1X8%2B%2FBvcVshshY%2FU9wRd%2FWB425Tk8LYpHXmykeUqUXt0vLU7Oc3l1Ufvyt3SWLF60w0evsnHxLh8fFe6fI2mQqVdR75cVkJIu2Isl%2BTbVbcl2WbhtpcLmxbZ2uZbK6tJZqVzyqQjUFUT8sMZuKrJ%2F785mvzIFz%2B9D2VHsEWFpDgj04Ayp%2BDZPlw20%2B8MgdWzHpZ5KItqaFts9qgVgZYzTFkF9y%2FMZvWBe4Cu9UDze0iTCj1boacrUD2AK64O88ye3fglnASY9oZMW%2B%2BQaas%2FuxyuU%2BcNGcV%2BLP2WZHGHxYvUF5243WG0E8hFFtEAuav5593f%2FwEAAP%2F%2FAQAA%2F%2F93uFKdaQQAAA%3D%3D
200 OK 7 B URL HTTP/1.1 temperrunnersdale.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s0PfuBFZS8KwuBFBZl0T08nGfewGNdIMJvE3ZV4tP71pEx1V1PVPT0JCMHFZY%2FjRTx2vskfdl3EBa%2BCTASRgGB7kBzMWfAkwp48yEwGRh9UvffV9w7f917dPyguiI%2BCnm%2FeMntKazofNf3Gq1sqFaZ0jfW7jcBv%2BtcbWypdaF9v9MeX7b0R%2BFHTf63xjuQ7Zr7lB74f%2BEFjRVkZm%2F78hIXKHneCZsdvtlvNIGqjb%2F%2BLXeHBUQ%2Bid0GehxL1%2F7Z%2FfALFR0iTr29Kt5Ob7PW3k0LT3Fj0xMn76U5qyhTJrIythzg9mXbDuJqQL67ApCdTBzC9w7EDMFUT79cALD2ZygTrHV0qZRoyBRPPoOyNIPUIio7AzT0o8TMBuMD6BtLkeN3Yku5esnTM1mTu6V9QZU3mfruGNPlqWat%2B447RRa5M6tCPK6j%2BCKo7QlacIt%2FzoMpT8PwTKPETmX%2B6hjQ53HDaQIlq4l6pEVQ8gpYDUOehGB%2FloYg9FJmHRJw3aNSJfX8xZnEYLrU552HIebS0ICIRtpdiHwUfyxsgzwbgegBu95HZfeyoAWzxHdx2BSc8uLwm3nv76IkKpSQoHUFJCUpFUOYEZa86Etq1XHUstCtYMM2taQ6rocm7B%2FTI5F2ZkoPsgjw3nov37KNr2JHnjThaiuKFiC%2FwhShohawTCeF3mAxbbSFDxuBUBeWuTKzuqZpc%2FfgPZKomV5bnwegpnD4FVy%2BDFi%2BBlsPFlg%2B6PWwv%2BdhLj2VfNpWBMBWyfA75rnegL8gLk82EH7wCyc9ufMhu1X8%2B%2FBvcVshshY%2FU9wRd%2FWB425Tk8LYpHXmykeUqUXt0vLU7Oc3l1Ufvyt3SWLF60w0evsnHxLh8fFe6fI2mQqVdR75cVkJIu2Isl%2BTbVbcl2WbhtpcLmxbZ2uZbK6tJZqVzyqQjUFUT8sMZuKrJ%2F785mvzIFz%2B9D2VHsEWFpDgj04Ayp%2BDZPlw20%2B8MgdWzHpZ5KItqaFts9qgVgZYzTFkF9y%2FMZvWBe4Cu9UDze0iTCj1boacrUD2AK64O88ye3fglnASY9oZMW%2B%2BQaas%2FuxyuU%2BcNGcV%2BLP2WZHGHxYvUF5243WG0E8hFFtEAuav5593f%2FwEAAP%2F%2FAQAA%2F%2F93uFKdaQQAAA%3D%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s0PfuBFZS8KwuBFBZl0T08nGfewGNdIMJvE3ZV4tP71pEx1V1PVPT0JCMHFZY%2FjRTx2vskfdl3EBa%2BCTASRgGB7kBzMWfAkwp48yEwGRh9UvffV9w7f917dPyguiI%2BCnm%2FeMntKazofNf3Gq1sqFaZ0jfW7jcBv%2BtcbWypdaF9v9MeX7b0R%2BFHTf63xjuQ7Zr7lB74f%2BEFjRVkZm%2F78hIXKHneCZsdvtlvNIGqjb%2F%2BLXeHBUQ%2Bid0GehxL1%2F7Z%2FfALFR0iTr29Kt5Ob7PW3k0LT3Fj0xMn76U5qyhTJrIythzg9mXbDuJqQL67ApCdTBzC9w7EDMFUT79cALD2ZygTrHV0qZRoyBRPPoOyNIPUIio7AzT0o8TMBuMD6BtLkeN3Yku5esnTM1mTu6V9QZU3mfruGNPlqWat%2B447RRa5M6tCPK6j%2BCKo7QlacIt%2FzoMpT8PwTKPETmX%2B6hjQ53HDaQIlq4l6pEVQ8gpYDUOehGB%2FloYg9FJmHRJw3aNSJfX8xZnEYLrU552HIebS0ICIRtpdiHwUfyxsgzwbgegBu95HZfeyoAWzxHdx2BSc8uLwm3nv76IkKpSQoHUFJCUpFUOYEZa86Etq1XHUstCtYMM2taQ6rocm7B%2FTI5F2ZkoPsgjw3nov37KNr2JHnjThaiuKFiC%2FwhShohawTCeF3mAxbbSFDxuBUBeWuTKzuqZpc%2FfgPZKomV5bnwegpnD4FVy%2BDFi%2BBlsPFlg%2B6PWwv%2BdhLj2VfNpWBMBWyfA75rnegL8gLk82EH7wCyc9ufMhu1X8%2B%2FBvcVshshY%2FU9wRd%2FWB425Tk8LYpHXmykeUqUXt0vLU7Oc3l1Ufvyt3SWLF60w0evsnHxLh8fFe6fI2mQqVdR75cVkJIu2Isl%2BTbVbcl2WbhtpcLmxbZ2uZbK6tJZqVzyqQjUFUT8sMZuKrJ%2F785mvzIFz%2B9D2VHsEWFpDgj04Ayp%2BDZPlw20%2B8MgdWzHpZ5KItqaFts9qgVgZYzTFkF9y%2FMZvWBe4Cu9UDze0iTCj1boacrUD2AK64O88ye3fglnASY9oZMW%2B%2BQaas%2FuxyuU%2BcNGcV%2BLP2WZHGHxYvUF5243WG0E8hFFtEAuav5593f%2FwEAAP%2F%2FAQAA%2F%2F93uFKdaQQAAA%3D%3D HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Cookie: u_pl=17869332; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:29:44 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c01a5696f2582c47446279e179e0458c
Strict-Transport-Security: max-age=0; includeSubdomains
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/1.1 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20039
Date: Sun, 11 Dec 2022 22:13:47 GMT
Expires: Mon, 12 Dec 2022 00:13:47 GMT
Cache-Control: public, max-age=7200
Age: 4558
Last-Modified: Tue, 27 Sep 2022 22:01:05 GMT
Content-Type: text/javascript
imasdk.googleapis.com/js/sdkloader/ima3.js
200 OK 256 kB URL HTTP/1.1 imasdk.googleapis.com/js/sdkloader/ima3.js
IP
Size 256 kB (255993 bytes)
Hash 11da526a8a2803bdb04a2ee025b97185
af34a52cd2f289fc740f2318ecc05b2b820bc250
55d3b5e35b381b591a1ef812c4a0539cb436b9ce45d96e4e7d6d8a4d1cdbef4d
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Content-Length: 126857
Date: Sun, 11 Dec 2022 23:29:45 GMT
Expires: Sun, 11 Dec 2022 23:29:45 GMT
Cache-Control: private, max-age=900, stale-while-revalidate=3600
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
a.vdo.ai/core/assets/vdo.player.js
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/assets/vdo.player.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/assets/vdo.player.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 23:29:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Dec 2022 00:29:45 GMT
Location: https://a.vdo.ai/core/assets/vdo.player.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RduLDSXRyz%2B8aGRAZ8iFFrIxP1tgtusFm3Xct5efnSIV0hopiMBv71btlqHiqKNzrzTzqe664SVpCzsP4VvFph7pmeQmgFOci02dDoiS8%2B1JMZFzt6ZhYgrFOw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 778201131cfc23e3-LHR
alt-svc: h2=":443"; ma=60
a.vdo.ai/core/assets/rtb_v6.24.1.js
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/assets/rtb_v6.24.1.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/assets/rtb_v6.24.1.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 23:29:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Dec 2022 00:29:45 GMT
Location: https://a.vdo.ai/core/assets/rtb_v6.24.1.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fb6W6j9PEWcthRgGxzjTIYsb0o55Ed%2F86WVdppORaICL2DuJT3qeJQPJecTCoMaqCGukq%2BIdkzuPLyl0Ut0Lz%2F0Inf4h0Qn9pyoWKaOtC4pnswNZgV%2FruWmsLw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 778201134d3223e3-LHR
alt-svc: h2=":443"; ma=60
a.vdo.ai/core/v-exee-app/vdo.ai.js
200 OK 5.9 kB URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP
File type ASCII text, with very long lines (9548)
Hash 354ec4c8336ff15e502969ba4e42932d
fb2dde4a9f21567c73d1570e0520de9d2b9d5ff6
80ee11ce36e49b0ce4cc6763ff42cad5647445a0c9779d6ecc701efaa49e507e
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:29:44 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
vdo-server: Tag2
cache-control: public, max-age=1800
x-varnish: 31301893 27443957
via: 1.1 varnish-v4
x-cache: HIT
cf-cache-status: EXPIRED
last-modified: Sun, 11 Dec 2022 23:29:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=329Ij%2BZkdIDVzGflMm%2BEqKKdWczDlyddC81aaBUDCuJDtNv3Z59u16TuWWUvJg6LPqGQXA71agm%2FR6TUF17vtKbdtzc%2Bck%2FMD9IKnYYO6vLrGlrYAYi3uYDzTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 778201098f5674f1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
temperrunnersdale.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Findex.html&l=1659&fd=637
200 OK 1 B URL HTTP/1.1 temperrunnersdale.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Findex.html&l=1659&fd=637
IP
File type very short file (no magic)
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Findex.html&l=1659&fd=637 HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:29:45 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5387
Expires: Mon, 12 Dec 2022 00:59:32 GMT
Date: Sun, 11 Dec 2022 23:29:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5387
Expires: Mon, 12 Dec 2022 00:59:32 GMT
Date: Sun, 11 Dec 2022 23:29:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5387
Expires: Mon, 12 Dec 2022 00:59:32 GMT
Date: Sun, 11 Dec 2022 23:29:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5387
Expires: Mon, 12 Dec 2022 00:59:32 GMT
Date: Sun, 11 Dec 2022 23:29:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5387
Expires: Mon, 12 Dec 2022 00:59:32 GMT
Date: Sun, 11 Dec 2022 23:29:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5d9c5ff-aaa2-4c2a-ab2b-661f84126bf7.jpeg
200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5d9c5ff-aaa2-4c2a-ab2b-661f84126bf7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 86bce3d677c0dd541440ebf38920020d
f11e21b6ad97e07b1d7103ad40a2e158e06fda73
9e23bc16cd1402d9124ebb9e625a5580f677ca9e008d3e04dc95080072fd1df4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5d9c5ff-aaa2-4c2a-ab2b-661f84126bf7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7104
x-amzn-requestid: b1117224-be51-4e21-8b3b-01e5485f0af0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAD2yH4loAMFuWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964cf8-1382e1a6710239ec629eedb8;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:34:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A--8wjYJWCj_JD6eaj3FoD0dLarj6gvH2uQrmsEDLgPwZdQgtUmaoA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:57:39 GMT
etag: "f11e21b6ad97e07b1d7103ad40a2e158e06fda73"
content-type: image/jpeg
age: 5526
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 8.3 kB IP
Hash 8095670638a3bf555b3d65f0004101dc
cd6b3fcb96f5118c89d2f3a5aadb773bba879879
818be2abf7523157d1eceacee5ec2ec8c9014fef6e79cbca3975e896e865bf06
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 123
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:29:44 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m6QQzrdih3ujXsBIaZSG%2B5%2BVOtzyoh88rCY2UVFRiKju0ix2Ve%2BJXFA38qLGV34k%2Fh5cOKRKKtV%2FGyNhO%2BSThMFuoYRjp59%2B%2FxvZ44NRx2NceqJyFPsS9ZnFVaIEEpJh7FSX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7782010c0ad175e3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88407255-b58e-4d61-b541-1988ad75d924.jpeg
200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88407255-b58e-4d61-b541-1988ad75d924.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2e59be0fbcd4346b5443bbdcef48ec35
c05a1da112086b95fdbf9e6708e3b18c31e86571
1ca6f638b2eb25ae571b7e90bb2608a9f58ff9bf19ef5b1a63d2139b58d4874e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88407255-b58e-4d61-b541-1988ad75d924.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5984
x-amzn-requestid: ed8f43e9-be23-4523-8b59-dd466ab09daa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAENsHo5oAMFtLQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d8a-7aaa2ff15d6a0e302b2872ed;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: f6bt_c-6ENkvtjFeL8Qe1D5l8VrL1bC3vIk0TXSsAuVZGSa74SQwCA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 22:21:33 GMT
age: 4092
etag: "c05a1da112086b95fdbf9e6708e3b18c31e86571"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb38d4a88-9422-41e0-90f0-cc19c2816f8a.jpeg
200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb38d4a88-9422-41e0-90f0-cc19c2816f8a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ccb6f5a22e2436f35e44eb111ecba475
646216151e3c1aa66f30c323f0ad19b713dc6b90
0855d5b41708252c6bdb88382c64c6ed89721523d430333a5816b85f9e901b4b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb38d4a88-9422-41e0-90f0-cc19c2816f8a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: 692cfc2b-ef1e-432b-adc6-cbe71b948ad0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAD7HFCOIAMFk1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d13-6e956e071331a1560d4f6f3f;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:35:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _oHlFqzoduZMveEpKAjhlrpdCQqdAOU-UrcM8DWwXR70K1e7xYA2Qw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:58:39 GMT
etag: "646216151e3c1aa66f30c323f0ad19b713dc6b90"
content-type: image/jpeg
age: 5466
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95361d29-1f54-4e09-a474-8c1dad517a28.jpeg
200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95361d29-1f54-4e09-a474-8c1dad517a28.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a85ca34ade4d110c1a003e236440e330
01131ebb7bb94c36c441336dd4a21415be702c80
691205cb45ccec2bb7470b541eb2ffb45b63aec175ea3932ff54e6aa1dd375b8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95361d29-1f54-4e09-a474-8c1dad517a28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9066
x-amzn-requestid: 2e43266d-096b-429b-972f-15886558a84d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAENsFgToAMFd2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d8a-22c942d80ac86fb53f742405;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jUzAMkz0SJIT8Cqi0QnElPGp25QQ8hcLr7wPDugzdL2rldwHdhnsEw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 22:04:40 GMT
age: 5105
etag: "01131ebb7bb94c36c441336dd4a21415be702c80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F665ae3f9-217a-4a26-a3ba-2af041aeaf35.jpeg
200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F665ae3f9-217a-4a26-a3ba-2af041aeaf35.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a37f35b8baf163928afa96129d83305
23ec6d9f18c44680415659b987399014c20b6954
13eb6db6765e1a69ba386cdb12d1451596ddebfcef20f1dbdf34f132c7f6c8f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F665ae3f9-217a-4a26-a3ba-2af041aeaf35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7408
x-amzn-requestid: 97306647-44c0-4d73-9625-f0af54acb577
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAD4MFTkoAMFX_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d01-46d74b3f283ba5895aef6d3e;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:34:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XIdLQlkXcJ5PdAXw1Fb7i6CAaKnLuagCbzkMPBmcYeuSQJh_AwoMVw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:45:17 GMT
age: 6268
etag: "23ec6d9f18c44680415659b987399014c20b6954"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FBeErc&tag=v-exee-app&domain=exee.app
200 OK 2.3 kB URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FBeErc&tag=v-exee-app&domain=exee.app
IP
File type JSON data\012- , ASCII text, with very long lines (9656)
Hash ab87e35d4290d6daf3c24464ce126bb8
a30c8685bf1eed45d13b9ae1977e712f7fb78076
f467def3ddd01b26f470b02af6275e924abf8e8f7c707caf0908df8b9ed22f65
GET /allowed_url.php?type=json&url=exee.app%2FBeErc&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:29:44 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GXPrO%2Bk1yjV4Cl%2FEnEcEL3fKzHhlZ%2Fo34Z7%2FvqZ4tkq2dknVZpmqUKuK0Davdfu5E08Zk0ynQJF4x4k1Ckdnm%2Fq0DwWykzFKkqg%2FP6fDyvkdGWpIrz7%2BuEAoZtDlm4vUf%2FjK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7782010c0b8c547b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/icon.jpg
200 OK 83 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/icon.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=821, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1232], progressive, precision 8, 435x290, components 3\012- data
Hash 85f73b8e6875d66c6d73ebdefc72c793
7281bfc203aa9c27601828765ba37b28b79c2476
f2772dd68c9e122cb84b4c535502d3c7034437ca7c053fc781da626cf1a1064f
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/icon.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:29:45 GMT
content-type: image/jpeg
content-length: 82807
last-modified: Tue, 08 Feb 2022 14:25:26 GMT
etag: "62027d56-14377"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 583646
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vDkRfXkbB0JT0VWKsjjAxXe45oZ8STHiQLqQW5Aa2nFouVA18Q0HNoid2O2CrWDmqgJ27XuWqWn04QYNXgFh8Ql8uWBLMU2spVJjH8K1wytmIY9LrSa%2Fxiw24TX%2Fr7GMIswQ7kyR4SGO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77820114dcd42407-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash f2fe38459d0ccc099737952c3fb1120d
ba046b002ef7febee75a5c144b2dee517d980ff0
47d8f1731767a59740ddecb7692a6e7697912303ca860e9900fee4b3f3a0a80a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "47D8F1731767A59740DDECB7692A6E7697912303CA860E9900FEE4B3F3A0A80A"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7188
Expires: Mon, 12 Dec 2022 01:29:33 GMT
Date: Sun, 11 Dec 2022 23:29:45 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7064f6619ec94ac742915441ddf9be63
07864ef6316dfb3bfd38d602d2c38d237da8e61e
501f0b2261360de41668fde33f0518321c9335d5e1eab0f4a1014f75e061cca1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
imasdk.googleapis.com/js/core/bridge3.549.0_en.html
200 OK 227 kB URL HTTP/1.1 imasdk.googleapis.com/js/core/bridge3.549.0_en.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (39845)
Size 227 kB (227324 bytes)
Hash 218d94ccb369687311175f7ec00afc59
c95b5a666ae1f797bd900eb761edf66d6493babc
6ccbc5be5e00381dfe25726314816f570041c6525318d83cabbe6d5599b925e3
GET /js/core/bridge3.549.0_en.html HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Content-Length: 227324
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 23:13:10 GMT
Expires: Thu, 07 Dec 2023 23:13:10 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 07 Dec 2022 23:06:21 GMT
Content-Type: text/html
Age: 346596
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/index.html
200 OK 3.4 kB URL HTTP/2 cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/index.html
IP
File type HTML document text\012- HTML document, ASCII text
Hash 9837b1944cbfbf6a0e10c3661e6f073c
69d84858d2fbec4b4e74be6267f4e58acc351d15
b620316149058377123d9c6410e9d8eda4705b9f30c6cfeb06d49b4aac1548c9
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:29:45 GMT
content-type: text/html
last-modified: Wed, 09 Feb 2022 11:25:40 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=62sH13lwCN%2FUEi8bk1U%2BjRBLO5ZfsLefesmXmiUNFhQC72odvyyvuw5Ty1HDiU83%2BrkueREdK4P8vfO2VzowXpl3AjQhoQs5Rm4JvZb0MVrpUCbM83tIpSpZKR9vFHlmS24mebY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7782010fcb96b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.vdo.ai/core/assets/img/logo.svg
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/assets/img/logo.svg
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/assets/img/logo.svg HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 23:29:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Dec 2022 00:29:46 GMT
Location: https://a.vdo.ai/core/assets/img/logo.svg
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p0Zvn8XDcanvN5lnSmHBoX8l568cuyQP8%2FkdNwzdmZ6V7IYuBxdhLcpkYEO16BsuO5bIVgZQbTjRHVcSyowrICufuyENQDvk6dWG6FWnYyVjS1dSXkbalsQcGA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 778201194fef2406-LHR
alt-svc: h2=":443"; ma=60
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 11 Dec 2022 23:04:29 GMT
expires: Mon, 12 Dec 2022 00:04:29 GMT
cache-control: public, max-age=3600
age: 1517
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6c797045ce2453615ff57e1749364ccd
30192a4c14e94cdb789832ead604861432296e2e
96867aa0b5bea168df793e580b71dcf005c1afb5786780230b8aadfc4bf6648c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/close.svg
200 OK 2.2 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/close.svg
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash aba6c52cdf9b90c6cede3f5b4970b99f
822cc6f02d4c90f02769dac597b9cc2e94705665
de49a6be3f7f526ed750c35baf95d3dc71efc35164f991347ec545c71ae59c8c
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:29:45 GMT
content-type: image/svg+xml
last-modified: Mon, 17 Jan 2022 14:26:00 GMT
etag: W/"61e57c78-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 583646
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F6o5dD4OrtuEFtw4NeHnP4QNcZrPx6CY6PgPah7seFEUg47wWTgJBLnFdXYCr3320Up1P2fREbGbUR6lIa24yG0O6VNLR9FyV0aKFAZNNLk6sts630ILUpt%2F%2BxpY%2BQZJSBM1PrmqN0Db"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77820114dcd12407-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash ab7e3876457704d11addbee121cd2bd7
e764783b909d925899facc2dde59c94f20b261dc
37ed52eaeaef24a31e5d436f44c12ee44f960445fe7c25bc7e43b7994ff3a159
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 11 Dec 2022 23:29:46 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 11 Dec 2022 19:38:47 GMT
Expires: Mon, 12 Dec 2022 19:38:47 GMT
ETag: "e764783b909d925899facc2dde59c94f20b261dc"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash ab7e3876457704d11addbee121cd2bd7
e764783b909d925899facc2dde59c94f20b261dc
37ed52eaeaef24a31e5d436f44c12ee44f960445fe7c25bc7e43b7994ff3a159
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 11 Dec 2022 23:29:46 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 11 Dec 2022 19:38:47 GMT
Expires: Mon, 12 Dec 2022 19:38:47 GMT
ETag: "e764783b909d925899facc2dde59c94f20b261dc"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
temperrunnersdale.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fstyle.css&l=10065&fd=339
200 OK 0 B URL HTTP/1.1 temperrunnersdale.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fstyle.css&l=10065&fd=339
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fstyle.css&l=10065&fd=339 HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:29:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.16.1
Date: Sun, 11 Dec 2022 23:29:46 GMT
Connection: keep-alive
Expires: Mon, 11 Dec 2023 23:29:46 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
temperrunnersdale.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fjs%2Fscript.js&l=468&fd=343
200 OK 0 B URL HTTP/1.1 temperrunnersdale.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fjs%2Fscript.js&l=468&fd=343
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fjs%2Fscript.js&l=468&fd=343 HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:29:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
temperrunnersdale.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fanimate.css&l=79245&fd=358
200 OK 0 B URL HTTP/1.1 temperrunnersdale.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fanimate.css&l=79245&fd=358
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fanimate.css&l=79245&fd=358 HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:29:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
200 OK 7.7 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
IP
Hash 928d1e1d2c8615e123add5e629634f60
222ab4d2b2ea090da583b3dc356f0979f4d6801c
9be36bbf2e0af17b45c5347c4917a457db6165f11070bf0d9410961268a6ae23
GET /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sun, 11 Dec 2022 23:29:46 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d3b-bf8c"
Expires: Mon, 11 Dec 2023 23:29:46 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 21:13:27 GMT
Expires: Thu, 07 Dec 2023 21:13:27 GMT
Cache-Control: public, max-age=31536000
Age: 353779
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 21:12:42 GMT
Expires: Thu, 07 Dec 2023 21:12:42 GMT
Cache-Control: public, max-age=31536000
Age: 353824
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
temperrunnersdale.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReuTvKDH3hR2YuCMHhRQSbd09PJjHtYjGskmE3i7ko8Wv96Uqamq6nqnp4EhODissfxIh473%2BQPuy7igldBJoJIQLA9SA7mLHgSYU8eZCYDow%2Bq3vvqe4fve6%2FuH%2BaXxEdOL7ZumX2lNV2M6n7t1W2VCFO42sbdWuDX%2Feu1bZUsNa%2FX%2BuPL9t4I%2FKjuv1Z7R%2FJds9jwA98P%2FKC2qqyMTX9xwkKlj9tBve3Xm416EDXRt%2F%2FFLvfgqAfRuyTPQ4nqfzs%2FPoHiIyTdr29Kt5uZ9PW3u7mmmbHoidP3k93EFAm6szK2HuLkdNoN4ypCvpiDSU6nDmB6R2MHYKoi3q8BWHI6lQnWO75SyjRkAiaeQdEbQeoRFB2Bm3tQ4mcCcIGNTSTdkw1jC7p3xdIxW5GFp39BFRVZ%2BO0aku5XK1r1a3eMzjNlEod%2BXEL1R1CdEdL8DNm%2BB1WcgWefQImfyOLTdSTdo02nDZQoJ%2B6VGkHFI2g5AHUe8vFRHvLYQ5566IqLGo3ase8vxywOw1aTcx6GnEetJRGJsNmKfeR8LG%2BALB2A6wG4PUBqD7CrBrD5d3A7JZzw4LKKeO8doCdKFJKgcAQFJSgUQZERFL3yWGjXcOWJ0C5nwTQ3pjkshybrHNJjk3VkQg7TS%2FLceC7es4%2BuYVde1OKoFcVLEV%2FiS1HQCFk7EsJvMxk2mkKGjMGpEsrNTazuq4rMf%2FwHUlWRuZVFMHoGp8%2FA1cug%2BUugxXC54YPuDJstH%2FvJiezLujIQpkSaLSDb8w71JXlhspnwg1cg%2BfmND9mt6s%2BHf4PbEqkt8ZH6nqCjHwxvm4Ic3TaFI08200x11T4db%2B1ORjM5%2F%2BhduVcYK9ZuusHDN%2FmYGJeP70qXrdNEqKTjyJcrSghpV43lkny75rYl28rdzkpukzxd33prda2bWumcMskIVFWE%2FHAOriry%2F2%2BOJz%2FyxU%2FvQ9kRbF6im5%2BTaUCZM%2FD0AC6d6XeGwOpZD0s9FHk5tA02e9SKQMsZpqyE%2Bxdms%2FrQPUDHeqDZPSTdEj1boqdLUD2Ay%2BeHWWrPb%2FwSTgJMe0OmrXfEtNWfXQ3XqYtaFDRli7WWuRBMchEsN8JW6PsNIZrLbRm0kbmKf975%2FR8AAAD%2F%2FwEAAP%2F%2FY7Dce2kEAAA%3D
200 OK 7 B URL HTTP/1.1 temperrunnersdale.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReuTvKDH3hR2YuCMHhRQSbd09PJjHtYjGskmE3i7ko8Wv96Uqamq6nqnp4EhODissfxIh473%2BQPuy7igldBJoJIQLA9SA7mLHgSYU8eZCYDow%2Bq3vvqe4fve6%2FuH%2BaXxEdOL7ZumX2lNV2M6n7t1W2VCFO42sbdWuDX%2Feu1bZUsNa%2FX%2BuPL9t4I%2FKjuv1Z7R%2FJds9jwA98P%2FKC2qqyMTX9xwkKlj9tBve3Xm416EDXRt%2F%2FFLvfgqAfRuyTPQ4nqfzs%2FPoHiIyTdr29Kt5uZ9PW3u7mmmbHoidP3k93EFAm6szK2HuLkdNoN4ypCvpiDSU6nDmB6R2MHYKoi3q8BWHI6lQnWO75SyjRkAiaeQdEbQeoRFB2Bm3tQ4mcCcIGNTSTdkw1jC7p3xdIxW5GFp39BFRVZ%2BO0aku5XK1r1a3eMzjNlEod%2BXEL1R1CdEdL8DNm%2BB1WcgWefQImfyOLTdSTdo02nDZQoJ%2B6VGkHFI2g5AHUe8vFRHvLYQ5566IqLGo3ase8vxywOw1aTcx6GnEetJRGJsNmKfeR8LG%2BALB2A6wG4PUBqD7CrBrD5d3A7JZzw4LKKeO8doCdKFJKgcAQFJSgUQZERFL3yWGjXcOWJ0C5nwTQ3pjkshybrHNJjk3VkQg7TS%2FLceC7es4%2BuYVde1OKoFcVLEV%2FiS1HQCFk7EsJvMxk2mkKGjMGpEsrNTazuq4rMf%2FwHUlWRuZVFMHoGp8%2FA1cug%2BUugxXC54YPuDJstH%2FvJiezLujIQpkSaLSDb8w71JXlhspnwg1cg%2BfmND9mt6s%2BHf4PbEqkt8ZH6nqCjHwxvm4Ic3TaFI08200x11T4db%2B1ORjM5%2F%2BhduVcYK9ZuusHDN%2FmYGJeP70qXrdNEqKTjyJcrSghpV43lkny75rYl28rdzkpukzxd33prda2bWumcMskIVFWE%2FHAOriry%2F2%2BOJz%2FyxU%2FvQ9kRbF6im5%2BTaUCZM%2FD0AC6d6XeGwOpZD0s9FHk5tA02e9SKQMsZpqyE%2Bxdms%2FrQPUDHeqDZPSTdEj1boqdLUD2Ay%2BeHWWrPb%2FwSTgJMe0OmrXfEtNWfXQ3XqYtaFDRli7WWuRBMchEsN8JW6PsNIZrLbRm0kbmKf975%2FR8AAAD%2F%2FwEAAP%2F%2FY7Dce2kEAAA%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReuTvKDH3hR2YuCMHhRQSbd09PJjHtYjGskmE3i7ko8Wv96Uqamq6nqnp4EhODissfxIh473%2BQPuy7igldBJoJIQLA9SA7mLHgSYU8eZCYDow%2Bq3vvqe4fve6%2FuH%2BaXxEdOL7ZumX2lNV2M6n7t1W2VCFO42sbdWuDX%2Feu1bZUsNa%2FX%2BuPL9t4I%2FKjuv1Z7R%2FJds9jwA98P%2FKC2qqyMTX9xwkKlj9tBve3Xm416EDXRt%2F%2FFLvfgqAfRuyTPQ4nqfzs%2FPoHiIyTdr29Kt5uZ9PW3u7mmmbHoidP3k93EFAm6szK2HuLkdNoN4ypCvpiDSU6nDmB6R2MHYKoi3q8BWHI6lQnWO75SyjRkAiaeQdEbQeoRFB2Bm3tQ4mcCcIGNTSTdkw1jC7p3xdIxW5GFp39BFRVZ%2BO0aku5XK1r1a3eMzjNlEod%2BXEL1R1CdEdL8DNm%2BB1WcgWefQImfyOLTdSTdo02nDZQoJ%2B6VGkHFI2g5AHUe8vFRHvLYQ5566IqLGo3ase8vxywOw1aTcx6GnEetJRGJsNmKfeR8LG%2BALB2A6wG4PUBqD7CrBrD5d3A7JZzw4LKKeO8doCdKFJKgcAQFJSgUQZERFL3yWGjXcOWJ0C5nwTQ3pjkshybrHNJjk3VkQg7TS%2FLceC7es4%2BuYVde1OKoFcVLEV%2FiS1HQCFk7EsJvMxk2mkKGjMGpEsrNTazuq4rMf%2FwHUlWRuZVFMHoGp8%2FA1cug%2BUugxXC54YPuDJstH%2FvJiezLujIQpkSaLSDb8w71JXlhspnwg1cg%2BfmND9mt6s%2BHf4PbEqkt8ZH6nqCjHwxvm4Ic3TaFI08200x11T4db%2B1ORjM5%2F%2BhduVcYK9ZuusHDN%2FmYGJeP70qXrdNEqKTjyJcrSghpV43lkny75rYl28rdzkpukzxd33prda2bWumcMskIVFWE%2FHAOriry%2F2%2BOJz%2FyxU%2FvQ9kRbF6im5%2BTaUCZM%2FD0AC6d6XeGwOpZD0s9FHk5tA02e9SKQMsZpqyE%2Bxdms%2FrQPUDHeqDZPSTdEj1boqdLUD2Ay%2BeHWWrPb%2FwSTgJMe0OmrXfEtNWfXQ3XqYtaFDRli7WWuRBMchEsN8JW6PsNIZrLbRm0kbmKf975%2FR8AAAD%2F%2FwEAAP%2F%2FY7Dce2kEAAA%3D HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Cookie: u_pl=17869332; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:29:46 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aeb68018a892422885911fd202993f38
Strict-Transport-Security: max-age=0; includeSubdomains
www.youtube.com/iframe_api
200 OK 70 kB URL HTTP/2 www.youtube.com/iframe_api
IP
File type ASCII text, with very long lines (509)
Hash 86400c965d44a58b43ebf70d32cfc156
3d919830bcf0173af2c56414ddd0e60d90777280
6d0aee132071ba97dfc70cfdd1560a024957c39f3ac20f5efedc427a1c320dca
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Sun, 11 Dec 2022 23:29:46 GMT
date: Sun, 11 Dec 2022 23:29:46 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=AdQpQsIkhCU; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=XFO0o_HwGVQ; Domain=.youtube.com; Expires=Fri, 09-Jun-2023 23:29:46 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+794; expires=Tue, 10-Dec-2024 23:29:46 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.16.1
Date: Sun, 11 Dec 2022 23:29:47 GMT
Connection: keep-alive
Expires: Mon, 11 Dec 2023 23:29:47 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
temperrunnersdale.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 temperrunnersdale.com/pixel/sbs?c=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Cookie: u_pl=17869332; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:29:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4ff941976d54fb3509d71d021fee5ec9
1d426b24ca16bb0043a838a9b066d44f23833468
bffa7b806f826caeee50cfc4a24b8ac1b1f9e7bc758cbb08c919c960bcaf082e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/instream/video/client.js
200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Sun, 11 Dec 2022 23:29:47 GMT
expires: Sun, 11 Dec 2022 23:29:47 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4ff941976d54fb3509d71d021fee5ec9
1d426b24ca16bb0043a838a9b066d44f23833468
bffa7b806f826caeee50cfc4a24b8ac1b1f9e7bc758cbb08c919c960bcaf082e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:29:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=exee.app
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 11 Dec 2022 23:29:47 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
206 Partial Content 391 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
IP
Size 391 kB (391040 bytes)
Hash 1b12fa9a67b15135ee51bd1adfdd5831
6803487aeb9c8614bcb7d5173fd5c8e8d99e8cbd
6c90bfc07e47febe7dd92eb1bc86b7f67d54a6cbad30577c9efe629eeeb24a22
GET /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-391039
vdoai: true
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.16.1
Date: Sun, 11 Dec 2022 23:29:47 GMT
Content-Type: video/mp2t
Content-Length: 391040
Last-Modified: Sat, 30 Jul 2022 00:37:15 GMT
Connection: keep-alive
ETag: "62e47d3b-113cda88"
Expires: Mon, 11 Dec 2023 23:29:47 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-391039/289200776
pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=http%3A%2F%2Fexee.app%2FBeErc&tfcd=0&npa=0&correlator=4273215949811263&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=http%3A%2F%2Fexee.app%2FBeErc&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.549.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.549.0&media_url=blob%3Ahttp%253a%2F%2Fexee.app%2F02bdbeee-aa74-49ec-a30b-40340df0191d&sid=5B9731A0-0927-4FE0-B2E8-685772CC66FD&nel=0&eid=44748969%2C44754608%2C44765701&dlt=1670801381569&idt=3357&dt=1670801385994&cookie_enabled=1&scor=3815265924325739&ged=ve4_td4_tt0_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
200 OK 113 B URL HTTP/2 pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=http%3A%2F%2Fexee.app%2FBeErc&tfcd=0&npa=0&correlator=4273215949811263&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=http%3A%2F%2Fexee.app%2FBeErc&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.549.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.549.0&media_url=blob%3Ahttp%253a%2F%2Fexee.app%2F02bdbeee-aa74-49ec-a30b-40340df0191d&sid=5B9731A0-0927-4FE0-B2E8-685772CC66FD&nel=0&eid=44748969%2C44754608%2C44765701&dlt=1670801381569&idt=3357&dt=1670801385994&cookie_enabled=1&scor=3815265924325739&ged=ve4_td4_tt0_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
IP
File type XML 1.0 document text\012- XML document, ASCII text
Hash 9e5d36292a75aef07bdde5891b2e4a7b
8d69904b7df5e550f1884e06c139bd9661eb2917
92ffc3ec51e068750c23ae95041fd670aa4aa60ce3a5295ad27d2179d0780168
GET /gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=http%3A%2F%2Fexee.app%2FBeErc&tfcd=0&npa=0&correlator=4273215949811263&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=http%3A%2F%2Fexee.app%2FBeErc&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.549.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.549.0&media_url=blob%3Ahttp%253a%2F%2Fexee.app%2F02bdbeee-aa74-49ec-a30b-40340df0191d&sid=5B9731A0-0927-4FE0-B2E8-685772CC66FD&nel=0&eid=44748969%2C44754608%2C44765701&dlt=1670801381569&idt=3357&dt=1670801385994&cookie_enabled=1&scor=3815265924325739&ged=ve4_td4_tt0_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491 HTTP/1.1
Host: pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://imasdk.googleapis.com
Connection: keep-alive
Referer: http://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: http://imasdk.googleapis.com
google-lineitem-id: -2
google-creative-id: -2
google-mediationgroup-id: -2
google-mediationtag-id: -2
date: Sun, 11 Dec 2022 23:29:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 113
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 11-Dec-2022 23:44:47 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=13bab80f-e390-47c0-954c-7f229f2df5c6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=13bab80f-e390-47c0-954c-7f229f2df5c6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=13bab80f-e390-47c0-954c-7f229f2df5c6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 11 Dec 2022 23:29:48 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e9ee6c59c73e411a965f09d6482bddf6
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=13bab80f-e390-47c0-954c-7f229f2df5c6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
200 OK 2 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=13bab80f-e390-47c0-954c-7f229f2df5c6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
IP
ASN #39572 DataWeb Global Group B.V.
Hash 309fc7d3bc53bb63ac42e359260ac740
2064f80f811db79a33c4e51c10221454e30c74ae
ac11339ffa8f270c4f781e0a3922bb1c80d9dee6e4b6911ca34538ed9ae03caa
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=13bab80f-e390-47c0-954c-7f229f2df5c6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 11 Dec 2022 23:29:48 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9ac818239ce7b27893ca2f9532c64fd7
Strict-Transport-Security: max-age=0; includeSubdomains
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 11 Dec 2022 23:29:43 GMT
date: Sun, 11 Dec 2022 23:29:43 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:29:43 GMT
content-type: text/plain
set-cookie: csu=1879463614843647@1@1670801383; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n5jcuc5unzx1pJ83BPHynBUBJA32BodgDhzO%2Fi1HEtxGTKgIEZb50%2FZcHGIFe65e24t9v0xxnt7YNLBHZOL9xQ91V%2FOxaNq0knYXeFvHsCYkqgecTfDlUbQnRMCeWzxP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77820108cc9f76c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:29:44 GMT
content-type: text/plain
set-cookie: csu=1926167629059625@1@1670801384; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z4uOd7IiRBKnppDRCMuyAvtU7cq7%2FnpKN4JUrTDkMgAsCXFQdfREbk24f%2FjbkTZ3jUONKd6sqRJgR28JDwwJKuAWfFlXObEiXI3C0thx0j7%2FeqHRrcYv18%2FkXUrCGwpW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77820109bd5276c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exee.app/fv.ico
200 OK 0 B IP
GET /fv.ico HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:29:44 GMT
content-type: image/x-icon
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Aug 2019 06:50:33 GMT
cache-control: max-age=31536000
expires: Tue, 17 Oct 2023 15:43:20 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4779984
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FvetGomYyXrUJt%2FwsZYO7Z1dKDYXHESopM3g3q2SJBhXl2bGuiuExMgQiIVwXuUW1WGp1Oad%2FhaufhsLgJ8fsGpCaLIn0dqNnBOin9y8kstf7aasSytwxpBBCA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7782010d3cd4b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: EmVJTJklpQSNkpf19+hp4R/9SfUFgU9caRDYUiHc7l0oxPZYUQJVkcyspZ4/9FyLeCi12rRlM8RO3O8Gnt+iNA==
date: Sun, 11 Dec 2022 23:29:44 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:29:43 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
last-modified: Sun, 11 Dec 2022 23:29:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fk205%2B9f%2FnbKnJKB6s6LZbjPI5Ef6hbkOZhpNlO46Qv77c7I455LnE3NTZ%2BKpTVnBpiTjn1de3g1npGV1awvkYldQV9NCs3PKwnrshcqoRHGu7wfWMggGbj5R98m2Ibk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77820108dcae76c6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/animate.css
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/animate.css
IP
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:29:45 GMT
content-type: text/css
last-modified: Mon, 17 Jan 2022 14:25:59 GMT
etag: W/"61e57c77-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h5LzYFYjH6NvLP2o2k7mubjwdbN0B4xO%2B87ON3qo8loENCDPct7BS05%2FajYyzrjmxZpKKunIAJNsN23Xiy4CTRrQ%2F7f%2Fv4o5fzdNtb2YOO%2BqC8nDBp0wHzTVvCYPP5CnJNe5fD8315Hm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 778201148c842407-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
172.67.151.153
31.13.72.36
3.71.139.39
51.79.72.196
188.114.97.1
23.36.76.226
172.255.6.87
104.18.32.68
139.45.195.253