r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 43ad67f241ee3692a9c9c1da080dae58
6a024f7d71eeee257edc91ba9273416f634aaae5
636635b57f9e6d2ad9b1b949298ee7d3b5b7e251a63516ff68bfb1eceded5688
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "636635B57F9E6D2AD9B1B949298EE7D3B5B7E251A63516FF68BFB1ECEDED5688"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3404
Expires: Mon, 12 Dec 2022 00:32:07 GMT
Date: Sun, 11 Dec 2022 23:35:23 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 430f1651125c14bfa4924aa1f1a392e9
304141c5fe7ac8b370a67912b2592f9622de9600
315d77a9956f34b1615e38f5f1971dd05146980f8a36b35a8108d47ebba7e8e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "315D77A9956F34B1615E38F5F1971DD05146980F8A36B35A8108D47EBBA7E8E5"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15337
Expires: Mon, 12 Dec 2022 03:51:00 GMT
Date: Sun, 11 Dec 2022 23:35:23 GMT
Connection: keep-alive
exee.app/rOPYV
200 OK 165 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61748)
Size 165 kB (164767 bytes)
Hash 4759865cdc011e2f8ce374fc97bb9299
8ad3f3911a9e6abbf1c306664c713f6912087a0e
c079d03c8d3fd3235944a62dcfa67043181106f47be8ec4fe70a7d2b6e6ce2f2
GET /rOPYV HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 23:35:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding,User-Agent
Set-Cookie: AppSession=a8015836a502308cc9dbca9f73f79c11; path=/; HttpOnly
csrfToken=8b98227066f7c5a15dcf3899e84d9b5552004029c47f4be8d83f5fd2e2e1749a3ecfa21fe8f78442273107af7685b13df1dc5868fb2797a1eda0fe7e0fc8097d; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WGpcWQhafeYjdh%2FLwMB9gWR50Lr1aw2cR9cn0We8eFpTXavNl73xeNA6zji9G7N3YTK1y5BibgCldukxk%2F16sbq8oY3cuHymZOPBEo2FU2aH128qGtIwgOD%2FJg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 778209500f131c0e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dbd022fec0a71226daaf29b7563a8896
c37d14dc7b3849a4bb815fa325fb5e70fae54039
22da5e6e3f9507688fc8cb02183d52cf38f4adf8b2c6c52eaf5f88182471efeb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22DA5E6E3F9507688FC8CB02183D52CF38F4ADF8B2C6C52EAF5F88182471EFEB"
Last-Modified: Sun, 11 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5686
Expires: Mon, 12 Dec 2022 01:10:09 GMT
Date: Sun, 11 Dec 2022 23:35:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 11 Dec 2022 23:08:32 GMT
content-type: application/json
age: 1611
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: H+CMgOaX9PM12cfBbYhkyPwnMpONzPlXIeEInqe+7SFu2Fi6A470glVkL3/3MXTqqSOdjX8b0oM=
x-amz-request-id: C05N3SHWTJ8C26J3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 11 Dec 2022 22:51:15 GMT
age: 2648
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
exee.app/css/continue.css
200 OK 43 kB URL HTTP/1.1 exee.app/css/continue.css
IP
File type assembler source, ASCII text
Hash 86f2690abb402da57ec94426944f117d
090dd2289eff354b4ae54490f2f8060df48c9d0c
e1f10c833a7a0f58158484857fe22a7c6efdcb7e4636df1cc9e2c4a5d3d1dafa
GET /css/continue.css HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/rOPYV
Cookie: AppSession=a8015836a502308cc9dbca9f73f79c11; csrfToken=8b98227066f7c5a15dcf3899e84d9b5552004029c47f4be8d83f5fd2e2e1749a3ecfa21fe8f78442273107af7685b13df1dc5868fb2797a1eda0fe7e0fc8097d
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 23:35:23 GMT
Content-Type: text/css
Content-Length: 43033
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 20 Nov 2020 17:25:47 GMT
Cache-Control: max-age=2592000
Expires: Mon, 09 Jan 2023 22:50:15 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Age: 89108
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0CDRT4sOQU48DY9NZjGNJvs8tXhGPdE%2BhEfygdNkiJyBMfj9lVZEPAPp%2BwpKf5SQ7f6YgCN7NckGkYJaPb2Vnb2PmKA7Ei5Y1W67Ai0rostIxMhWZNXx1nAhXw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7782095238a61c0e-OSL
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Dec 2022 23:35:23 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0f3dad0d025c4b6b8abd5d698f00cfbd
3a82ecac8709c7acd620316502a0e774ac3b1170
8d98454c05e1bfb1e534913e69fe76f4b0cb619c02626bcdc163f7be48b1621f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2bbc2a332da069e062c141b6755efb07
e7cb19a32562264a6858b73f90caff1fe7887a29
5fad6e64460cced764a9d312bc67cf858e5b28e5b2e107dc790bc5973f1ecd1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP
File type ASCII text, with very long lines (1921)
Hash 1ce97f97e46f0ae9e8d90daf4a79cdb7
1a36e1cadff26847d25902c244bb8a7aa4043f9c
ac043ce3076559605ce3b7e003017e2eeebaa3317a0e3aa951207b6d71d1deb1
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 11 Dec 2022 23:35:23 GMT
expires: Sun, 11 Dec 2022 23:35:23 GMT
cache-control: private, max-age=900
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43634
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
qj.wimplesbooklet.com/1clkn/29529
200 OK 26 B URL HTTP/1.1 qj.wimplesbooklet.com/1clkn/29529
IP
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: qj.wimplesbooklet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 23:35:23 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 12-Dec-2022 23:35:23 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Mon, 12-Dec-2022 23:35:23 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2bbc2a332da069e062c141b6755efb07
e7cb19a32562264a6858b73f90caff1fe7887a29
5fad6e64460cced764a9d312bc67cf858e5b28e5b2e107dc790bc5973f1ecd1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 74d82b5960e5e12af402b01fa10b0829
4b80baad99eaafa43a8a78dbcd8e0df4141b3dd7
328abed4a3d2ea1d745c64c5c40925ae5efca25846d2e1c8457a030347473b51
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash f34d5d5ef96bb69bcd8a13ea1ff45645
dde3db64eacaa03bfba2f4e59689a7d0c9f04602
f639a67a5e3072de1a52591ab6a32ce08418be093f73bbe1ae21a1dc4f643f78
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F639A67A5E3072DE1A52591AB6A32CE08418BE093F73BBE1AE21A1DC4F643F78"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4140
Expires: Mon, 12 Dec 2022 00:44:23 GMT
Date: Sun, 11 Dec 2022 23:35:23 GMT
Connection: keep-alive
a.vdo.ai/core/v-exee-app/vdo.ai.js
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 23:35:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Dec 2022 00:35:23 GMT
Location: https://a.vdo.ai/core/v-exee-app/vdo.ai.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KvPoqVLzw5dZ3txvwbgmKSUR75ZFCtTLkbGoC1OFCU%2B9O9UXBmb8PYggW9C79kWlcHWR3O4clvVyQsFmasQbpQtxTq21BNJEnAMdWGs1nP6rqwodcNlesnK7Xg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 778209537a1b7324-LHR
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash dc2b4d77e5a3f58cf290e2836e13138a
46e445967430cd03e746a4662594b795f3731934
84fb5e5a676bd0a52c8b13d298acbc4792e9829d094abc2c6075b813ddccddf9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "84FB5E5A676BD0A52C8B13D298ACBC4792E9829D094ABC2C6075B813DDCCDDF9"
Last-Modified: Fri, 09 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3658
Expires: Mon, 12 Dec 2022 00:36:21 GMT
Date: Sun, 11 Dec 2022 23:35:23 GMT
Connection: keep-alive
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP
File type ASCII text, with very long lines (37162), with no line terminators
Hash 7d06cdf339d04aec85abfad25889507b
9223ad38cc007ca4a7095c56fe6fc4ac7cb0065c
1707bec8b1dc42a725c35b178c802b99b7a2bea47bf276385d65863460c229f0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:35:23 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 662f902002367fdffa780fe9695de00b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 7d7d32ac5320d741b3763e2a56c171fd
6b96fb9b49ced7635332c282e8343b03102093b5
f63c09c36d4cb17e3781a90118de486b23ee5e33ec96f63ba1b2f3826a4dc9ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F63C09C36D4CB17E3781A90118DE486B23EE5E33EC96F63BA1B2F3826A4DC9AB"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3938
Expires: Mon, 12 Dec 2022 00:41:01 GMT
Date: Sun, 11 Dec 2022 23:35:23 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 7d7d32ac5320d741b3763e2a56c171fd
6b96fb9b49ced7635332c282e8343b03102093b5
f63c09c36d4cb17e3781a90118de486b23ee5e33ec96f63ba1b2f3826a4dc9ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F63C09C36D4CB17E3781A90118DE486B23EE5E33EC96F63BA1B2F3826A4DC9AB"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3938
Expires: Mon, 12 Dec 2022 00:41:01 GMT
Date: Sun, 11 Dec 2022 23:35:23 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 784e0439ec6be7b4ca1312cd7cfae85b
18dad06db451855d3009aa3207d868895c577666
6369a3e27c976088b4dda95da9422fdb201979fedfcb4edf9db60089fd9ea53b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 784e0439ec6be7b4ca1312cd7cfae85b
18dad06db451855d3009aa3207d868895c577666
6369a3e27c976088b4dda95da9422fdb201979fedfcb4edf9db60089fd9ea53b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
superjuryger.xyz/WlpHVlU7OCQ7ajtnJXAgKDZ6c2ccf3UQMWspNiAhaWwqMWYuayV4NjY1MjIzKDUpIns0PzNzZxwjEgMtNTgpFywTLR4fASMPKxITFBMeZWA+AgIEZhAyNBQdMxw/GRYtaAghFDARLgdtPxggZQMzD3USExQbIy8UEBsFMiY7PXcXEGgifgIyYg8KZRM5CQYHPRMtCQIdMxcqETI9Eg0sOhEcdg8+FgwSEh0jKSsUFBMIIx5hLw12Yz07DDczAhkDKxQyNTwNPGwUAgIXcGgcCBNkOQsAFG0INnIADD1vCQ4QGzcNBw8DCA8EcGgcDD0hGQMTBDANNhE/ETF3djUEGRdxAgNqIh4eLT4LAhRhOww3MxMgCzEXIhwMHiElOwIsED08HCszBAIIYmQXDRsgDBwjMQgXBDJqIT9gPAsABDwNHyAQNxJqYTwmNTQ3awUYHC0aHh4OKmIlAw
200 OK 1.2 kB URL HTTP/1.1 superjuryger.xyz/WlpHVlU7OCQ7ajtnJXAgKDZ6c2ccf3UQMWspNiAhaWwqMWYuayV4NjY1MjIzKDUpIns0PzNzZxwjEgMtNTgpFywTLR4fASMPKxITFBMeZWA+AgIEZhAyNBQdMxw/GRYtaAghFDARLgdtPxggZQMzD3USExQbIy8UEBsFMiY7PXcXEGgifgIyYg8KZRM5CQYHPRMtCQIdMxcqETI9Eg0sOhEcdg8+FgwSEh0jKSsUFBMIIx5hLw12Yz07DDczAhkDKxQyNTwNPGwUAgIXcGgcCBNkOQsAFG0INnIADD1vCQ4QGzcNBw8DCA8EcGgcDD0hGQMTBDANNhE/ETF3djUEGRdxAgNqIh4eLT4LAhRhOww3MxMgCzEXIhwMHiElOwIsED08HCszBAIIYmQXDRsgDBwjMQgXBDJqIT9gPAsABDwNHyAQNxJqYTwmNTQ3awUYHC0aHh4OKmIlAw
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3042), with no line terminators
Hash 14d2f78d08c2647f3de13d3256b772b1
e2137a0303dcc0ee4fc9d4ca8c06770500b23652
698f803e2122d009fb34733fa5e71ce5b73a6497b0ad09c2c47945df3b636f40
GET /WlpHVlU7OCQ7ajtnJXAgKDZ6c2ccf3UQMWspNiAhaWwqMWYuayV4NjY1MjIzKDUpIns0PzNzZxwjEgMtNTgpFywTLR4fASMPKxITFBMeZWA+AgIEZhAyNBQdMxw/GRYtaAghFDARLgdtPxggZQMzD3USExQbIy8UEBsFMiY7PXcXEGgifgIyYg8KZRM5CQYHPRMtCQIdMxcqETI9Eg0sOhEcdg8+FgwSEh0jKSsUFBMIIx5hLw12Yz07DDczAhkDKxQyNTwNPGwUAgIXcGgcCBNkOQsAFG0INnIADD1vCQ4QGzcNBw8DCA8EcGgcDD0hGQMTBDANNhE/ETF3djUEGRdxAgNqIh4eLT4LAhRhOww3MxMgCzEXIhwMHiElOwIsED08HCszBAIIYmQXDRsgDBwjMQgXBDJqIT9gPAsABDwNHyAQNxJqYTwmNTQ3awUYHC0aHh4OKmIlAw HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1191
Connection: keep-alive
Date: Sun, 11 Dec 2022 23:35:23 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 830686c9072da9151c60c7f203fc4a34.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
X-Amz-Cf-Id: xy9QMCwnjODGGf-TOgQE75T6fDlJyzU_mnLluc-HqZxChyLd6V06WQ==
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:56:07 GMT
expires: Tue, 05 Dec 2023 18:56:07 GMT
cache-control: public, max-age=31536000
age: 535156
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:52:41 GMT
expires: Tue, 05 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 535362
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash f34d5d5ef96bb69bcd8a13ea1ff45645
dde3db64eacaa03bfba2f4e59689a7d0c9f04602
f639a67a5e3072de1a52591ab6a32ce08418be093f73bbe1ae21a1dc4f643f78
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F639A67A5E3072DE1A52591AB6A32CE08418BE093F73BBE1AE21A1DC4F643F78"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4140
Expires: Mon, 12 Dec 2022 00:44:23 GMT
Date: Sun, 11 Dec 2022 23:35:23 GMT
Connection: keep-alive
superjuryger.xyz/utx?cb=kbPXl4NDiu0W&top=exee.app&tid=822524
204 No Content 0 B URL HTTP/2 superjuryger.xyz/utx?cb=kbPXl4NDiu0W&top=exee.app&tid=822524
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=kbPXl4NDiu0W&top=exee.app&tid=822524 HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 23:35:23 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 11 Dec 2022 23:36:23 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 f13ebb34b9ca74b5ffe9e85709c21a7c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: YYpSTgQWxyWugIL-X-AaAdQw0FdcNrQosQ2znQXf1uH3OerY547t2w==
X-Firefox-Spdy: h2
superjuryger.xyz/utx?cb=SlQnWEFSUZAa&top=exee.app&tid=889494
204 No Content 0 B URL HTTP/2 superjuryger.xyz/utx?cb=SlQnWEFSUZAa&top=exee.app&tid=889494
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=SlQnWEFSUZAa&top=exee.app&tid=889494 HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 23:35:23 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 11 Dec 2022 23:36:23 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 f13ebb34b9ca74b5ffe9e85709c21a7c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: YC4Y6ZxWKuYUEKnNAGs7MiWIDkyrwR2HpNkbfsX5k9VtYfEz9WLjjw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 784e0439ec6be7b4ca1312cd7cfae85b
18dad06db451855d3009aa3207d868895c577666
6369a3e27c976088b4dda95da9422fdb201979fedfcb4edf9db60089fd9ea53b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 280 B IP
Hash d8b6288aa182c59316c39ea8777fd31c
7e3a9cb2ee6f53c063161b881f99ab8b20851252
d188c187297ca0c01966dbc10159090ebbe8e0c96f5d7adc725fc2d3ee25f9c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4465
Cache-Control: max-age=128750
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:23 GMT
Etag: "6395abb9-118"
Expires: Tue, 13 Dec 2022 11:21:13 GMT
Last-Modified: Sun, 11 Dec 2022 10:06:49 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 280
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 7d7d32ac5320d741b3763e2a56c171fd
6b96fb9b49ced7635332c282e8343b03102093b5
f63c09c36d4cb17e3781a90118de486b23ee5e33ec96f63ba1b2f3826a4dc9ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F63C09C36D4CB17E3781A90118DE486B23EE5E33EC96F63BA1B2F3826A4DC9AB"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3938
Expires: Mon, 12 Dec 2022 00:41:01 GMT
Date: Sun, 11 Dec 2022 23:35:23 GMT
Connection: keep-alive
keterrehepren.xyz/eExmUnpXcwUhRzUhXxY1LBUqCjIxAiQTPBooAT07OiBfKj4PeEAmExxxXmpDTHVSdAoRKFtjXAs4ByYPC3FXdBMWKglvXA5xV3xJTGJVY1RJahNvS144FjMdRX1AIg4MIFtjTE98XmJLT35XaktB
204 No Content 0 B URL HTTP/2 keterrehepren.xyz/eExmUnpXcwUhRzUhXxY1LBUqCjIxAiQTPBooAT07OiBfKj4PeEAmExxxXmpDTHVSdAoRKFtjXAs4ByYPC3FXdBMWKglvXA5xV3xJTGJVY1RJahNvS144FjMdRX1AIg4MIFtjTE98XmJLT35XaktB
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eExmUnpXcwUhRzUhXxY1LBUqCjIxAiQTPBooAT07OiBfKj4PeEAmExxxXmpDTHVSdAoRKFtjXAs4ByYPC3FXdBMWKglvXA5xV3xJTGJVY1RJahNvS144FjMdRX1AIg4MIFtjTE98XmJLT35XaktB HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 23:35:23 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9NDxrtyrOpRqOxaS6xQPnV2x4cBu5I8qmZPE0nL2D2ni4gKktddqqcrqsSCTq15LoRLfF%2FcEelsEz1tQJNIFnWMG6fHW%2FuWVYwzSpRb8Zqla79hW0WrcYCHP3vBtpzfAG%2Fm%2BnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7782095469d3b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
keterrehepren.xyz/cHkwN1FfRlNEbCQ/algzQzcGbmBBLmJ/AxwhdlMUFRRmbgYlIBZDOBRECANiQk8BESEZHQ0GaVYKRFYlBQoNBncZF1ZYbFYPDQZ/QFcCGWNWDA0GdwQJUVBsQV9AQyUcRAEBZkBBAAZmQkgIBGM
204 No Content 0 B URL HTTP/2 keterrehepren.xyz/cHkwN1FfRlNEbCQ/algzQzcGbmBBLmJ/AxwhdlMUFRRmbgYlIBZDOBRECANiQk8BESEZHQ0GaVYKRFYlBQoNBncZF1ZYbFYPDQZ/QFcCGWNWDA0GdwQJUVBsQV9AQyUcRAEBZkBBAAZmQkgIBGM
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cHkwN1FfRlNEbCQ/algzQzcGbmBBLmJ/AxwhdlMUFRRmbgYlIBZDOBRECANiQk8BESEZHQ0GaVYKRFYlBQoNBncZF1ZYbFYPDQZ/QFcCGWNWDA0GdwQJUVBsQV9AQyUcRAEBZkBBAAZmQkgIBGM HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 23:35:23 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QDaJaz9pvc%2BJLsf3wZBRlni2UGzjEVdZ5aRXXM00nKi2hF%2Fz3RZWDbE3MqNyr0rWNnMqlOcYfyzT%2FbvM%2FKvPYDnbXCc91DtrkTGreyZSubsG1dtT8g%2Fn%2F%2FCZJsKF%2F74rrjSnFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7782095469d4b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
keterrehepren.xyz/N3lDMlkYRiBBZGJIGX4Uch0ta2p6OyB1LUIfNHgubksJF2t1OHBnf0MQJw9hBUt2AG0RCSpWZAZfMEY4QwwwD2gREC1UNgpfNQ9oGUp3HGoGV3IULApIZUYpVh5+A39HDTdeZAZPdAJhB0h0AGgAQXM
204 No Content 0 B URL HTTP/2 keterrehepren.xyz/N3lDMlkYRiBBZGJIGX4Uch0ta2p6OyB1LUIfNHgubksJF2t1OHBnf0MQJw9hBUt2AG0RCSpWZAZfMEY4QwwwD2gREC1UNgpfNQ9oGUp3HGoGV3IULApIZUYpVh5+A39HDTdeZAZPdAJhB0h0AGgAQXM
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /N3lDMlkYRiBBZGJIGX4Uch0ta2p6OyB1LUIfNHgubksJF2t1OHBnf0MQJw9hBUt2AG0RCSpWZAZfMEY4QwwwD2gREC1UNgpfNQ9oGUp3HGoGV3IULApIZUYpVh5+A39HDTdeZAZPdAJhB0h0AGgAQXM HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 23:35:23 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ZxUr3XBP83jUthxnS6FFwSRZ8xUS7MXeM0vL970kPVqPpSrBI1jIlWQ11QIXyH41Z4hlLdznEUMVcWqvZhjCGhpuoP0j8q0rdj9%2BSCdKDPDa37Oi3UebJn%2BaJRwBlHQ066NFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7782095469d0b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
superjuryger.xyz/bGNmQkwNAQUvcw1eBGQ5Hg9bZ34qRlQEKF0QFzQ4X1ULJX8YUgRsLwAMEyYqHgwINmICBhJnfioENXEKFSwgByMkCx4nLgZbPwQrOhMFciQrIjEUOCsUIBocFhcrBSIhUjYBOCQHDw8PJRQrEgQkDz4AJyVSAikKOTUiAyAqCF4nAi82NRY7AFAtKhk9ITEUOC4yLBoDAjoAAwolCSoTFSk3DA81OhQCGC4vOgMBCilaLDoONCAOJmleIT5yBQg6VTYWLjUjZ34qLx52Cj9QNHcdPhsrJgQAITc1JElRICd9PiEDLB5ZMjcUHjxQVwQaGxAyICciIDcFKElRIBQJQSVQJgQAIScHeVwGIgAILyQ0Lh06EAIbfx80IHM/WikgEA0KDih1HSkqLxsEGCIwNTwELzQlDTQ3BSkPOgAtBH8cITQ6FgQBNxAcLzJAKD8DDRZ/JCcHERh5IhEvED1bLlQ
200 OK 1.2 kB URL HTTP/1.1 superjuryger.xyz/bGNmQkwNAQUvcw1eBGQ5Hg9bZ34qRlQEKF0QFzQ4X1ULJX8YUgRsLwAMEyYqHgwINmICBhJnfioENXEKFSwgByMkCx4nLgZbPwQrOhMFciQrIjEUOCsUIBocFhcrBSIhUjYBOCQHDw8PJRQrEgQkDz4AJyVSAikKOTUiAyAqCF4nAi82NRY7AFAtKhk9ITEUOC4yLBoDAjoAAwolCSoTFSk3DA81OhQCGC4vOgMBCilaLDoONCAOJmleIT5yBQg6VTYWLjUjZ34qLx52Cj9QNHcdPhsrJgQAITc1JElRICd9PiEDLB5ZMjcUHjxQVwQaGxAyICciIDcFKElRIBQJQSVQJgQAIScHeVwGIgAILyQ0Lh06EAIbfx80IHM/WikgEA0KDih1HSkqLxsEGCIwNTwELzQlDTQ3BSkPOgAtBH8cITQ6FgQBNxAcLzJAKD8DDRZ/JCcHERh5IhEvED1bLlQ
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash 4faa1fddb6844274249a7d47300123c1
88e118bb788a17eab6274d0608bd8c38108a4544
1bc21a0fd4e93cad684059b75955b7976ebf37a43563b5a947c7f44a0ef4d301
GET /bGNmQkwNAQUvcw1eBGQ5Hg9bZ34qRlQEKF0QFzQ4X1ULJX8YUgRsLwAMEyYqHgwINmICBhJnfioENXEKFSwgByMkCx4nLgZbPwQrOhMFciQrIjEUOCsUIBocFhcrBSIhUjYBOCQHDw8PJRQrEgQkDz4AJyVSAikKOTUiAyAqCF4nAi82NRY7AFAtKhk9ITEUOC4yLBoDAjoAAwolCSoTFSk3DA81OhQCGC4vOgMBCilaLDoONCAOJmleIT5yBQg6VTYWLjUjZ34qLx52Cj9QNHcdPhsrJgQAITc1JElRICd9PiEDLB5ZMjcUHjxQVwQaGxAyICciIDcFKElRIBQJQSVQJgQAIScHeVwGIgAILyQ0Lh06EAIbfx80IHM/WikgEA0KDih1HSkqLxsEGCIwNTwELzQlDTQ3BSkPOgAtBH8cITQ6FgQBNxAcLzJAKD8DDRZ/JCcHERh5IhEvED1bLlQ HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1197
Connection: keep-alive
Date: Sun, 11 Dec 2022 23:35:23 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 92f415f504f960872d71a5b454174362.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
X-Amz-Cf-Id: jBShh-_qkjf5ywY7Y3_9KsJk5dBsK8OYK-P0XsKpOOxlIY3G5gsImQ==
superjuryger.xyz/S3VGQnkqFyUvRipIJGQMORl7Z0sNUHQEHXoGNzQNeEMrJUo/RCRsGicaMyYfORooNlclEDJnSw0xJSgVOCB2cisdEg9zGiwvFwE+fkQUJQkuLx46LB4NfnowPDwDDD0eMggFSQglPwM7HQIHcT8aJ34EIR5ABQRIGSx0MRwcNA9yGg0nJQMTCQIXOkEFOz97KQ8gKS81DkwTAwAgHg4uLAURKHpJDzAMKBgONAwQOhoeDgRJDz8CdyEIRDF7Nh0WCho+AUweAxUBLAd7IQhEMSkzCQIWFTERUHQANAkNIxsDHTACFxUsMXchNRM2A3UvPBoyGxd6PQBzVDNDJwc4ATY8GwwMIxwIIBoBBwEveh8gFzQBLR4YXHkzFy5BDTwVJSwdHRRwHzEkDxo+ER8XKkERFyg1XyEGKSwJdi0gCT8fGyovCiUZIhoPDgw
200 OK 1.2 kB URL HTTP/1.1 superjuryger.xyz/S3VGQnkqFyUvRipIJGQMORl7Z0sNUHQEHXoGNzQNeEMrJUo/RCRsGicaMyYfORooNlclEDJnSw0xJSgVOCB2cisdEg9zGiwvFwE+fkQUJQkuLx46LB4NfnowPDwDDD0eMggFSQglPwM7HQIHcT8aJ34EIR5ABQRIGSx0MRwcNA9yGg0nJQMTCQIXOkEFOz97KQ8gKS81DkwTAwAgHg4uLAURKHpJDzAMKBgONAwQOhoeDgRJDz8CdyEIRDF7Nh0WCho+AUweAxUBLAd7IQhEMSkzCQIWFTERUHQANAkNIxsDHTACFxUsMXchNRM2A3UvPBoyGxd6PQBzVDNDJwc4ATY8GwwMIxwIIBoBBwEveh8gFzQBLR4YXHkzFy5BDTwVJSwdHRRwHzEkDxo+ER8XKkERFyg1XyEGKSwJdi0gCT8fGyovCiUZIhoPDgw
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3030), with no line terminators
Hash a8d208da79e081b2132666206a77160e
e406169179a2d4de4d2613fb68bebccf79cd45a3
359e4b854003028f6b6c3476c6249a4f5ea100a630abafc12d6bd2f3cafefd60
GET /S3VGQnkqFyUvRipIJGQMORl7Z0sNUHQEHXoGNzQNeEMrJUo/RCRsGicaMyYfORooNlclEDJnSw0xJSgVOCB2cisdEg9zGiwvFwE+fkQUJQkuLx46LB4NfnowPDwDDD0eMggFSQglPwM7HQIHcT8aJ34EIR5ABQRIGSx0MRwcNA9yGg0nJQMTCQIXOkEFOz97KQ8gKS81DkwTAwAgHg4uLAURKHpJDzAMKBgONAwQOhoeDgRJDz8CdyEIRDF7Nh0WCho+AUweAxUBLAd7IQhEMSkzCQIWFTERUHQANAkNIxsDHTACFxUsMXchNRM2A3UvPBoyGxd6PQBzVDNDJwc4ATY8GwwMIxwIIBoBBwEveh8gFzQBLR4YXHkzFy5BDTwVJSwdHRRwHzEkDxo+ER8XKkERFyg1XyEGKSwJdi0gCT8fGyovCiUZIhoPDgw HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1181
Connection: keep-alive
Date: Sun, 11 Dec 2022 23:35:23 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 6528f10684ec39317f94ed2a540d88b4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
X-Amz-Cf-Id: sPccddE1ZF4WSEQHOOu3SNQA9Urse0K435-9o08BsfX58h96AaOEtA==
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash dc2b4d77e5a3f58cf290e2836e13138a
46e445967430cd03e746a4662594b795f3731934
84fb5e5a676bd0a52c8b13d298acbc4792e9829d094abc2c6075b813ddccddf9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "84FB5E5A676BD0A52C8B13D298ACBC4792E9829D094ABC2C6075B813DDCCDDF9"
Last-Modified: Fri, 09 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3658
Expires: Mon, 12 Dec 2022 00:36:21 GMT
Date: Sun, 11 Dec 2022 23:35:23 GMT
Connection: keep-alive
friendshipmale.com/sfp.js
200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 23:35:23 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 50be29c8e347ff6c23f6f3b55c336321
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sun, 11 Dec 2022 23:35:23 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tBuE7EJWy0heO68z%2FpFmh%2Feihi5wt7v3k2ztX1QYlhUSxJVTnbDcEzqoF0vfmguQXYvO2%2FqahC6ptE%2B%2BzK5alEaJ1UW%2FHNil0P0y1hb6GbZxiVc5mTiXDT%2FndPkEBf8lsMCyCbY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77820954ba2f773b-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.sectigo.com/
200 OK 472 B IP
Hash 8db5e5fdd6de1be318e1e2eb919fb0e7
8258c78d87a302be368193b851b55c8e32107c82
143d463b64c5b6772aa9f446e7ea1bb201fe8ce57b25779a6c99dd416a660c7f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 23:35:23 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Dec 2022 16:52:37 GMT
Expires: Thu, 15 Dec 2022 16:52:36 GMT
Etag: "8258c78d87a302be368193b851b55c8e32107c82"
Cache-Control: max-age=320832,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7782095598a8fabc-OSL
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash f0b47065b11cbea51cb76d12a9bfa1fb
e4297c96b6395dd7d35cac31717d3153fb3d95a4
7e851c843752269d2e3efd2908be5074cdd273eb839bf91bb7fbf57dacba5855
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=137846
Date: Sun, 11 Dec 2022 23:35:23 GMT
Etag: "6395db96-1d7"
Expires: Tue, 13 Dec 2022 13:52:49 GMT
Last-Modified: Sun, 11 Dec 2022 13:31:02 GMT
Server: ECS (nyb/1D1D)
X-Cache: Miss from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: woc9vjT4ns0p6IePAbO9dPNLXyMrjxFH-k63RiQAK-8eVriFScoJ2w==
Age: 1307
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 11 Dec 2022 23:07:56 GMT
age: 1647
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 899
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 11 Dec 2022 23:35:23 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: http://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 03702c6c686395a50decaef4f0d7516b
62953341a41d8761e2bcae31f86d6251b0afc557
e2bc79f7fa6f253509884af3d11dc41afc064e809d7a47a6bf1794c572713cae
Analyzer Verdict Alert fortinet Malware
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:35:23 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=a9f925b8-3634-4409-9048-65d7df37d93a:3:1; expires=Wed, 08 Dec 2032 23:35:23 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
d1sqvt36mg3t1b.cloudfront.net/yUUxobnAyIwYITyUlDFNIY35dXER3JhsBHiFxOCw2OwAjKiQ8eBg3ViU2DFNAdyAJABdsag0AE2x9Tg8UM3FcSAQhIwNTHiMmGggHJzoKF1YkLVUDHyslBAIRdH4uW15haVpeWCYlBgofJj9NXEA/OE1cQGB8Rl5VYg5NXEAmJQZYRHR/KktCYTReWlViDk-1cQCM6TV0xYHxdQEB4aVpeFzQvAwFVYwpaXkFhfFleQXR+WAgZIykOAQh0fi5fQGRiWEgFbH0
200 OK 515 B URL HTTP/1.1 d1sqvt36mg3t1b.cloudfront.net/yUUxobnAyIwYITyUlDFNIY35dXER3JhsBHiFxOCw2OwAjKiQ8eBg3ViU2DFNAdyAJABdsag0AE2x9Tg8UM3FcSAQhIwNTHiMmGggHJzoKF1YkLVUDHyslBAIRdH4uW15haVpeWCYlBgofJj9NXEA/OE1cQGB8Rl5VYg5NXEAmJQZYRHR/KktCYTReWlViDk-1cQCM6TV0xYHxdQEB4aVpeFzQvAwFVYwpaXkFhfFleQXR+WAgZIykOAQh0fi5fQGRiWEgFbH0
IP
File type PBF image (deflate compression)\012- , ASCII text, with very long lines (704), with no line terminators
Hash 63babc4709abc952fbaa403df932870c
b8950b4194387219797f9df0c8fb1136b57039e3
55f82cc785d7a5d34dd4ffe26664034218d4f14cf1120d0489268696dcb4c01a
GET /yUUxobnAyIwYITyUlDFNIY35dXER3JhsBHiFxOCw2OwAjKiQ8eBg3ViU2DFNAdyAJABdsag0AE2x9Tg8UM3FcSAQhIwNTHiMmGggHJzoKF1YkLVUDHyslBAIRdH4uW15haVpeWCYlBgofJj9NXEA/OE1cQGB8Rl5VYg5NXEAmJQZYRHR/KktCYTReWlViDk-1cQCM6TV0xYHxdQEB4aVpeFzQvAwFVYwpaXkFhfFleQXR+WAgZIykOAQh0fi5fQGRiWEgFbH0 HTTP/1.1
Host: d1sqvt36mg3t1b.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://superjuryger.xyz/
HTTP/1.1 200 OK
Content-Length: 515
Connection: keep-alive
Date: Sun, 11 Dec 2022 23:35:23 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hI0c7xm-EBgPxzzLqugf_p7z8QqfrAvSb8bidV-1qqRaH05SQjQ5CA==
d1sqvt36mg3t1b.cloudfront.net/gS3FyOFEoHhxebj8YFgVpc0hGAWVtGwFXPztMGnM1PCtHdiMCIwMPHHlXBkI1dkFUVDAlFk8eNCUSTwl3KhUQBWVtBQJXOnYfAFIjLQYETjMyVwdZbCYeCFE9JxBXChd+X0IdY3tZBVE/Lx4FS3R5QRxMdHlBQwh/e1RBenR5QQVRP31FVwsTbkNCQGd/VE-F6dHlBAE50eDBDCGRlQVsdY3sWF1s6JFRAfmN7QEIIYHtAVwphLRgAXTckCVcKF3pBRxZhbQRPCQ
200 OK 608 B URL HTTP/1.1 d1sqvt36mg3t1b.cloudfront.net/gS3FyOFEoHhxebj8YFgVpc0hGAWVtGwFXPztMGnM1PCtHdiMCIwMPHHlXBkI1dkFUVDAlFk8eNCUSTwl3KhUQBWVtBQJXOnYfAFIjLQYETjMyVwdZbCYeCFE9JxBXChd+X0IdY3tZBVE/Lx4FS3R5QRxMdHlBQwh/e1RBenR5QQVRP31FVwsTbkNCQGd/VE-F6dHlBAE50eDBDCGRlQVsdY3sWF1s6JFRAfmN7QEIIYHtAVwphLRgAXTckCVcKF3pBRxZhbQRPCQ
IP
File type ASCII text, with very long lines (874), with no line terminators
Hash 37bb3b0c83fef7a1eda2fcfed5137343
934643801d4ef18c1d4e204e6b0712091a7188ba
5a0e9cd3c1a55130caee47500b1424052c36b1348224b8fa90e90dc0af51e170
GET /gS3FyOFEoHhxebj8YFgVpc0hGAWVtGwFXPztMGnM1PCtHdiMCIwMPHHlXBkI1dkFUVDAlFk8eNCUSTwl3KhUQBWVtBQJXOnYfAFIjLQYETjMyVwdZbCYeCFE9JxBXChd+X0IdY3tZBVE/Lx4FS3R5QRxMdHlBQwh/e1RBenR5QQVRP31FVwsTbkNCQGd/VE-F6dHlBAE50eDBDCGRlQVsdY3sWF1s6JFRAfmN7QEIIYHtAVwphLRgAXTckCVcKF3pBRxZhbQRPCQ HTTP/1.1
Host: d1sqvt36mg3t1b.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://superjuryger.xyz/
HTTP/1.1 200 OK
Content-Length: 608
Connection: keep-alive
Date: Sun, 11 Dec 2022 23:35:23 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -vuJnHJ57z3swRgaA5gB2WH8kvqmGxg4yBrfucjA-e-AtBlJ5xSLOA==
ocsp.digicert.com/
200 OK 280 B IP
Hash d8b6288aa182c59316c39ea8777fd31c
7e3a9cb2ee6f53c063161b881f99ab8b20851252
d188c187297ca0c01966dbc10159090ebbe8e0c96f5d7adc725fc2d3ee25f9c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4465
Cache-Control: max-age=128750
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:23 GMT
Etag: "6395abb9-118"
Expires: Tue, 13 Dec 2022 11:21:13 GMT
Last-Modified: Sun, 11 Dec 2022 10:06:49 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 280
d1sqvt36mg3t1b.cloudfront.net/DcjlsU00RVgI1cgZQCG51RgpeZXxUUx88IwIENDUGNG0CPyABVwA3FQR8FXU5CF1RY2seWAI0cFRcAjBwQx8NNy9PDUomLE9UAykkHlUNdn80DEJjaEAJRCQkHF0DJD5XC1w9OVcLXGJ9XAlJYA9XC1wkJBwPWHZ+MBxeYzVEDUlgD1cLXCE7VwotYn1HF1-x6aEAJCzYuGVZJYQtACV1jfUMJXXZ/Ql8FISgUVhR2fzQIXGZjQh8Zbnw
200 OK 192 B URL HTTP/1.1 d1sqvt36mg3t1b.cloudfront.net/DcjlsU00RVgI1cgZQCG51RgpeZXxUUx88IwIENDUGNG0CPyABVwA3FQR8FXU5CF1RY2seWAI0cFRcAjBwQx8NNy9PDUomLE9UAykkHlUNdn80DEJjaEAJRCQkHF0DJD5XC1w9OVcLXGJ9XAlJYA9XC1wkJBwPWHZ+MBxeYzVEDUlgD1cLXCE7VwotYn1HF1-x6aEAJCzYuGVZJYQtACV1jfUMJXXZ/Ql8FISgUVhR2fzQIXGZjQh8Zbnw
IP
File type ASCII text, with no line terminators
Hash 2ed2c2b2970b67e037cefc4b40df2482
71249cf06326a1f3263da5a240ec38605803484f
e7780aedb858a7cecc7f1f0845239a8bdb42850f96257ff83812cbd876a2148b
GET /DcjlsU00RVgI1cgZQCG51RgpeZXxUUx88IwIENDUGNG0CPyABVwA3FQR8FXU5CF1RY2seWAI0cFRcAjBwQx8NNy9PDUomLE9UAykkHlUNdn80DEJjaEAJRCQkHF0DJD5XC1w9OVcLXGJ9XAlJYA9XC1wkJBwPWHZ+MBxeYzVEDUlgD1cLXCE7VwotYn1HF1-x6aEAJCzYuGVZJYQtACV1jfUMJXXZ/Ql8FISgUVhR2fzQIXGZjQh8Zbnw HTTP/1.1
Host: d1sqvt36mg3t1b.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://superjuryger.xyz/
HTTP/1.1 200 OK
Content-Length: 192
Connection: keep-alive
Date: Sun, 11 Dec 2022 23:35:23 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mlkUGRRoiUf8-CXkUr5w2NAUnEgC87hxgmTuhJLO2g4WiqDZ4FvXcg==
ocsp.digicert.com/
200 OK 471 B IP
Hash e12bb655426d080117693ba116f398cf
8fe1f7f8d0b191baed2decba3523656da97077f5
2c25ba0d1c806de98d5489934acd8e2f17487e4f7e40c7f0d39094ce49f91b8d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3172
Cache-Control: max-age=123864
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:24 GMT
Etag: "63959db0-1d7"
Expires: Tue, 13 Dec 2022 09:59:48 GMT
Last-Modified: Sun, 11 Dec 2022 09:06:56 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
keterrehepren.xyz/popunder.gif
301 Moved Permanently 0 B URL HTTP/1.1 keterrehepren.xyz/popunder.gif
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 23:35:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Dec 2022 00:35:24 GMT
Location: https://keterrehepren.xyz/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4kilCzOrZAKI51GX2tooIDjh7ter7awuNH3%2Bk9UyZHRkh1lugYby2yjh9ZF6DWmIhzArRvggDmHkk1QFdaCjyPlJCaZ5LqgB93RWC4HNgvvU9o7nhLi9EoZBR0tAme%2Fm%2FrLK2g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7782095829aeb506-OSL
alt-svc: h2=":443"; ma=60
a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/dependencies_hbv4_latest/vdo.min.js?v=v2.2 HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 23:35:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Dec 2022 00:35:24 GMT
Location: https://a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S1HspZn%2F54KXREGM8SpzBloFfCPA6QTQ9R%2B8ayqoPs4f3ScpuNTPTwZBxfXWbsOyLifdWdYqn0Sl%2F2JuW4nSFpshypSM8BMqdGTpIlJ90f6yWKPPw%2F5oUputeA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 778209583d8c7324-LHR
alt-svc: h2=":443"; ma=60
restorationpencil.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
200 OK 29 kB URL HTTP/1.1 restorationpencil.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 63554afab893d34948a3953b8ed07c65
7d1ef0b499eb0e8d7f7ef926321699f34dff9d73
a12529a86b5c766e99292deb59c86e4ba78e36207c91263cb49f07fc104e46e3
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/ed/da/e3edda287db626ee1ba52321f203a61e.js HTTP/1.1
Host: restorationpencil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:35:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ecb21773ed8308891f683160fcfacf91
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 197b01bb9a3c330e428f1e33926fc9aa
e7adc235ca8d021ace930c9f46b159219d40991d
6c2d65b4c466d08e26417939358f9e6af096f72ac89348a1e05ace822c79a029
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6C2D65B4C466D08E26417939358F9E6AF096F72AC89348A1E05ACE822C79A029"
Last-Modified: Sat, 10 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3770
Expires: Mon, 12 Dec 2022 00:38:14 GMT
Date: Sun, 11 Dec 2022 23:35:24 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nHA+U3T/1u1mPEU9/R98og==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eKYVyQhnjLjQsf5EQLhuv0rWsWo=
addresseepaper.com/sfp.js
200 OK 2.6 kB URL HTTP/1.1 addresseepaper.com/sfp.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Hash 41f66bb0ac50f2d851236170e7c71341
59bcec216302151922219b51be8ad8ab6d0b8384
ec99cca58b612ce268e6ada818dfcec0acc22dd1bbe372487be9abbdd07ce073
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 11 Dec 2022 23:35:24 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:21 GMT
ETag: "638fbef9-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_ksH1sTc9EjXCmWZup74uFSR+dkwy0KAqHyDjqCX5+b0zeGjsBDwHGeUXqHO1YTnGXNMqi9DZqRg/7nsDREvaAw
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google
jewelbeeperinflection.com/pixel/purst?dl=0&th=0&sc=0&rs=1451&rd=1451&fd=688&bv=22.10.v.10&tmpl=136
200 OK 0 B URL HTTP/1.1 jewelbeeperinflection.com/pixel/purst?dl=0&th=0&sc=0&rs=1451&rd=1451&fd=688&bv=22.10.v.10&tmpl=136
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1451&rd=1451&fd=688&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: jewelbeeperinflection.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:35:24 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
restorationpencil.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=a9f925b8-3634-4409-9048-65d7df37d93a%3A3%3A1
200 OK 4.1 kB URL HTTP/1.1 restorationpencil.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=a9f925b8-3634-4409-9048-65d7df37d93a%3A3%3A1
IP
File type JSON data\012- , ASCII text, with very long lines (5747), with no line terminators
Hash 7338bf1677d0e695e034c8bfb0aeff7e
5ea168dc0a8c9e8026d38f191095ff46d144ba52
db29f80bb68c417ccf0621d42493092e3129e43f14537cd7009e94175d4071f4
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=a9f925b8-3634-4409-9048-65d7df37d93a%3A3%3A1 HTTP/1.1
Host: restorationpencil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:35:24 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://exee.app
Access-Control-Allow-Origin: http://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Mon, 12 Dec 2022 23:35:24 GMT; secure; SameSite=None
uid_id2=a9f925b8-3634-4409-9048-65d7df37d93a:3:1; expires=Sun, 18 Dec 2022 23:35:24 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 12 Dec 2022 23:35:24 GMT; secure; SameSite=None
uncs=1; expires=Mon, 12 Dec 2022 23:35:24 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 12 Dec 2022 23:35:24 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 12 Dec 2022 23:35:24 GMT; secure; SameSite=None
slecf585f65c6c65123b95dd09be324de3bb=[3396716]; expires=Sun, 11 Dec 2022 23:35:29 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 435e1b1ce5ee50c7299c6751889e5936
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 165cab5e8773c2efa14c92a3e9c175bd
b748989dd5e6d57aee46e27eb8eb2c377e736550
a704116ea736ca16ace060115930624785b33e0f0ba8819e60406336561ced34
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A704116EA736CA16ACE060115930624785B33E0F0BA8819E60406336561CED34"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15322
Expires: Mon, 12 Dec 2022 03:50:46 GMT
Date: Sun, 11 Dec 2022 23:35:24 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/1.1 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20039
Date: Sun, 11 Dec 2022 22:23:10 GMT
Expires: Mon, 12 Dec 2022 00:23:10 GMT
Cache-Control: public, max-age=7200
Age: 4334
Last-Modified: Tue, 27 Sep 2022 22:01:05 GMT
Content-Type: text/javascript
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4f59766c2fbd3c45359e028feba76529
01ca4b880afac47af0d6c0cd7d996ffccff57132
d54cf91ffbf4c5147cc6ea9c5cae537d3ae442513a34e9c1fe6a5169aa13174d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4f59766c2fbd3c45359e028feba76529
01ca4b880afac47af0d6c0cd7d996ffccff57132
d54cf91ffbf4c5147cc6ea9c5cae537d3ae442513a34e9c1fe6a5169aa13174d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 279 B IP
Hash 25880c5debe9ae26baa02044822a1fbc
5ff23639c3183d18a20c5a3dbadaa0f809b080f0
2ecb24d2679e935e7ac85a3dfd9a0aad32138ca82764ae14263c6ebbf087a998
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1967
Cache-Control: max-age=156153
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:24 GMT
Etag: "63962086-117"
Expires: Tue, 13 Dec 2022 18:57:57 GMT
Last-Modified: Sun, 11 Dec 2022 18:25:10 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279
imasdk.googleapis.com/js/sdkloader/ima3.js
200 OK 127 kB URL HTTP/1.1 imasdk.googleapis.com/js/sdkloader/ima3.js
IP
File type ASCII text, with very long lines (2791)
Size 127 kB (126857 bytes)
Hash 21194044394ef476e44611727d8f00dd
ba7ffffa00243495b382bdef73a0561f0f47f05d
bc67b3ddd745e176311e8f19bc0f4881f232b8a12813e76adc65767a78866254
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Content-Length: 126857
Date: Sun, 11 Dec 2022 23:35:24 GMT
Expires: Sun, 11 Dec 2022 23:35:24 GMT
Cache-Control: private, max-age=900, stale-while-revalidate=3600
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 11 Dec 2022 22:41:08 GMT
expires: Mon, 12 Dec 2022 00:41:08 GMT
cache-control: public, max-age=7200
age: 3256
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash a1cadf6d4dbe1dec2007740a4d96cb6e
5315c19d50d7189760af1c89403a50a3fd0ae03e
f1f98f465c4cc1eb92a46a361a123ac8a9e1675ecd790444257c7454c173fa49
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 11 Dec 2022 23:35:24 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1997127706%3A1670801724681306&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4HMB_tM0lZpRuMy93m93wYzybg7PqZna_8-jbDE6rB9IVYbiH4urO64lwjyWCuwDeNRJwqdA
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-rcpv4Z_Uj4-dvTrRoeA6nA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:k6SJ_TzcchxJubp6sBIdTSD-OfAYaw:5h2I2bPjJ94QogbT;Path=/;Expires=Tue, 10-Dec-2024 23:35:24 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
restorationpencil.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3qwgeFHZi4IwiAcFM%2Bme7p6ZdoXFuEaC2STsruRqVVf1pExNV1PVPT0JCMEF2eN4EY%2BdN%2FnBrovsgldBJoJIQHAUZEDzD3gSYU8eZJKB0e%2FQ3%2Ff6fYf33lefHRTnxEVBJ5u39J5Uii6Fdbf2%2BpZMuS5tbf1uzXPr7vXalkybwfVaf%2Foxvbc8N6y7b9TeF%2FGOXmq4nut6rldbkUYkur90wUJmjyKvHrn1oFH3wgB9839sCweWOuC9c%2FIiJB8%2Fs%2F3jE8h4hLT7%2BKawO7nO3nyvWyiaa4MeP%2Fkw3Ul1maI7HxPjIElPZtvQdkzIl1eg05OZA%2Bje4dQBmBwT5zcPLD2ZyQTrHV0qZQoiBePPoeyNINQIko4Q63uQ%2FGcCxBzrG0i7x%2BvalHT3kqVTdkyuPv0bshyTq39cQ9r9elnJfu2OVkUudWrRTyrI%2FgiyM0JWnCLfcyDLU8T5p5D8J7L0dA1p93DDKg3JJ6%2FRKIkaIWsv%2Bk0%2FWAwCN1qM3KC92Ax5iyd%2Bi0c%2BvYhIyhFkMoISA1C7gMI6KKSDInFQZA66fFKjYZS4bithie%2B3gziOfT%2BOw3aTh9wP2omLIp56GCDPBojVALHZR2b2sSMHMMV3sNsVLHdgc4Ier1AKgtISlJSglARlTlD2qiOubMNWx1zZgnmz3ph1vxrqvHNAj3TeESk5yM7JC9PgnOcfXsOOmNSSsB0mzTBuxs3Qa%2FgsCjl3Iyb8RsCFzxisrCDtFVDrYE%2BOycInfyKTY3JleQmMnsKqU8TyVdDiFdBy2Gq4oNvDoO1iLz0WfVGXGlxXyPKryHedA3VOXro4nf%2BrgojPbnzEbo3%2FevAPYlMhMxU%2Blt8TdNT94W1dksPburTkyUaWy67co9Oz3slpLhYefiB2S2346k07ePBOPCWm46O7wuZrNOUy7Vjy1bLkXJgVbWJBvl21W4JtFnZ7uTBpka1tvruy2s2MsFbqdAQqx4T8cIZYjsmz30wunuzLvz%2BGNCOYokK3OCOzgtSniLN92Gyu32oCo%2BY7LHNQFtXQNNj8p5IESswxZRXsfzCbzwf2PjrGAc3vIe1W6JkKPVWBqgFssTDMM3N24xf%2FosCUM2TKOIdMGfX5ZbhWTmoiTNxEuA3BkoglLeryKAkiRiNPtFhIPeR2HH8h3%2F4XAAD%2F%2FwEAAP%2F%2FfGkbz4oEAAA%3D
200 OK 7 B URL HTTP/1.1 restorationpencil.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3qwgeFHZi4IwiAcFM%2Bme7p6ZdoXFuEaC2STsruRqVVf1pExNV1PVPT0JCMEF2eN4EY%2BdN%2FnBrovsgldBJoJIQHAUZEDzD3gSYU8eZJKB0e%2FQ3%2Ff6fYf33lefHRTnxEVBJ5u39J5Uii6Fdbf2%2BpZMuS5tbf1uzXPr7vXalkybwfVaf%2Foxvbc8N6y7b9TeF%2FGOXmq4nut6rldbkUYkur90wUJmjyKvHrn1oFH3wgB9839sCweWOuC9c%2FIiJB8%2Fs%2F3jE8h4hLT7%2BKawO7nO3nyvWyiaa4MeP%2Fkw3Ul1maI7HxPjIElPZtvQdkzIl1eg05OZA%2Bje4dQBmBwT5zcPLD2ZyQTrHV0qZQoiBePPoeyNINQIko4Q63uQ%2FGcCxBzrG0i7x%2BvalHT3kqVTdkyuPv0bshyTq39cQ9r9elnJfu2OVkUudWrRTyrI%2FgiyM0JWnCLfcyDLU8T5p5D8J7L0dA1p93DDKg3JJ6%2FRKIkaIWsv%2Bk0%2FWAwCN1qM3KC92Ax5iyd%2Bi0c%2BvYhIyhFkMoISA1C7gMI6KKSDInFQZA66fFKjYZS4bithie%2B3gziOfT%2BOw3aTh9wP2omLIp56GCDPBojVALHZR2b2sSMHMMV3sNsVLHdgc4Ier1AKgtISlJSglARlTlD2qiOubMNWx1zZgnmz3ph1vxrqvHNAj3TeESk5yM7JC9PgnOcfXsOOmNSSsB0mzTBuxs3Qa%2FgsCjl3Iyb8RsCFzxisrCDtFVDrYE%2BOycInfyKTY3JleQmMnsKqU8TyVdDiFdBy2Gq4oNvDoO1iLz0WfVGXGlxXyPKryHedA3VOXro4nf%2BrgojPbnzEbo3%2FevAPYlMhMxU%2Blt8TdNT94W1dksPburTkyUaWy67co9Oz3slpLhYefiB2S2346k07ePBOPCWm46O7wuZrNOUy7Vjy1bLkXJgVbWJBvl21W4JtFnZ7uTBpka1tvruy2s2MsFbqdAQqx4T8cIZYjsmz30wunuzLvz%2BGNCOYokK3OCOzgtSniLN92Gyu32oCo%2BY7LHNQFtXQNNj8p5IESswxZRXsfzCbzwf2PjrGAc3vIe1W6JkKPVWBqgFssTDMM3N24xf%2FosCUM2TKOIdMGfX5ZbhWTmoiTNxEuA3BkoglLeryKAkiRiNPtFhIPeR2HH8h3%2F4XAAD%2F%2FwEAAP%2F%2FfGkbz4oEAAA%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3qwgeFHZi4IwiAcFM%2Bme7p6ZdoXFuEaC2STsruRqVVf1pExNV1PVPT0JCMEF2eN4EY%2BdN%2FnBrovsgldBJoJIQHAUZEDzD3gSYU8eZJKB0e%2FQ3%2Ff6fYf33lefHRTnxEVBJ5u39J5Uii6Fdbf2%2BpZMuS5tbf1uzXPr7vXalkybwfVaf%2Foxvbc8N6y7b9TeF%2FGOXmq4nut6rldbkUYkur90wUJmjyKvHrn1oFH3wgB9839sCweWOuC9c%2FIiJB8%2Fs%2F3jE8h4hLT7%2BKawO7nO3nyvWyiaa4MeP%2Fkw3Ul1maI7HxPjIElPZtvQdkzIl1eg05OZA%2Bje4dQBmBwT5zcPLD2ZyQTrHV0qZQoiBePPoeyNINQIko4Q63uQ%2FGcCxBzrG0i7x%2BvalHT3kqVTdkyuPv0bshyTq39cQ9r9elnJfu2OVkUudWrRTyrI%2FgiyM0JWnCLfcyDLU8T5p5D8J7L0dA1p93DDKg3JJ6%2FRKIkaIWsv%2Bk0%2FWAwCN1qM3KC92Ax5iyd%2Bi0c%2BvYhIyhFkMoISA1C7gMI6KKSDInFQZA66fFKjYZS4bithie%2B3gziOfT%2BOw3aTh9wP2omLIp56GCDPBojVALHZR2b2sSMHMMV3sNsVLHdgc4Ier1AKgtISlJSglARlTlD2qiOubMNWx1zZgnmz3ph1vxrqvHNAj3TeESk5yM7JC9PgnOcfXsOOmNSSsB0mzTBuxs3Qa%2FgsCjl3Iyb8RsCFzxisrCDtFVDrYE%2BOycInfyKTY3JleQmMnsKqU8TyVdDiFdBy2Gq4oNvDoO1iLz0WfVGXGlxXyPKryHedA3VOXro4nf%2BrgojPbnzEbo3%2FevAPYlMhMxU%2Blt8TdNT94W1dksPburTkyUaWy67co9Oz3slpLhYefiB2S2346k07ePBOPCWm46O7wuZrNOUy7Vjy1bLkXJgVbWJBvl21W4JtFnZ7uTBpka1tvruy2s2MsFbqdAQqx4T8cIZYjsmz30wunuzLvz%2BGNCOYokK3OCOzgtSniLN92Gyu32oCo%2BY7LHNQFtXQNNj8p5IESswxZRXsfzCbzwf2PjrGAc3vIe1W6JkKPVWBqgFssTDMM3N24xf%2FosCUM2TKOIdMGfX5ZbhWTmoiTNxEuA3BkoglLeryKAkiRiNPtFhIPeR2HH8h3%2F4XAAD%2F%2FwEAAP%2F%2FfGkbz4oEAAA%3D HTTP/1.1
Host: restorationpencil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Cookie: u_pl=17869332; uid_id2=a9f925b8-3634-4409-9048-65d7df37d93a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:35:24 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 63fcacd2f136086ff991667d116c97e3
Strict-Transport-Security: max-age=0; includeSubdomains
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash b91b939a1502b71172b016abbfd87009
5732537c54b9ac581d1c2e0a4f2f520f3d88ef14
5a8bce22f8d92bae9106f26eb48a877bccc2938d311a7ea8ce447245339aec87
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 11 Dec 2022 23:35:24 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1542748749%3A1670801724699080&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4CuC3BmHp9oegkXNUXysPd4AW6keilY9r95umgD_CFC_C1Mzb8SF2c8D9awx_LV6eJiSRbbg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-uJJ0XeHS5k3ExpoSgOENtA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:JhBdK1IluRZ2zNPOCGcqchxMb6gx:9rhl1lxlBREVpQjb;Path=/;Expires=Tue, 10-Dec-2024 23:35:24 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 165cab5e8773c2efa14c92a3e9c175bd
b748989dd5e6d57aee46e27eb8eb2c377e736550
a704116ea736ca16ace060115930624785b33e0f0ba8819e60406336561ced34
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A704116EA736CA16ACE060115930624785B33E0F0BA8819E60406336561CED34"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15322
Expires: Mon, 12 Dec 2022 03:50:46 GMT
Date: Sun, 11 Dec 2022 23:35:24 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a41c1c2a6aad29835a33369555bbe359
4e104748d3d8c3237d58e03b6f7493fcc9182142
a0495e2ab6ed55134a4bf56eb85252977c6978eb965b14724d47e3c979f25ab4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash f2fe38459d0ccc099737952c3fb1120d
ba046b002ef7febee75a5c144b2dee517d980ff0
47d8f1731767a59740ddecb7692a6e7697912303ca860e9900fee4b3f3a0a80a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "47D8F1731767A59740DDECB7692A6E7697912303CA860E9900FEE4B3F3A0A80A"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6849
Expires: Mon, 12 Dec 2022 01:29:33 GMT
Date: Sun, 11 Dec 2022 23:35:24 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash f2fe38459d0ccc099737952c3fb1120d
ba046b002ef7febee75a5c144b2dee517d980ff0
47d8f1731767a59740ddecb7692a6e7697912303ca860e9900fee4b3f3a0a80a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "47D8F1731767A59740DDECB7692A6E7697912303CA860E9900FEE4B3F3A0A80A"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6849
Expires: Mon, 12 Dec 2022 01:29:33 GMT
Date: Sun, 11 Dec 2022 23:35:24 GMT
Connection: keep-alive
restorationpencil.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Findex.html&l=1559&fd=119
200 OK 0 B URL HTTP/1.1 restorationpencil.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Findex.html&l=1559&fd=119
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Findex.html&l=1559&fd=119 HTTP/1.1
Host: restorationpencil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:35:24 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.digicert.com/
200 OK 471 B IP
Hash 3a1942bd2fc7c60d1cfffd1b72f202c1
2b95e8b0f97322d14ba4797016bf34314795771f
219bdf287c5cd0a9141d291c0d07db3831f095f2be854cbfe654ac57f2b7e49e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4238
Cache-Control: max-age=154452
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:24 GMT
Etag: "63961102-1d7"
Expires: Tue, 13 Dec 2022 18:29:36 GMT
Last-Modified: Sun, 11 Dec 2022 17:18:58 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
a.vdo.ai/core/assets/vdo.player.js
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/assets/vdo.player.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/assets/vdo.player.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 23:35:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Dec 2022 00:35:24 GMT
Location: https://a.vdo.ai/core/assets/vdo.player.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J0kx5eS8i%2Bd0qK0QGAUBkiKAdXQrZMywi9voucPGHVa%2F7HtYbcpDJ8n3kRZ946YDlnTdf5kxE0hup69loDYZogSYmqr%2F71KZTorA6MGgopas1zLS9%2FtvL0lH4g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7782095c69047324-LHR
alt-svc: h2=":443"; ma=60
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 11 Dec 2022 23:35:24 GMT
Date: Sun, 11 Dec 2022 23:35:24 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg
200 OK 22 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x292, components 3\012- data
Hash e1f754e6014f2a7636aa19acdf37eaa7
72ded7fb65560b2702630d5208386654f294e8e9
8b9e400d61eb3c28929db8209c3136b14e2112d6eb8b4f504b74f6cca67b50fe
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:35:24 GMT
content-type: image/jpeg
content-length: 21845
last-modified: Wed, 03 Aug 2022 08:33:45 GMT
etag: "62ea32e9-5555"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 583962
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z1RPzfqTg7c6yO%2Bf7cW1tZdxfB%2BDAJ4vLo9FciJXBXxiEppNuX%2BXViJrLJeNj%2BDyhnQ9TiPV8MvGQ6Z3%2FOtRdGQ4n3eSSX7LKAewFTycFHPA0NKX9ZqfkEyI6hOhCOSPsVzjZOBFkFcR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7782095c6a9423ab-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.vdo.ai/core/assets/rtb_v6.24.1.js
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/assets/rtb_v6.24.1.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/assets/rtb_v6.24.1.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 23:35:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Dec 2022 00:35:24 GMT
Location: https://a.vdo.ai/core/assets/rtb_v6.24.1.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PGe3IxYThgjPhqoqGZ%2FkqN%2F%2BjZiJ7PZs8pHO8eNsjHg%2Bktd5BmfocXYCD4JdV2wE1xEbGxqNyjm9ZvPmzDQEQJT69s0c%2Bld4v2%2B38kjaDGu9CvNZ7ILhUaIizg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7782095c99317324-LHR
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash f2fe38459d0ccc099737952c3fb1120d
ba046b002ef7febee75a5c144b2dee517d980ff0
47d8f1731767a59740ddecb7692a6e7697912303ca860e9900fee4b3f3a0a80a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "47D8F1731767A59740DDECB7692A6E7697912303CA860E9900FEE4B3F3A0A80A"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6849
Expires: Mon, 12 Dec 2022 01:29:33 GMT
Date: Sun, 11 Dec 2022 23:35:24 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css
200 OK 1.1 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css
IP
Hash 13a63d6b797c5e6b328f96554785640f
cddbea445e6683e97ceffaa6b951519f4d38d040
89b0635890e4fc6513d7998377d13a21d5651000c158811a14294b59fad1ab21
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:35:25 GMT
content-type: text/css
last-modified: Mon, 31 Jan 2022 15:54:46 GMT
etag: W/"61f80646-e35"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jFYgF66vUz2BcgMBdE8ur55%2BAAqwYJh%2B1YHVBNWoAjOryetL7s34dKZecNPWEqBlIkZj5aVTnNgIc04mFWRB4hDmby%2FQVZkcv0zI%2BHshEKfIrjrFq3MOsm4PKRLoaCNfF6njiZTJTF2G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7782095c2a3e23ab-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a41c1c2a6aad29835a33369555bbe359
4e104748d3d8c3237d58e03b6f7493fcc9182142
a0495e2ab6ed55134a4bf56eb85252977c6978eb965b14724d47e3c979f25ab4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
imasdk.googleapis.com/js/core/bridge3.549.0_en.html
200 OK 227 kB URL HTTP/1.1 imasdk.googleapis.com/js/core/bridge3.549.0_en.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (39845)
Size 227 kB (227324 bytes)
Hash 218d94ccb369687311175f7ec00afc59
c95b5a666ae1f797bd900eb761edf66d6493babc
6ccbc5be5e00381dfe25726314816f570041c6525318d83cabbe6d5599b925e3
GET /js/core/bridge3.549.0_en.html HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Content-Length: 227324
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 23:13:10 GMT
Expires: Thu, 07 Dec 2023 23:13:10 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 07 Dec 2022 23:06:21 GMT
Content-Type: text/html
Age: 346935
a.vdo.ai/core/assets/img/logo.svg
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/assets/img/logo.svg
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/assets/img/logo.svg HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 23:35:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Dec 2022 00:35:25 GMT
Location: https://a.vdo.ai/core/assets/img/logo.svg
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tvK9SbUt9qwoinGTP%2BvXRUZzCeMwvqmMtmbokdrny2FolHYvhnX4vEKkxhMWo%2BRWnAe2szWdDg87iqp6uvSr9ncfz6EhvYpNNCl4NjgKt3vXKFJl3%2FNx2Ara7g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 778209608b3f407d-LHR
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 633462c5bc4d631d0f28109676f1c4ef
5e971024687c599a40822616459355ab75a69aa6
464513db00c7735b28f8140ecd0a3a0641fce311481f736a946a1ed8e8e881d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 11 Dec 2022 23:33:11 GMT
expires: Mon, 12 Dec 2022 00:33:11 GMT
cache-control: public, max-age=3600
age: 134
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5015
Expires: Mon, 12 Dec 2022 00:59:00 GMT
Date: Sun, 11 Dec 2022 23:35:25 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5015
Expires: Mon, 12 Dec 2022 00:59:00 GMT
Date: Sun, 11 Dec 2022 23:35:25 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5015
Expires: Mon, 12 Dec 2022 00:59:00 GMT
Date: Sun, 11 Dec 2022 23:35:25 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5015
Expires: Mon, 12 Dec 2022 00:59:00 GMT
Date: Sun, 11 Dec 2022 23:35:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31846d25-a332-413d-b165-920d614e4459.jpeg
200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31846d25-a332-413d-b165-920d614e4459.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e259f6cfee2d6c0e6ed8f96667e49d29
e82afaa50d42a9f4f90681c20dfa4b6b0fbf0203
b7c94aa74cbb7477541aee3382a8754b2ece20f647366aab6743fddac2cfbb8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31846d25-a332-413d-b165-920d614e4459.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6907
x-amzn-requestid: 6fe7f356-3243-4bd0-b3b4-6a372b0b50be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAD7RGx2IAMFk8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d14-0313b6d539d75742114dab10;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:35:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xVD9tE77stQz0W8-59L1GvXaziDHQce7zswS48xfDK9P5m0AXXSjZA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:55:27 GMT
age: 5998
etag: "e82afaa50d42a9f4f90681c20dfa4b6b0fbf0203"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash ab7e3876457704d11addbee121cd2bd7
e764783b909d925899facc2dde59c94f20b261dc
37ed52eaeaef24a31e5d436f44c12ee44f960445fe7c25bc7e43b7994ff3a159
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 11 Dec 2022 23:35:25 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 11 Dec 2022 19:38:47 GMT
Expires: Mon, 12 Dec 2022 19:38:47 GMT
ETag: "e764783b909d925899facc2dde59c94f20b261dc"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcded97a1-bc2d-405f-b231-35f5af035463.jpeg
200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcded97a1-bc2d-405f-b231-35f5af035463.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 75dd1ecae61b991cd21929deb9244aac
4f14c9f7b36dfa356877251f1e6a0f5936286c4b
3435eda8961bb9954fcf5fd7c957ce58fd7aa4bb9e00525b8f42756adcf341e7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcded97a1-bc2d-405f-b231-35f5af035463.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6438
x-amzn-requestid: 517b1627-9789-48e8-b5df-106fee878820
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAENaGN6IAMFoUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d88-28cbd126745e8ab15d937936;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:37:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: amWbF9zOStURk7mvKoCOs0babDMecP7hOWzf4Hrn8RGThFiqv-_elg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:59:55 GMT
age: 5730
etag: "4f14c9f7b36dfa356877251f1e6a0f5936286c4b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95361d29-1f54-4e09-a474-8c1dad517a28.jpeg
200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95361d29-1f54-4e09-a474-8c1dad517a28.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a85ca34ade4d110c1a003e236440e330
01131ebb7bb94c36c441336dd4a21415be702c80
691205cb45ccec2bb7470b541eb2ffb45b63aec175ea3932ff54e6aa1dd375b8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95361d29-1f54-4e09-a474-8c1dad517a28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9066
x-amzn-requestid: 2e43266d-096b-429b-972f-15886558a84d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAENsFgToAMFd2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d8a-22c942d80ac86fb53f742405;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jUzAMkz0SJIT8Cqi0QnElPGp25QQ8hcLr7wPDugzdL2rldwHdhnsEw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 22:04:40 GMT
age: 5445
etag: "01131ebb7bb94c36c441336dd4a21415be702c80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0dc3da96-5b77-4fb2-bc43-14a2303cf2ab.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0dc3da96-5b77-4fb2-bc43-14a2303cf2ab.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash df5aef8a4b47db2eff330ac8df5cb601
70b17a00792b42e3ed26d06b92461b2de090f1e5
2c5962564e4e04e58c583b2708e8d8a1c610843fc53a29cc66bf87e6706a57d3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0dc3da96-5b77-4fb2-bc43-14a2303cf2ab.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11578
x-amzn-requestid: 3ba66794-67ea-422f-b58b-b9654901c93c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAENsFBWoAMF14Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d8a-0fdc76563f14abfd005edaa3;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Xw4kjQs7I3e31bExMBbdJDIIIfXBwTFpDHWBU0Fa4ipYLvHafl__AQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:59:55 GMT
age: 5730
etag: "70b17a00792b42e3ed26d06b92461b2de090f1e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5d9c5ff-aaa2-4c2a-ab2b-661f84126bf7.jpeg
200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5d9c5ff-aaa2-4c2a-ab2b-661f84126bf7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 86bce3d677c0dd541440ebf38920020d
f11e21b6ad97e07b1d7103ad40a2e158e06fda73
9e23bc16cd1402d9124ebb9e625a5580f677ca9e008d3e04dc95080072fd1df4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5d9c5ff-aaa2-4c2a-ab2b-661f84126bf7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7104
x-amzn-requestid: b1117224-be51-4e21-8b3b-01e5485f0af0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAD2yH4loAMFuWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964cf8-1382e1a6710239ec629eedb8;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:34:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A--8wjYJWCj_JD6eaj3FoD0dLarj6gvH2uQrmsEDLgPwZdQgtUmaoA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:57:39 GMT
etag: "f11e21b6ad97e07b1d7103ad40a2e158e06fda73"
content-type: image/jpeg
age: 5866
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9049bfa6-9526-4d2e-9da9-c3b1a0e69cb2.jpeg
200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9049bfa6-9526-4d2e-9da9-c3b1a0e69cb2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e99c41e53a999ff2a5eebb77a9799a3
227c059b3203a828486d3fa4f1a72cf5a51eb798
a235d4a432455a28c7682fdb863aff243dfa869c5ea48d4ae96ddd751726d754
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9049bfa6-9526-4d2e-9da9-c3b1a0e69cb2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9286
x-amzn-requestid: adf134d0-2bc6-4abe-9ff8-3b6b4af9e915
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAENZGVqIAMF6lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d88-34dc2c7d2a721ae10b08749c;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:37:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GVgc6WyucAV0u4c1nhULLUyijkRLrolckRYTJyUHvWqDVOoyByEIng==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:55:57 GMT
age: 5968
etag: "227c059b3203a828486d3fa4f1a72cf5a51eb798"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
restorationpencil.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fstyle.css&l=3637&fd=351
200 OK 0 B URL HTTP/1.1 restorationpencil.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fstyle.css&l=3637&fd=351
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fstyle.css&l=3637&fd=351 HTTP/1.1
Host: restorationpencil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:35:25 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 633462c5bc4d631d0f28109676f1c4ef
5e971024687c599a40822616459355ab75a69aa6
464513db00c7735b28f8140ecd0a3a0641fce311481f736a946a1ed8e8e881d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash ab7e3876457704d11addbee121cd2bd7
e764783b909d925899facc2dde59c94f20b261dc
37ed52eaeaef24a31e5d436f44c12ee44f960445fe7c25bc7e43b7994ff3a159
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 11 Dec 2022 23:35:25 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 11 Dec 2022 19:38:47 GMT
Expires: Mon, 12 Dec 2022 19:38:47 GMT
ETag: "e764783b909d925899facc2dde59c94f20b261dc"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash ab7e3876457704d11addbee121cd2bd7
e764783b909d925899facc2dde59c94f20b261dc
37ed52eaeaef24a31e5d436f44c12ee44f960445fe7c25bc7e43b7994ff3a159
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 11 Dec 2022 23:35:25 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 11 Dec 2022 19:38:47 GMT
Expires: Mon, 12 Dec 2022 19:38:47 GMT
ETag: "e764783b909d925899facc2dde59c94f20b261dc"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
restorationpencil.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fanimate.css&l=79245&fd=353
200 OK 0 B URL HTTP/1.1 restorationpencil.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fanimate.css&l=79245&fd=353
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fanimate.css&l=79245&fd=353 HTTP/1.1
Host: restorationpencil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:35:25 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sun, 11 Dec 2022 23:35:25 GMT
Connection: keep-alive
Expires: Mon, 11 Dec 2023 23:35:25 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
restorationpencil.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fjs%2Fscript.js&l=386&fd=351
200 OK 0 B URL HTTP/1.1 restorationpencil.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fjs%2Fscript.js&l=386&fd=351
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fjs%2Fscript.js&l=386&fd=351 HTTP/1.1
Host: restorationpencil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:35:25 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
200 OK 7.7 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
IP
Hash d5e9791c6a93b55f61645f1c6d458f8d
6c13509e471d2c616b0037991bf515de17d0bc77
4b2244fecd11c0619d1213b38af69402d4e75cf7ef9eaf83a7f861cdc3abfb54
GET /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 11 Dec 2022 23:35:25 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d3b-bf8c"
Expires: Mon, 11 Dec 2023 23:35:25 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/16494291789562504aba5f866.png
200 OK 69 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/16494291789562504aba5f866.png
IP
File type PNG image data, 320 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash b49d6e91482e1db917958f2a32a0b1bc
38c5ad2beec3f2cd782da2ee1a9f300a57a5115e
4ef36c7fb595d9e325c5d15b8143c03774407dc5da6c9a77ff9160580136a46d
GET /media_file/v-exee-app/source/uploads/thumbnails/16494291789562504aba5f866.png HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 11 Dec 2022 23:35:25 GMT
Content-Type: image/png
Content-Length: 69290
Last-Modified: Fri, 08 Apr 2022 14:46:21 GMT
Connection: keep-alive
ETag: "62504abd-10eaa"
Expires: Mon, 11 Dec 2023 23:35:25 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4ff941976d54fb3509d71d021fee5ec9
1d426b24ca16bb0043a838a9b066d44f23833468
bffa7b806f826caeee50cfc4a24b8ac1b1f9e7bc758cbb08c919c960bcaf082e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/instream/video/client.js
200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Sun, 11 Dec 2022 23:35:26 GMT
expires: Sun, 11 Dec 2022 23:35:26 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 21:13:27 GMT
Expires: Thu, 07 Dec 2023 21:13:27 GMT
Cache-Control: public, max-age=31536000
Age: 354119
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 21:12:42 GMT
Expires: Thu, 07 Dec 2023 21:12:42 GMT
Cache-Control: public, max-age=31536000
Age: 354164
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4ff941976d54fb3509d71d021fee5ec9
1d426b24ca16bb0043a838a9b066d44f23833468
bffa7b806f826caeee50cfc4a24b8ac1b1f9e7bc758cbb08c919c960bcaf082e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
restorationpencil.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR9lYkguFHJRkFoxIWC01PVVdXdZYTgGCPBfJFEsvV9Vc9zXtcr3qvq6gwIgwHJst2Iy5rT80FikATcCtIjiAwItoI06PwBVyJk5UJ6pqH1LureU%2Bcuzjn3fbZTHhMfJZ3duGq2lNZ0LW76jdfvqEyYyjWu3W4EftM%2F37ijsnZ0vjGcf%2BzgrcCPm%2F4bjfcl3zRrLT%2Fw%2FcAPGpeUlakZrp2wUPmjJGgmfjNqNYM4wtD%2BH7vSg6MexOCYvAglps9s%2FPgEik%2BQ9R9flG6zMPmb7%2FVLTQtjMRAHH2abmaky9Jdjaj2k2cFiG8ZNCfnyDEx2sHAAM9idOwBTU%2BL9FoBlBwuZYIO9U6VMQ2Zg4jlUgwmknkDRCbi5ByV%2BJgAXuHYdWX%2F%2FmrEVvXvK0jk7JWef%2Fg1VTcnZP84h63%2B9rtWwccvoslAmcximNdRwAtWbIC8PUWx5UNUhePEplPiJrD29gqy%2Fe91pAyVmr9EkTVox666G7TBajSI%2FWU38qLvajkVHpGFHJCE9iUipCVQ6gZYjULeC0nkolYcy9VDmHvpi1qBxkvp%2BJ2VpGHYjznkYch532yIWYdRNfZR87mGEIh%2BB6xG43UZut7GpRrDld3AbNZzw4AqCgahRSYLKEVSUoFIEVUFQDeo9oV3L1ftCu5IFi95a9LAem6K3Q%2FdM0ZMZ2cmPyQvz4LznH57Dppw10rgbp%2B2Yt3k7DlohS2Ih%2FITJsBUJGTIGp2oodwbUedhSU7LyyZ%2FI1ZScWV8Do4dw%2BhBcvQpavgJajTstH3RjHHV9bGX7ciibykCYGnlxFsVdb0cfk5dOThf%2BqiH50YWP2NXpXw%2F%2BAbc1clvjY%2FU9QU%2FfH980Fdm9aSpHnlzPC9VXW3R%2B1lsFLeTKww%2Fk3cpYcfmiGz14h8%2BJ%2BfjotnTFFZoJlfUc%2BWpdCSHtJWO5JN9edncku1G6jfXSZmV%2B5ca7ly73cyudUyabgKopIT8cgaspefab2cmTffn3x1B2AlvW6JdHZFFQ5hA834bLl%2FqdIbB6ucNyD1VZj22LLX9qRaDlElNWw%2F0Hs%2BW84%2B6jZz3Q4h6yfo2BrTHQNagewZUr4yK3Rxd%2BCU8KTHtjpq23y7TVn5%2BG69SsEQeR7LJuhwvBJBdBpxV2Q99vCRF1EhkkKNyUf6He%2FhcAAP%2F%2FAQAA%2F%2F9oYZUpigQAAA%3D%3D
200 OK 679 B URL HTTP/1.1 restorationpencil.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR9lYkguFHJRkFoxIWC01PVVdXdZYTgGCPBfJFEsvV9Vc9zXtcr3qvq6gwIgwHJst2Iy5rT80FikATcCtIjiAwItoI06PwBVyJk5UJ6pqH1LureU%2Bcuzjn3fbZTHhMfJZ3duGq2lNZ0LW76jdfvqEyYyjWu3W4EftM%2F37ijsnZ0vjGcf%2BzgrcCPm%2F4bjfcl3zRrLT%2Fw%2FcAPGpeUlakZrp2wUPmjJGgmfjNqNYM4wtD%2BH7vSg6MexOCYvAglps9s%2FPgEik%2BQ9R9flG6zMPmb7%2FVLTQtjMRAHH2abmaky9Jdjaj2k2cFiG8ZNCfnyDEx2sHAAM9idOwBTU%2BL9FoBlBwuZYIO9U6VMQ2Zg4jlUgwmknkDRCbi5ByV%2BJgAXuHYdWX%2F%2FmrEVvXvK0jk7JWef%2Fg1VTcnZP84h63%2B9rtWwccvoslAmcximNdRwAtWbIC8PUWx5UNUhePEplPiJrD29gqy%2Fe91pAyVmr9EkTVox666G7TBajSI%2FWU38qLvajkVHpGFHJCE9iUipCVQ6gZYjULeC0nkolYcy9VDmHvpi1qBxkvp%2BJ2VpGHYjznkYch532yIWYdRNfZR87mGEIh%2BB6xG43UZut7GpRrDld3AbNZzw4AqCgahRSYLKEVSUoFIEVUFQDeo9oV3L1ftCu5IFi95a9LAem6K3Q%2FdM0ZMZ2cmPyQvz4LznH57Dppw10rgbp%2B2Yt3k7DlohS2Ih%2FITJsBUJGTIGp2oodwbUedhSU7LyyZ%2FI1ZScWV8Do4dw%2BhBcvQpavgJajTstH3RjHHV9bGX7ciibykCYGnlxFsVdb0cfk5dOThf%2BqiH50YWP2NXpXw%2F%2BAbc1clvjY%2FU9QU%2FfH980Fdm9aSpHnlzPC9VXW3R%2B1lsFLeTKww%2Fk3cpYcfmiGz14h8%2BJ%2BfjotnTFFZoJlfUc%2BWpdCSHtJWO5JN9edncku1G6jfXSZmV%2B5ca7ly73cyudUyabgKopIT8cgaspefab2cmTffn3x1B2AlvW6JdHZFFQ5hA834bLl%2FqdIbB6ucNyD1VZj22LLX9qRaDlElNWw%2F0Hs%2BW84%2B6jZz3Q4h6yfo2BrTHQNagewZUr4yK3Rxd%2BCU8KTHtjpq23y7TVn5%2BG69SsEQeR7LJuhwvBJBdBpxV2Q99vCRF1EhkkKNyUf6He%2FhcAAP%2F%2FAQAA%2F%2F9oYZUpigQAAA%3D%3D
IP
Hash 96d0e2040c537ccbf5b98cb0492b8015
15ec0b2e00ef57b79476ad53f311f74f0d03ccf4
03a726255f9a9b1fec15e395b1c6dc16257c2adcf490eccdae55a6c454c757cf
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR9lYkguFHJRkFoxIWC01PVVdXdZYTgGCPBfJFEsvV9Vc9zXtcr3qvq6gwIgwHJst2Iy5rT80FikATcCtIjiAwItoI06PwBVyJk5UJ6pqH1LureU%2Bcuzjn3fbZTHhMfJZ3duGq2lNZ0LW76jdfvqEyYyjWu3W4EftM%2F37ijsnZ0vjGcf%2BzgrcCPm%2F4bjfcl3zRrLT%2Fw%2FcAPGpeUlakZrp2wUPmjJGgmfjNqNYM4wtD%2BH7vSg6MexOCYvAglps9s%2FPgEik%2BQ9R9flG6zMPmb7%2FVLTQtjMRAHH2abmaky9Jdjaj2k2cFiG8ZNCfnyDEx2sHAAM9idOwBTU%2BL9FoBlBwuZYIO9U6VMQ2Zg4jlUgwmknkDRCbi5ByV%2BJgAXuHYdWX%2F%2FmrEVvXvK0jk7JWef%2Fg1VTcnZP84h63%2B9rtWwccvoslAmcximNdRwAtWbIC8PUWx5UNUhePEplPiJrD29gqy%2Fe91pAyVmr9EkTVox666G7TBajSI%2FWU38qLvajkVHpGFHJCE9iUipCVQ6gZYjULeC0nkolYcy9VDmHvpi1qBxkvp%2BJ2VpGHYjznkYch532yIWYdRNfZR87mGEIh%2BB6xG43UZut7GpRrDld3AbNZzw4AqCgahRSYLKEVSUoFIEVUFQDeo9oV3L1ftCu5IFi95a9LAem6K3Q%2FdM0ZMZ2cmPyQvz4LznH57Dppw10rgbp%2B2Yt3k7DlohS2Ih%2FITJsBUJGTIGp2oodwbUedhSU7LyyZ%2FI1ZScWV8Do4dw%2BhBcvQpavgJajTstH3RjHHV9bGX7ciibykCYGnlxFsVdb0cfk5dOThf%2BqiH50YWP2NXpXw%2F%2BAbc1clvjY%2FU9QU%2FfH980Fdm9aSpHnlzPC9VXW3R%2B1lsFLeTKww%2Fk3cpYcfmiGz14h8%2BJ%2BfjotnTFFZoJlfUc%2BWpdCSHtJWO5JN9edncku1G6jfXSZmV%2B5ca7ly73cyudUyabgKopIT8cgaspefab2cmTffn3x1B2AlvW6JdHZFFQ5hA834bLl%2FqdIbB6ucNyD1VZj22LLX9qRaDlElNWw%2F0Hs%2BW84%2B6jZz3Q4h6yfo2BrTHQNagewZUr4yK3Rxd%2BCU8KTHtjpq23y7TVn5%2BG69SsEQeR7LJuhwvBJBdBpxV2Q99vCRF1EhkkKNyUf6He%2FhcAAP%2F%2FAQAA%2F%2F9oYZUpigQAAA%3D%3D HTTP/1.1
Host: restorationpencil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Cookie: u_pl=17869332; uid_id2=a9f925b8-3634-4409-9048-65d7df37d93a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:35:26 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 97bff73ed83dd1e5069ad2bb51143fa9
Strict-Transport-Security: max-age=0; includeSubdomains
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sun, 11 Dec 2022 23:35:26 GMT
Connection: keep-alive
Expires: Mon, 11 Dec 2023 23:35:26 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
restorationpencil.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 restorationpencil.com/pixel/sbs?c=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: restorationpencil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Cookie: u_pl=17869332; uid_id2=a9f925b8-3634-4409-9048-65d7df37d93a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 23:35:26 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
adservice.google.com/adsid/integrator.js?domain=exee.app
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 11 Dec 2022 23:35:26 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
206 Partial Content 391 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
IP
Size 391 kB (391040 bytes)
Hash 1b12fa9a67b15135ee51bd1adfdd5831
6803487aeb9c8614bcb7d5173fd5c8e8d99e8cbd
6c90bfc07e47febe7dd92eb1bc86b7f67d54a6cbad30577c9efe629eeeb24a22
GET /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-391039
vdoai: true
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.20.1
Date: Sun, 11 Dec 2022 23:35:26 GMT
Content-Type: video/mp2t
Content-Length: 391040
Last-Modified: Sat, 30 Jul 2022 00:37:15 GMT
Connection: keep-alive
ETag: "62e47d3b-113cda88"
Expires: Mon, 11 Dec 2023 23:35:26 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-391039/289200776
pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=http%3A%2F%2Fexee.app%2FrOPYV&tfcd=0&npa=0&correlator=3856782276840436&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=http%3A%2F%2Fexee.app%2FrOPYV&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.549.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.549.0&media_url=blob%3Ahttp%253a%2F%2Fexee.app%2F0ffca56e-331c-494e-8d5e-b02596656f9d&sid=0AF5D280-9EB2-4BEE-9561-67002639C1F8&nel=0&eid=44748969%2C44765701&dlt=1670801721502&idt=2547&dt=1670801725097&cookie_enabled=1&scor=1959658343830074&ged=ve4_td3_tt1_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
200 OK 113 B URL HTTP/2 pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=http%3A%2F%2Fexee.app%2FrOPYV&tfcd=0&npa=0&correlator=3856782276840436&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=http%3A%2F%2Fexee.app%2FrOPYV&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.549.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.549.0&media_url=blob%3Ahttp%253a%2F%2Fexee.app%2F0ffca56e-331c-494e-8d5e-b02596656f9d&sid=0AF5D280-9EB2-4BEE-9561-67002639C1F8&nel=0&eid=44748969%2C44765701&dlt=1670801721502&idt=2547&dt=1670801725097&cookie_enabled=1&scor=1959658343830074&ged=ve4_td3_tt1_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
IP
File type XML 1.0 document text\012- XML document, ASCII text
Hash 9e5d36292a75aef07bdde5891b2e4a7b
8d69904b7df5e550f1884e06c139bd9661eb2917
92ffc3ec51e068750c23ae95041fd670aa4aa60ce3a5295ad27d2179d0780168
GET /gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=http%3A%2F%2Fexee.app%2FrOPYV&tfcd=0&npa=0&correlator=3856782276840436&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=http%3A%2F%2Fexee.app%2FrOPYV&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.549.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.549.0&media_url=blob%3Ahttp%253a%2F%2Fexee.app%2F0ffca56e-331c-494e-8d5e-b02596656f9d&sid=0AF5D280-9EB2-4BEE-9561-67002639C1F8&nel=0&eid=44748969%2C44765701&dlt=1670801721502&idt=2547&dt=1670801725097&cookie_enabled=1&scor=1959658343830074&ged=ve4_td3_tt1_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491 HTTP/1.1
Host: pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://imasdk.googleapis.com
Connection: keep-alive
Referer: http://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: http://imasdk.googleapis.com
google-lineitem-id: -2
google-creative-id: -2
google-mediationgroup-id: -2
google-mediationtag-id: -2
date: Sun, 11 Dec 2022 23:35:27 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 113
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 11-Dec-2022 23:50:26 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=a9f925b8-3634-4409-9048-65d7df37d93a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=a9f925b8-3634-4409-9048-65d7df37d93a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=a9f925b8-3634-4409-9048-65d7df37d93a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 11 Dec 2022 23:35:27 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4a0876b9f8650015d12b5ed4927bfec9
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=a9f925b8-3634-4409-9048-65d7df37d93a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=a9f925b8-3634-4409-9048-65d7df37d93a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=a9f925b8-3634-4409-9048-65d7df37d93a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 11 Dec 2022 23:35:27 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a1d1bea3a6e15c2fbbcbd0a68f99bb1f
Strict-Transport-Security: max-age=0; includeSubdomains
imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-video-pub-7094677798399606
200 OK 453 B URL HTTP/2 imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-video-pub-7094677798399606
IP
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash 939bda96a28170229c6acc3f0fa65805
659beee7bc2669240383b337ab0787d1f7286498
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
GET /formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-video-pub-7094677798399606 HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
timing-allow-origin: *
content-length: 453
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 11 Dec 2022 23:04:58 GMT
expires: Sun, 11 Dec 2022 23:54:58 GMT
cache-control: public, max-age=3000
age: 1830
last-modified: Wed, 13 Oct 2021 14:28:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/interaction/?ai=Cnvv6P2mWY-3LOpyS7APOwZ2YA47dl8Ft0KLWuP8Q4-SDpa4kEAEgrNaJRmDDhICAmBigAbqxqrQCyAEFqQJIr7ya8td6PuACAKgDAZgEAKoEjwJP0HdNWiwbn1C3XODa6F6qIfkh5Vt65zpYAcWm6VyFvjoJqjEGL-X_pqgrVTiW2-uJlRMOdl0pDAvfTAskwz4yl3s4yVS9quck5KlL32MWvfgWyP2dpoy7Tk3gpAR6N2kp5qxHgVn7MMHZrOVV0FWAIPpukLEreguVWVJulOOW0AalEIJYwedUzGLQtnvqwwseqwHKgtOWNwknxDyiVMOlb26j_-qlT9ywaIr7cRhgDQy7GfBvPf-CNk_omN6CDKfXkrTsnodv5oHSSFV38KpaLsN9-bCKnfHdyB9fAmftlzzSxSbiYF8eXoc-K-VgfdNiukF7F5PKpiHk7yivCdobf_HMOzlooM9OELBeZgk2wASxq6OMlQTgBAGgBleAB67O1csBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHAdIIEgiI4YAQEAEYHTIDqoIBOgKAQLEJ_9fhdnf-o_CACgOYCwHICwHQCw-4DAGaDQEP2BMT0BUB-BYBgBcB&sigh=oOY9kJva318&label=show_ad&sdkv=h.3.549.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDU4Mzk2NTk3MDc2ODIMNjM2MDg2MTg3ODAwQL0CUiMQDyUAAHBBKAE6C1BIVjl2SjA1Z0ZrQglnb29nbGVhZHNQABgB
200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/interaction/?ai=Cnvv6P2mWY-3LOpyS7APOwZ2YA47dl8Ft0KLWuP8Q4-SDpa4kEAEgrNaJRmDDhICAmBigAbqxqrQCyAEFqQJIr7ya8td6PuACAKgDAZgEAKoEjwJP0HdNWiwbn1C3XODa6F6qIfkh5Vt65zpYAcWm6VyFvjoJqjEGL-X_pqgrVTiW2-uJlRMOdl0pDAvfTAskwz4yl3s4yVS9quck5KlL32MWvfgWyP2dpoy7Tk3gpAR6N2kp5qxHgVn7MMHZrOVV0FWAIPpukLEreguVWVJulOOW0AalEIJYwedUzGLQtnvqwwseqwHKgtOWNwknxDyiVMOlb26j_-qlT9ywaIr7cRhgDQy7GfBvPf-CNk_omN6CDKfXkrTsnodv5oHSSFV38KpaLsN9-bCKnfHdyB9fAmftlzzSxSbiYF8eXoc-K-VgfdNiukF7F5PKpiHk7yivCdobf_HMOzlooM9OELBeZgk2wASxq6OMlQTgBAGgBleAB67O1csBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHAdIIEgiI4YAQEAEYHTIDqoIBOgKAQLEJ_9fhdnf-o_CACgOYCwHICwHQCw-4DAGaDQEP2BMT0BUB-BYBgBcB&sigh=oOY9kJva318&label=show_ad&sdkv=h.3.549.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDU4Mzk2NTk3MDc2ODIMNjM2MDg2MTg3ODAwQL0CUiMQDyUAAHBBKAE6C1BIVjl2SjA1Z0ZrQglnb29nbGVhZHNQABgB
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/interaction/?ai=Cnvv6P2mWY-3LOpyS7APOwZ2YA47dl8Ft0KLWuP8Q4-SDpa4kEAEgrNaJRmDDhICAmBigAbqxqrQCyAEFqQJIr7ya8td6PuACAKgDAZgEAKoEjwJP0HdNWiwbn1C3XODa6F6qIfkh5Vt65zpYAcWm6VyFvjoJqjEGL-X_pqgrVTiW2-uJlRMOdl0pDAvfTAskwz4yl3s4yVS9quck5KlL32MWvfgWyP2dpoy7Tk3gpAR6N2kp5qxHgVn7MMHZrOVV0FWAIPpukLEreguVWVJulOOW0AalEIJYwedUzGLQtnvqwwseqwHKgtOWNwknxDyiVMOlb26j_-qlT9ywaIr7cRhgDQy7GfBvPf-CNk_omN6CDKfXkrTsnodv5oHSSFV38KpaLsN9-bCKnfHdyB9fAmftlzzSxSbiYF8eXoc-K-VgfdNiukF7F5PKpiHk7yivCdobf_HMOzlooM9OELBeZgk2wASxq6OMlQTgBAGgBleAB67O1csBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHAdIIEgiI4YAQEAEYHTIDqoIBOgKAQLEJ_9fhdnf-o_CACgOYCwHICwHQCw-4DAGaDQEP2BMT0BUB-BYBgBcB&sigh=oOY9kJva318&label=show_ad&sdkv=h.3.549.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDU4Mzk2NTk3MDc2ODIMNjM2MDg2MTg3ODAwQL0CUiMQDyUAAHBBKAE6C1BIVjl2SjA1Z0ZrQglnb29nbGVhZHNQABgB HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 23:35:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
access-control-allow-origin: *
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 11-Dec-2022 23:50:28 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ae2d98b47ca2262290cf77db3190a73d
cd6f144a3e28d8baa6e05ef972fa1921a005954e
d154592dce4fe2baabc846e39925b06f9cdc6b5c9a1bb1dffd32498f30b43441
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ae2d98b47ca2262290cf77db3190a73d
cd6f144a3e28d8baa6e05ef972fa1921a005954e
d154592dce4fe2baabc846e39925b06f9cdc6b5c9a1bb1dffd32498f30b43441
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 23:35:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr1---sn-capm-vnae.googlevideo.com/videoplayback?expire=1670830528&ei=QGmWY_KiCdnw7ATlvJf4AQ&ip=91.90.42.154&id=3c757dbc9d398059&itag=22&source=youtube&requiressl=yes&mh=0k&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=15.069&lmt=1669333161332813&mt=1670801354&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgfq6pbhXAG3sg6BhQxOui1t_AYDtDa0rDwpAfK2qXd80CIQDDnaF80bD6gdEJKRdVdTW0VUTKSMX9vJFjQ-vPJGzghQ==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgcc_g6j5ABapA0L3-v0F9ZZGWgiND6ux4hqzMbjq-eAYCIHUBw54NyYo9YK__suUpKb_aNih5ZjqrfV4WrIbacVPw&cpn=TWR7F9hwZYlYANH0
206 Partial Content 138 kB URL HTTP/1.1 rr1---sn-capm-vnae.googlevideo.com/videoplayback?expire=1670830528&ei=QGmWY_KiCdnw7ATlvJf4AQ&ip=91.90.42.154&id=3c757dbc9d398059&itag=22&source=youtube&requiressl=yes&mh=0k&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=15.069&lmt=1669333161332813&mt=1670801354&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgfq6pbhXAG3sg6BhQxOui1t_AYDtDa0rDwpAfK2qXd80CIQDDnaF80bD6gdEJKRdVdTW0VUTKSMX9vJFjQ-vPJGzghQ==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgcc_g6j5ABapA0L3-v0F9ZZGWgiND6ux4hqzMbjq-eAYCIHUBw54NyYo9YK__suUpKb_aNih5ZjqrfV4WrIbacVPw&cpn=TWR7F9hwZYlYANH0
IP
ASN #50304 Blix Solutions AS
File type ISO Media, MP4 v2 [ISO 14496-14]\012- data
Size 138 kB (138237 bytes)
Hash 7cadee6dfab392276cd9779932f5f3c3
cc19014ba52456a2058f2837ab976afeb256c5d4
ba3286f23082da253126d950694fce0a63932585b37d5456ac7b95c967a48695
GET /videoplayback?expire=1670830528&ei=QGmWY_KiCdnw7ATlvJf4AQ&ip=91.90.42.154&id=3c757dbc9d398059&itag=22&source=youtube&requiressl=yes&mh=0k&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=15.069&lmt=1669333161332813&mt=1670801354&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgfq6pbhXAG3sg6BhQxOui1t_AYDtDa0rDwpAfK2qXd80CIQDDnaF80bD6gdEJKRdVdTW0VUTKSMX9vJFjQ-vPJGzghQ==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgcc_g6j5ABapA0L3-v0F9ZZGWgiND6ux4hqzMbjq-eAYCIHUBw54NyYo9YK__suUpKb_aNih5ZjqrfV4WrIbacVPw&cpn=TWR7F9hwZYlYANH0 HTTP/1.1
Host: rr1---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Last-Modified: Thu, 24 Nov 2022 23:39:21 GMT
Content-Type: video/mp4
Date: Sun, 11 Dec 2022 23:35:28 GMT
Expires: Sun, 11 Dec 2022 23:35:28 GMT
Cache-Control: private, max-age=28500
Content-Range: bytes 0-1521832/1521833
Accept-Ranges: bytes
Content-Length: 1521833
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
csi.gstatic.com/csi?v=2&s=ima&puid=1~lbk07h44&c=1800240152355&slotId=900120076177.5&qqid=CK3n8Lvd8vsCFRwJewodzmAHMw&gqid=P2mWY7jjONWPiM0PjOaTsAM&fb=ima_html5-lima&sdkv=h.3.549.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44765701&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&met.4=ghmsh_s.lbk07j3y~ghmsh_s.lbk07j43&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=TWR7F9hwZYlYANH0
204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&puid=1~lbk07h44&c=1800240152355&slotId=900120076177.5&qqid=CK3n8Lvd8vsCFRwJewodzmAHMw&gqid=P2mWY7jjONWPiM0PjOaTsAM&fb=ima_html5-lima&sdkv=h.3.549.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44765701&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&met.4=ghmsh_s.lbk07j3y~ghmsh_s.lbk07j43&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=TWR7F9hwZYlYANH0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&puid=1~lbk07h44&c=1800240152355&slotId=900120076177.5&qqid=CK3n8Lvd8vsCFRwJewodzmAHMw&gqid=P2mWY7jjONWPiM0PjOaTsAM&fb=ima_html5-lima&sdkv=h.3.549.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44765701&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&met.4=ghmsh_s.lbk07j3y~ghmsh_s.lbk07j43&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=TWR7F9hwZYlYANH0 HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://imasdk.googleapis.com
Connection: keep-alive
Referer: http://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Sun, 11 Dec 2022 23:35:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1997127706%3A1670801724681306&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4HMB_tM0lZpRuMy93m93wYzybg7PqZna_8-jbDE6rB9IVYbiH4urO64lwjyWCuwDeNRJwqdA
403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1997127706%3A1670801724681306&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4HMB_tM0lZpRuMy93m93wYzybg7PqZna_8-jbDE6rB9IVYbiH4urO64lwjyWCuwDeNRJwqdA
IP
GET /v3/signin/identifier?dsh=S1997127706%3A1670801724681306&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4HMB_tM0lZpRuMy93m93wYzybg7PqZna_8-jbDE6rB9IVYbiH4urO64lwjyWCuwDeNRJwqdA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 11 Dec 2022 23:35:24 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-n3_iHqewPYBNIHyuO-URBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1542748749%3A1670801724699080&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4CuC3BmHp9oegkXNUXysPd4AW6keilY9r95umgD_CFC_C1Mzb8SF2c8D9awx_LV6eJiSRbbg
403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1542748749%3A1670801724699080&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4CuC3BmHp9oegkXNUXysPd4AW6keilY9r95umgD_CFC_C1Mzb8SF2c8D9awx_LV6eJiSRbbg
IP
GET /v3/signin/identifier?dsh=S-1542748749%3A1670801724699080&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4CuC3BmHp9oegkXNUXysPd4AW6keilY9r95umgD_CFC_C1Mzb8SF2c8D9awx_LV6eJiSRbbg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 11 Dec 2022 23:35:24 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-fQ1OIP4NxhEvYJLFjsp2Ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: OsXkq8CK4faYijvu2QMLl1Wjca2HrLFGbcJLfNHfDc92LyUeAlJzGhPdBRahyCmBCCfDho5kJxHztcAQnWGa0Q==
date: Sun, 11 Dec 2022 23:35:24 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 11 Dec 2022 23:35:23 GMT
date: Sun, 11 Dec 2022 23:35:23 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
exee.app/fv.ico
200 OK 0 B IP
GET /fv.ico HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=a9f925b8-3634-4409-9048-65d7df37d93a%3A3%3A1; _ga=GA1.2.109056037.1670801659; _gid=GA1.2.778415230.1670801659; sb_page_f585f65c6c65123b95dd09be324de3bb=1; sb_main_f585f65c6c65123b95dd09be324de3bb=1; __gads=ID=d8d6603cbdddcd33:T=1670801663:S=ALNI_MYzjnHTIQpHVBQpP1TRYRqsmUH5gQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:35:24 GMT
content-type: image/x-icon
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Aug 2019 06:50:33 GMT
cache-control: max-age=31536000
expires: Tue, 17 Oct 2023 15:43:20 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4780324
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y4uZ9u0Rnw2hC14%2FxjBg8KgkDMa%2BHBA2%2FeEROt3h1YeWe0N1ubwobokz9fUXikGxOzI2yx6AcUxBGk3RXrMn5poFGwOQ%2Fk%2BteyECt4iyCfvOX%2BrOSP6do%2Bl3UA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7782095afda30b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/animate.css
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/animate.css
IP
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:35:25 GMT
content-type: text/css
last-modified: Tue, 17 Aug 2021 13:04:04 GMT
etag: W/"611bb3c4-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=scmjxUJAb7en50rKtLwS9IyKR%2BwggUATCMiMe9C8iFNiw3AiadI90ZKexjTB6Z0Cvm%2BAmo9EkA7ceMYIgZ7AttmtojM6SJqut8VZk9UmKWO7UXakFFJsYFjHm9QMvLmzJKZ9073IWoJA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7782095c2a4523ab-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:35:23 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 340
last-modified: Sun, 11 Dec 2022 23:29:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bXhKgxGItnbf2lOF9kD4e0Z0Acy8exR93unX5E33PWeL%2Fwmhy7C%2Bf102rsbc4lmUzhXIHxE7cWXHby98mQFAue2FeW6OrAF1bxWo7h23R1dupa%2BRcgX5UHl2Rg4nQG5B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7782095488b7d180-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FrOPYV&tag=v-exee-app&domain=exee.app
200 OK 0 B URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FrOPYV&tag=v-exee-app&domain=exee.app
IP
GET /allowed_url.php?type=json&url=exee.app%2FrOPYV&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:35:24 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U7Pgy%2F6%2FiEZe%2Bwb40eZ0pickhAyThYfLLSuuckVL1MFZKLcCsz2SHc0Xy0wQ%2FMG9erxjTy4QrKF57qPqacURkmT%2BoCImhrib%2FgL3LFeIT2I%2FRHD7OWN27s2t2VQohip4%2BGMg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 778209572f8d76b7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:35:23 GMT
content-type: text/plain
set-cookie: csu=541998369925250@1@1670801723; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j7MOlnWrQl7ItkoQ1x0la%2BQRhwmE3tbyCiuc3LwyGTmJbdV%2FERljXwiuriVb1dqYwfWvYtqRMNhHRvBbVkY%2FvQ58ZIho%2BeKQz8p0GHWavNkUwwqvwDj4j01iAI5u3nBM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7782095498c3d180-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.vdo.ai/core/v-exee-app/vdo.ai.js
200 OK 0 B URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:35:23 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
vdo-server: Tag2
cache-control: public, max-age=1800
x-varnish: 31365604 27443957
via: 1.1 varnish-v4
x-cache: HIT
cf-cache-status: EXPIRED
last-modified: Sun, 11 Dec 2022 23:34:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Q0EjtvxsyB2bQF63yAoirlUAWEvM0pTbmlUBOoCU11jXtXbvzHg1thNAcQpyt7gaOXiQYdSDDpSMBXJJjuWIbKmXyWLCueLaCnusKdNvzYckNoKms2dO0xjGw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 778209552ab872fc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 0 B IP
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 123
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:35:24 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ux4%2B0zGGxzmp2N6LaKagAZ52oKxixxNL0JDbiRQDKVU%2BHoU9MMUwD8xqf6XzfKIEeLPGVj3JuhYlJvxiYBe20YqIZh2hvFBp05UfleJPk5KdEMXJ%2Be%2BD0q0HemVR91znMoom"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 778209572ecf743f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html
200 OK 0 B URL HTTP/2 cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html
IP
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:35:24 GMT
content-type: text/html
last-modified: Tue, 01 Feb 2022 10:33:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5789
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gbb2ygDEDgdZdpM619FtVpPWy9LkKEOwAMjz8Zo3ts7T30G2JThGQkbF406D7GhIsExqT1GiRkH2KwMPe2SKJGpXvA6jvQhqETMSbSf5Kg6RCT2QuFs0BLjqGGRLkqAO57FCfsU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7782095b5a841c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 11 Dec 2022 23:35:23 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 340
last-modified: Sun, 11 Dec 2022 23:29:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H7JSQBFTuAZfyIOYVz4fnhL3mNFUeGJDnDWCIMAz96Mg9clJispkdFM0WLGyWr7jFnn3nqUOzdNelt1RGM4dpp1sZ1pzyEDG%2F2v15D5ZAkBLsw7FfgdA%2BiPi%2Fb45Zxge"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77820954b8d4d180-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
172.67.151.153
31.13.72.36
18.195.193.92
139.45.195.253
15.235.42.79
104.21.48.127
23.36.77.32
172.255.6.134