exe.io/qC3yIaW
301 Moved Permanently 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /qC3yIaW HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 01 Dec 2022 05:00:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 01 Dec 2022 06:00:53 GMT
Location: https://exe.io/qC3yIaW
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c5NFkKJgKdIdNaxHKORl0uJUmIkajAj3CZEv2qxZa1eixNOtRXscipE280o1NvbhFxRuGcK4PerM5r9n6WXq5gdTALd%2BSm0P7y1yUM5it446bVwwYv8sYA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 772943047a06b524-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3598
Expires: Thu, 01 Dec 2022 06:00:52 GMT
Date: Thu, 01 Dec 2022 05:00:54 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash f3cf023c797da81728c0ac84c8759331
fa07c5e39e4b0741ea484101cccb2202acea9d9c
5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2932
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:54 GMT
Etag: "638730f7-1d7"
Last-Modified: Thu, 01 Dec 2022 04:12:02 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 279 B IP
Hash 64ea2ff0ffb1602b7df144d12aa88eb4
0af83ebb0d7de232e227dcd882393067c590e578
dd89b95c5c6d731e9fce7482f2ddaa33b7e214b7ef76f82bc28bb5a03179e03c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5412
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:54 GMT
Etag: "6387c488-117"
Last-Modified: Thu, 01 Dec 2022 03:30:42 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6546
Expires: Thu, 01 Dec 2022 06:50:00 GMT
Date: Thu, 01 Dec 2022 05:00:54 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 04:18:07 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2567
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: O+hZIi2jgzRlYRzG278iZQY5CXJbXxjHhdrAxvkEbvLQpQjCV+Wkq00eN2G45IlvxOTAtwsej+8=
x-amz-request-id: MB646FYSC9120KME
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 04:46:08 GMT
age: 886
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 05:00:54 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 64ea2ff0ffb1602b7df144d12aa88eb4
0af83ebb0d7de232e227dcd882393067c590e578
dd89b95c5c6d731e9fce7482f2ddaa33b7e214b7ef76f82bc28bb5a03179e03c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5412
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:54 GMT
Etag: "6387c488-117"
Last-Modified: Thu, 01 Dec 2022 03:30:42 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 6ceeaacc057357874e835d7a0a57fbcd
cfd542716217961e5ec11a447be33eceb8821198
6e4d160f5b74a8bd387a17e85b9f7b347e704b66c99d23d68ebfa78e8b852000
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6E4D160F5B74A8BD387A17E85B9F7B347E704B66C99D23D68EBFA78E8B852000"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13640
Expires: Thu, 01 Dec 2022 08:48:14 GMT
Date: Thu, 01 Dec 2022 05:00:54 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 6ceeaacc057357874e835d7a0a57fbcd
cfd542716217961e5ec11a447be33eceb8821198
6e4d160f5b74a8bd387a17e85b9f7b347e704b66c99d23d68ebfa78e8b852000
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6E4D160F5B74A8BD387A17E85B9F7B347E704B66C99D23D68EBFA78E8B852000"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13640
Expires: Thu, 01 Dec 2022 08:48:14 GMT
Date: Thu, 01 Dec 2022 05:00:54 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3519a58310eefa01756f0440e2acd7dd
50153382830684a6abb653dc7b4e41d7c7e386b5
5f321e771fa62d9f794339006752655316cdb6e8d69bc23e1d0e3c8bc526f12e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1941107888656c44ed84e98b515dd264
ea75e4a99ec553cf0539ab866b8174b9d01b91e4
1304be24714e48fb3996f6229bfbf0188ac7ad2292ecb5ebca5600005dffab1d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1304BE24714E48FB3996F6229BFBF0188AC7AD2292ECB5EBCA5600005DFFAB1D"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5291
Expires: Thu, 01 Dec 2022 06:29:05 GMT
Date: Thu, 01 Dec 2022 05:00:54 GMT
Connection: keep-alive
www.googletagmanager.com/gtag/js?id=UA-135952122-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP
File type ASCII text, with very long lines (1921)
Hash 1ef86bb7f6edba5c8965de5615b5f09a
84ef603a4ab81845d7d71a9d067b431702113dea
4188034ac0240474f086fa2e8b08d08db4b5d895ce2517df528ee7e7ca6d9d2f
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Dec 2022 05:00:54 GMT
expires: Thu, 01 Dec 2022 05:00:54 GMT
cache-control: private, max-age=900
last-modified: Thu, 01 Dec 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43581
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
exe.io/qC3yIaW
302 Found 26 B IP
File type gzip compressed data, from Unix\012- data
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /qC3yIaW HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Thu, 01 Dec 2022 05:00:54 GMT
content-type: text/html; charset=UTF-8
location: https://exee.app/qC3yIaW
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=3209902f4b7c9f56f1b1ab63ee73b57d; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2FB9XJHLxpuh2xdxIPPVbwKgyCHA3SOuPSPL9%2FmiAXCHEnKAKPfAmlq382Nvi%2BR6okX4ZwI7lA2LphxLo71pbLBvxbghLbgSgg9jCU3L5NjCNLTIvSywqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772943067ae1b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3519a58310eefa01756f0440e2acd7dd
50153382830684a6abb653dc7b4e41d7c7e386b5
5f321e771fa62d9f794339006752655316cdb6e8d69bc23e1d0e3c8bc526f12e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 4db6adb68d974d4a5343eda081abb131
542d171f9aefecdd8b6b4eb8070f4a063ee90a62
5822f506962c5b9c376cd4da49a074f37740776b4871bb6745c4453c359e27f3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5822F506962C5B9C376CD4DA49A074F37740776B4871BB6745C4453C359E27F3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20288
Expires: Thu, 01 Dec 2022 10:39:02 GMT
Date: Thu, 01 Dec 2022 05:00:54 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4fadc3debd5f5de20f763d29e2b84196
4bdc95e8b50718b858dfe94e28f8071402f53e06
6917aedc9d16cc4dea35ed5fffff8a28bf5e75118f7444f350076773b58e9b4e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6917AEDC9D16CC4DEA35ED5FFFFF8A28BF5E75118F7444F350076773B58E9B4E"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1397
Expires: Thu, 01 Dec 2022 05:24:11 GMT
Date: Thu, 01 Dec 2022 05:00:54 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 04:08:56 GMT
cache-control: public,max-age=3600
age: 3118
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 72ab5ab4e6412a632523b1978a2b57f7
00e035cd3b789b399acf422415cbbb97380cd20a
3f20c462cabbacb6ff10b65faac69b0e9123c00f55e1dc201aca795e0fb911dc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3F20C462CABBACB6FF10B65FAAC69B0E9123C00F55E1DC201ACA795E0FB911DC"
Last-Modified: Wed, 30 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8402
Expires: Thu, 01 Dec 2022 07:20:56 GMT
Date: Thu, 01 Dec 2022 05:00:54 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 279 B IP
Hash c0fe3ea3107148f5b0eb2714d6980799
637361c3605324a34d270bec2f66c575f9a9fd3e
2e0e575bf950a0e4a55cbfb8c17840142f12cfdd8645a97943950ef8e9b40b4a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3126
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:54 GMT
Last-Modified: Thu, 01 Dec 2022 04:08:49 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 8c46da6bfb7c44896d7fd5eb8e8e1f00
6023f44329436f9b6942b31ad02c805c4001b3c3
a14f4d068457340a839d1988a3f11faefe54909aaba87a98633a001e53819d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A14F4D068457340A839D1988A3F11FAEFE54909AABA87A98633A001E53819D49"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19171
Expires: Thu, 01 Dec 2022 10:20:25 GMT
Date: Thu, 01 Dec 2022 05:00:54 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
terialnevitiesini.com/utx?cb=hmWAp1JtFXZ2&top=exee.app&tid=822524
204 No Content 0 B URL HTTP/2 terialnevitiesini.com/utx?cb=hmWAp1JtFXZ2&top=exee.app&tid=822524
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=hmWAp1JtFXZ2&top=exee.app&tid=822524 HTTP/1.1
Host: terialnevitiesini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 05:00:54 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 01 Dec 2022 05:01:54 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LqxvpfwSMRk14y6h2rn-2uJFFB7NJ2Dtg0pd-Va5bo7XuesG4De53A==
X-Firefox-Spdy: h2
terialnevitiesini.com/ZUdEeFYEJScVaQR6Jl4jFyt5XWQjYnY+MlYzfE85Cih0Tm9SN3xWNQkoMRwwFygqDHgLIjBdZCMDJgIPURU+GxsyER0QFSczIiAeChccKQcrIxU2HD0CNxcBN38IHgcJfww+Z1AXEkgaAR83HxQCMyowPCsJBw8lLB4SCxkyAX1OEzQ3HS9lCgAXLjIGDRUINCACM0sBJBYILT8jFgcUEAALdCETNBVwAQAJDSYuLFQiBUkmPx4jLSYkPx5LEwl3Az0SJyIFLhw9CgEqHScGIwgHVSgBOx48DxUpDwEjDC4dJwYjDw4CAgU8ESwCCCobLiN0QQwkL2lJZgESKz0VIREGKzEzciAfMgQABRAjICt0Pw4cDRE6EA4jICAQAQUjFGUndnA/FTIOAiBnJxUKLh8vEBE6PycULzAVLQ4eIC4nCSEfD0MtNxc4FXoBNh0WLAUCPAEEBx9nARY
200 OK 1.2 kB URL HTTP/2 terialnevitiesini.com/ZUdEeFYEJScVaQR6Jl4jFyt5XWQjYnY+MlYzfE85Cih0Tm9SN3xWNQkoMRwwFygqDHgLIjBdZCMDJgIPURU+GxsyER0QFSczIiAeChccKQcrIxU2HD0CNxcBN38IHgcJfww+Z1AXEkgaAR83HxQCMyowPCsJBw8lLB4SCxkyAX1OEzQ3HS9lCgAXLjIGDRUINCACM0sBJBYILT8jFgcUEAALdCETNBVwAQAJDSYuLFQiBUkmPx4jLSYkPx5LEwl3Az0SJyIFLhw9CgEqHScGIwgHVSgBOx48DxUpDwEjDC4dJwYjDw4CAgU8ESwCCCobLiN0QQwkL2lJZgESKz0VIREGKzEzciAfMgQABRAjICt0Pw4cDRE6EA4jICAQAQUjFGUndnA/FTIOAiBnJxUKLh8vEBE6PycULzAVLQ4eIC4nCSEfD0MtNxc4FXoBNh0WLAUCPAEEBx9nARY
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Hash 468cce6765d34778a387e0b317d96c63
5e3658ea841f73758b1c32d581b802f0cdb1a3dc
262805e2ac6bf9b814fcc8e4abdd1bd1cf1fb1f84fcd1d935f683212609dd89e
GET /ZUdEeFYEJScVaQR6Jl4jFyt5XWQjYnY+MlYzfE85Cih0Tm9SN3xWNQkoMRwwFygqDHgLIjBdZCMDJgIPURU+GxsyER0QFSczIiAeChccKQcrIxU2HD0CNxcBN38IHgcJfww+Z1AXEkgaAR83HxQCMyowPCsJBw8lLB4SCxkyAX1OEzQ3HS9lCgAXLjIGDRUINCACM0sBJBYILT8jFgcUEAALdCETNBVwAQAJDSYuLFQiBUkmPx4jLSYkPx5LEwl3Az0SJyIFLhw9CgEqHScGIwgHVSgBOx48DxUpDwEjDC4dJwYjDw4CAgU8ESwCCCobLiN0QQwkL2lJZgESKz0VIREGKzEzciAfMgQABRAjICt0Pw4cDRE6EA4jICAQAQUjFGUndnA/FTIOAiBnJxUKLh8vEBE6PycULzAVLQ4eIC4nCSEfD0MtNxc4FXoBNh0WLAUCPAEEBx9nARY HTTP/1.1
Host: terialnevitiesini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1197
date: Thu, 01 Dec 2022 05:00:54 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UuqFl9xC038qNs1XJYc1apieomERQC1SfM3a1z-HK1H-0BKYe2rLIw==
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 8c46da6bfb7c44896d7fd5eb8e8e1f00
6023f44329436f9b6942b31ad02c805c4001b3c3
a14f4d068457340a839d1988a3f11faefe54909aaba87a98633a001e53819d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A14F4D068457340A839D1988A3F11FAEFE54909AABA87A98633A001E53819D49"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19171
Expires: Thu, 01 Dec 2022 10:20:25 GMT
Date: Thu, 01 Dec 2022 05:00:54 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 4db6adb68d974d4a5343eda081abb131
542d171f9aefecdd8b6b4eb8070f4a063ee90a62
5822f506962c5b9c376cd4da49a074f37740776b4871bb6745c4453c359e27f3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5822F506962C5B9C376CD4DA49A074F37740776B4871BB6745C4453C359E27F3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20288
Expires: Thu, 01 Dec 2022 10:39:02 GMT
Date: Thu, 01 Dec 2022 05:00:54 GMT
Connection: keep-alive
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:56:05 GMT
expires: Tue, 28 Nov 2023 18:56:05 GMT
cache-control: public, max-age=31536000
age: 209089
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
terialnevitiesini.com/utx?cb=8OQ8KnP6ohYV&top=exee.app&tid=889494
204 No Content 0 B URL HTTP/2 terialnevitiesini.com/utx?cb=8OQ8KnP6ohYV&top=exee.app&tid=889494
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=8OQ8KnP6ohYV&top=exee.app&tid=889494 HTTP/1.1
Host: terialnevitiesini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 05:00:54 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 01 Dec 2022 05:01:54 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rR9DRuW1bmBiZQwYlOkbPoo_KO0kX35DI2H6zW5hCgYmrvPfm3tbcA==
X-Firefox-Spdy: h2
terialnevitiesini.com/Um93anYzDRQHSTNSFUwDIANKT0QUSkUsEmEbT10ZPQBHXE9lH09EFT4AAg4QIAAZHlg8CgNPRBQdFT8aAzgZJzkYBUNSIhAEECQxNiMhMjQ5NkcOOhsWOls+AF5HKBwXDDMDBQojM15DNDg5GiAABA0kMTYrJBMjKiE1OCcwFSJaMxQtQw4cITczWSQ5CTYJEhgFAwQxAxwCJCJiOTU+EWUjIT8vGShHWT4QDBA6Mgs8JCIFBQ1GWxIwKD0bISoAEDocZgwwAAZjDjInMgI3IQUnYxdCDBsiOC8NAmMOMicXGytCGSRiB0EvGGstLz4wPw0bMBMRXFo8GQMXT09EFAsgAQ8KJxsGEhchMggxGB4xKxEjIA08IQoYTgMXOSUTDyEUHiYBHmU2Mx0XGhYAWDgDGz4PDggdJlsePDY/HTEHJxBMHCEAGRpLBAQYCRQVGTo+QmFc
200 OK 1.2 kB URL HTTP/2 terialnevitiesini.com/Um93anYzDRQHSTNSFUwDIANKT0QUSkUsEmEbT10ZPQBHXE9lH09EFT4AAg4QIAAZHlg8CgNPRBQdFT8aAzgZJzkYBUNSIhAEECQxNiMhMjQ5NkcOOhsWOls+AF5HKBwXDDMDBQojM15DNDg5GiAABA0kMTYrJBMjKiE1OCcwFSJaMxQtQw4cITczWSQ5CTYJEhgFAwQxAxwCJCJiOTU+EWUjIT8vGShHWT4QDBA6Mgs8JCIFBQ1GWxIwKD0bISoAEDocZgwwAAZjDjInMgI3IQUnYxdCDBsiOC8NAmMOMicXGytCGSRiB0EvGGstLz4wPw0bMBMRXFo8GQMXT09EFAsgAQ8KJxsGEhchMggxGB4xKxEjIA08IQoYTgMXOSUTDyEUHiYBHmU2Mx0XGhYAWDgDGz4PDggdJlsePDY/HTEHJxBMHCEAGRpLBAQYCRQVGTo+QmFc
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3042), with no line terminators
Hash d988b01f3baf0eec8eb7b6636cfe58ba
f84b9c6e2f09bdb5144007c9733a8afec0528dd9
4cad4470000461a7759bb86164065a392ad226f467c3b5f818d436b8d5f1c49e
GET /Um93anYzDRQHSTNSFUwDIANKT0QUSkUsEmEbT10ZPQBHXE9lH09EFT4AAg4QIAAZHlg8CgNPRBQdFT8aAzgZJzkYBUNSIhAEECQxNiMhMjQ5NkcOOhsWOls+AF5HKBwXDDMDBQojM15DNDg5GiAABA0kMTYrJBMjKiE1OCcwFSJaMxQtQw4cITczWSQ5CTYJEhgFAwQxAxwCJCJiOTU+EWUjIT8vGShHWT4QDBA6Mgs8JCIFBQ1GWxIwKD0bISoAEDocZgwwAAZjDjInMgI3IQUnYxdCDBsiOC8NAmMOMicXGytCGSRiB0EvGGstLz4wPw0bMBMRXFo8GQMXT09EFAsgAQ8KJxsGEhchMggxGB4xKxEjIA08IQoYTgMXOSUTDyEUHiYBHmU2Mx0XGhYAWDgDGz4PDggdJlsePDY/HTEHJxBMHCEAGRpLBAQYCRQVGTo+QmFc HTTP/1.1
Host: terialnevitiesini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1190
date: Thu, 01 Dec 2022 05:00:54 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0Ud4x9FMv8lxbU-Wqc_rsgw8n7JhMsSXJC53IKqLpza6UWG3qVihGg==
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:52:41 GMT
expires: Tue, 28 Nov 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 209293
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
terialnevitiesini.com/RFNoZUglMQsIdyVuCkM9Nj9VQHoCdlojLHcnUFInKzxYU3FzI1BLKyg8HQEuNjwGEWYqNhxAegJgDFV5dB0uIB0NOxg2KiMeAyAJKCM5Vn0DEgUnGg4kDAcYMzcfKB0BdlonAhc8Dj8cCScqMXEiGQEoOBE4KRcNdxEtICJ0BCEdBQ43ECwiAiQEAh0XJDkzJTwXCRIOEjEqCiEAP1hcDz0rOicgIBAxVRkWClgBJAViWEB6AhYRLAwWYDojLhYjKQENEmo6NBphYS43eiwbDAsaAjU5KywUYy5QHRUwPDAmfRY8IiwAMi0BeiAWPlwKLxlYNwk8FSoiGh41Pkh4FgpYBjkBBQtTDwM7LwYlChsOIBkBCi0BcBECMg0NFwIvMBwnCiYzDQMVWD9xFQEYDR0QOyInGWI5GwomNG4tECcWNAM0Kh4bIw4/EDc
200 OK 1.2 kB URL HTTP/2 terialnevitiesini.com/RFNoZUglMQsIdyVuCkM9Nj9VQHoCdlojLHcnUFInKzxYU3FzI1BLKyg8HQEuNjwGEWYqNhxAegJgDFV5dB0uIB0NOxg2KiMeAyAJKCM5Vn0DEgUnGg4kDAcYMzcfKB0BdlonAhc8Dj8cCScqMXEiGQEoOBE4KRcNdxEtICJ0BCEdBQ43ECwiAiQEAh0XJDkzJTwXCRIOEjEqCiEAP1hcDz0rOicgIBAxVRkWClgBJAViWEB6AhYRLAwWYDojLhYjKQENEmo6NBphYS43eiwbDAsaAjU5KywUYy5QHRUwPDAmfRY8IiwAMi0BeiAWPlwKLxlYNwk8FSoiGh41Pkh4FgpYBjkBBQtTDwM7LwYlChsOIBkBCi0BcBECMg0NFwIvMBwnCiYzDQMVWD9xFQEYDR0QOyInGWI5GwomNG4tECcWNAM0Kh4bIw4/EDc
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3028), with no line terminators
Hash 95074349bacb2f0691f02c8801331216
e989e3e2bd6ccf869c88b04950bafc073cd83d75
c6feed95c2304098099458690b5f4413c960a2b714dfed68b87370422e9f5349
GET /RFNoZUglMQsIdyVuCkM9Nj9VQHoCdlojLHcnUFInKzxYU3FzI1BLKyg8HQEuNjwGEWYqNhxAegJgDFV5dB0uIB0NOxg2KiMeAyAJKCM5Vn0DEgUnGg4kDAcYMzcfKB0BdlonAhc8Dj8cCScqMXEiGQEoOBE4KRcNdxEtICJ0BCEdBQ43ECwiAiQEAh0XJDkzJTwXCRIOEjEqCiEAP1hcDz0rOicgIBAxVRkWClgBJAViWEB6AhYRLAwWYDojLhYjKQENEmo6NBphYS43eiwbDAsaAjU5KywUYy5QHRUwPDAmfRY8IiwAMi0BeiAWPlwKLxlYNwk8FSoiGh41Pkh4FgpYBjkBBQtTDwM7LwYlChsOIBkBCi0BcBECMg0NFwIvMBwnCiYzDQMVWD9xFQEYDR0QOyInGWI5GwomNG4tECcWNAM0Kh4bIw4/EDc HTTP/1.1
Host: terialnevitiesini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1178
date: Thu, 01 Dec 2022 05:00:54 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4Nu1UUqyjcxYc3X5d9dpVzuKMZtDFKXZln0oTz6CqiOMJgDX-CO2sQ==
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash c0fe3ea3107148f5b0eb2714d6980799
637361c3605324a34d270bec2f66c575f9a9fd3e
2e0e575bf950a0e4a55cbfb8c17840142f12cfdd8645a97943950ef8e9b40b4a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3127
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:55 GMT
Last-Modified: Thu, 01 Dec 2022 04:08:49 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
labortiontrifee.com/alllM2hFZgZAVT0dK3g7LD0TcgZTfFd1MQccIVUwUzcEYiJcPwhqTh4wAQ5QWGtQAVxMKQxXVVt/FkcJHiwWDllMMAtVB1d/Ew5ZRGpRHVtbd1QVHVdoQ0cYCz5YAk4aLRFfVVtvUwpQXWldBltZYFI
204 No Content 0 B URL HTTP/2 labortiontrifee.com/alllM2hFZgZAVT0dK3g7LD0TcgZTfFd1MQccIVUwUzcEYiJcPwhqTh4wAQ5QWGtQAVxMKQxXVVt/FkcJHiwWDllMMAtVB1d/Ew5ZRGpRHVtbd1QVHVdoQ0cYCz5YAk4aLRFfVVtvUwpQXWldBltZYFI
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /alllM2hFZgZAVT0dK3g7LD0TcgZTfFd1MQccIVUwUzcEYiJcPwhqTh4wAQ5QWGtQAVxMKQxXVVt/FkcJHiwWDllMMAtVB1d/Ew5ZRGpRHVtbd1QVHVdoQ0cYCz5YAk4aLRFfVVtvUwpQXWldBltZYFI HTTP/1.1
Host: labortiontrifee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 05:00:55 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mMNEJlF%2FGkBGXJWN9gRN0ODiiNArW5NlnlND4GzkroVvRIqaU%2BDa%2Bsz4x6yRMRKvfFmxeTqnwfovhquzCJ%2BC4Ip4fwbRfh00CWvY4iLDDSZGpQPtmEDTVHB29js4AjkZ4sQQrE0a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7729430b1d14b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 8c46da6bfb7c44896d7fd5eb8e8e1f00
6023f44329436f9b6942b31ad02c805c4001b3c3
a14f4d068457340a839d1988a3f11faefe54909aaba87a98633a001e53819d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A14F4D068457340A839D1988A3F11FAEFE54909AABA87A98633A001E53819D49"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19170
Expires: Thu, 01 Dec 2022 10:20:25 GMT
Date: Thu, 01 Dec 2022 05:00:55 GMT
Connection: keep-alive
labortiontrifee.com/SUtZY3pmdDoQRxscHzcuDi8hNRcLbmslIicFCwJJPRw9JTQgLx8AXD0iPV5CcXJtWk5vOzAHR3htKhcbPT4qXktvIjcFFXRtL15LZ3htTUl4ZWhFD3R6fxcKKCxkUlw5Py0PR3h9b1pCfnthVkl9eGs
204 No Content 0 B URL HTTP/2 labortiontrifee.com/SUtZY3pmdDoQRxscHzcuDi8hNRcLbmslIicFCwJJPRw9JTQgLx8AXD0iPV5CcXJtWk5vOzAHR3htKhcbPT4qXktvIjcFFXRtL15LZ3htTUl4ZWhFD3R6fxcKKCxkUlw5Py0PR3h9b1pCfnthVkl9eGs
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /SUtZY3pmdDoQRxscHzcuDi8hNRcLbmslIicFCwJJPRw9JTQgLx8AXD0iPV5CcXJtWk5vOzAHR3htKhcbPT4qXktvIjcFFXRtL15LZ3htTUl4ZWhFD3R6fxcKKCxkUlw5Py0PR3h9b1pCfnthVkl9eGs HTTP/1.1
Host: labortiontrifee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 05:00:55 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mI8XIwA%2F1%2B7naaust1dYJi80A2ZhkKqx%2B3Oi3DAa1%2B6ybScf7VYkzl0bRCrpEoJrpescfpXj94Rx0l%2Boxx0tyyjIsQHDJN9OH5NzJ5oRKFUbHGzo8nR15vQ%2FQ50ngfuRiINOtQrm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7729430b3d1eb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash cfdd00e67ee6ca21712b867eb5288ab6
b61d5d6ec3b7ad71619e13e32c87f2d01871b88a
f740cac6dfedc1bf0f82efb10dac4f6ffb22f9bb5d4a9b68a4cd971dd2f65793
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2934
Cache-Control: max-age=104090
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:55 GMT
Etag: "63871d2b-1d7"
Expires: Fri, 02 Dec 2022 09:55:45 GMT
Last-Modified: Wed, 30 Nov 2022 09:06:51 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37159), with no line terminators
Hash 2adeb24ee6e8e1fcb95cd9f4693c994c
0aa1a553666fba0d3d9363d2ed1080d4b3b4dbf1
d65cf805c926f95a7dbaa83874524485834bfa09ba6972bf1649e3906bf5ab2f
Analyzer Verdict Alert quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 01 Dec 2022 05:00:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1529d8d9ac556bf7971c523d333f6210
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 72ab5ab4e6412a632523b1978a2b57f7
00e035cd3b789b399acf422415cbbb97380cd20a
3f20c462cabbacb6ff10b65faac69b0e9123c00f55e1dc201aca795e0fb911dc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3F20C462CABBACB6FF10B65FAAC69B0E9123C00F55E1DC201ACA795E0FB911DC"
Last-Modified: Wed, 30 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8401
Expires: Thu, 01 Dec 2022 07:20:56 GMT
Date: Thu, 01 Dec 2022 05:00:55 GMT
Connection: keep-alive
labortiontrifee.com/akRoMzlFewtABD8vMmVrLiwAV24gdyxkSU92LmlXMwkyXW8eIDl2Hx4tDA4BXndaBQhMNAFXBFt8TkBNCzAdQARbYgFdXwV5TkUEW2pYHQtEdk5GBFtiHENYDXlZFUkeMAQOCFxyUQsOWnxdAA1ecw
204 No Content 0 B URL HTTP/2 labortiontrifee.com/akRoMzlFewtABD8vMmVrLiwAV24gdyxkSU92LmlXMwkyXW8eIDl2Hx4tDA4BXndaBQhMNAFXBFt8TkBNCzAdQARbYgFdXwV5TkUEW2pYHQtEdk5GBFtiHENYDXlZFUkeMAQOCFxyUQsOWnxdAA1ecw
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /akRoMzlFewtABD8vMmVrLiwAV24gdyxkSU92LmlXMwkyXW8eIDl2Hx4tDA4BXndaBQhMNAFXBFt8TkBNCzAdQARbYgFdXwV5TkUEW2pYHQtEdk5GBFtiHENYDXlZFUkeMAQOCFxyUQsOWnxdAA1ecw HTTP/1.1
Host: labortiontrifee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 05:00:55 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BZ1FXzNV1jleg30TI0pVwlbl97ZOLpiLOM4lEBBudq82zD5QHTVOHnEaNVttIxO72xEgB4Fq0hLRab3QCUr8W2upaMbET%2F5TrrWTDHoLxtzoWHSVylenfW7qKsQ%2BT6kQ2lZ3fXhh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7729430b4d2db50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 375 B IP
File type ASCII text, with no line terminators
Hash 5a34129b115e8b1a2f8307c9ff82c211
e7589bfc25e54cf1b5440ba3b4ae9b6ec830acde
113b3805d84c7c347a1e24e2eea2d41d1342764130690a02f50b9be7231beeb1
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:55 GMT
content-type: text/plain
set-cookie: csu=835555871407123@1@1669870855; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JATVpdk4jKReQVTyxVfX8pCX%2BpQMyiFQZ8E21W%2B313c5c9UJoWzzJQxtQq3f4sox5tggaH76RCq5BYaJ%2B0yWHER%2BlV3AlLC3jv%2BQ8vLDdV6HTaJMu6zR3FNEaXLqjvcp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7729430b88a471ec-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/DbzY4RzcMWVYhCBtfXHoPXQQNdQNJXEsoWR8LfQl8HF15PV0LdXsgBgtnHjNNCwsIYVsOWF96EQpYW3oGSVdcJQpbEEw3WAQLUiFQClFeL0YEQR4yVlJbVz1eA1pZYgUpAxZ3El0GEDBeAVJXMERKBAgpQ0oECHYHQQYddHVKBAgwXgEADGIELRMKd09ZAh-10dUoECDVBSgV5dgdaGAhuEl0GXyJUBFkddXFdBgl3B14GCWIFX1BRNVIJWUBiBSkHCHIZXxBNegY
200 OK 513 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/DbzY4RzcMWVYhCBtfXHoPXQQNdQNJXEsoWR8LfQl8HF15PV0LdXsgBgtnHjNNCwsIYVsOWF96EQpYW3oGSVdcJQpbEEw3WAQLUiFQClFeL0YEQR4yVlJbVz1eA1pZYgUpAxZ3El0GEDBeAVJXMERKBAgpQ0oECHYHQQYddHVKBAgwXgEADGIELRMKd09ZAh-10dUoECDVBSgV5dgdaGAhuEl0GXyJUBFkddXFdBgl3B14GCWIFX1BRNVIJWUBiBSkHCHIZXxBNegY
IP
File type ASCII text, with very long lines (719), with no line terminators
Hash d9077bd6dbaa638443a5e0fa68761028
01fc870c263bca211cc881085b76cefb7092eab6
394480d5f61e24216c099f22cede2e469d7a3a79f9db8b35590eb9b4104aaf52
GET /DbzY4RzcMWVYhCBtfXHoPXQQNdQNJXEsoWR8LfQl8HF15PV0LdXsgBgtnHjNNCwsIYVsOWF96EQpYW3oGSVdcJQpbEEw3WAQLUiFQClFeL0YEQR4yVlJbVz1eA1pZYgUpAxZ3El0GEDBeAVJXMERKBAgpQ0oECHYHQQYddHVKBAgwXgEADGIELRMKd09ZAh-10dUoECDVBSgV5dgdaGAhuEl0GXyJUBFkddXFdBgl3B14GCWIFX1BRNVIJWUBiBSkHCHIZXxBNegY HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://terialnevitiesini.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 513
date: Thu, 01 Dec 2022 05:00:55 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: L-1yoXS6R8xWy56os-J1TIdHufNDEA1w3zJvJ9f4GvHTnNw2Go38bQ==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/3d010NFEUIhpSbgMkEAlpQ35GAmBRJwdbPwdwMUE+JSofZTMtBT9fJiMpUkArE3BEEj0WIxMJdxIjFwlgUSwQVmxDawFVbBoiDl09GyxRBhdCY0QRY0dlA10/EyIDR3RFfRpAdEV9RQR/R2hHdnRFfQNdP0F5UQcTUn9ETGdDaEd2dEV9BkJ0RAxFBGRZfV-0RY0cqEVc6GGhGcmNHfEQEYEd8UQZhESQGUTcYNVEGF0Z9QRphUThJBQ
200 OK 199 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/3d010NFEUIhpSbgMkEAlpQ35GAmBRJwdbPwdwMUE+JSofZTMtBT9fJiMpUkArE3BEEj0WIxMJdxIjFwlgUSwQVmxDawFVbBoiDl09GyxRBhdCY0QRY0dlA10/EyIDR3RFfRpAdEV9RQR/R2hHdnRFfQNdP0F5UQcTUn9ETGdDaEd2dEV9BkJ0RAxFBGRZfV-0RY0cqEVc6GGhGcmNHfEQEYEd8UQZhESQGUTcYNVEGF0Z9QRphUThJBQ
IP
File type ASCII text, with no line terminators
Hash 785ac228761e3944d0d57249ddf91c6b
a78907052001e829c1dd193879168e3386496cea
80b83f7f2a1254bf38f9fffe7471004e41cc770dc717f782bf7028c71ca5449b
GET /3d010NFEUIhpSbgMkEAlpQ35GAmBRJwdbPwdwMUE+JSofZTMtBT9fJiMpUkArE3BEEj0WIxMJdxIjFwlgUSwQVmxDawFVbBoiDl09GyxRBhdCY0QRY0dlA10/EyIDR3RFfRpAdEV9RQR/R2hHdnRFfQNdP0F5UQcTUn9ETGdDaEd2dEV9BkJ0RAxFBGRZfV-0RY0cqEVc6GGhGcmNHfEQEYEd8UQZhESQGUTcYNVEGF0Z9QRphUThJBQ HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://terialnevitiesini.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 199
date: Thu, 01 Dec 2022 05:00:55 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SyCVkrlBlYpLzNykDIMOIQUnDxo-GA58a6StahRMSmCrk5lp5DNysQ==
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 103 kB IP
Size 103 kB (103035 bytes)
Hash 7a5acc3bddeb797d06fe8614fae55007
bc057424fb9f642bb18545eaf2ac554dfeb6bb11
9282cdfddb1a256057255f13371f8c0fa58c0da21838bfe5c50af6f173023c68
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:54 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1901
last-modified: Thu, 01 Dec 2022 04:29:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=64Nt6eseZgXbwcoYmkOjImrdvZ3F6wytVG%2BNvRuw7dxPJOL8cTuExLmAaSWIX3e0VfQ%2F244K7NC8Y8kVWtoRGd4i9q%2FTlLE3vu9VefamDMCujjtpfrbPIVezQQDFgVX%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7729430b688771ec-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 1d7846e2a7294173c85271c0da130678
102a56df28bfb864653439cf703e0d8ca45f23cf
2774004fdfb065b1b02763317038c875bbadcf79fb05b6979c220c1a129ed04c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:00:55 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 04:52:36 GMT
Expires: Mon, 05 Dec 2022 04:52:35 GMT
Etag: "102a56df28bfb864653439cf703e0d8ca45f23cf"
Cache-Control: max-age=344499,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7729430cca0db503-OSL
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 904
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 01 Dec 2022 05:00:55 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 819f953b0edd066d30cf5847c5564d3c
12f3ea06c2a617db03caa556e37c1cb106d44f93
9794d926ccf993a8cd760c76077cf94f5b270633aff450e45934a5c8fd52d62d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 01 Dec 2022 05:00:55 GMT
Last-Modified: Thu, 01 Dec 2022 04:14:30 GMT
Server: ECS (nyb/1D12)
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ib69XFm5ZeMNhqJ8dT_wCBeqON3kgC5x8HHnXKU_K2poS_JsIZuv9A==
Age: 2785
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash b1cab3b87c3acc18922dbdd0df37dccb
80de41cf0be43496e3d7e43daa75eb109e02f81a
b99b6d8daa989d8d43dd82f3ad018f51765b6e224d7f8f1ae94ba29260854d26
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:55 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=545e5e4a-4d41-442f-8493-4009648690ee:3:1; expires=Sun, 28 Nov 2032 05:00:55 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 0e3715eedd8e6500e3c5b107da5cacbc
8967db89fffacb6f8ab57c2fa408634f02fa2440
3fb9445ec8391ec7596b82a48a1379784480abdd9362cb887c59ffb1606d4ab9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3FB9445EC8391EC7596B82A48A1379784480ABDD9362CB887C59FFB1606D4AB9"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4919
Expires: Thu, 01 Dec 2022 06:22:54 GMT
Date: Thu, 01 Dec 2022 05:00:55 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gvbgQ+er/VCcIqjpzDPx+w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uWN3koXPAWtiblxsdZYAxb/2/PE=
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 635eba2ec841f80118a858a94bb84ff5
591895548f1f166a16c790740656cb194d0f7760
d2e62fd34b70872cb8f68cd1fdae7f1476019968f63accab24e4d822933c07ff
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12060
Expires: Thu, 01 Dec 2022 08:21:55 GMT
Date: Thu, 01 Dec 2022 05:00:55 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP
Hash 251904d0903800bd026c2b1732471880
cd2ae13d17d3f32ca6be7736b8d9ea42684c80e3
11f64bd34ab701f3ee310027a6a667e8220f8c5276d61b8f61d0d5dec43c22d2
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 05:00:54 GMT
date: Thu, 01 Dec 2022 05:00:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 01 Dec 2022 04:41:08 GMT
expires: Thu, 01 Dec 2022 06:41:08 GMT
cache-control: public, max-age=7200
age: 1187
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 4432410517c3bfe647c21ff3759d9edf
48412b84d329f63a66928a41dc80a712f3ce435f
4fbe6cc6b92672eec639058715e590f819c225fdc5e8e0f1a49ab482bf1f2cb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 4432410517c3bfe647c21ff3759d9edf
48412b84d329f63a66928a41dc80a712f3ce435f
4fbe6cc6b92672eec639058715e590f819c225fdc5e8e0f1a49ab482bf1f2cb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 56a5b31e3ffec6a6893a6ad85a7e4da7
d727ee02c53ced462b68460bc0ef5c4fcd85590e
b89e3be9fc76db7fc5bd6ae8bd1ec26f82463e54e5cc46f17b23db3f415ddeaf
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 01 Dec 2022 05:00:55 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-285054324%3A1669870855599488&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvVObXl519HKNN-jycrHJY4_yiFDLWRZVRb7MaiFG-xMFvztRzLI-2Xz3ZdZmNIovmeBZr5Sw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-xU_QX5r0flxrl-2bMrl4Mw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:yzyH8pcXRnfk_efd_VsSfUn8L9Sbjw:90-f2_O571CqTe22;Path=/;Expires=Sat, 30-Nov-2024 05:00:55 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash 6c151d4b6064a01e6c9da563134af488
6d3ae8c19b0b1b10d4184b282411705c82724a49
2069428bfa051be6fb5cd0d74a5b82f6edd439692629aadada59fc1645172392
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 01 Dec 2022 05:00:55 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-33052764%3A1669870855615620&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtI4MhZ2frZmSnZzWp1YJc6iLGlVoDvc82BWRZETByaHvrkX7PN405xo4p9FcYoBeCteNZGtA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-ZzUZzr3UGv3CeBDc-BcS8A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:8AcQefCiyS_MhIk4-x0ZJl5_HP9HjQ:oUB3J40GWKU7dP8G;Path=/;Expires=Sat, 30-Nov-2024 05:00:55 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.vdo.ai/core/v-exee-app/vdo.ai.js
200 OK 33 kB URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP
File type ASCII text, with very long lines (8481)
Hash ed2be1d7b51c709c613818d346d02c5c
7adf5f9a873f29d3515289ebfd1bcec7c34461d1
eeebee35f7868a0dc05944f3e8299c67bc14f5923ea2e079085160fe6646b28b
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:54 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
vdo-server: Tag2
cache-control: public, max-age=1800
x-varnish: 7232674 5523714
age: 1619
via: 1.1 varnish-v4
x-cache: HIT
cf-cache-status: HIT
last-modified: Thu, 01 Dec 2022 04:33:55 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BWs5m4gaJRNpxFk6U7C5TZm7cBHAZcOZACf8UtCvmVO9%2FmYve%2B%2Bv%2FMCBBc2YRI5OgKyKFb8WT32okXi2Qg1Iy6woaOjvGKPNILlYGQpX9Fa3HA%2FQESC6kYQbLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7729430b384e06fd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 533f66ef53706466ce20dc9aebf11812
0c0d713d538eb224deeb9241917a117205f16cb2
8ce7b68022c847b59b9a132ada3a75eea73bb57bae4683901c8df08fa255ba79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 2.0 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
Hash 8dcc5af26a9e47a0ddb1e8d4e435a6fa
070039c30c966c379cdcf1d88f22862277d382f8
587c4f08cd59bbf70af19ccb6caa7d5e7ca3250a80491f8d84f2351e05edf16e
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: m6wWRyXoKr6QXRQ5bbk3EMasy6LdsAXj+PRTeLS9pJuUuHTAVH+pHAWCyG6te2IvlsNS179WWSMt7ueMcigmOQ==
date: Thu, 01 Dec 2022 05:00:55 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 4.1 kB IP
Hash 2e8f567cc27c5d2c3a0d48886be23432
f97f006cad1b02dec7d3582db886cf0e205f8481
2ca25a842fab202c5c6a826ce85033c75dc5375c4dac1f2b7548f89c3e583dba
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 126
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:55 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gspz3bFNGm4XD8iS%2BlM8JaxQeWGeEhwhEtXwRaKA8sMerxV9nGsAnyXrFPSwVh9%2FhCJ3I5GDvBvafdxRlA1ozHmJhfftrGifDLy0FfcqZjgHhP2N3%2FdanaVsMS93LTYPzGKs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7729430c2d9ef40f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 38bb14620de55e1982559251c0ebeac9
2a0778a21ec60d9f3cfdf4d5772123a4149729d1
ada2027e8be54e2bb79d0a88473871db54ba9f329a0034cac5413d80d80af1a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADA2027E8BE54E2BB79D0A88473871DB54BA9F329A0034CAC5413D80D80AF1A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7817
Expires: Thu, 01 Dec 2022 07:11:12 GMT
Date: Thu, 01 Dec 2022 05:00:55 GMT
Connection: keep-alive
wastedinvaluable.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq3fz%2FQp6UdmLgjLIHlTMTPdM92TaPazGdWVxTcLuSq5WdVVPalPd1VR1T08CSnAh5DjixWPnmfzAdRH3rqxMvEhA2FGQQTb%2FgBdB2IMnmWQg%2BB76fd%2F%2BvIf3ed7a3i1OiIuCTlY%2B0ptSKdoI6m7t9VWZcl3a2tKdmufW3Su1VZm2%2FSu1%2FvRjem97blB336h9IKJ13Wi6nut6rle7Lo2Idb9xSiGzB6FXD92636x7gY%2B%2B%2BW9vCweWOuC9E%2FIiJB%2F%2Fb%2B3nh5DRCGny3TVh13OdvfV%2BUiiaa4MeP%2Fw4XU91mSI5L2PjIE4PZ9PQdkzIVxeg08OZAuje3lQBmBwT53cPLD2crQnW2z%2FblCmIFIw%2Fh7I3glAjSDpCpO9B8scEiDiWlpEmB0valHTjjNIpHZO5p39DlmMy9%2BQS0uTbRSX7tdtaFbnUqUU%2FriD7I8juCFlxhHzTgSyPEOWfQ%2FJfSOPpTaTJ3rJVGpJPLgd%2BIALh03mf%2B9687zfj%2BY4ftuZ91w3bfqcdukKcWiTlCDIeQYkBqL2IwjoopIMidlBkDhI%2BqdEgjF13IWZxq9XxoyhqtaIo6LR5wFt%2BJ3ZRRFMNA%2BTZAJEaIDJbyMwW1uUApvgRdq2C5Q5sTtDjFUpBUFqCkhKUkqDMCcpetc%2BVbdrqgCtbMG%2BWm7PcqoY67%2B7SfZ13RUp2sxPywtQ45%2Fn7l7AuJrU46ARxO4jaUTvwmi0WBpy7IROtps9FizFYWUHaC6DWwaYck4uf%2FolMjsmFxQYYPYJVR4jka6DFK6DlcKHpgq4N%2FY6LzfRA9EVdanBdIcvnkG84u%2BqEvHR6uvA3AxEdv%2FPml%2Fn3dz%2F7B5GpkJkKd%2BVPBF21M7ylS7J3S5eWPFzOcpnITTo96%2B2c5mLu%2Fodio9SG37hmB1%2B%2FG03BtHxwR9j8Jk25TLuWfLMoORfmujaRID%2FcsKuCrRR2bbEwaZHdXHnv%2Bo0kM8JaqdMRqHz8ySNEckyeTbZPH%2Byrf2xDmhFMUSEpjsksIPURomwLNju%2BOvn%2F5SeNlytYTWDU%2BQzLHJRFNTRNdv5TSQIlznvKKlhxbgETx4%2F%2BOmO7dgdd44Dm95AmFXqmQk9VoGoAW1wc5pk5vvpr6zTAlDNkyjh7TBn1xZm1Vk5qIojdWLhNweKQxQvU5WHsh4yGnlhgAfWQ23G0EzzzLwAAAP%2F%2FAQAA%2F%2F8bV%2F8qiAQAAA%3D%3D
200 OK 7 B URL HTTP/1.1 wastedinvaluable.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq3fz%2FQp6UdmLgjLIHlTMTPdM92TaPazGdWVxTcLuSq5WdVVPalPd1VR1T08CSnAh5DjixWPnmfzAdRH3rqxMvEhA2FGQQTb%2FgBdB2IMnmWQg%2BB76fd%2F%2BvIf3ed7a3i1OiIuCTlY%2B0ptSKdoI6m7t9VWZcl3a2tKdmufW3Su1VZm2%2FSu1%2FvRjem97blB336h9IKJ13Wi6nut6rle7Lo2Idb9xSiGzB6FXD92636x7gY%2B%2B%2BW9vCweWOuC9E%2FIiJB%2F%2Fb%2B3nh5DRCGny3TVh13OdvfV%2BUiiaa4MeP%2Fw4XU91mSI5L2PjIE4PZ9PQdkzIVxeg08OZAuje3lQBmBwT53cPLD2crQnW2z%2FblCmIFIw%2Fh7I3glAjSDpCpO9B8scEiDiWlpEmB0valHTjjNIpHZO5p39DlmMy9%2BQS0uTbRSX7tdtaFbnUqUU%2FriD7I8juCFlxhHzTgSyPEOWfQ%2FJfSOPpTaTJ3rJVGpJPLgd%2BIALh03mf%2B9687zfj%2BY4ftuZ91w3bfqcdukKcWiTlCDIeQYkBqL2IwjoopIMidlBkDhI%2BqdEgjF13IWZxq9XxoyhqtaIo6LR5wFt%2BJ3ZRRFMNA%2BTZAJEaIDJbyMwW1uUApvgRdq2C5Q5sTtDjFUpBUFqCkhKUkqDMCcpetc%2BVbdrqgCtbMG%2BWm7PcqoY67%2B7SfZ13RUp2sxPywtQ45%2Fn7l7AuJrU46ARxO4jaUTvwmi0WBpy7IROtps9FizFYWUHaC6DWwaYck4uf%2FolMjsmFxQYYPYJVR4jka6DFK6DlcKHpgq4N%2FY6LzfRA9EVdanBdIcvnkG84u%2BqEvHR6uvA3AxEdv%2FPml%2Fn3dz%2F7B5GpkJkKd%2BVPBF21M7ylS7J3S5eWPFzOcpnITTo96%2B2c5mLu%2Fodio9SG37hmB1%2B%2FG03BtHxwR9j8Jk25TLuWfLMoORfmujaRID%2FcsKuCrRR2bbEwaZHdXHnv%2Bo0kM8JaqdMRqHz8ySNEckyeTbZPH%2Byrf2xDmhFMUSEpjsksIPURomwLNju%2BOvn%2F5SeNlytYTWDU%2BQzLHJRFNTRNdv5TSQIlznvKKlhxbgETx4%2F%2BOmO7dgdd44Dm95AmFXqmQk9VoGoAW1wc5pk5vvpr6zTAlDNkyjh7TBn1xZm1Vk5qIojdWLhNweKQxQvU5WHsh4yGnlhgAfWQ23G0EzzzLwAAAP%2F%2FAQAA%2F%2F8bV%2F8qiAQAAA%3D%3D
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq3fz%2FQp6UdmLgjLIHlTMTPdM92TaPazGdWVxTcLuSq5WdVVPalPd1VR1T08CSnAh5DjixWPnmfzAdRH3rqxMvEhA2FGQQTb%2FgBdB2IMnmWQg%2BB76fd%2F%2BvIf3ed7a3i1OiIuCTlY%2B0ptSKdoI6m7t9VWZcl3a2tKdmufW3Su1VZm2%2FSu1%2FvRjem97blB336h9IKJ13Wi6nut6rle7Lo2Idb9xSiGzB6FXD92636x7gY%2B%2B%2BW9vCweWOuC9E%2FIiJB%2F%2Fb%2B3nh5DRCGny3TVh13OdvfV%2BUiiaa4MeP%2Fw4XU91mSI5L2PjIE4PZ9PQdkzIVxeg08OZAuje3lQBmBwT53cPLD2crQnW2z%2FblCmIFIw%2Fh7I3glAjSDpCpO9B8scEiDiWlpEmB0valHTjjNIpHZO5p39DlmMy9%2BQS0uTbRSX7tdtaFbnUqUU%2FriD7I8juCFlxhHzTgSyPEOWfQ%2FJfSOPpTaTJ3rJVGpJPLgd%2BIALh03mf%2B9687zfj%2BY4ftuZ91w3bfqcdukKcWiTlCDIeQYkBqL2IwjoopIMidlBkDhI%2BqdEgjF13IWZxq9XxoyhqtaIo6LR5wFt%2BJ3ZRRFMNA%2BTZAJEaIDJbyMwW1uUApvgRdq2C5Q5sTtDjFUpBUFqCkhKUkqDMCcpetc%2BVbdrqgCtbMG%2BWm7PcqoY67%2B7SfZ13RUp2sxPywtQ45%2Fn7l7AuJrU46ARxO4jaUTvwmi0WBpy7IROtps9FizFYWUHaC6DWwaYck4uf%2FolMjsmFxQYYPYJVR4jka6DFK6DlcKHpgq4N%2FY6LzfRA9EVdanBdIcvnkG84u%2BqEvHR6uvA3AxEdv%2FPml%2Fn3dz%2F7B5GpkJkKd%2BVPBF21M7ylS7J3S5eWPFzOcpnITTo96%2B2c5mLu%2Fodio9SG37hmB1%2B%2FG03BtHxwR9j8Jk25TLuWfLMoORfmujaRID%2FcsKuCrRR2bbEwaZHdXHnv%2Bo0kM8JaqdMRqHz8ySNEckyeTbZPH%2Byrf2xDmhFMUSEpjsksIPURomwLNju%2BOvn%2F5SeNlytYTWDU%2BQzLHJRFNTRNdv5TSQIlznvKKlhxbgETx4%2F%2BOmO7dgdd44Dm95AmFXqmQk9VoGoAW1wc5pk5vvpr6zTAlDNkyjh7TBn1xZm1Vk5qIojdWLhNweKQxQvU5WHsh4yGnlhgAfWQ23G0EzzzLwAAAP%2F%2FAQAA%2F%2F8bV%2F8qiAQAAA%3D%3D HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=545e5e4a-4d41-442f-8493-4009648690ee:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 01 Dec 2022 05:00:55 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ba8e26787188b5c1e5772d758f70f649
Strict-Transport-Security: max-age=0; includeSubdomains
exee.app/qC3yIaW
200 OK 212 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61746)
Size 212 kB (211684 bytes)
Hash 6f1cc4750a63026ffea65e7669f7f993
680e37a4eec8523d9d9376c6ec3fd9cb2a0ae68e
ef16c1ff10be58fdb92c7be312c04db1285c45a047dae4072dd93ae56f0ea601
GET /qC3yIaW HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:54 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=c3b3dddba615371e2f652db9228792ab; path=/; HttpOnly
csrfToken=62ad63120d2895fb8e74d8689bcfd7207d8183fb7c5b02d3f82c487d9e2fb45dcbceb6daa5daecdff1ad9ed1eb7193e18c528df0bb3a41c76cd0504e3a9127c2; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vh0GW7HhiTgabnmhYyYptWqYudAHrsOzJAV397vqYWTrIxn6Ro276rrghUt%2Bp1rkTdaIQlfBIF10eADdJz1w1iqnLyCXocGFZvvHGnMG%2FVquD5GnBvXmemHqcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294307bb5c1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 9023f7c58094afb6679b8203371347f2
e4e0913494d8ef22785d0ac1ea37a6ccd07e7814
d8b439484d97223421026fbf662741696bb6e573273bfd2cff066b1c1e08e871
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D8B439484D97223421026FBF662741696BB6E573273BFD2CFF066B1C1E08E871"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=552
Expires: Thu, 01 Dec 2022 05:10:08 GMT
Date: Thu, 01 Dec 2022 05:00:56 GMT
Connection: keep-alive
cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
200 OK 447 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 69dac4ff153c6f3d4ac2052f464fe121
69206b5461f92b875778a9d155472a3114b8bb07
c4b34692c0069e15cd48c41da9a66236e058e3f50bec4ca4298e377999ac8a8f
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/games/nutaku/multi/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:55 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 15 Sep 2022 10:38:26 GMT
etag: W/"632300a2-514"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 01 Dec 2022 06:00:55 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
200 OK 5.2 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
IP
Hash 03627fe56d556906c802865108784878
f34557c716ad05f69a0e03136f87940f666b0011
cf160397735606c52c8a8d58d2a00d044bc8cb5d533d67242a250487da49fada
GET /sb/notifications/games/nutaku/multi/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:56 GMT
content-type: text/css
last-modified: Thu, 15 Sep 2022 10:38:28 GMT
etag: W/"632300a4-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 827922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qhH84vYj1kHre0PP822pA70tNhzDSJeJiqF2yzxSo9fMY975AFSbql5y66lslcMxVzj7K0%2FxtDVGWyfKz8YE3SSxoqQUYRarhq8cbMOzvP4xWxB8s9U9V1rkfOasOSiJsmuEOvSMZH1p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294312aa37719c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
200 OK 322 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
IP
File type PNG image data, 729 x 331, 8-bit/color RGBA, non-interlaced\012- data
Size 322 kB (322399 bytes)
Hash 47b7ae41a98644de6d46d58a0e51a793
b0f736609af3c0b3214ee52cc9f0798dcc972df6
b2ad5bf8fc066203168fbceb53b7df6012e8897be344b240e94105af1b4ba0f2
GET /sb/notifications/games/nutaku/multi/2/img/girls.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:56 GMT
content-type: image/png
content-length: 322399
last-modified: Wed, 07 Sep 2022 14:37:32 GMT
etag: "6318acac-4eb5f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1350435
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fdd0V8wf6iA4I6trh9FeCtcEx5TT4KOn5g1beTdWGFhOtpZiN17AuwlC1kelifJRHUY8Jq9NZ0fLNmKGPQ2D82RNM1w3PQ9VCUnUS8T8D%2Fz3%2BApyhBrUOdnjm%2B%2F4IuPPA%2F4UGC8A8VXu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294312da6a719c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
specialistinsensitive.com/pixel/purst?dl=0&th=0&sc=0&rs=1912&rd=1912&fd=586&bv=22.10.v.10&tmpl=136
200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/purst?dl=0&th=0&sc=0&rs=1912&rd=1912&fd=586&bv=22.10.v.10&tmpl=136
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1912&rd=1912&fd=586&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 05:00:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
200 OK 32 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
IP
File type ASCII text, with very long lines (65451)
Hash c1fcfdd480feeb47a41cfc787b7346e4
e5fd5e809695ffc4c9ba9ac6fbc5a8bd79483e11
fb47644686a2ccbd35fd6316eabfff765993e80a872c3a16da6268c0cc36a879
GET /sb/notifications/games/nutaku/multi/2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:56 GMT
content-type: application/javascript
last-modified: Thu, 18 Aug 2022 08:55:27 GMT
etag: W/"62fdfe7f-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1350435
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HelAmoytgs8nWlKbKFBIxuBK9GxN4SVbe4oDVylL4koF1wiyA7tVUEcH5hnvDVLpYZ0MkBWKrUTgjmGrN9JGze%2BBnaGhipiTvEe1%2B3z5n%2BeTtY9FAa2YIbWR5bX2I39VOz0GTQQpT809"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294312ea6b719c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=34
200 OK 0 B URL HTTP/1.1 wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=34
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=34 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=545e5e4a-4d41-442f-8493-4009648690ee:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 01 Dec 2022 05:00:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=367
200 OK 0 B URL HTTP/1.1 wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=367
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=367 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=545e5e4a-4d41-442f-8493-4009648690ee:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 01 Dec 2022 05:00:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3728
Expires: Thu, 01 Dec 2022 06:03:04 GMT
Date: Thu, 01 Dec 2022 05:00:56 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3728
Expires: Thu, 01 Dec 2022 06:03:04 GMT
Date: Thu, 01 Dec 2022 05:00:56 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3728
Expires: Thu, 01 Dec 2022 06:03:04 GMT
Date: Thu, 01 Dec 2022 05:00:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1df312f-7c86-4a62-be1e-1a72c9b2d228.jpeg
200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1df312f-7c86-4a62-be1e-1a72c9b2d228.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 72735620afafb0d8d91b6d83cf292298
9de2fd7c375e92fd60444dc677cf09428393eff3
9dd40d4adf9e3dacb962cc6e1bd00d38473125567eb2b57eef643be972dfe69f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1df312f-7c86-4a62-be1e-1a72c9b2d228.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8660
x-amzn-requestid: 9474178d-c342-498a-996d-1ef3b804f1a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cWh0hEx_oAMFjmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6385b01c-33e27513010fdec8627942be;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 07:09:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4R5jPnETZnbrWCUXoWvq3FTs_NOJMQWCaHbK321P4qqRgv05JtR1kA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 07:18:56 GMT
age: 78120
etag: "9de2fd7c375e92fd60444dc677cf09428393eff3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg
200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b8802d5080eb35e4052ef31cf7658650
1e78566f2e69268c5f753fb49112ab07aae3eccf
9c96906ee1dea353198c9069fa7e42b100e4fa766e5be8e4d8db036033961086
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4409
x-amzn-requestid: cb422842-e955-4749-8b2a-3c028a09c20f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz7XEE2IAMFY3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd15-3c4d1a6d4d542e81179ea8ba;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: zYLCQ4DUQtMklG-T-ATot22PDIUMjnN1wpVkoHBh4Oa3TAyNzTv86g==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:49:45 GMT
age: 25871
etag: "1e78566f2e69268c5f753fb49112ab07aae3eccf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: 52b09ca3-705b-4c86-9f56-172637553f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7TVG58oAMFQTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c15-4577a47243ad190672f8ac89;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Y0-NAp2LMMG5TjQQ9ENHwDyKXLObKTYqzPPOWvZhs7Y9WJIC6LoblQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 08:50:17 GMT
age: 72639
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02cf22ee-ded9-4b9d-b5d8-ee6690ac9f45.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02cf22ee-ded9-4b9d-b5d8-ee6690ac9f45.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f07f254d44ff2fb86ee22cee39ef3eb0
0660a548a491d4a58ca2246f094f0553437c3f61
859b2416d638b1dc91ff563800517124b38d45b4c5db99e21539c1700829dbe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02cf22ee-ded9-4b9d-b5d8-ee6690ac9f45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10985
x-amzn-requestid: ef9e5eb9-b7b3-41e9-9837-a5979ab35d94
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cV91OFzsoAMFcew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63857687-53b152c0027d26e52383e27e;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 03:03:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: F_ZBWwAOPbEjvMD1ChrgN9QYUyyFYdtRT6CcX6gviowmeinPRgVtnA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 04:19:21 GMT
age: 2495
etag: "0660a548a491d4a58ca2246f094f0553437c3f61"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 291127b670135b42b6e9687aa2a13237
99b5ef2d6a4d1a1251a06d9d9f989b01d089a8d1
49b082a738bcd15a0bb4e9f96a180797ffcfa368977ac1927df882a0343664d3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10437
x-amzn-requestid: 2a8183c4-47ec-42bb-8e67-3e742dc3750c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb0YpEeooAMFfvg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cdd0-2014fd4d49dcd4087bf1db4d;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:40:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Q9y5-OF59ODaZRd9YFFdM2rIH0bYYyIT40rCwr8cBwBQd0GOqtNobg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:08:51 GMT
age: 24725
etag: "99b5ef2d6a4d1a1251a06d9d9f989b01d089a8d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bbca075-74f3-4647-8b00-66430fff5397.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bbca075-74f3-4647-8b00-66430fff5397.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70afa08b7d0b64772b90ae190689e6c1
527cf32104041423176fadd3cfc2120fe63f6bfc
31ebf9decb53b8180922c4b10d0427aba95a802246a5ced8ec368d814a33b843
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bbca075-74f3-4647-8b00-66430fff5397.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9993
x-amzn-requestid: 7d7febbc-2bdf-44e9-9727-9c56b5bcb138
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1VNFZiIAMFV-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cf54-1f89231026a9b5c467324134;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:47:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Zc0QAEb9prX_ZBUYuD-407TwT2ATljy_OTmUNq31I9udG16Dx3JWtw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:00:48 GMT
age: 25208
etag: "527cf32104041423176fadd3cfc2120fe63f6bfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
wastedinvaluable.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq3fz%2FQp6UdmLgjLIHlTMTPd092TGPazGdWVxTcLuSq5WV1VPalPd1VR1T08CSnAh5DjixWPnmfzAdRH3rqxMvEhA2FGQQTb%2FgBdB2IMnmWQg%2BB76fd%2F%2BvIf3ed7a3i1OiIuCTlY%2B0ptSKdoI627t9VWZcl3a2tKdmufW3Su1VZm2giu1%2FvRjem97blh336h9INi6bjRdz3U916tdl0bEut84pZDZg45X77j1oFn3wgB989%2FeFg4sdcB7J%2BRFSD7%2B39rPDyHZCGny3TVh13OdvfV%2BUiiaa4MeP%2Fw4XU91mSI5L2PjIE4PZ9PQdkzIVxeg08OZAuje3lQBIjkmzu8eovRwtiai3v7ZppGCSBHx51D2RhBqBElHYPoeJH9MAMaxtIw0OVjSpqQbZ5RO6ZjMPf0bshyTuSeXkCbfLirZr93WqsilTi36cQXZH0F2R8iKI%2BSbDmR5BJZ%2FDsl%2FIY2nN5Eme8tWaUg%2BuRwGoQhFQOcDHnjzQdCM59tBx58PXLfTCtqtjivEqUVSjiDjEZQYgNqLKKyDQjooYgdF5iDhkxoNO7HrLsRR7PvtgDHm%2B4yF7RYPuR%2B0YxcFm2oYIM8GYGoAZraQmS2sywFM8SPsWgXLHdicoMcrlIKgtAQlJSglQZkTlL1qnyvbtNUBV7aIvFluzrJfDXXe3aX7Ou%2BKlOxmJ%2BSFqXHO8%2FcvYV1ManHYDuNWyFqsFXpNP%2BqEnLudSPjNgAs%2FimBlBWkvgFoHm3JMLn76JzI5JhcWG4joEaw6ApOvgRavgJbDhaYLujYM2i420wPRF3WpwXWFLJ9DvuHsqhPy0unpOr8ZCHb8zptf5t%2Ff%2FewfMFMhMxXuyp8IumpneEuXZO%2BWLi15uJzlMpGbdHrW2znNxdz9D8VGqQ2%2Fcc0Ovn6XTcG0fHBH2PwmTblMu5Z8syg5F%2Ba6NkyQH27YVRGtFHZtsTBpkd1cee%2F6jSQzwlqp0xGofPzJIzA5Js8m26cP9tU%2FtiHNCKaokBTHZBaQ%2Bggs24LNjq9O%2Fn%2F5SePlClYTGHU%2BE2UOyqIammZ0%2FlNJAiXOexpVsOLcgkgcP%2FrrjO3aHXSNA5rfQ5pU6JkKPVWBqgFscXGYZ%2Bb46q%2F%2BaSBSzjBSxtmLlFFfnFlr5aQWeoFoR%2B0FxnkkGPcWmn7bd90m58FCR3gd5HbMdsJn%2FgUAAP%2F%2FAQAA%2F%2F8PX3HMiAQAAA%3D%3D
200 OK 7 B URL HTTP/1.1 wastedinvaluable.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq3fz%2FQp6UdmLgjLIHlTMTPd092TGPazGdWVxTcLuSq5WV1VPalPd1VR1T08CSnAh5DjixWPnmfzAdRH3rqxMvEhA2FGQQTb%2FgBdB2IMnmWQg%2BB76fd%2F%2BvIf3ed7a3i1OiIuCTlY%2B0ptSKdoI627t9VWZcl3a2tKdmufW3Su1VZm2giu1%2FvRjem97blh336h9INi6bjRdz3U916tdl0bEut84pZDZg45X77j1oFn3wgB989%2FeFg4sdcB7J%2BRFSD7%2B39rPDyHZCGny3TVh13OdvfV%2BUiiaa4MeP%2Fw4XU91mSI5L2PjIE4PZ9PQdkzIVxeg08OZAuje3lQBIjkmzu8eovRwtiai3v7ZppGCSBHx51D2RhBqBElHYPoeJH9MAMaxtIw0OVjSpqQbZ5RO6ZjMPf0bshyTuSeXkCbfLirZr93WqsilTi36cQXZH0F2R8iKI%2BSbDmR5BJZ%2FDsl%2FIY2nN5Eme8tWaUg%2BuRwGoQhFQOcDHnjzQdCM59tBx58PXLfTCtqtjivEqUVSjiDjEZQYgNqLKKyDQjooYgdF5iDhkxoNO7HrLsRR7PvtgDHm%2B4yF7RYPuR%2B0YxcFm2oYIM8GYGoAZraQmS2sywFM8SPsWgXLHdicoMcrlIKgtAQlJSglQZkTlL1qnyvbtNUBV7aIvFluzrJfDXXe3aX7Ou%2BKlOxmJ%2BSFqXHO8%2FcvYV1ManHYDuNWyFqsFXpNP%2BqEnLudSPjNgAs%2FimBlBWkvgFoHm3JMLn76JzI5JhcWG4joEaw6ApOvgRavgJbDhaYLujYM2i420wPRF3WpwXWFLJ9DvuHsqhPy0unpOr8ZCHb8zptf5t%2Ff%2FewfMFMhMxXuyp8IumpneEuXZO%2BWLi15uJzlMpGbdHrW2znNxdz9D8VGqQ2%2Fcc0Ovn6XTcG0fHBH2PwmTblMu5Z8syg5F%2Ba6NkyQH27YVRGtFHZtsTBpkd1cee%2F6jSQzwlqp0xGofPzJIzA5Js8m26cP9tU%2FtiHNCKaokBTHZBaQ%2Bggs24LNjq9O%2Fn%2F5SePlClYTGHU%2BE2UOyqIammZ0%2FlNJAiXOexpVsOLcgkgcP%2FrrjO3aHXSNA5rfQ5pU6JkKPVWBqgFscXGYZ%2Bb46q%2F%2BaSBSzjBSxtmLlFFfnFlr5aQWeoFoR%2B0FxnkkGPcWmn7bd90m58FCR3gd5HbMdsJn%2FgUAAP%2F%2FAQAA%2F%2F8PX3HMiAQAAA%3D%3D
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq3fz%2FQp6UdmLgjLIHlTMTPd092TGPazGdWVxTcLuSq5WV1VPalPd1VR1T08CSnAh5DjixWPnmfzAdRH3rqxMvEhA2FGQQTb%2FgBdB2IMnmWQg%2BB76fd%2F%2BvIf3ed7a3i1OiIuCTlY%2B0ptSKdoI627t9VWZcl3a2tKdmufW3Su1VZm2giu1%2FvRjem97blh336h9INi6bjRdz3U916tdl0bEut84pZDZg45X77j1oFn3wgB989%2FeFg4sdcB7J%2BRFSD7%2B39rPDyHZCGny3TVh13OdvfV%2BUiiaa4MeP%2Fw4XU91mSI5L2PjIE4PZ9PQdkzIVxeg08OZAuje3lQBIjkmzu8eovRwtiai3v7ZppGCSBHx51D2RhBqBElHYPoeJH9MAMaxtIw0OVjSpqQbZ5RO6ZjMPf0bshyTuSeXkCbfLirZr93WqsilTi36cQXZH0F2R8iKI%2BSbDmR5BJZ%2FDsl%2FIY2nN5Eme8tWaUg%2BuRwGoQhFQOcDHnjzQdCM59tBx58PXLfTCtqtjivEqUVSjiDjEZQYgNqLKKyDQjooYgdF5iDhkxoNO7HrLsRR7PvtgDHm%2B4yF7RYPuR%2B0YxcFm2oYIM8GYGoAZraQmS2sywFM8SPsWgXLHdicoMcrlIKgtAQlJSglQZkTlL1qnyvbtNUBV7aIvFluzrJfDXXe3aX7Ou%2BKlOxmJ%2BSFqXHO8%2FcvYV1ManHYDuNWyFqsFXpNP%2BqEnLudSPjNgAs%2FimBlBWkvgFoHm3JMLn76JzI5JhcWG4joEaw6ApOvgRavgJbDhaYLujYM2i420wPRF3WpwXWFLJ9DvuHsqhPy0unpOr8ZCHb8zptf5t%2Ff%2FewfMFMhMxXuyp8IumpneEuXZO%2BWLi15uJzlMpGbdHrW2znNxdz9D8VGqQ2%2Fcc0Ovn6XTcG0fHBH2PwmTblMu5Z8syg5F%2Ba6NkyQH27YVRGtFHZtsTBpkd1cee%2F6jSQzwlqp0xGofPzJIzA5Js8m26cP9tU%2FtiHNCKaokBTHZBaQ%2Bggs24LNjq9O%2Fn%2F5SePlClYTGHU%2BE2UOyqIammZ0%2FlNJAiXOexpVsOLcgkgcP%2FrrjO3aHXSNA5rfQ5pU6JkKPVWBqgFscXGYZ%2Bb46q%2F%2BaSBSzjBSxtmLlFFfnFlr5aQWeoFoR%2B0FxnkkGPcWmn7bd90m58FCR3gd5HbMdsJn%2FgUAAP%2F%2FAQAA%2F%2F8PX3HMiAQAAA%3D%3D HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=545e5e4a-4d41-442f-8493-4009648690ee:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 01 Dec 2022 05:00:56 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5fc8f1a0cb4efe146905da2457ae7f6e
Strict-Transport-Security: max-age=0; includeSubdomains
wastedinvaluable.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 wastedinvaluable.com/pixel/sbs?c=1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=545e5e4a-4d41-442f-8493-4009648690ee:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 01 Dec 2022 05:00:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
imasdk.googleapis.com/js/sdkloader/ima3.js
200 OK 127 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/ima3.js
IP
File type ASCII text, with very long lines (2791)
Size 127 kB (126620 bytes)
Hash f641dae66d812e803cbfc91d689e2ea8
96372a7ba661528d13bc774536d04ab3e03b82d6
e78b718ac77697fbb92e88ac394141adc4e016830eb04d53279238cbcd65435b
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 126620
date: Thu, 01 Dec 2022 05:00:58 GMT
expires: Thu, 01 Dec 2022 05:00:58 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 533f66ef53706466ce20dc9aebf11812
0c0d713d538eb224deeb9241917a117205f16cb2
8ce7b68022c847b59b9a132ada3a75eea73bb57bae4683901c8df08fa255ba79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 04:04:29 GMT
expires: Thu, 01 Dec 2022 05:04:29 GMT
cache-control: public, max-age=3600
age: 3390
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 473 B IP
Hash 3cd461ee4fbfc391ca00db40fbfcffa1
2cd7ae4ff809b1dde211bd55592af86bc4e664f6
30b1747f1acc7bc6cb09caa5647b9706644db187e161581aad3cb915ccee062d
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 188
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:59 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u0HZyvKeG%2FDBJfuCBiI%2FerMTrMIoBkRh2igd8ivJOt2wfE6cAFIgDHOIkg0KfLu22iIy9Oowuu%2FOg%2BANOLaYQugyvIRq1psUbW0IRPkz8dAJQuNygcrAgwbv2sRSKrhK2Zi7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772943268ea5f40f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash 021d5c60ebd8309c2d8e6bebb77487b1
698578f16536e885c17d95f3f9adbe22c68a825f
0d5472f3d5438142cafd2ed580f29a28143255d8f81679fd08a64bf5f813f595
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 01 Dec 2022 05:00:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 01 Dec 2022 03:54:16 GMT
Expires: Fri, 02 Dec 2022 03:54:16 GMT
ETag: "698578f16536e885c17d95f3f9adbe22c68a825f"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash 021d5c60ebd8309c2d8e6bebb77487b1
698578f16536e885c17d95f3f9adbe22c68a825f
0d5472f3d5438142cafd2ed580f29a28143255d8f81679fd08a64bf5f813f595
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 01 Dec 2022 05:00:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 01 Dec 2022 03:54:16 GMT
Expires: Fri, 02 Dec 2022 03:54:16 GMT
ETag: "698578f16536e885c17d95f3f9adbe22c68a825f"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
204 No Content 133 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP
Size 133 kB (132640 bytes)
Hash 942066a5da221379fc67bb015c5bdffb
e6a0b11cb690418c5c4d97cfefb7750718e66ffa
df240164844259a242f140229751e9bb7ce2e1634e3f94058700ca28b93e20b6
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 05:00:59 GMT
Connection: keep-alive
Expires: Fri, 01 Dec 2023 05:00:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 920992c4818e7d17517e3dfef67a22c1
407b7e56fbb4faacca123af367b6cfdf0b7b2d99
527197c1e55e0b319d64e59070906d60084827233a6d7498cf63145ab665c424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/instream/video/client.js
200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Thu, 01 Dec 2022 05:00:59 GMT
expires: Thu, 01 Dec 2022 05:00:59 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
200 OK 7.6 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP
Hash 328c6e3376b5f6a768ef9e2e60edc0c7
f8d239b58fe8c4674b2a74d17b0eeb7adbda5128
5326fa8f8372b7cd25ad24264f49a19cc9807b39113af68b63a30188b02778db
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 05:00:59 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d37-bf80"
Expires: Fri, 01 Dec 2023 05:00:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 920992c4818e7d17517e3dfef67a22c1
407b7e56fbb4faacca123af367b6cfdf0b7b2d99
527197c1e55e0b319d64e59070906d60084827233a6d7498cf63145ab665c424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:00:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
200 OK 58 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
IP
File type PNG image data, 320 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash cf8ffcaf217375cf9bb01c612300b25a
5d033771d013ab4364a83c6302b473c6f64ff722
2b14b918bb31b4672d92b0287ed00c91c74e5d315759da2deb6028b0b4e9f909
GET /media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 05:00:59 GMT
Content-Type: image/png
Content-Length: 57775
Last-Modified: Fri, 01 Apr 2022 10:50:46 GMT
Connection: keep-alive
ETag: "6246d906-e1af"
Expires: Fri, 01 Dec 2023 05:00:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 05:00:59 GMT
Connection: keep-alive
Expires: Fri, 01 Dec 2023 05:00:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dd71cb59bfd5e31191d61da63fec244a
998886e4743fc393838dbee7a6632d392e268e73
54672c525e2462ddbb2e84b80945daede2e13469b8817d636dc12d5bb0b3bc47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54672C525E2462DDBB2E84B80945DAEDE2E13469B8817D636DC12D5BB0B3BC47"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=808
Expires: Thu, 01 Dec 2022 05:14:28 GMT
Date: Thu, 01 Dec 2022 05:01:00 GMT
Connection: keep-alive
adservice.google.com/adsid/integrator.js?domain=exee.app
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 01 Dec 2022 05:01:00 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=545e5e4a-4d41-442f-8493-4009648690ee&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=545e5e4a-4d41-442f-8493-4009648690ee&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=545e5e4a-4d41-442f-8493-4009648690ee&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 01 Dec 2022 05:01:00 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 06b88a5194f6527670e064a8428e9ae8
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=545e5e4a-4d41-442f-8493-4009648690ee&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=545e5e4a-4d41-442f-8493-4009648690ee&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=545e5e4a-4d41-442f-8493-4009648690ee&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 01 Dec 2022 05:01:00 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2fbde40acd1b33b98302b845098e8018
Strict-Transport-Security: max-age=0; includeSubdomains
analytics.vdo.ai/logger
200 OK 454 kB IP
Size 454 kB (453833 bytes)
Hash 8d458d21a5d93f91db8154eaaa9431f8
ea5df583ef37e2d5ae7bc2041c0445771d5e528d
0d46d1758343baa7d5b6dea1d672ddcaa4eeb724942a0a312a0ec24d21a38a77
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 181
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:59 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QlCfxt0dM4SIx2mBd%2BhNnC2rULOZFrWzvZ9uc%2B9fPvZzPf9fEviRUNx7Z4wK3kOcduvdTrEicHaMVvUDkxVIfVlWmk3dGJo6PfE1slHmP32NqBDCvTXYqRCMNevyoHI7G27c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772943268ea9f40f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-BWNDgHutRT7ATElnXfwnTRGGZjNdrrqIxNwnbwLavhUUShA8v3li_46Som_4bZ-3XKRil4naI1LPSSlmn3kN5EFPkEOg&cry=1&dbm_d=AKAmf-DhCMgKeJ6mQ71yRef42RbI2IBt_fQZ7A7xhtpuDV4QkAtu5xkybhUme9Nssctv9WSVIf29_YCXD6MgUoaCRXb9A6IHN989wW5C44Dai5YqnyDYQP2OoVROl0VjoQpIGGGyBLvwZl5W_0tSTGTJ0EqnaoM-vc60Ri3FpoVlBKJ1IGgPjTI2nvyCRY9IUbS5kEiWPUUIPvz1ydFpYmjNJnGoEk7AjZWCIgfzrRR5EArlMLCLkn_RrJQ1NaOf-bEFo_D5TVrO7Iw4yls-rCDXS8RTd8Ev9UqDTJ8rg_YrOgJE8GiZb2i22KwsEww5TMVoM4hPFUdoRzeOwqfi4qqxHAlDdEOUtNTI7zyAFPtLXU-9OhaH35TlBkGQbs_kHISLWdBkH0rrqIwOiiOQKuo7sDSUbzauga4TEaV8wb8uDcfwOhUDMnHknUu51tXhmHluY4Qo3AY8EcowJ0hs2dLxB1-5tGR50pGobDzQ9bvLwIPHIJYbdMXR76HufpM4STd3RBlvRpVeH87lbUhRdwUQL_84s8DETZAA7tXi4B6_R9BgfCq4zicqPzdxz2tnLX33Y73jROdCmWB8P-fMjMihyCqdjE8MdTzPUmQnkp6c2B2Taht0CrewS9qsvWLafCEhMWGGbbzDWFZHUcmxjbalvgwtWzbLZRR-NTbOrN59SjslU9yhF_UfCdQA-bkIY0wfy1eyELGcVcMj5LVKlxDQ11teBvqZRizHQVR8XDBM13qcP_C1iMpAlWridYSJllIOzP1AVnlJ0UIysiNjzo0-EvfbPxXL7tT-SCseWdHcFyabFBym7Ks4Sob6BVCMzAz9LctKzxtQXmVmo6GmadQvEzJ6BKFMSWAHzMRzq2EHY_4HiGjyli2rs9eRq1iSCrqszT9Kt50DdD_YPkkUNTmYC2xnWS3TOmFbCyHwWp4fPu-DGCAbj0hmPowYr-ofOlJw2OsU7GkxooOrGdfVetOGQNZm9AtKgpJeZw8pjFYX952YpxPLc9RYMvQr9X5KPRnyzi84pvozGg2CiAJaqFRPRvx0ZzaR88-FGDcVrTed5Oxh_gpzmFI9zlhlBNilDgFsR3sMIJPE97QKwiPdWcGzIy84dELABJl9mppRcDIJp_94vW7yLp8dQUu2hLo9-gQ968KpoTV8Z4k07nEscGiOSavQhbh8t55nLjL0JElXwi9XD2tMacenFDYTYsLKTEit-OAwjLSgqJSlunIBW6t-z_GgcPFjd0rCmROcZKCn3Bi2SAKV92JXw-_mAFBVz7cTOdumkPHFIWVgIPmGXzrKC2hhLJBX6Xoq0zWmHbMbKzXjflwbVqdGzVJGtpljj-Iv5ehfrBo3pdouhaKCt5rBaHwxkJtNP_0elD5gb2SvjFt62soFmkfjZD5yt_zl9ug3aFyX3BRxh41EjU6WzGt8GIvl3ZRtNmK-7VF-AwHH5sjruWCtGoSfURykiiPoklyUPqX67RG_ACFa8yoXrQxCFYZp3hTGstUxGVBRPxnj8l_mUKoU0kt79LJ6G4_CwkK4CBcf64_WCi7KvFFYhaprXZIA8_cQ5QtMQjG42C29nRvo8QA3Z00MIoBCHxP2f-hv3nr8m6C4oZ2l14HuNOzsCOAiIgCpd1-bSz40o7-TG05XDbmcKavhNj3X_knZRFC-Haih7zqfSdzp_AnQ0MZdXLPaeVRXwqmBoLUVWkrUDbNyNtai5SQn38kKpTeq6VGqRqIdMKoQPyAbDp3Yo08W6I9UNZrXyBHP3ankyefpp9gE5bOT5s1arYljE3-hHgB2Vgss_zSTyPOq1ohbsAVJuuBXzSth3NtNJzFUeZil2w3VfzIi7bWeU7vGXpcB04_pRQ__7aYBBjk14w9VGaDtajivVuMpXhWxGZKNEbH69Q6Rd4uZGNO4lJ516IXDi7QRlkPb1DTk82vyI63b6nh4lLHEDqVf61_TGbgGlEP5f1CaSGDovmLQ-4Ef59M5h0KjupSyodAym_ARcRkMh1IuzTLQKbQZcgazg-VqGZM0EohfqdnnUPpzLDnJ6PzwQ6U-VuXHm_zhip5lVpf85kSDjqOvcdpnjbTioRgRmW7qoyPlI3kYHku8nJmhYrEN5bQINcnMZ1Gj9X1XJRndWm07YcgqSmCjPr0zTxmBEKhYXigQD8h2qocCA2Q7G3QBSdzakjmyz1PQVxhwhf5dkQ8iBQWbzI59c6k1TveW3Fq9RBeTNiqVwux5w5VzF3Q0IkaYTkxgmqpuKM9GGCEoSA4HKJQQRKViLwUVCEvfbtJe7ojZUgzkjD5-ITYF2r25VvuLGMrbsvYzevm2-GDm_2HHUWdrDLMTTug44qC5GC0UCRN1zoILYn4WPLtDP6j0mLy1T2_aB5KWac_QD3N3OzPIEUAmExpKyqqp2kVIe4wQR_lQB2QyVQdrXXZ7l_m5iRMFcdX23quu45HUpprCFpF6drk8Upk4NxxFzhLn7ryGWYVa2If4MK6y9QyNZc-JLnYM_BOly6vsEeYGUxz04bktjczVdZNTGIDVLE_VOTaE9mJaKXLKx0eut-FI_z79Zh2UVJNHjY2xmqgjKfwxAD0cm1cUHq0Y76ZdxyIr3Vta5E_nvEUxP6vH6fbwUfqIPwdP5fD9ooXIVTqBOCJ2_EW9q3uJFwHQONsDwEbdZt6IrUZ6HIyP8WGZpyOleMsVhzbzPxk1ope-ishr1dFX-JU1NQR9K4HOxtsif8oTiShHPZdamdjAADxdLAfyPJ4CAWmdrYxymjtU_iyEwngqbWL-wdcJTXYtJ3sOuVLViTmAwsKnFcoqISVSgxTveuudgKD3Yuz_4u7tpxwZjVonNnP0gpq7PLEC_doS3IzRlKlrG--OB0kk9Zv_FHBEqn5vRg_NvYaX-mIUDKQSMP5k6rraWNdVpWNBtXHRCWTK8tvmvT2tGE00PDIAEt1M9bItY8R9qRJEz7UVTGmoBIY3oHkVJ5aX3FlJADPcWxYA9e1OD0hnFVghliE_8rIuzAAMaEN0DOSObqfrQzivB7tIgstfYxva273ghr3CcfhXOkSWe7ZzbOCcbjmrslb1yYSAip0QCInt7sMaEw54dcTai78adtk7rIkRxmxsFEbxOetIDxlI52OGdb3vYV5z28VT5CQs6HKJY1Dd6CDlJEr2MF_xHIOzXRSYeKOcI6R_byz7eHUQoz3EQlWL8fTbGTiXPnOdqgOZY5SioNRBQDE3JSmGNJRTkSPuHUQOmJO7jUxSPI-pNmKBVxgq7Klr-dcYlsXWG3J1VhU7ih0HPBciwtIUB18E7g-Gh8UztA2aEW4arFdlFa47xys&cid=CAQSPgDq26N90YWf9SR8PJRde8OXnLvxIAExKKtdv_dPPT-kEFXH861WH7T4uVUHwBNOBXaA28eGzWtI0UeVZ62KGAEgEw&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F18d1d6f5-6bb7-4c3e-b1bf-a788801cedd7&sid=64A5B6FC-1671-45DA-A5C6-9CE42AEB2A26&nel=0&eid=44748969%2C44765701&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=https%3A%2F%2Fexee.app%2FqC3yIaW&dlt=1669870853135&idt=4905&dt=1669870860400&ged=ve4_td7_tt2_pd7_la7000_er0.0.0.0_vi0.0.939.1280_vp0_ts0_eb16491
200 OK 16 kB URL HTTP/2 bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-BWNDgHutRT7ATElnXfwnTRGGZjNdrrqIxNwnbwLavhUUShA8v3li_46Som_4bZ-3XKRil4naI1LPSSlmn3kN5EFPkEOg&cry=1&dbm_d=AKAmf-DhCMgKeJ6mQ71yRef42RbI2IBt_fQZ7A7xhtpuDV4QkAtu5xkybhUme9Nssctv9WSVIf29_YCXD6MgUoaCRXb9A6IHN989wW5C44Dai5YqnyDYQP2OoVROl0VjoQpIGGGyBLvwZl5W_0tSTGTJ0EqnaoM-vc60Ri3FpoVlBKJ1IGgPjTI2nvyCRY9IUbS5kEiWPUUIPvz1ydFpYmjNJnGoEk7AjZWCIgfzrRR5EArlMLCLkn_RrJQ1NaOf-bEFo_D5TVrO7Iw4yls-rCDXS8RTd8Ev9UqDTJ8rg_YrOgJE8GiZb2i22KwsEww5TMVoM4hPFUdoRzeOwqfi4qqxHAlDdEOUtNTI7zyAFPtLXU-9OhaH35TlBkGQbs_kHISLWdBkH0rrqIwOiiOQKuo7sDSUbzauga4TEaV8wb8uDcfwOhUDMnHknUu51tXhmHluY4Qo3AY8EcowJ0hs2dLxB1-5tGR50pGobDzQ9bvLwIPHIJYbdMXR76HufpM4STd3RBlvRpVeH87lbUhRdwUQL_84s8DETZAA7tXi4B6_R9BgfCq4zicqPzdxz2tnLX33Y73jROdCmWB8P-fMjMihyCqdjE8MdTzPUmQnkp6c2B2Taht0CrewS9qsvWLafCEhMWGGbbzDWFZHUcmxjbalvgwtWzbLZRR-NTbOrN59SjslU9yhF_UfCdQA-bkIY0wfy1eyELGcVcMj5LVKlxDQ11teBvqZRizHQVR8XDBM13qcP_C1iMpAlWridYSJllIOzP1AVnlJ0UIysiNjzo0-EvfbPxXL7tT-SCseWdHcFyabFBym7Ks4Sob6BVCMzAz9LctKzxtQXmVmo6GmadQvEzJ6BKFMSWAHzMRzq2EHY_4HiGjyli2rs9eRq1iSCrqszT9Kt50DdD_YPkkUNTmYC2xnWS3TOmFbCyHwWp4fPu-DGCAbj0hmPowYr-ofOlJw2OsU7GkxooOrGdfVetOGQNZm9AtKgpJeZw8pjFYX952YpxPLc9RYMvQr9X5KPRnyzi84pvozGg2CiAJaqFRPRvx0ZzaR88-FGDcVrTed5Oxh_gpzmFI9zlhlBNilDgFsR3sMIJPE97QKwiPdWcGzIy84dELABJl9mppRcDIJp_94vW7yLp8dQUu2hLo9-gQ968KpoTV8Z4k07nEscGiOSavQhbh8t55nLjL0JElXwi9XD2tMacenFDYTYsLKTEit-OAwjLSgqJSlunIBW6t-z_GgcPFjd0rCmROcZKCn3Bi2SAKV92JXw-_mAFBVz7cTOdumkPHFIWVgIPmGXzrKC2hhLJBX6Xoq0zWmHbMbKzXjflwbVqdGzVJGtpljj-Iv5ehfrBo3pdouhaKCt5rBaHwxkJtNP_0elD5gb2SvjFt62soFmkfjZD5yt_zl9ug3aFyX3BRxh41EjU6WzGt8GIvl3ZRtNmK-7VF-AwHH5sjruWCtGoSfURykiiPoklyUPqX67RG_ACFa8yoXrQxCFYZp3hTGstUxGVBRPxnj8l_mUKoU0kt79LJ6G4_CwkK4CBcf64_WCi7KvFFYhaprXZIA8_cQ5QtMQjG42C29nRvo8QA3Z00MIoBCHxP2f-hv3nr8m6C4oZ2l14HuNOzsCOAiIgCpd1-bSz40o7-TG05XDbmcKavhNj3X_knZRFC-Haih7zqfSdzp_AnQ0MZdXLPaeVRXwqmBoLUVWkrUDbNyNtai5SQn38kKpTeq6VGqRqIdMKoQPyAbDp3Yo08W6I9UNZrXyBHP3ankyefpp9gE5bOT5s1arYljE3-hHgB2Vgss_zSTyPOq1ohbsAVJuuBXzSth3NtNJzFUeZil2w3VfzIi7bWeU7vGXpcB04_pRQ__7aYBBjk14w9VGaDtajivVuMpXhWxGZKNEbH69Q6Rd4uZGNO4lJ516IXDi7QRlkPb1DTk82vyI63b6nh4lLHEDqVf61_TGbgGlEP5f1CaSGDovmLQ-4Ef59M5h0KjupSyodAym_ARcRkMh1IuzTLQKbQZcgazg-VqGZM0EohfqdnnUPpzLDnJ6PzwQ6U-VuXHm_zhip5lVpf85kSDjqOvcdpnjbTioRgRmW7qoyPlI3kYHku8nJmhYrEN5bQINcnMZ1Gj9X1XJRndWm07YcgqSmCjPr0zTxmBEKhYXigQD8h2qocCA2Q7G3QBSdzakjmyz1PQVxhwhf5dkQ8iBQWbzI59c6k1TveW3Fq9RBeTNiqVwux5w5VzF3Q0IkaYTkxgmqpuKM9GGCEoSA4HKJQQRKViLwUVCEvfbtJe7ojZUgzkjD5-ITYF2r25VvuLGMrbsvYzevm2-GDm_2HHUWdrDLMTTug44qC5GC0UCRN1zoILYn4WPLtDP6j0mLy1T2_aB5KWac_QD3N3OzPIEUAmExpKyqqp2kVIe4wQR_lQB2QyVQdrXXZ7l_m5iRMFcdX23quu45HUpprCFpF6drk8Upk4NxxFzhLn7ryGWYVa2If4MK6y9QyNZc-JLnYM_BOly6vsEeYGUxz04bktjczVdZNTGIDVLE_VOTaE9mJaKXLKx0eut-FI_z79Zh2UVJNHjY2xmqgjKfwxAD0cm1cUHq0Y76ZdxyIr3Vta5E_nvEUxP6vH6fbwUfqIPwdP5fD9ooXIVTqBOCJ2_EW9q3uJFwHQONsDwEbdZt6IrUZ6HIyP8WGZpyOleMsVhzbzPxk1ope-ishr1dFX-JU1NQR9K4HOxtsif8oTiShHPZdamdjAADxdLAfyPJ4CAWmdrYxymjtU_iyEwngqbWL-wdcJTXYtJ3sOuVLViTmAwsKnFcoqISVSgxTveuudgKD3Yuz_4u7tpxwZjVonNnP0gpq7PLEC_doS3IzRlKlrG--OB0kk9Zv_FHBEqn5vRg_NvYaX-mIUDKQSMP5k6rraWNdVpWNBtXHRCWTK8tvmvT2tGE00PDIAEt1M9bItY8R9qRJEz7UVTGmoBIY3oHkVJ5aX3FlJADPcWxYA9e1OD0hnFVghliE_8rIuzAAMaEN0DOSObqfrQzivB7tIgstfYxva273ghr3CcfhXOkSWe7ZzbOCcbjmrslb1yYSAip0QCInt7sMaEw54dcTai78adtk7rIkRxmxsFEbxOetIDxlI52OGdb3vYV5z28VT5CQs6HKJY1Dd6CDlJEr2MF_xHIOzXRSYeKOcI6R_byz7eHUQoz3EQlWL8fTbGTiXPnOdqgOZY5SioNRBQDE3JSmGNJRTkSPuHUQOmJO7jUxSPI-pNmKBVxgq7Klr-dcYlsXWG3J1VhU7ih0HPBciwtIUB18E7g-Gh8UztA2aEW4arFdlFa47xys&cid=CAQSPgDq26N90YWf9SR8PJRde8OXnLvxIAExKKtdv_dPPT-kEFXH861WH7T4uVUHwBNOBXaA28eGzWtI0UeVZ62KGAEgEw&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F18d1d6f5-6bb7-4c3e-b1bf-a788801cedd7&sid=64A5B6FC-1671-45DA-A5C6-9CE42AEB2A26&nel=0&eid=44748969%2C44765701&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=https%3A%2F%2Fexee.app%2FqC3yIaW&dlt=1669870853135&idt=4905&dt=1669870860400&ged=ve4_td7_tt2_pd7_la7000_er0.0.0.0_vi0.0.939.1280_vp0_ts0_eb16491
IP
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (16616)
Hash 8259e7602c50adad4822d61beccfdaff
ebca46c088dc0190e1583d7c04b9c6ccdd8e17d8
03c52dd08ab6bb0d822c4a1fa0e9b705e492c00804973c17b7dacd43a8a0d2b4
GET /dbm/vast?dbm_c=AKAmf-BWNDgHutRT7ATElnXfwnTRGGZjNdrrqIxNwnbwLavhUUShA8v3li_46Som_4bZ-3XKRil4naI1LPSSlmn3kN5EFPkEOg&cry=1&dbm_d=AKAmf-DhCMgKeJ6mQ71yRef42RbI2IBt_fQZ7A7xhtpuDV4QkAtu5xkybhUme9Nssctv9WSVIf29_YCXD6MgUoaCRXb9A6IHN989wW5C44Dai5YqnyDYQP2OoVROl0VjoQpIGGGyBLvwZl5W_0tSTGTJ0EqnaoM-vc60Ri3FpoVlBKJ1IGgPjTI2nvyCRY9IUbS5kEiWPUUIPvz1ydFpYmjNJnGoEk7AjZWCIgfzrRR5EArlMLCLkn_RrJQ1NaOf-bEFo_D5TVrO7Iw4yls-rCDXS8RTd8Ev9UqDTJ8rg_YrOgJE8GiZb2i22KwsEww5TMVoM4hPFUdoRzeOwqfi4qqxHAlDdEOUtNTI7zyAFPtLXU-9OhaH35TlBkGQbs_kHISLWdBkH0rrqIwOiiOQKuo7sDSUbzauga4TEaV8wb8uDcfwOhUDMnHknUu51tXhmHluY4Qo3AY8EcowJ0hs2dLxB1-5tGR50pGobDzQ9bvLwIPHIJYbdMXR76HufpM4STd3RBlvRpVeH87lbUhRdwUQL_84s8DETZAA7tXi4B6_R9BgfCq4zicqPzdxz2tnLX33Y73jROdCmWB8P-fMjMihyCqdjE8MdTzPUmQnkp6c2B2Taht0CrewS9qsvWLafCEhMWGGbbzDWFZHUcmxjbalvgwtWzbLZRR-NTbOrN59SjslU9yhF_UfCdQA-bkIY0wfy1eyELGcVcMj5LVKlxDQ11teBvqZRizHQVR8XDBM13qcP_C1iMpAlWridYSJllIOzP1AVnlJ0UIysiNjzo0-EvfbPxXL7tT-SCseWdHcFyabFBym7Ks4Sob6BVCMzAz9LctKzxtQXmVmo6GmadQvEzJ6BKFMSWAHzMRzq2EHY_4HiGjyli2rs9eRq1iSCrqszT9Kt50DdD_YPkkUNTmYC2xnWS3TOmFbCyHwWp4fPu-DGCAbj0hmPowYr-ofOlJw2OsU7GkxooOrGdfVetOGQNZm9AtKgpJeZw8pjFYX952YpxPLc9RYMvQr9X5KPRnyzi84pvozGg2CiAJaqFRPRvx0ZzaR88-FGDcVrTed5Oxh_gpzmFI9zlhlBNilDgFsR3sMIJPE97QKwiPdWcGzIy84dELABJl9mppRcDIJp_94vW7yLp8dQUu2hLo9-gQ968KpoTV8Z4k07nEscGiOSavQhbh8t55nLjL0JElXwi9XD2tMacenFDYTYsLKTEit-OAwjLSgqJSlunIBW6t-z_GgcPFjd0rCmROcZKCn3Bi2SAKV92JXw-_mAFBVz7cTOdumkPHFIWVgIPmGXzrKC2hhLJBX6Xoq0zWmHbMbKzXjflwbVqdGzVJGtpljj-Iv5ehfrBo3pdouhaKCt5rBaHwxkJtNP_0elD5gb2SvjFt62soFmkfjZD5yt_zl9ug3aFyX3BRxh41EjU6WzGt8GIvl3ZRtNmK-7VF-AwHH5sjruWCtGoSfURykiiPoklyUPqX67RG_ACFa8yoXrQxCFYZp3hTGstUxGVBRPxnj8l_mUKoU0kt79LJ6G4_CwkK4CBcf64_WCi7KvFFYhaprXZIA8_cQ5QtMQjG42C29nRvo8QA3Z00MIoBCHxP2f-hv3nr8m6C4oZ2l14HuNOzsCOAiIgCpd1-bSz40o7-TG05XDbmcKavhNj3X_knZRFC-Haih7zqfSdzp_AnQ0MZdXLPaeVRXwqmBoLUVWkrUDbNyNtai5SQn38kKpTeq6VGqRqIdMKoQPyAbDp3Yo08W6I9UNZrXyBHP3ankyefpp9gE5bOT5s1arYljE3-hHgB2Vgss_zSTyPOq1ohbsAVJuuBXzSth3NtNJzFUeZil2w3VfzIi7bWeU7vGXpcB04_pRQ__7aYBBjk14w9VGaDtajivVuMpXhWxGZKNEbH69Q6Rd4uZGNO4lJ516IXDi7QRlkPb1DTk82vyI63b6nh4lLHEDqVf61_TGbgGlEP5f1CaSGDovmLQ-4Ef59M5h0KjupSyodAym_ARcRkMh1IuzTLQKbQZcgazg-VqGZM0EohfqdnnUPpzLDnJ6PzwQ6U-VuXHm_zhip5lVpf85kSDjqOvcdpnjbTioRgRmW7qoyPlI3kYHku8nJmhYrEN5bQINcnMZ1Gj9X1XJRndWm07YcgqSmCjPr0zTxmBEKhYXigQD8h2qocCA2Q7G3QBSdzakjmyz1PQVxhwhf5dkQ8iBQWbzI59c6k1TveW3Fq9RBeTNiqVwux5w5VzF3Q0IkaYTkxgmqpuKM9GGCEoSA4HKJQQRKViLwUVCEvfbtJe7ojZUgzkjD5-ITYF2r25VvuLGMrbsvYzevm2-GDm_2HHUWdrDLMTTug44qC5GC0UCRN1zoILYn4WPLtDP6j0mLy1T2_aB5KWac_QD3N3OzPIEUAmExpKyqqp2kVIe4wQR_lQB2QyVQdrXXZ7l_m5iRMFcdX23quu45HUpprCFpF6drk8Upk4NxxFzhLn7ryGWYVa2If4MK6y9QyNZc-JLnYM_BOly6vsEeYGUxz04bktjczVdZNTGIDVLE_VOTaE9mJaKXLKx0eut-FI_z79Zh2UVJNHjY2xmqgjKfwxAD0cm1cUHq0Y76ZdxyIr3Vta5E_nvEUxP6vH6fbwUfqIPwdP5fD9ooXIVTqBOCJ2_EW9q3uJFwHQONsDwEbdZt6IrUZ6HIyP8WGZpyOleMsVhzbzPxk1ope-ishr1dFX-JU1NQR9K4HOxtsif8oTiShHPZdamdjAADxdLAfyPJ4CAWmdrYxymjtU_iyEwngqbWL-wdcJTXYtJ3sOuVLViTmAwsKnFcoqISVSgxTveuudgKD3Yuz_4u7tpxwZjVonNnP0gpq7PLEC_doS3IzRlKlrG--OB0kk9Zv_FHBEqn5vRg_NvYaX-mIUDKQSMP5k6rraWNdVpWNBtXHRCWTK8tvmvT2tGE00PDIAEt1M9bItY8R9qRJEz7UVTGmoBIY3oHkVJ5aX3FlJADPcWxYA9e1OD0hnFVghliE_8rIuzAAMaEN0DOSObqfrQzivB7tIgstfYxva273ghr3CcfhXOkSWe7ZzbOCcbjmrslb1yYSAip0QCInt7sMaEw54dcTai78adtk7rIkRxmxsFEbxOetIDxlI52OGdb3vYV5z28VT5CQs6HKJY1Dd6CDlJEr2MF_xHIOzXRSYeKOcI6R_byz7eHUQoz3EQlWL8fTbGTiXPnOdqgOZY5SioNRBQDE3JSmGNJRTkSPuHUQOmJO7jUxSPI-pNmKBVxgq7Klr-dcYlsXWG3J1VhU7ih0HPBciwtIUB18E7g-Gh8UztA2aEW4arFdlFa47xys&cid=CAQSPgDq26N90YWf9SR8PJRde8OXnLvxIAExKKtdv_dPPT-kEFXH861WH7T4uVUHwBNOBXaA28eGzWtI0UeVZ62KGAEgEw&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F18d1d6f5-6bb7-4c3e-b1bf-a788801cedd7&sid=64A5B6FC-1671-45DA-A5C6-9CE42AEB2A26&nel=0&eid=44748969%2C44765701&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=https%3A%2F%2Fexee.app%2FqC3yIaW&dlt=1669870853135&idt=4905&dt=1669870860400&ged=ve4_td7_tt2_pd7_la7000_er0.0.0.0_vi0.0.939.1280_vp0_ts0_eb16491 HTTP/1.1
Host: bid.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 05:01:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://imasdk.googleapis.com
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 16467
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 01-Dec-2022 05:16:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=ima&puid=1~lb4lzsba&c=4264886662349&slotId=2132443331174.5&qqid=CNvfjdzR1_sCFVSOGAod4m4NKw&gqid=DTWIY5jRFZvCYLL0meAP&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44765701&wta=1&vmfc=11&vhc=0
204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&puid=1~lb4lzsba&c=4264886662349&slotId=2132443331174.5&qqid=CNvfjdzR1_sCFVSOGAod4m4NKw&gqid=DTWIY5jRFZvCYLL0meAP&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44765701&wta=1&vmfc=11&vhc=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&puid=1~lb4lzsba&c=4264886662349&slotId=2132443331174.5&qqid=CNvfjdzR1_sCFVSOGAod4m4NKw&gqid=DTWIY5jRFZvCYLL0meAP&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44765701&wta=1&vmfc=11&vhc=0 HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Thu, 01 Dec 2022 05:01:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=ima&puid=2~lb4lzu9v&c=4264886662349&slotId=2132443331174.5&qqid=CNvfjdzR1_sCFVSOGAod4m4NKw&gqid=DTWIY5jRFZvCYLL0meAP&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&gpm_i=11&gpm_c=11&gpm_a=0&webm=0&vp9=0&vamt=application%2Fx-mpegurl%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false
204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&puid=2~lb4lzu9v&c=4264886662349&slotId=2132443331174.5&qqid=CNvfjdzR1_sCFVSOGAod4m4NKw&gqid=DTWIY5jRFZvCYLL0meAP&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&gpm_i=11&gpm_c=11&gpm_a=0&webm=0&vp9=0&vamt=application%2Fx-mpegurl%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&puid=2~lb4lzu9v&c=4264886662349&slotId=2132443331174.5&qqid=CNvfjdzR1_sCFVSOGAod4m4NKw&gqid=DTWIY5jRFZvCYLL0meAP&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&gpm_i=11&gpm_c=11&gpm_a=0&webm=0&vp9=0&vamt=application%2Fx-mpegurl%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Thu, 01 Dec 2022 05:01:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
IP
GET /sb/notifications/games/nutaku/multi/2/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:56 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Aug 2022 08:55:17 GMT
etag: W/"62fdfe75-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1350435
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8mUS3tiG6Nsg7wQYqZPeWZDOc0qy%2B3f14xUsNn4EtHQYqYbNWq1ZBysPGcx9VtecxASXEYVzKLupLvfx7ueYFaa3iK4c7PsFZtTxnXbBoqaOKdr47L5PBUbfpFdEtG1k76sDJ3OkATNe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294312da69719c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 0 B IP
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 180
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:59 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MbiaRHejGdf90znNk%2BZH21mhpojEuD008QVmp3SpLoI0v00qNP804UPZQCYoqc20r%2BeMK%2FKpWD937X%2BRRyGpZcm2%2FdpAJQh%2Bt135zY1Ke4JSvV9ieuNdXaBrcGcvhuWog4BS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772943265e8cf40f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:54 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2505
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sce4nv%2BLaQoq3195M%2B2UVn7VGGcDsvMisIkwvQrg0ENxNwEPeEGbiWMm8PYxX45S2OkcZCNOGYsyUHwYUyLUcJdsgIrf%2BhWuXOdVjuniOs%2F8x8nk7PAi8f961uu236XKwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7729430aad24b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/main.js
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/main.js
IP
GET /sb/notifications/games/nutaku/multi/2/js/main.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:56 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:29:33 GMT
etag: W/"632abd5d-20ea"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 834350
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V50Z%2FIsKZesrG4KDuEsAejr7ye9fEvVsIEa1nl40WV7vQgmtF1dAztmXwxHnvqouXzuyVE4YydGmyBHd9WgLnNN3%2FbG0VE6FcbDpi1NgNJIp3VyeALcYij2nFMEvF5rC6yL7EgIvwzAd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772943137ae1719c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:54 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1901
last-modified: Thu, 01 Dec 2022 04:29:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tUqe1HB%2B1cEVnVlGD6%2Fx%2BOOae5JXBpWEto69Ba2sDNqJ2n%2Bs2Yo3u%2B4bC%2F4tFGi3ys15ipbg0woynsF%2BsN%2FEh0Yzfb2p3hTPJ6%2FX6fTaAdawL0dtZYjiG1ClIwOx678C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7729430b387071ec-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
IP
GET /sb/notifications/games/nutaku/multi/2/css/styles.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:56 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 08:03:32 GMT
etag: W/"632ac554-2c89"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cqp0i4xgNY0gJn1t8Cyh%2BhpkWRbMZrgBnMauQpjyyvdTHaJ%2BwNo5jvJcBwuxbCx9lUDVO4Y8H2OLERgE6pcfxxkw4dvhr3yHxQwHnOsMiDxzCaCJ%2FWFZRYVsYuT4TWlvxCpWLcVkLYc0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77294312aa3b719c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FqC3yIaW&tag=v-exee-app&domain=exee.app
200 OK 0 B URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FqC3yIaW&tag=v-exee-app&domain=exee.app
IP
GET /allowed_url.php?type=json&url=exee.app%2FqC3yIaW&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:55 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yvcyr3hZUzWgc7teFx6%2F9whYiv79SNB1%2F5JbTpVzibSLFomOgwiSv3iFdisHmM%2BF4jsQuju%2BGHtblgtOni1jsrbRcQq6whujUGCF40MUWwTy1lRzwHOcWxrcmPRnNtoeza4P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7729430c48dc75e1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:55 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: c399019f6fc6c5d2c645a79797d0b9f9
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 01 Dec 2022 05:00:54 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZXrEFtMTJeQJACTyEhmAV6uzaBjWfUYMNyV7Q1P8WPeFY%2FPIYhNgw5yu4r6I%2BO2YnuYU%2Fo%2Bzai9FIlX9wEwKGOPtZbEGgqiHxulJsg06eSDBHK%2FDc6O2mSNWLwtAt%2BU78beu1HU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7729430ced787779-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 0 B IP
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 179
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:58 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x3MQ3rNtdN%2FdyO1kHls%2F7aCcESBbybxpZIWPpcYUm%2BVMpkJg4KHzIeGKyzulQqx9umfiRT8q3Uw4Ps5PdEpsPAx71nq%2F8xp0hJVrsONwfqLwG8ch%2FYZVjpTiT0zt2MZ4TJFt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77294322cd5bf40f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 0 B IP
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 182
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:00:59 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QuDItwIgcGmkXWS6U4EbADDSW2khzp6RZilKFmi%2BHQTrpSRVGeW9WNQGKtI4qSt0bDY3LaewCRnUaAdTPTLTmWZeZglSr9slrn9CrvTWU8W%2FZTSiUXPNNaGkrBTjt7hZ3fiG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772943268ea7f40f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
104.26.2.103
52.28.211.11
15.235.114.204
104.18.32.68
31.13.72.36
93.184.220.29
23.36.76.226