r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 43ad67f241ee3692a9c9c1da080dae58
6a024f7d71eeee257edc91ba9273416f634aaae5
636635b57f9e6d2ad9b1b949298ee7d3b5b7e251a63516ff68bfb1eceded5688
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "636635B57F9E6D2AD9B1B949298EE7D3B5B7E251A63516FF68BFB1ECEDED5688"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12505
Expires: Sun, 11 Dec 2022 02:18:40 GMT
Date: Sat, 10 Dec 2022 22:50:15 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 430f1651125c14bfa4924aa1f1a392e9
304141c5fe7ac8b370a67912b2592f9622de9600
315d77a9956f34b1615e38f5f1971dd05146980f8a36b35a8108d47ebba7e8e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "315D77A9956F34B1615E38F5F1971DD05146980F8A36B35A8108D47EBBA7E8E5"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4674
Expires: Sun, 11 Dec 2022 00:08:09 GMT
Date: Sat, 10 Dec 2022 22:50:15 GMT
Connection: keep-alive
exee.app/PV0Exm
200 OK 165 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61746)
Size 165 kB (164657 bytes)
Hash b7f9f1fac09b29e0cf94989e901cecb5
067c6a7559f88d4df25868079df9b7b715c19388
d9f9a94219acc6958fc7bc3a2642501aec2ec8402fa4eda8212f2e24b49463cb
GET /PV0Exm HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 10 Dec 2022 22:50:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding,User-Agent
Set-Cookie: AppSession=3e536c4d27852813f0df395e156a9177; path=/; HttpOnly
csrfToken=200065de6b5a1cfc96c4c6ad9b074eb577c7dc5d0e13ac255032fcb0fa931e2429773f06a7ebbfb2b9ead6bcfea5e8ad10a5aeb21124de88f79a67ced93a1148; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0FJDWNcXgpigXXd6wEMx3Du%2B3Z5R9q8PD%2FLEfaoS0%2FgX9yQyOinaZ14xYrfH0s35KR2DTDTUDHA3Z9VFMNeFEf6Mr60l8fK1Xp0zbIsFbYxsarSeX0bhSq4RHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 777989d56d8e1bfe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 10 Dec 2022 22:08:26 GMT
content-type: application/json
age: 2509
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6919
Expires: Sun, 11 Dec 2022 00:45:34 GMT
Date: Sat, 10 Dec 2022 22:50:15 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 2jhGAVyQx3RxPdMZw5Syf7WsA9UVObIxVZuW2KLWyH4y/q2UM2iC0XIWOzS+aVwXYxF+NVN1Ic0=
x-amz-request-id: RFHYF0DAP0N43Q2F
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 10 Dec 2022 21:50:50 GMT
age: 3565
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 22:50:15 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash edac2b4e678c48b1fc3be3a06793bfcb
23f1f41a2194536d77a2497d7255b13747fd9af0
e6b36b71f3633bd9d2b80043967f9579820f0ef1d5f66e5c401806de13cbe2a1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash f7aef7109978f8c1c53298563756a403
d610bb812b080710945dd47f9cccd794af9fe2f7
6366bc97e3f9ac9a6e8a294da60f2d961d2106180fd8ffaae97bc82ea399edb9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP
File type ASCII text, with very long lines (1921)
Hash 6bdbd2902abb1eb55ff483af0def2420
5783a96c0315f1fb7e6a2756256ccdf0cecdded7
69088a9e8a90faaa81df7f69a3a7b4413479b54a832f13c54b6e9b2b71e58258
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 Dec 2022 22:50:15 GMT
expires: Sat, 10 Dec 2022 22:50:15 GMT
cache-control: private, max-age=900
last-modified: Sat, 10 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43578
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
exee.app/css/continue.css
200 OK 43 kB URL HTTP/1.1 exee.app/css/continue.css
IP
File type assembler source, ASCII text
Hash 86f2690abb402da57ec94426944f117d
090dd2289eff354b4ae54490f2f8060df48c9d0c
e1f10c833a7a0f58158484857fe22a7c6efdcb7e4636df1cc9e2c4a5d3d1dafa
GET /css/continue.css HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/PV0Exm
Cookie: AppSession=3e536c4d27852813f0df395e156a9177; csrfToken=200065de6b5a1cfc96c4c6ad9b074eb577c7dc5d0e13ac255032fcb0fa931e2429773f06a7ebbfb2b9ead6bcfea5e8ad10a5aeb21124de88f79a67ced93a1148
HTTP/1.1 200 OK
Date: Sat, 10 Dec 2022 22:50:15 GMT
Content-Type: text/css
Content-Length: 43033
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 20 Nov 2020 17:25:47 GMT
Cache-Control: max-age=2592000
Expires: Mon, 09 Jan 2023 22:50:15 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iDyv%2BD4F7m1KJEDZY1IVIPilIBygo902HErib9p94ntHlsLcoTuy5V1dKYlxxV5Pw%2BT5kCELJCXaGn%2FClbeXdonYDf4KkSj2esYr4hHYCsxgFXvCg%2BThAFvZ3w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 777989d848d71bfe-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash edac2b4e678c48b1fc3be3a06793bfcb
23f1f41a2194536d77a2497d7255b13747fd9af0
e6b36b71f3633bd9d2b80043967f9579820f0ef1d5f66e5c401806de13cbe2a1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2bbc2a332da069e062c141b6755efb07
e7cb19a32562264a6858b73f90caff1fe7887a29
5fad6e64460cced764a9d312bc67cf858e5b28e5b2e107dc790bc5973f1ecd1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
qj.wimplesbooklet.com/1clkn/29529
200 OK 26 B URL HTTP/1.1 qj.wimplesbooklet.com/1clkn/29529
IP
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: qj.wimplesbooklet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Dec 2022 22:50:15 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sun, 11-Dec-2022 22:50:15 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sun, 11-Dec-2022 22:50:15 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
a.vdo.ai/core/v-exee-app/vdo.ai.js
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sat, 10 Dec 2022 22:50:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 10 Dec 2022 23:50:16 GMT
Location: https://a.vdo.ai/core/v-exee-app/vdo.ai.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6tTGH48uykrmnsBQK3xz4%2FQxh%2F8nU83%2F12ty%2BNssB8lVKXb2fWsWsZdprPAYOEK0pwqQxjB11dezxKmyn8Iq3pCPB5awBFdCvDL4KjtILY83YTuPGq8dPdBQLw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 777989da18a788a4-LHR
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 8fea2d3bcb0ff2ae2719d151626aedd2
4f463254293dca1a96e4e4f572599f3bc20fb1ea
b0752251cd001fbc22d3693295c253dbc276bd2a5ca0b3bae51ed48a69f88d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B0752251CD001FBC22D3693295C253DBC276BD2A5CA0B3BAE51ED48A69F88D49"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15683
Expires: Sun, 11 Dec 2022 03:11:39 GMT
Date: Sat, 10 Dec 2022 22:50:16 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 7d7d32ac5320d741b3763e2a56c171fd
6b96fb9b49ced7635332c282e8343b03102093b5
f63c09c36d4cb17e3781a90118de486b23ee5e33ec96f63ba1b2f3826a4dc9ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F63C09C36D4CB17E3781A90118DE486B23EE5E33EC96F63BA1B2F3826A4DC9AB"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8334
Expires: Sun, 11 Dec 2022 01:09:10 GMT
Date: Sat, 10 Dec 2022 22:50:16 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 7d7d32ac5320d741b3763e2a56c171fd
6b96fb9b49ced7635332c282e8343b03102093b5
f63c09c36d4cb17e3781a90118de486b23ee5e33ec96f63ba1b2f3826a4dc9ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F63C09C36D4CB17E3781A90118DE486B23EE5E33EC96F63BA1B2F3826A4DC9AB"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8334
Expires: Sun, 11 Dec 2022 01:09:10 GMT
Date: Sat, 10 Dec 2022 22:50:16 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 8fea2d3bcb0ff2ae2719d151626aedd2
4f463254293dca1a96e4e4f572599f3bc20fb1ea
b0752251cd001fbc22d3693295c253dbc276bd2a5ca0b3bae51ed48a69f88d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B0752251CD001FBC22D3693295C253DBC276BD2A5CA0B3BAE51ED48A69F88D49"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15683
Expires: Sun, 11 Dec 2022 03:11:39 GMT
Date: Sat, 10 Dec 2022 22:50:16 GMT
Connection: keep-alive
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:56:07 GMT
expires: Tue, 05 Dec 2023 18:56:07 GMT
cache-control: public, max-age=31536000
age: 446049
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:52:41 GMT
expires: Tue, 05 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 446255
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/fni3VsVdLUE
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/fni3VsVdLUE
IP
Hash 3b89d3649c85e67385f152a47f573dc7
d4c02ba40a234bea68725443f8e686f9da5cd43b
e53992224f0727a73e086f3e1c3be48d91a19e29aa1b2d1200bcb5cdb76ce75e
POST /s/gts1p5/fni3VsVdLUE HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/fni3VsVdLUE
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/fni3VsVdLUE
IP
Hash 3b89d3649c85e67385f152a47f573dc7
d4c02ba40a234bea68725443f8e686f9da5cd43b
e53992224f0727a73e086f3e1c3be48d91a19e29aa1b2d1200bcb5cdb76ce75e
POST /s/gts1p5/fni3VsVdLUE HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 280 B IP
Hash 372bf970376a3c94a0d39811d5b179a7
b1d537728a6e172a02c8da4eb9910b9461d0fa53
002ade3755c7bf80870b706c641a2a806fea9c05081744d8a4ecfc2b5f9c4b1a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6427
Cache-Control: max-age=133420
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:16 GMT
Etag: "63945a39-118"
Expires: Mon, 12 Dec 2022 11:53:56 GMT
Last-Modified: Sat, 10 Dec 2022 10:06:49 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37171), with no line terminators
Hash a30c1f88c167abf19e14dc528486939f
e97bb8954de8657406cbeffe920c3d6300fe3b45
4facf0f833ef33efa2d7ceee1d1ee2e9db514c9a2e401faa63eb2868f5871674
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 10 Dec 2022 22:50:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b960c3c734b64abde4c9d313f5694141
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/s/gts1p5/fni3VsVdLUE
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/fni3VsVdLUE
IP
Hash 3b89d3649c85e67385f152a47f573dc7
d4c02ba40a234bea68725443f8e686f9da5cd43b
e53992224f0727a73e086f3e1c3be48d91a19e29aa1b2d1200bcb5cdb76ce75e
POST /s/gts1p5/fni3VsVdLUE HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 7d7d32ac5320d741b3763e2a56c171fd
6b96fb9b49ced7635332c282e8343b03102093b5
f63c09c36d4cb17e3781a90118de486b23ee5e33ec96f63ba1b2f3826a4dc9ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F63C09C36D4CB17E3781A90118DE486B23EE5E33EC96F63BA1B2F3826A4DC9AB"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8334
Expires: Sun, 11 Dec 2022 01:09:10 GMT
Date: Sat, 10 Dec 2022 22:50:16 GMT
Connection: keep-alive
gotwakinrollet.xyz/d3ZMS1ZYSS84ayQgPAI3PwY7EmUfJx8DYwYTfXobEkQkcgMyAWo/PxNLdHlkQkR4bSYeEnF6cAQCLT8jBEt9bT8ZECN2cAFLfWVlQ1h/enhGUDl2Z1ECPCoxSkdqOyIDGnF6YEBGe3pkQUd4fW5B
204 No Content 0 B URL HTTP/2 gotwakinrollet.xyz/d3ZMS1ZYSS84ayQgPAI3PwY7EmUfJx8DYwYTfXobEkQkcgMyAWo/PxNLdHlkQkR4bSYeEnF6cAQCLT8jBEt9bT8ZECN2cAFLfWVlQ1h/enhGUDl2Z1ECPCoxSkdqOyIDGnF6YEBGe3pkQUd4fW5B
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d3ZMS1ZYSS84ayQgPAI3PwY7EmUfJx8DYwYTfXobEkQkcgMyAWo/PxNLdHlkQkR4bSYeEnF6cAQCLT8jBEt9bT8ZECN2cAFLfWVlQ1h/enhGUDl2Z1ECPCoxSkdqOyIDGnF6YEBGe3pkQUd4fW5B HTTP/1.1
Host: gotwakinrollet.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 10 Dec 2022 22:50:16 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=30VfBdTruKe3yyV1YM8dRa03CU9hRe58dY8JXuDloBoE6A%2FuTTdOevF%2BEuaiLPaYDcvZHkBeeVzDAYXp4dbDgKiE2wI2cWcPU18OzPYROSCvbOpwRT4sEf5sQdTg9Mq8cicc06Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 777989dc3ee9b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gotwakinrollet.xyz/S3ZUTEpkSTc/dy8yHgUoeDwXDiQjEwYZDw8VAiQGGScOexJ7FXI4Iy9LbHh5eUBlajoiEml9cm0FIC0+PgVpfWwiGDIjd20AaX1ke1hmYnhtA2l9bD8GNSt3elAkOD4nS2V6fXtBZX58ekJjeng
204 No Content 0 B URL HTTP/2 gotwakinrollet.xyz/S3ZUTEpkSTc/dy8yHgUoeDwXDiQjEwYZDw8VAiQGGScOexJ7FXI4Iy9LbHh5eUBlajoiEml9cm0FIC0+PgVpfWwiGDIjd20AaX1ke1hmYnhtA2l9bD8GNSt3elAkOD4nS2V6fXtBZX58ekJjeng
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /S3ZUTEpkSTc/dy8yHgUoeDwXDiQjEwYZDw8VAiQGGScOexJ7FXI4Iy9LbHh5eUBlajoiEml9cm0FIC0+PgVpfWwiGDIjd20AaX1ke1hmYnhtA2l9bD8GNSt3elAkOD4nS2V6fXtBZX58ekJjeng HTTP/1.1
Host: gotwakinrollet.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 10 Dec 2022 22:50:16 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I6WKsF5bQq5ZlLrk4%2Fy5sjdiZtWARTyEBuYTKYqJ07fbmyNBglzmPoog6xNKP%2BLWZUcSF5Mrz%2Biagl6LD6ySASvp98ifETEKbemtks8Qhqz6Z7tR8qIKgVq89eFcUqbY55Yv9xs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 777989dc3eeeb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gotwakinrollet.xyz/a2VpemxEWgoJUTE9JxU7Bw08KypeFwssIiM9LhYYPlUjGzVZVU8OBQ9YUUJVX1xdXBwCAVRLShgRCA4ZGFhYXAUFAwZHSh1YWFRfX0taS0JaQxxHXU0RGRsLVlRPChgfCVRLWlxVXkteXVRdTVhf
204 No Content 0 B URL HTTP/2 gotwakinrollet.xyz/a2VpemxEWgoJUTE9JxU7Bw08KypeFwssIiM9LhYYPlUjGzVZVU8OBQ9YUUJVX1xdXBwCAVRLShgRCA4ZGFhYXAUFAwZHSh1YWFRfX0taS0JaQxxHXU0RGRsLVlRPChgfCVRLWlxVXkteXVRdTVhf
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a2VpemxEWgoJUTE9JxU7Bw08KypeFwssIiM9LhYYPlUjGzVZVU8OBQ9YUUJVX1xdXBwCAVRLShgRCA4ZGFhYXAUFAwZHSh1YWFRfX0taS0JaQxxHXU0RGRsLVlRPChgfCVRLWlxVXkteXVRdTVhf HTTP/1.1
Host: gotwakinrollet.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 10 Dec 2022 22:50:16 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KWW6XAH7q8tKb1%2FX6LdBkBodWbCzAhOTEIaIhbVC4oumfuTwqX%2FbJD37dwFE6LjWIpkVLXtuT27qzRP3R3bkagTK3GR%2F2DvKLjAFQDxKc1bNMiY6jdjrgV0DvPnnsRawJMP1Ono%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 777989dcaf77b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Date: Sat, 10 Dec 2022 22:50:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 22271f2c34ede2a54e8bfa4af9063bc1
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 10 Dec 2022 22:50:16 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WkcBSeX2qXNNOOCxc9o1FWIKH4Uxsw9J4U%2BEU3ewZsbshn3AXbc9xYyHgcwh76cyUZH8zEBKyYSAi9hI2YdH5K2BlWADu4Qy1B7oFiFdUPaqyCqJMgYOFIttg58R4Gfhvg6%2FxdQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 777989dcec4f71e4-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 10 Dec 2022 22:07:55 GMT
age: 2541
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 8af7d94cfd394aebb936e35ebd76f2b4
9bc2af030a485afda6bf376ed390d719bed54fab
7ff67179003bb029636427908b99a2bf17022b80ecd8f08d181f0f0ba6256e55
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=143988
Date: Sat, 10 Dec 2022 22:50:16 GMT
Etag: "63948a18-1d7"
Expires: Mon, 12 Dec 2022 14:50:04 GMT
Last-Modified: Sat, 10 Dec 2022 13:31:04 GMT
Server: ECS (bsa/EB1F)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7Nt0aqQY2xIZduNtojkd8gWsvnvGapxSfMDLMbeYw9_zhrT9-V4kzw==
Age: 4740
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
200 OK 147 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP
Size 147 kB (146819 bytes)
Hash 275daf56f5b347146758b7066a9fd392
9bbd7213006670dfecb51ac77a064b557b1df51b
623dc3de2d3eee48a59c5f05da5b99b5130584d74b1064b4bdf1d37ae3eba880
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 10 Dec 2022 22:50:15 GMT
date: Sat, 10 Dec 2022 22:50:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash 372bf970376a3c94a0d39811d5b179a7
b1d537728a6e172a02c8da4eb9910b9461d0fa53
002ade3755c7bf80870b706c641a2a806fea9c05081744d8a4ecfc2b5f9c4b1a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6427
Cache-Control: max-age=133420
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:16 GMT
Etag: "63945a39-118"
Expires: Mon, 12 Dec 2022 11:53:56 GMT
Last-Modified: Sat, 10 Dec 2022 10:06:49 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/s/gts1p5/fni3VsVdLUE
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/fni3VsVdLUE
IP
Hash 3b89d3649c85e67385f152a47f573dc7
d4c02ba40a234bea68725443f8e686f9da5cd43b
e53992224f0727a73e086f3e1c3be48d91a19e29aa1b2d1200bcb5cdb76ce75e
POST /s/gts1p5/fni3VsVdLUE HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
200 OK 472 B IP
Hash 8db5e5fdd6de1be318e1e2eb919fb0e7
8258c78d87a302be368193b851b55c8e32107c82
143d463b64c5b6772aa9f446e7ea1bb201fe8ce57b25779a6c99dd416a660c7f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 10 Dec 2022 22:50:16 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Dec 2022 16:52:37 GMT
Expires: Thu, 15 Dec 2022 16:52:36 GMT
Etag: "8258c78d87a302be368193b851b55c8e32107c82"
Cache-Control: max-age=409939,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 777989dcec450b65-OSL
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash fbe921ca970bb9d5ccadde793776c3e9
b116d50ada59e770a427ec610f7a6d45a88ee0fb
722dc1c1587153c90735fdca2eb657e1611d373da0a41ca1f96d36d9896ab223
Analyzer Verdict Alert fortinet Malware
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:16 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=3e081bb7-89d1-40a4-9275-554563e67396:3:1; expires=Tue, 07 Dec 2032 22:50:16 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 900
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 10 Dec 2022 22:50:16 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: http://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.digicert.com/
200 OK 471 B IP
Hash 44d4574b46375a2d215ae74bc5eae610
5257ed3edeb56231a9bee921671bb2e0c566000e
923454b28e4fa10085df809768a75c2d9f58f104afa016c06ccca7a26479073b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6469
Cache-Control: max-age=129863
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:16 GMT
Etag: "63944c2a-1d7"
Expires: Mon, 12 Dec 2022 10:54:39 GMT
Last-Modified: Sat, 10 Dec 2022 09:06:50 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/dependencies_hbv4_latest/vdo.min.js?v=v2.2 HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sat, 10 Dec 2022 22:50:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 10 Dec 2022 23:50:16 GMT
Location: https://a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zX2ngMZIvMyn%2FbqOl4xMUZ1VUAacQtux9kB92%2FH2e2wJ%2F1ZWsIhcNXldGtW%2Bv%2BS3VYlzHPOggW3ULot7wSdmsEiHlJLyjtG9aEbEmc59y27ZBOtzpH5WGhQQQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 777989df1f2688a4-LHR
alt-svc: h2=":443"; ma=60
minsistereron.xyz/dXRXM1IUFjRebRRJNRUnBxhqFmAzUWV1NkcYL1I/GA49UiANRTkdMRkbIlc0Bxs5R3wbESMWYDMNDgE2MyEAAxM2NyQABx0XGHoFDSIAAmcNFRFfFDEgDhZgNzUvfTMlJhoEBCMhGWM7MyYBa2IyPzBHEDgnJHkKGRA9YwMCOhZ7OkY3FgMXEDMVfxMSOTlRFBkyEkkHUEYVcT5BIR1ZJT01BgM1OiYCdQMhNSBmE0E9B0k1NzAgaTUsDSNkAS0iZ2tjOyQaWTUxNiBUKzwfP2EEDAc7YBQzLDN0FDEhZ3lgMEQ/YQQPPWNyYyMgDnQbAyY7ZWM+IiNrAxtZDmcBMzIPfSsRPQJwCEUtAVscI0YvAwpEORZ6FjwzE3YYRjJmCgYjGgFbCjM6AGoVOxAVYmZGOhZAHz1GFVkZRD4PUBpMEAVhGEEtFhU4Bhs5Q28NNgEFYD0bGwFgTSMQWw
200 OK 1.2 kB URL HTTP/1.1 minsistereron.xyz/dXRXM1IUFjRebRRJNRUnBxhqFmAzUWV1NkcYL1I/GA49UiANRTkdMRkbIlc0Bxs5R3wbESMWYDMNDgE2MyEAAxM2NyQABx0XGHoFDSIAAmcNFRFfFDEgDhZgNzUvfTMlJhoEBCMhGWM7MyYBa2IyPzBHEDgnJHkKGRA9YwMCOhZ7OkY3FgMXEDMVfxMSOTlRFBkyEkkHUEYVcT5BIR1ZJT01BgM1OiYCdQMhNSBmE0E9B0k1NzAgaTUsDSNkAS0iZ2tjOyQaWTUxNiBUKzwfP2EEDAc7YBQzLDN0FDEhZ3lgMEQ/YQQPPWNyYyMgDnQbAyY7ZWM+IiNrAxtZDmcBMzIPfSsRPQJwCEUtAVscI0YvAwpEORZ6FjwzE3YYRjJmCgYjGgFbCjM6AGoVOxAVYmZGOhZAHz1GFVkZRD4PUBpMEAVhGEEtFhU4Bhs5Q28NNgEFYD0bGwFgTSMQWw
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash a75624e3e15c15f0e5ea1bade7c8d900
195cd14f2925973499aac922bb21f0be3210d1d1
df1fc95882556c6e45cb38f4b8c8c51976c692acb423ae9166c138fc930cab70
GET /dXRXM1IUFjRebRRJNRUnBxhqFmAzUWV1NkcYL1I/GA49UiANRTkdMRkbIlc0Bxs5R3wbESMWYDMNDgE2MyEAAxM2NyQABx0XGHoFDSIAAmcNFRFfFDEgDhZgNzUvfTMlJhoEBCMhGWM7MyYBa2IyPzBHEDgnJHkKGRA9YwMCOhZ7OkY3FgMXEDMVfxMSOTlRFBkyEkkHUEYVcT5BIR1ZJT01BgM1OiYCdQMhNSBmE0E9B0k1NzAgaTUsDSNkAS0iZ2tjOyQaWTUxNiBUKzwfP2EEDAc7YBQzLDN0FDEhZ3lgMEQ/YQQPPWNyYyMgDnQbAyY7ZWM+IiNrAxtZDmcBMzIPfSsRPQJwCEUtAVscI0YvAwpEORZ6FjwzE3YYRjJmCgYjGgFbCjM6AGoVOxAVYmZGOhZAHz1GFVkZRD4PUBpMEAVhGEEtFhU4Bhs5Q28NNgEFYD0bGwFgTSMQWw HTTP/1.1
Host: minsistereron.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1195
Connection: keep-alive
Date: Sat, 10 Dec 2022 22:50:16 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 a24c9d6c7d18c05b905998ff03831706.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ICN54-C3
X-Amz-Cf-Id: QSLT6DPO1AJKPbQBk9Dvdc7PEkA3UAKE36HjEB8aXF91SFz8enJHSg==
minsistereron.xyz/ZFJrN1oFMAhaZQVvCREvFj5WEmgid1lxPlY+E1Y3CSgBVigcYwUZOQg9HlM8Fj0FQ3QKNx8SaCIqJGMcKzc8Tzs8OypRD1RjMnwxNgcoQBRTAVpQPDMoW2AbDzkmcDEhIjhiAFEUHHE9PBEAeA0iBCd/a1wLOgYMHgE+RwwxESpSDzZrPn4YFAAodTkSGjoDHyYFDHkSIggKVC0LAj1xKRcXHFsINwEDUR0yNSZ+Ij0FPnFqDRUuXBYAYR9vAiYlL1E2ITA+cWIVFANDESIaE30bD2I+UR8INihlY0FgKW8cXWUtfyIuFVp1PAEXWn0ZChwZZGscECkEdxQxMwQpMTQuXD8wKjkOFSJiIXUdJhg5ZS0gNAMDEDM+BF8CImdOBRwlYV5+AiU5KlExDBgoQB8LFykCOTIrLnUJNSZYUWoICC1AHAsWLXITQjgYWDQUbz8PHxQlXFk3PT8MQG4IKDo
200 OK 1.2 kB URL HTTP/1.1 minsistereron.xyz/ZFJrN1oFMAhaZQVvCREvFj5WEmgid1lxPlY+E1Y3CSgBVigcYwUZOQg9HlM8Fj0FQ3QKNx8SaCIqJGMcKzc8Tzs8OypRD1RjMnwxNgcoQBRTAVpQPDMoW2AbDzkmcDEhIjhiAFEUHHE9PBEAeA0iBCd/a1wLOgYMHgE+RwwxESpSDzZrPn4YFAAodTkSGjoDHyYFDHkSIggKVC0LAj1xKRcXHFsINwEDUR0yNSZ+Ij0FPnFqDRUuXBYAYR9vAiYlL1E2ITA+cWIVFANDESIaE30bD2I+UR8INihlY0FgKW8cXWUtfyIuFVp1PAEXWn0ZChwZZGscECkEdxQxMwQpMTQuXD8wKjkOFSJiIXUdJhg5ZS0gNAMDEDM+BF8CImdOBRwlYV5+AiU5KlExDBgoQB8LFykCOTIrLnUJNSZYUWoICC1AHAsWLXITQjgYWDQUbz8PHxQlXFk3PT8MQG4IKDo
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3051), with no line terminators
Hash f2617a9b8e587876f5e7f9386793e863
5fa7c957d944df23d63ec28450bfe7d5ffe1a86e
9c8d7d1b19fd208aad58e5f226604e1d4ade3649fa31a31660ed73c302006983
GET /ZFJrN1oFMAhaZQVvCREvFj5WEmgid1lxPlY+E1Y3CSgBVigcYwUZOQg9HlM8Fj0FQ3QKNx8SaCIqJGMcKzc8Tzs8OypRD1RjMnwxNgcoQBRTAVpQPDMoW2AbDzkmcDEhIjhiAFEUHHE9PBEAeA0iBCd/a1wLOgYMHgE+RwwxESpSDzZrPn4YFAAodTkSGjoDHyYFDHkSIggKVC0LAj1xKRcXHFsINwEDUR0yNSZ+Ij0FPnFqDRUuXBYAYR9vAiYlL1E2ITA+cWIVFANDESIaE30bD2I+UR8INihlY0FgKW8cXWUtfyIuFVp1PAEXWn0ZChwZZGscECkEdxQxMwQpMTQuXD8wKjkOFSJiIXUdJhg5ZS0gNAMDEDM+BF8CImdOBRwlYV5+AiU5KlExDBgoQB8LFykCOTIrLnUJNSZYUWoICC1AHAsWLXITQjgYWDQUbz8PHxQlXFk3PT8MQG4IKDo HTTP/1.1
Host: minsistereron.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1200
Connection: keep-alive
Date: Sat, 10 Dec 2022 22:50:16 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 704e20bf98d229376f7c28ed8a27e5a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ICN54-C3
X-Amz-Cf-Id: Act-UkuqW7VWs3C_WIxukL4UJFebXwhvl7HTeCo2V7KfSyhBBRyBEA==
villasquinttolerance.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
200 OK 29 kB URL HTTP/1.1 villasquinttolerance.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 5075b43350c0085b7928b364def82fdc
1e4fdd685cd001529c36f497932a80b8a8b2e807
d3c19b45f0a64326ca605bac959b2811f2c879f8e78b58b0915b16d95e668d9d
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/ed/da/e3edda287db626ee1ba52321f203a61e.js HTTP/1.1
Host: villasquinttolerance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 10 Dec 2022 22:50:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 450f70181689c531c0c01449032a1782
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
minsistereron.xyz/Nkw2RXRXLlUoS1dxVGMBRCALYEZwaQQDEAQgTiQZWzZcJAZOfVhrF1ojQyESRCNYMVpYKUJgRnA7YS81Bh9gFEFufVkzFU95bBA8ZD9UIjlxKgQTTGEnVSg7XyN4HSdsJXsuEFsqTxAecCd3PzlxL3cAHWN9eAMXfC5MAERjO1pxF1w4YxMaZCtQACJgKHIuRWUgBik7cj9gBxMPJFIENWQpBBcNZH0GKzlyGn4XRk4hVylBdy5xHwV3HWQrLn50ciEZTiFXLhBSBgQPAXAdVQkXYSt3ETwPK1AyOgQucR8FZyd8Ni5OP3QHPE56Vy0fZCkEFE1gGhsmHXl/DgYXWDhdJAN3CVMCJkQKZx9BeyZ4BiFldAEMHGMLcnciRw5kNUFVJQ4LNmdqXDYbWDwLLBsAJEEXQkc1
200 OK 1.2 kB URL HTTP/1.1 minsistereron.xyz/Nkw2RXRXLlUoS1dxVGMBRCALYEZwaQQDEAQgTiQZWzZcJAZOfVhrF1ojQyESRCNYMVpYKUJgRnA7YS81Bh9gFEFufVkzFU95bBA8ZD9UIjlxKgQTTGEnVSg7XyN4HSdsJXsuEFsqTxAecCd3PzlxL3cAHWN9eAMXfC5MAERjO1pxF1w4YxMaZCtQACJgKHIuRWUgBik7cj9gBxMPJFIENWQpBBcNZH0GKzlyGn4XRk4hVylBdy5xHwV3HWQrLn50ciEZTiFXLhBSBgQPAXAdVQkXYSt3ETwPK1AyOgQucR8FZyd8Ni5OP3QHPE56Vy0fZCkEFE1gGhsmHXl/DgYXWDhdJAN3CVMCJkQKZx9BeyZ4BiFldAEMHGMLcnciRw5kNUFVJQ4LNmdqXDYbWDwLLBsAJEEXQkc1
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3014), with no line terminators
Hash d66d62df4d693fd64d43a58317edcdba
8fee8fb9aed6058cac5c28d4ee0cd2a51301bdbb
80ae7fdb2adaf37f95a92cb6a7a3af8ac2fefd01d59639b64d16a98c09632bee
GET /Nkw2RXRXLlUoS1dxVGMBRCALYEZwaQQDEAQgTiQZWzZcJAZOfVhrF1ojQyESRCNYMVpYKUJgRnA7YS81Bh9gFEFufVkzFU95bBA8ZD9UIjlxKgQTTGEnVSg7XyN4HSdsJXsuEFsqTxAecCd3PzlxL3cAHWN9eAMXfC5MAERjO1pxF1w4YxMaZCtQACJgKHIuRWUgBik7cj9gBxMPJFIENWQpBBcNZH0GKzlyGn4XRk4hVylBdy5xHwV3HWQrLn50ciEZTiFXLhBSBgQPAXAdVQkXYSt3ETwPK1AyOgQucR8FZyd8Ni5OP3QHPE56Vy0fZCkEFE1gGhsmHXl/DgYXWDhdJAN3CVMCJkQKZx9BeyZ4BiFldAEMHGMLcnciRw5kNUFVJQ4LNmdqXDYbWDwLLBsAJEEXQkc1 HTTP/1.1
Host: minsistereron.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1168
Connection: keep-alive
Date: Sat, 10 Dec 2022 22:50:16 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 f2e81391c8c636f1b66640a0f07510a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ICN54-C3
X-Amz-Cf-Id: 0KsHLo1wk8Yu_kbme2vR51wiP2iEoekteMgjm15yo15Vf8Pbz4LOoA==
gotwakinrollet.xyz/popunder.gif
301 Moved Permanently 0 B URL HTTP/1.1 gotwakinrollet.xyz/popunder.gif
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: gotwakinrollet.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sat, 10 Dec 2022 22:50:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 10 Dec 2022 23:50:16 GMT
Location: https://gotwakinrollet.xyz/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PHe7L1sRfLPS6DsHQLQWFeagNZZZdOFZupSzYuj%2B664UX5iBl5gNITrwJjsZ%2ByywEQ4qI6WSPJjmbqCbLdfowWmyOAemilsxNBWdSFBScfElQ%2BMbQwxAgslXcKDUF96qQQQ7oRE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 777989dfb9ba0b06-OSL
alt-svc: h2=":443"; ma=60
addresseepaper.com/sfp.js
200 OK 2.6 kB URL HTTP/1.1 addresseepaper.com/sfp.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Hash 41f66bb0ac50f2d851236170e7c71341
59bcec216302151922219b51be8ad8ab6d0b8384
ec99cca58b612ce268e6ada818dfcec0acc22dd1bbe372487be9abbdd07ce073
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 10 Dec 2022 22:50:17 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:35 GMT
ETag: "638fbf07-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_ksH1sTc9EjXCmWZup74uFSR+dkwy0KAqHyDjqCX5+b0zeGjsBDwHGeUXqHO1YTnGXNMqi9DZqRg/7nsDREvaAw
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jcZNS5FPqu7+yrv+w2N8rg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4qTmWMl7rnW+qpzIPAQEOOjmnJU=
d2lxammzjarx1n.cloudfront.net/yY2dFUW0ACCs3UhcOIWxVW15xaFlFDTY+AxNaPRM7VVUNPiFRVX0GKgtBMSsJXldjPQwNAHh3CA0EeGBLAgMnbFlFEzU+Bl4UJjwHAQ0gORUFQTAwUA4IPzgBDwZgYytWSXV0X1NPMjgDBwgyIkhRVyslSFFXdGFDU0J2E0hRVzI4A1VTYGIvRlV1KVtXQn-YTSFFXNydIUCZ0YVhNV2x0X1MAIDIGDEJ3F19TVnVhXFNWYGNdBQ43NAsMH2BjK1JXcH9dRRJ4YA
200 OK 616 B URL HTTP/1.1 d2lxammzjarx1n.cloudfront.net/yY2dFUW0ACCs3UhcOIWxVW15xaFlFDTY+AxNaPRM7VVUNPiFRVX0GKgtBMSsJXldjPQwNAHh3CA0EeGBLAgMnbFlFEzU+Bl4UJjwHAQ0gORUFQTAwUA4IPzgBDwZgYytWSXV0X1NPMjgDBwgyIkhRVyslSFFXdGFDU0J2E0hRVzI4A1VTYGIvRlV1KVtXQn-YTSFFXNydIUCZ0YVhNV2x0X1MAIDIGDEJ3F19TVnVhXFNWYGNdBQ43NAsMH2BjK1JXcH9dRRJ4YA
IP
File type ASCII text, with very long lines (878), with no line terminators
Hash 5ffbbefe59c494e22442ed70568aeb76
fe3100d5fce37cddcab1d4977051ada0d4977233
d5327b5877ae052317d58ab3fceef6d7b8818ef677880ee3773322aee59a0442
GET /yY2dFUW0ACCs3UhcOIWxVW15xaFlFDTY+AxNaPRM7VVUNPiFRVX0GKgtBMSsJXldjPQwNAHh3CA0EeGBLAgMnbFlFEzU+Bl4UJjwHAQ0gORUFQTAwUA4IPzgBDwZgYytWSXV0X1NPMjgDBwgyIkhRVyslSFFXdGFDU0J2E0hRVzI4A1VTYGIvRlV1KVtXQn-YTSFFXNydIUCZ0YVhNV2x0X1MAIDIGDEJ3F19TVnVhXFNWYGNdBQ43NAsMH2BjK1JXcH9dRRJ4YA HTTP/1.1
Host: d2lxammzjarx1n.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://minsistereron.xyz/
HTTP/1.1 200 OK
Content-Length: 616
Connection: keep-alive
Date: Sat, 10 Dec 2022 22:50:17 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: grXKFId0_nAVFN8b-GRJoAe8FzX1U44Lc4NGnDCbeOrjX3belqXI6Q==
d2lxammzjarx1n.cloudfront.net/xOTFOeWxaXiAfU01YKkRUCwN7S1gfWz0WAkkMGkEpSUZ5FwFgXCkOWFVLH18YQ1VzSUpVUCAeUR9UIBpRCBcvHQ4EBWgNHFZacwoPVFssEwlRSShfGVgMIxYWUF0iGEkLd3tXXBwDflEbUF8qFhtKFHxJAk0UfEldCR9+XF97FHxJG1BfeE1JCnNrS1xBB3-pcX3sUfEkeTxR9OF0JBGBJRRwDfh4JWlohXF5/A35IXAkAfkhJCwEoEB5cVyEBSQt3f0lZFwFoDFEI
200 OK 532 B URL HTTP/1.1 d2lxammzjarx1n.cloudfront.net/xOTFOeWxaXiAfU01YKkRUCwN7S1gfWz0WAkkMGkEpSUZ5FwFgXCkOWFVLH18YQ1VzSUpVUCAeUR9UIBpRCBcvHQ4EBWgNHFZacwoPVFssEwlRSShfGVgMIxYWUF0iGEkLd3tXXBwDflEbUF8qFhtKFHxJAk0UfEldCR9+XF97FHxJG1BfeE1JCnNrS1xBB3-pcX3sUfEkeTxR9OF0JBGBJRRwDfh4JWlohXF5/A35IXAkAfkhJCwEoEB5cVyEBSQt3f0lZFwFoDFEI
IP
File type ASCII text, with very long lines (712), with no line terminators
Hash f1591d955d822dd0a5ab2b47bfa3dd18
27ec773b08a30106388958a7b428b74ff75e4856
a0ae1ff08c40d794e98c3f1c04511403a05a8ca86098a0db37a695ac277596e7
GET /xOTFOeWxaXiAfU01YKkRUCwN7S1gfWz0WAkkMGkEpSUZ5FwFgXCkOWFVLH18YQ1VzSUpVUCAeUR9UIBpRCBcvHQ4EBWgNHFZacwoPVFssEwlRSShfGVgMIxYWUF0iGEkLd3tXXBwDflEbUF8qFhtKFHxJAk0UfEldCR9+XF97FHxJG1BfeE1JCnNrS1xBB3-pcX3sUfEkeTxR9OF0JBGBJRRwDfh4JWlohXF5/A35IXAkAfkhJCwEoEB5cVyEBSQt3f0lZFwFoDFEI HTTP/1.1
Host: d2lxammzjarx1n.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://minsistereron.xyz/
HTTP/1.1 200 OK
Content-Length: 532
Connection: keep-alive
Date: Sat, 10 Dec 2022 22:50:17 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 0Z1PhZqLzZrPoCea5PGE4fEMgGISArMKhluXndH7pX00mws0ObNrVw==
minsistereron.xyz/utx?cb=k1TYi9UyB2Cr&top=exee.app&tid=822524
204 No Content 0 B URL HTTP/2 minsistereron.xyz/utx?cb=k1TYi9UyB2Cr&top=exee.app&tid=822524
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=k1TYi9UyB2Cr&top=exee.app&tid=822524 HTTP/1.1
Host: minsistereron.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 10 Dec 2022 22:50:16 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 10 Dec 2022 22:51:16 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0dfce2e0ed54afa905a123b0764fcc70.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C3
x-amz-cf-id: FvC2GRa5nAhcq7OGLAc3UiyFq-VaVhxJ1SLoUs1WubaXmtd22ai2nQ==
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 50f4dc9248331997ac535f0c4b2d13d0
69ee813896cd0fff41856a2a4605caa4b741ef54
5fd9cdf1af2e623f5dbcef140904e31cc6402123e2b27f0077928029494433be
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5FD9CDF1AF2E623F5DBCEF140904E31CC6402123E2B27F0077928029494433BE"
Last-Modified: Fri, 09 Dec 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5011
Expires: Sun, 11 Dec 2022 00:13:48 GMT
Date: Sat, 10 Dec 2022 22:50:17 GMT
Connection: keep-alive
trapexpansionmoss.com/pixel/purst?dl=0&th=0&sc=0&rs=1743&rd=1743&fd=496&bv=22.10.v.10&tmpl=136
200 OK 0 B URL HTTP/1.1 trapexpansionmoss.com/pixel/purst?dl=0&th=0&sc=0&rs=1743&rd=1743&fd=496&bv=22.10.v.10&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1743&rd=1743&fd=496&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: trapexpansionmoss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 10 Dec 2022 22:50:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
d2lxammzjarx1n.cloudfront.net/wWjA0SVQ5X1ovay5ZUHRsbgMGf2V8WkcmOioNXSZiMkdmfyUjFkAzMGcAEiU1NFcJbzE0Uwl4cjtUVnRgfEVVdDk1Sl0lODsVBg9hdAARe2RyR10nMDVHR2xmal5AbGZqAQRnZH8DdmxmakddJ2JuFQcLcWgATH9gfwN2bGZqQkJsZxsBBHx6ahkRe2Q9VV-ciO38CcntkawAEeGRrFQZ5MjNCUS87IhUGD2VqBRp5ci8NBQ
200 OK 185 B URL HTTP/1.1 d2lxammzjarx1n.cloudfront.net/wWjA0SVQ5X1ovay5ZUHRsbgMGf2V8WkcmOioNXSZiMkdmfyUjFkAzMGcAEiU1NFcJbzE0Uwl4cjtUVnRgfEVVdDk1Sl0lODsVBg9hdAARe2RyR10nMDVHR2xmal5AbGZqAQRnZH8DdmxmakddJ2JuFQcLcWgATH9gfwN2bGZqQkJsZxsBBHx6ahkRe2Q9VV-ciO38CcntkawAEeGRrFQZ5MjNCUS87IhUGD2VqBRp5ci8NBQ
IP
File type ASCII text, with no line terminators
Hash 615ce1028541594a47f6ecb8728112a9
c3c857cff2b5b302ea291da4af399f18b765ddef
50bf6798bc5e037e8f1421dd3d533b879c8e2dff676066a8f9ce7343d40f6522
GET /wWjA0SVQ5X1ovay5ZUHRsbgMGf2V8WkcmOioNXSZiMkdmfyUjFkAzMGcAEiU1NFcJbzE0Uwl4cjtUVnRgfEVVdDk1Sl0lODsVBg9hdAARe2RyR10nMDVHR2xmal5AbGZqAQRnZH8DdmxmakddJ2JuFQcLcWgATH9gfwN2bGZqQkJsZxsBBHx6ahkRe2Q9VV-ciO38CcntkawAEeGRrFQZ5MjNCUS87IhUGD2VqBRp5ci8NBQ HTTP/1.1
Host: d2lxammzjarx1n.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://minsistereron.xyz/
HTTP/1.1 200 OK
Content-Length: 185
Connection: keep-alive
Date: Sat, 10 Dec 2022 22:50:17 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fuWxiyOqvgVRaU22APa7Yq9qZM2RVOtPLWn16JuhU6exvtK2stI1WQ==
minsistereron.xyz/utx?cb=kOtmTk0Ci4qU&top=exee.app&tid=889494
204 No Content 0 B URL HTTP/2 minsistereron.xyz/utx?cb=kOtmTk0Ci4qU&top=exee.app&tid=889494
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=kOtmTk0Ci4qU&top=exee.app&tid=889494 HTTP/1.1
Host: minsistereron.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 10 Dec 2022 22:50:17 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 10 Dec 2022 22:51:17 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0dfce2e0ed54afa905a123b0764fcc70.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C3
x-amz-cf-id: 7OaKM5Css9nVADPOasys1Qsg8IO6gA5vmUdzESfEGOvpjhhWDIfs4A==
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 70d587584f110106aafc1a21047c1466
f401dd8a051982c9e86a1c6fdd11857806e77860
1da32326e2e879abd9ab12a981ff879658b00241872cfc726629e800f5dd7a67
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2015
Cache-Control: max-age=87258
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:17 GMT
Etag: "6393b724-1d7"
Expires: Sun, 11 Dec 2022 23:04:35 GMT
Last-Modified: Fri, 09 Dec 2022 22:31:00 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
imasdk.googleapis.com/js/sdkloader/ima3.js
200 OK 127 kB URL HTTP/1.1 imasdk.googleapis.com/js/sdkloader/ima3.js
IP
File type ASCII text, with very long lines (2791)
Size 127 kB (126857 bytes)
Hash 21194044394ef476e44611727d8f00dd
ba7ffffa00243495b382bdef73a0561f0f47f05d
bc67b3ddd745e176311e8f19bc0f4881f232b8a12813e76adc65767a78866254
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Content-Length: 126857
Date: Sat, 10 Dec 2022 22:50:17 GMT
Expires: Sat, 10 Dec 2022 22:50:17 GMT
Cache-Control: private, max-age=900, stale-while-revalidate=3600
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
villasquinttolerance.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=3e081bb7-89d1-40a4-9275-554563e67396%3A3%3A1
200 OK 4.2 kB URL HTTP/1.1 villasquinttolerance.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=3e081bb7-89d1-40a4-9275-554563e67396%3A3%3A1
IP
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5881), with no line terminators
Hash d66e002e344f3a1ae1d252299e6dec2d
7d16e74b28cf0e1f0beae5b210ce80493d717eba
42b5e18f18d2c64e6313c8d785f452068ed37e33fa2a897585f94b28b98dbaf4
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=3e081bb7-89d1-40a4-9275-554563e67396%3A3%3A1 HTTP/1.1
Host: villasquinttolerance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 10 Dec 2022 22:50:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://exee.app
Access-Control-Allow-Origin: http://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Sun, 11 Dec 2022 22:50:17 GMT; secure; SameSite=None
uid_id2=3e081bb7-89d1-40a4-9275-554563e67396:3:1; expires=Sat, 17 Dec 2022 22:50:17 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 11 Dec 2022 22:50:17 GMT; secure; SameSite=None
uncs=1; expires=Sun, 11 Dec 2022 22:50:17 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 11 Dec 2022 22:50:17 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 11 Dec 2022 22:50:17 GMT; secure; SameSite=None
slecf585f65c6c65123b95dd09be324de3bb=[3842223]; expires=Sat, 10 Dec 2022 22:50:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 18ee0803086bd899dc4b06d9c3692910
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FPV0Exm&tag=v-exee-app&domain=exee.app
200 OK 2.1 kB URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FPV0Exm&tag=v-exee-app&domain=exee.app
IP
File type JSON data\012- , ASCII text, with very long lines (9656)
Hash 297b291659db10b8adc45d1e21c8aecf
64006063777bbd791c81bca697fdb4d338915f95
4f3b4d12bc0dcc412f23206fc2da85e1300f3f743af12f34f1ea145d5a47cc7b
GET /allowed_url.php?type=json&url=exee.app%2FPV0Exm&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:16 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ibbl6CtSYhYAjv0wy95cUqitgn0NZ40JVD1G8liQoQBVTRsaFZeoI19qjlGsICB2YEmRiI2FPVasFNmxfiPzBTuGO9CemAuIX0yLtF3y1H8pFEiEC7BLIwUqLtWm1Ch9cIYf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 777989de5dc576ef-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f92a2bb000cce48c9e3a15eabdf68598
df678017f0fc38151632727222b2cbf413563692
6472df82d6bea9408d3738f8aa43d368f4914c4b24b7627c4eea82a3d441f862
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/1.1 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20039
Date: Sat, 10 Dec 2022 22:13:43 GMT
Expires: Sun, 11 Dec 2022 00:13:43 GMT
Cache-Control: public, max-age=7200
Age: 2194
Last-Modified: Tue, 27 Sep 2022 22:01:05 GMT
Content-Type: text/javascript
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash b127f4a553d5bef70abfe5cbe6d621b1
21862b2730a62759276497fc8cdc51730e24f364
6b8e85299e53100486fc4fa84070c392fec71ef7172b780d19f900753207e311
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "6B8E85299E53100486FC4FA84070C392FEC71EF7172B780D19F900753207E311"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20782
Expires: Sun, 11 Dec 2022 04:36:39 GMT
Date: Sat, 10 Dec 2022 22:50:17 GMT
Connection: keep-alive
www.google-analytics.com/j/collect?v=1&_v=j98&a=821514024&t=timing&_s=1&dl=http%3A%2F%2Fexee.app%2FPV0Exm&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=676&_u=YEDAAUABCAAAACAAI~&jid=1921170703&gjid=901192347&cid=933319171.1670712616&tid=UA-113932176-41&_gid=1167069333.1670712616&_r=1>m=2oubu0&z=1685468300
200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=821514024&t=timing&_s=1&dl=http%3A%2F%2Fexee.app%2FPV0Exm&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=676&_u=YEDAAUABCAAAACAAI~&jid=1921170703&gjid=901192347&cid=933319171.1670712616&tid=UA-113932176-41&_gid=1167069333.1670712616&_r=1>m=2oubu0&z=1685468300
IP
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=821514024&t=timing&_s=1&dl=http%3A%2F%2Fexee.app%2FPV0Exm&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=676&_u=YEDAAUABCAAAACAAI~&jid=1921170703&gjid=901192347&cid=933319171.1670712616&tid=UA-113932176-41&_gid=1167069333.1670712616&_r=1>m=2oubu0&z=1685468300 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: http://exee.app
date: Sat, 10 Dec 2022 22:50:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 130 kB URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
Size 130 kB (129529 bytes)
Hash 72a86afadcebdda5162f8f7be65d113a
ac1e90a507f934934a43e7ad44998690aa8735e7
f174fc190fe9ec7cdd49eb7190208d7f8758fb0327c2aab1a057cfa383807940
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 10 Dec 2022 22:50:17 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S218173797%3A1670712617573033&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5SNjdVZ7tnSSbgsMT_mzfG-ACJd1kiZvc2Z3tA_ZCOSF1-J1kETsX55mH_u53ZDBxjUHhfBA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-Vueln_gmfoqq_erJ5vXG8A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:kH6jdSG8HbGMfhU79Ap338GuVjJRaA:siaty7dH0HdThu5C;Path=/;Expires=Mon, 09-Dec-2024 22:50:17 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 434 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
Hash b33c9bb3edf0acb03952752ef780d886
fc9434f8df3c846ae6004d0f05d67005046a530e
1bba771cc32181b4a01560f6c9361f939c48f951aaeb35f7c9598b5c2e8fbbcc
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 10 Dec 2022 22:50:17 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1408489427%3A1670712617577883&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh71zJEIXLz7IM5NAdBhwhyiC0FKcaYb8gGdB8_Wc5HmFErJCRJfIhbxsnhiAXwHq02CP0uPOg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-U2Uc7VoFzJQwkD9RXBZfug' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 399
server: GSE
set-cookie: __Host-GAPS=1:50fLp7c7D5Z7NroBr0hj8-CL9sdAHA:O8ENHiPpvoaKK-GN;Path=/;Expires=Mon, 09-Dec-2024 22:50:17 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5496e18a30e039b44989d9a0e932d4bc
c5bfb1b9ce711e38d69e78486017f07cc47fe04a
26a3ad286e479cdabfcbb5a9d3fada211c73650628a35c80944b0e7e8aad27e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
exee.app/fv.ico
200 OK 2.0 kB IP
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 01202caa268089a1eeaa7a8d79296d98
a91ecebc07cae5d1c0a61820714671b2d2b4f7b7
ff7d65586b781ca47a34d76f16d72b4a596796343857fd632185c0fad51b1baf
GET /fv.ico HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:17 GMT
content-type: image/x-icon
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Aug 2019 06:50:33 GMT
cache-control: max-age=31536000
expires: Tue, 17 Oct 2023 15:43:20 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4691217
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gifrY6NRy1FE8DPG%2FMfutOBuJUIUMM2uB9L%2Fl1m4hO0%2BzLJuON8RyuBU%2BWzK0tIcYrDKxzW2zZEFz%2FtvHFw7upTE%2BKgBdTFABoOmRr8GTzyMLKEON6x9IGMJQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 777989e40c8eb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1408489427%3A1670712617577883&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh71zJEIXLz7IM5NAdBhwhyiC0FKcaYb8gGdB8_Wc5HmFErJCRJfIhbxsnhiAXwHq02CP0uPOg
403 Forbidden 1.2 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1408489427%3A1670712617577883&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh71zJEIXLz7IM5NAdBhwhyiC0FKcaYb8gGdB8_Wc5HmFErJCRJfIhbxsnhiAXwHq02CP0uPOg
IP
Hash 2c7c9641e463758eeb57499203a2782c
1c22c001226efddea1a0fcdc047ff8a7cf180c4c
c3b53aac7e57dc6b3ea514d7c0a85bc3e5099dbc9cf8715c91223eecfd9e95d9
GET /v3/signin/identifier?dsh=S-1408489427%3A1670712617577883&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh71zJEIXLz7IM5NAdBhwhyiC0FKcaYb8gGdB8_Wc5HmFErJCRJfIhbxsnhiAXwHq02CP0uPOg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 10 Dec 2022 22:50:17 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
content-security-policy: script-src 'nonce-LzVJYV9kMqfEU238dTgCOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.vdo.ai/core/assets/vdo.player.js
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/assets/vdo.player.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/assets/vdo.player.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sat, 10 Dec 2022 22:50:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 10 Dec 2022 23:50:17 GMT
Location: https://a.vdo.ai/core/assets/vdo.player.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UYo%2Fz4%2B%2FKe0lIpIK2l3HuQeIgaYvxzTK%2F1K%2FY2ApkDPp13Dnb9tNjy784D%2BiEcW8iliHax%2Fg27Ia8fs72c1A%2FFCkrmNCjVN0UZ8hhYztA0xp0DbW%2FNumZMnYtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 777989e4be3e88a4-LHR
alt-svc: h2=":443"; ma=60
a.vdo.ai/core/assets/rtb_v6.24.1.js
301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/assets/rtb_v6.24.1.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/assets/rtb_v6.24.1.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sat, 10 Dec 2022 22:50:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 10 Dec 2022 23:50:17 GMT
Location: https://a.vdo.ai/core/assets/rtb_v6.24.1.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QNJdqD%2BoaCMS161ZmHdtgF%2Fa80LIVRdBMpyLFyBfh3ym69k3C8cpuGkfY4ORB%2BeW%2B8ntJRoAA6pP2MMUheaIhKa7dwgd8ceVdU7Tf3LZd0Jz7xoBdrz97hdOCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 777989e4ee7988a4-LHR
alt-svc: h2=":443"; ma=60
villasquinttolerance.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuzkYQRVDJxYM4iAcD7mz39PTMdIIE1xgJxt0liey5fvVsuTVdTVX39OyCsBiQgJfxIHjs%2FWZ%2FYAxq%2FgBBZr3IguB40D24%2F4A3hZxlZgdG36Hee%2FW9w%2Fd97322X5wTHwU92%2FjQ7Cqt6UpU92tvbqpUmNLV1u7XAr%2FuX69tqrTVvF4bTB%2Fbvxb4Ud2%2FWntf8m2z0vAD3w%2F8oHZLWZmYwcoMhcoex0E99uvNRj2ImhjY%2F%2Feu8OCoB9E%2FJy9DickzWz8%2FgeJjpL3vb0q3nZvsrfd6haa5seiL44%2FS7dSUKXqLMrEekvR4Pg3jJoR8dQkmPZ4rgOkfTBWAqQnxfg%2FA0uM5TbD%2B4QVTpiFTMPE8yv4YUo%2Bh6BjcPIASvxKAC6ytI%2B0drRlb0p0LlE7RCbn89B%2BockIu%2F3kFae%2FbVa0GtXtGF7kyqcMgqaAGY6juGFlxgnzXgypPwPNPocQvZOXpHaS9g3WnDZQ4eyOUfidgrL3ciUWw3PRpczlutKPlKGpGrVC22mHcmlmk1BgqGUPLIahbQuE8FMpDkXgoMg89cVajUZz4fjthSRh2mpzzMOQ86rREJMJmJ%2FFR8KmGIfJsCK6H4HYPmd3DthrCFj%2FCbVVwwoPLCfqiQikJSkdQUoJSEZQ5QdmvDoV2DVcdCe0KFsxzY57DamTy7j49NHlXpmQ%2FOycvTY3zXnx0BdvyrJZEnShpRbzFW1HQCFkcCeHHTIaNppAhY3CqgnKXQJ2HXTUhS5%2F8hUxNyKXVFTB6AqdPwNXroMWroOWo3fBBt0bNjo%2Fd9EgOZF0ZCFMhyy8j3%2FH29Tl5Zba6a9V3kPz0xt%2FJLMBthcxW%2BFj9RNDVD0d3TUkO7prSkSfrWa56apdO13ovp7lcevSB3CmNFbdvuuHX7%2FApMC0f35cuv0NTodKuI9%2BsKiGkvWUsl%2BSH225Tso3Cba0WNi2yOxvv3rrdy6x0Tpl0DDo90WffBlcT8lz1x%2BxkX5OfQ9kxbFGhV5ySeUCZE%2FBsDy5b8HeGwOrFDMs8lEU1sg22%2BNSKQMtFT1kF95%2BeLep99xBd64HmD5D2KvRthb6uQPUQrlga5Zk9vfFbOAsw7Y2Ytt4B01Z%2FcWGuU2c1GSV%2BIv2GZEnMkjb1RZw0Y0bjQLZZRAPkbsK%2FfOHqvwAAAP%2F%2FAQAA%2F%2F%2B72x%2BHigQAAA%3D%3D
200 OK 8 B URL HTTP/1.1 villasquinttolerance.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuzkYQRVDJxYM4iAcD7mz39PTMdIIE1xgJxt0liey5fvVsuTVdTVX39OyCsBiQgJfxIHjs%2FWZ%2FYAxq%2FgBBZr3IguB40D24%2F4A3hZxlZgdG36Hee%2FW9w%2Fd97322X5wTHwU92%2FjQ7Cqt6UpU92tvbqpUmNLV1u7XAr%2FuX69tqrTVvF4bTB%2Fbvxb4Ud2%2FWntf8m2z0vAD3w%2F8oHZLWZmYwcoMhcoex0E99uvNRj2ImhjY%2F%2Feu8OCoB9E%2FJy9DickzWz8%2FgeJjpL3vb0q3nZvsrfd6haa5seiL44%2FS7dSUKXqLMrEekvR4Pg3jJoR8dQkmPZ4rgOkfTBWAqQnxfg%2FA0uM5TbD%2B4QVTpiFTMPE8yv4YUo%2Bh6BjcPIASvxKAC6ytI%2B0drRlb0p0LlE7RCbn89B%2BockIu%2F3kFae%2FbVa0GtXtGF7kyqcMgqaAGY6juGFlxgnzXgypPwPNPocQvZOXpHaS9g3WnDZQ4eyOUfidgrL3ciUWw3PRpczlutKPlKGpGrVC22mHcmlmk1BgqGUPLIahbQuE8FMpDkXgoMg89cVajUZz4fjthSRh2mpzzMOQ86rREJMJmJ%2FFR8KmGIfJsCK6H4HYPmd3DthrCFj%2FCbVVwwoPLCfqiQikJSkdQUoJSEZQ5QdmvDoV2DVcdCe0KFsxzY57DamTy7j49NHlXpmQ%2FOycvTY3zXnx0BdvyrJZEnShpRbzFW1HQCFkcCeHHTIaNppAhY3CqgnKXQJ2HXTUhS5%2F8hUxNyKXVFTB6AqdPwNXroMWroOWo3fBBt0bNjo%2Fd9EgOZF0ZCFMhyy8j3%2FH29Tl5Zba6a9V3kPz0xt%2FJLMBthcxW%2BFj9RNDVD0d3TUkO7prSkSfrWa56apdO13ovp7lcevSB3CmNFbdvuuHX7%2FApMC0f35cuv0NTodKuI9%2BsKiGkvWUsl%2BSH225Tso3Cba0WNi2yOxvv3rrdy6x0Tpl0DDo90WffBlcT8lz1x%2BxkX5OfQ9kxbFGhV5ySeUCZE%2FBsDy5b8HeGwOrFDMs8lEU1sg22%2BNSKQMtFT1kF95%2BeLep99xBd64HmD5D2KvRthb6uQPUQrlga5Zk9vfFbOAsw7Y2Ytt4B01Z%2FcWGuU2c1GSV%2BIv2GZEnMkjb1RZw0Y0bjQLZZRAPkbsK%2FfOHqvwAAAP%2F%2FAQAA%2F%2F%2B72x%2BHigQAAA%3D%3D
IP
File type ASCII text, with no line terminators
Hash 3906cd80742de180e89653ddef72bca2
0e87a2f73be3c8ce3f316065a79017c20ad8f09c
3f57726bc10fc28cad1488d3a34f23ef3d0ef64fee7074493308205868b2c8e5
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuzkYQRVDJxYM4iAcD7mz39PTMdIIE1xgJxt0liey5fvVsuTVdTVX39OyCsBiQgJfxIHjs%2FWZ%2FYAxq%2FgBBZr3IguB40D24%2F4A3hZxlZgdG36Hee%2FW9w%2Fd97322X5wTHwU92%2FjQ7Cqt6UpU92tvbqpUmNLV1u7XAr%2FuX69tqrTVvF4bTB%2Fbvxb4Ud2%2FWntf8m2z0vAD3w%2F8oHZLWZmYwcoMhcoex0E99uvNRj2ImhjY%2F%2Feu8OCoB9E%2FJy9DickzWz8%2FgeJjpL3vb0q3nZvsrfd6haa5seiL44%2FS7dSUKXqLMrEekvR4Pg3jJoR8dQkmPZ4rgOkfTBWAqQnxfg%2FA0uM5TbD%2B4QVTpiFTMPE8yv4YUo%2Bh6BjcPIASvxKAC6ytI%2B0drRlb0p0LlE7RCbn89B%2BockIu%2F3kFae%2FbVa0GtXtGF7kyqcMgqaAGY6juGFlxgnzXgypPwPNPocQvZOXpHaS9g3WnDZQ4eyOUfidgrL3ciUWw3PRpczlutKPlKGpGrVC22mHcmlmk1BgqGUPLIahbQuE8FMpDkXgoMg89cVajUZz4fjthSRh2mpzzMOQ86rREJMJmJ%2FFR8KmGIfJsCK6H4HYPmd3DthrCFj%2FCbVVwwoPLCfqiQikJSkdQUoJSEZQ5QdmvDoV2DVcdCe0KFsxzY57DamTy7j49NHlXpmQ%2FOycvTY3zXnx0BdvyrJZEnShpRbzFW1HQCFkcCeHHTIaNppAhY3CqgnKXQJ2HXTUhS5%2F8hUxNyKXVFTB6AqdPwNXroMWroOWo3fBBt0bNjo%2Fd9EgOZF0ZCFMhyy8j3%2FH29Tl5Zba6a9V3kPz0xt%2FJLMBthcxW%2BFj9RNDVD0d3TUkO7prSkSfrWa56apdO13ovp7lcevSB3CmNFbdvuuHX7%2FApMC0f35cuv0NTodKuI9%2BsKiGkvWUsl%2BSH225Tso3Cba0WNi2yOxvv3rrdy6x0Tpl0DDo90WffBlcT8lz1x%2BxkX5OfQ9kxbFGhV5ySeUCZE%2FBsDy5b8HeGwOrFDMs8lEU1sg22%2BNSKQMtFT1kF95%2BeLep99xBd64HmD5D2KvRthb6uQPUQrlga5Zk9vfFbOAsw7Y2Ytt4B01Z%2FcWGuU2c1GSV%2BIv2GZEnMkjb1RZw0Y0bjQLZZRAPkbsK%2FfOHqvwAAAP%2F%2FAQAA%2F%2F%2B72x%2BHigQAAA%3D%3D HTTP/1.1
Host: villasquinttolerance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Cookie: u_pl=17869332; uid_id2=3e081bb7-89d1-40a4-9275-554563e67396:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3842223]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 10 Dec 2022 22:50:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 919cfdc6312d4fe4e5e9107647ed4078
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 555c73b93c231bcf06a2c34ca1411255
ccf75a12762f2c5c8155d8bf33b9c7d19754e741
4d63c0431f01ef7674d588f58f0de4c83db6cb598399b02a95465144e3001924
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D63C0431F01EF7674D588F58F0DE4C83DB6CB598399B02A95465144E3001924"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2137
Expires: Sat, 10 Dec 2022 23:25:55 GMT
Date: Sat, 10 Dec 2022 22:50:18 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5496e18a30e039b44989d9a0e932d4bc
c5bfb1b9ce711e38d69e78486017f07cc47fe04a
26a3ad286e479cdabfcbb5a9d3fada211c73650628a35c80944b0e7e8aad27e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
imasdk.googleapis.com/js/core/bridge3.549.0_en.html
200 OK 227 kB URL HTTP/1.1 imasdk.googleapis.com/js/core/bridge3.549.0_en.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (39845)
Size 227 kB (227324 bytes)
Hash 218d94ccb369687311175f7ec00afc59
c95b5a666ae1f797bd900eb761edf66d6493babc
6ccbc5be5e00381dfe25726314816f570041c6525318d83cabbe6d5599b925e3
GET /js/core/bridge3.549.0_en.html HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Content-Length: 227324
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 23:13:10 GMT
Expires: Thu, 07 Dec 2023 23:13:10 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 07 Dec 2022 23:06:21 GMT
Content-Type: text/html
Age: 257828
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3872
Expires: Sat, 10 Dec 2022 23:54:50 GMT
Date: Sat, 10 Dec 2022 22:50:18 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 633462c5bc4d631d0f28109676f1c4ef
5e971024687c599a40822616459355ab75a69aa6
464513db00c7735b28f8140ecd0a3a0641fce311481f736a946a1ed8e8e881d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31aca93e-2858-4933-b847-8f2f94143051.jpeg
200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31aca93e-2858-4933-b847-8f2f94143051.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8fb99efffa43a89258e8f6fa88b57b3d
af9e7836bb609a2fa5ada07bb46a547f007a70ac
117238c7ac845cb0b65576ea779bb64e6f93ea715eaa2df5a05338743646839c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31aca93e-2858-4933-b847-8f2f94143051.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9385
x-amzn-requestid: c465c6db-4228-4455-b5d5-0b6bec43928c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c8xkmGn7oAMFTnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6394fc83-1903b69055c1d5bc70c3adea;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 21:39:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tAKuAJvVLxVkluWQejBJV7rvGMnU6yFI112cd2Y8Ci2eF9x9CJSAOg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Dec 2022 21:52:48 GMT
age: 3450
etag: "af9e7836bb609a2fa5ada07bb46a547f007a70ac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaa3b191-2ccf-43a7-98dc-75eb1a8968b6.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaa3b191-2ccf-43a7-98dc-75eb1a8968b6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a1d9ee9604803ac5d63a3806a2ef506
6c378dcff1d9fe7585312bed9dad74a64730f9e0
a3a99498c052c9b998816dd688a9a790fd5b59b9c9f8017af7591cd5537f72d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaa3b191-2ccf-43a7-98dc-75eb1a8968b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11520
x-amzn-requestid: 02c1a493-e1bb-4db4-a628-d8c79def1607
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c8xTBEAxoAMF7Ew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6394fc13-4f35a8f837675761185ce4ad;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 21:37:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PEeF3P6XjtEsFq418c-VrkvkTetvPYmgqX2iPy4nu8YIXwOx8FLU0g==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Dec 2022 21:52:12 GMT
age: 3486
etag: "6c378dcff1d9fe7585312bed9dad74a64730f9e0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05402c6b-a411-4f42-ad2f-5d62ae0b06b3.jpeg
200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05402c6b-a411-4f42-ad2f-5d62ae0b06b3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9913dfb5912ba8645570743465175301
8c69bb951e84f8b342f8cd5dd7d916e0feb5583d
20f1f8a3dad6ce611a1730d99e68866c7dc145762d9fe756dfa49e72c7da31e4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05402c6b-a411-4f42-ad2f-5d62ae0b06b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5865
x-amzn-requestid: 7aef38ce-9363-47cb-b00f-76d4de43d925
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c6Rq3HfoIAMFlkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393fcab-3e0d60145a96b182213b8d71;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 03:27:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: y9GsiH7TNiLsKbs-JVrJ7EcPrpKN9V0YJVN5shDe9k0F-1HfYmleEQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Dec 2022 10:54:21 GMT
age: 42957
etag: "8c69bb951e84f8b342f8cd5dd7d916e0feb5583d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash 300370d57d99dddbb98fd2780da5607e
94596659805b0394436433ff06134cd65365d821
3b1d504f5710fb2bb7decf90a1696166f5852e8cecf2411d751925684936928a
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 10 Dec 2022 22:50:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 10 Dec 2022 19:36:01 GMT
Expires: Sun, 11 Dec 2022 19:36:01 GMT
ETag: "94596659805b0394436433ff06134cd65365d821"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 10 Dec 2022 22:04:29 GMT
expires: Sat, 10 Dec 2022 23:04:29 GMT
cache-control: public, max-age=3600
age: 2749
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5cde719-15a8-4518-857a-e707925d9d79.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5cde719-15a8-4518-857a-e707925d9d79.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4b7b4b35c18ae104bb42146c3c02326
9067f637f60c3c00f4fb87f42e87cb9b870224e7
79f73d86a26383d70f68d4c4305aa47a3fbf32ee442628cfa86d2e6e354e4fe2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5cde719-15a8-4518-857a-e707925d9d79.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10219
x-amzn-requestid: 118fcb2a-40f6-47c2-a79e-5167a437bde6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c7PKbH-lIAMFu9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63945f0f-75dbdacc071960480fb27feb;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 10:27:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: zON-JbbFnQBYzfW6L1pZKEnGKgQV8YrMEf1lPIhwNFkEc2wjukCYHA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Dec 2022 21:43:29 GMT
age: 4009
etag: "9067f637f60c3c00f4fb87f42e87cb9b870224e7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 400d1465-ecbf-4d95-8aa8-4dce5dca0716
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctluwGo4oAMFhTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee991-6dba29ae7065d5347a1a420d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:04:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Lazl-stakC-31gMuQ2WzH9uFkIb0g7HaaM3xkwSFdFJMWKTaKqrBEQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Dec 2022 03:28:41 GMT
age: 69697
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc37f6826-7810-4f1a-9a56-c59cdd71c138.png
200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc37f6826-7810-4f1a-9a56-c59cdd71c138.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3022b016b72f68bf8e7e01a40e12776
5ac98677c4c9eef040ef13ddd6c5aad6fcabf6cb
777447e4ad32d4f1c50128a73d39d9cc6e33995e0fb3298ebf9e00dfa5dd3bd4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc37f6826-7810-4f1a-9a56-c59cdd71c138.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4676
x-amzn-requestid: dfd0ce16-43e4-4d02-b2df-de60b7afff41
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c8xTBHtVoAMFUVg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6394fc13-4881af19704538471b2c85fb;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 21:37:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _5gzRpSKunXL-dt4-0Dm2xy4Ep02TcjQAqLT2_6Xg4MuruQcq3imTg==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Dec 2022 21:52:45 GMT
age: 3453
etag: "5ac98677c4c9eef040ef13ddd6c5aad6fcabf6cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 633462c5bc4d631d0f28109676f1c4ef
5e971024687c599a40822616459355ab75a69aa6
464513db00c7735b28f8140ecd0a3a0641fce311481f736a946a1ed8e8e881d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash 300370d57d99dddbb98fd2780da5607e
94596659805b0394436433ff06134cd65365d821
3b1d504f5710fb2bb7decf90a1696166f5852e8cecf2411d751925684936928a
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 10 Dec 2022 22:50:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 10 Dec 2022 19:36:01 GMT
Expires: Sun, 11 Dec 2022 19:36:01 GMT
ETag: "94596659805b0394436433ff06134cd65365d821"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.youtube.com/iframe_api
200 OK 523 B URL HTTP/2 www.youtube.com/iframe_api
IP
File type ASCII text, with very long lines (509)
Hash 463bb247cbac17f9cea7c41aeccea978
2d10430d39cf9082aa3f218f54d3c2d75022be45
78784485d633dc6d9c97d1070e898bc715c1eb5476dbf00b45343c8e94d7ce4c
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Sat, 10 Dec 2022 22:50:18 GMT
date: Sat, 10 Dec 2022 22:50:18 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=ZaNr-BhUB3c; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=lCtD9zm09iU; Domain=.youtube.com; Expires=Thu, 08-Jun-2023 22:50:18 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+305; expires=Mon, 09-Dec-2024 22:50:18 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
villasquinttolerance.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=343
200 OK 0 B URL HTTP/1.1 villasquinttolerance.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=343
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=343 HTTP/1.1
Host: villasquinttolerance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 10 Dec 2022 22:50:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash f2fe38459d0ccc099737952c3fb1120d
ba046b002ef7febee75a5c144b2dee517d980ff0
47d8f1731767a59740ddecb7692a6e7697912303ca860e9900fee4b3f3a0a80a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "47D8F1731767A59740DDECB7692A6E7697912303CA860E9900FEE4B3F3A0A80A"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8827
Expires: Sun, 11 Dec 2022 01:17:25 GMT
Date: Sat, 10 Dec 2022 22:50:18 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash f2fe38459d0ccc099737952c3fb1120d
ba046b002ef7febee75a5c144b2dee517d980ff0
47d8f1731767a59740ddecb7692a6e7697912303ca860e9900fee4b3f3a0a80a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "47D8F1731767A59740DDECB7692A6E7697912303CA860E9900FEE4B3F3A0A80A"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8827
Expires: Sun, 11 Dec 2022 01:17:25 GMT
Date: Sat, 10 Dec 2022 22:50:18 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash f2fe38459d0ccc099737952c3fb1120d
ba046b002ef7febee75a5c144b2dee517d980ff0
47d8f1731767a59740ddecb7692a6e7697912303ca860e9900fee4b3f3a0a80a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "47D8F1731767A59740DDECB7692A6E7697912303CA860E9900FEE4B3F3A0A80A"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8827
Expires: Sun, 11 Dec 2022 01:17:25 GMT
Date: Sat, 10 Dec 2022 22:50:18 GMT
Connection: keep-alive
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
200 OK 7.6 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP
Hash 328c6e3376b5f6a768ef9e2e60edc0c7
f8d239b58fe8c4674b2a74d17b0eeb7adbda5128
5326fa8f8372b7cd25ad24264f49a19cc9807b39113af68b63a30188b02778db
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 10 Dec 2022 22:50:18 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d37-bf80"
Expires: Sun, 10 Dec 2023 22:50:18 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 10 Dec 2022 22:50:18 GMT
Date: Sat, 10 Dec 2022 22:50:18 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
cdn.barscreative1.com/sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html
200 OK 58 kB URL HTTP/2 cdn.barscreative1.com/sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html
IP
ASN #39572 DataWeb Global Group B.V.
Hash cb2a3bd2ee0179bad2f7841ea4e6ea95
8ed144e1ae0aa8041edba7e6dda8fb43b6d35c09
b90f0ba1eb4bb02e7a20289d4023e68421b1431a5d5d39a4a0f8ac2e8797dadb
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:18 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:28 GMT
etag: W/"6275e5b8-4b9"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 10 Dec 2022 23:50:18 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash da299424be0e5dcca38c10eaf53b8bff
0bbdfd4328b80889b9abd9149672f01b9b93e70c
621b4338d3fee53dd195b6a94fb580c9515b2e57af8ebf121e7d8d180ff0801e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "621B4338D3FEE53DD195B6A94FB580C9515B2E57AF8EBF121E7D8D180FF0801E"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15057
Expires: Sun, 11 Dec 2022 03:01:15 GMT
Date: Sat, 10 Dec 2022 22:50:18 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png
200 OK 4.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png
IP
File type PNG image data, 500 x 500, 8-bit gray+alpha, non-interlaced\012- data
Hash 23e9690b0e7ac26868363a6248f44467
d7ad0eae64e0c1e65b12eda0aa9d2b91996dd64f
f362c67320d739ccf3bea21f857b9620075bd20ceacda8c51261b9612fe28395
GET /sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:18 GMT
content-type: image/png
content-length: 4022
last-modified: Wed, 17 Feb 2021 11:46:53 GMT
etag: "602d022d-fb6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 494900
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NrtB292SHEPcG1G0xoe5dUAJr%2Ba0WbA3PTmEy6j4jnOuHhzyZeaQqRUVjKxH2zt8xSQvUGPaEI72duT0KWZi4cSrugKUryPAPgBOmP4uj8plgbkPivUdW%2Fp9PHkNlvnpsYpAu3Djx6%2Ff"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 777989eb985524f2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash f2fe38459d0ccc099737952c3fb1120d
ba046b002ef7febee75a5c144b2dee517d980ff0
47d8f1731767a59740ddecb7692a6e7697912303ca860e9900fee4b3f3a0a80a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "47D8F1731767A59740DDECB7692A6E7697912303CA860E9900FEE4B3F3A0A80A"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8827
Expires: Sun, 11 Dec 2022 01:17:25 GMT
Date: Sat, 10 Dec 2022 22:50:18 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/92/d4/78/92d478d8042ff325fb6dd1f4f0a51caf/1670417019.png
200 OK 67 kB URL HTTP/2 cdn.cloudimagesb.com/si/92/d4/78/92d478d8042ff325fb6dd1f4f0a51caf/1670417019.png
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 974bec00ccda3eca066dd4d8f0946a9e
11fc0dd0e55999641f5fd84093d89ec045a41bb9
5208e6052ffc642377fda287c69488324bd90a7f1396b1025d450eb9c75bd22d
GET /si/92/d4/78/92d478d8042ff325fb6dd1f4f0a51caf/1670417019.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:18 GMT
content-type: image/png
content-length: 67428
server: nginx/1.17.6
last-modified: Wed, 07 Dec 2022 12:43:48 GMT
etag: "63908a84-10764"
expires: Mon, 12 Dec 2022 22:50:18 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 10 Dec 2022 22:50:18 GMT
Connection: keep-alive
Expires: Sun, 10 Dec 2023 22:50:18 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
villasquinttolerance.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=274
200 OK 0 B URL HTTP/1.1 villasquinttolerance.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=274
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=274 HTTP/1.1
Host: villasquinttolerance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 10 Dec 2022 22:50:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css
200 OK 1.5 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css
IP
Hash 1cfb4789ee542c008f9673311afb5f5b
c07a04fc5df96b4f2bb22b2c8c1e31b12fa0e3e1
d7f2e443d8426cf768a93ba74b9f9cbc2e571742c55b3c220c5d258fc4f19709
GET /sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:19 GMT
content-type: text/css
last-modified: Thu, 23 Sep 2021 11:41:22 GMT
etag: W/"614c67e2-160c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q85PhI2i9a3EQ9HTSmVt2u3GD1X%2F%2BQkOgh0x8lHf0OnMKppmwmusov2Uoa4%2BPDVF7eOL7UYJ7dVTgI2hs1D6skDQHCHvZ%2F%2FyqG%2B5RJ4%2F%2BVZDhTV8Gl%2FdRN2pC7HI9Lxi0yIlb9%2FafrQs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 777989eb4e0774a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 21:12:42 GMT
Expires: Thu, 07 Dec 2023 21:12:42 GMT
Cache-Control: public, max-age=31536000
Age: 265057
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 21:13:27 GMT
Expires: Thu, 07 Dec 2023 21:13:27 GMT
Cache-Control: public, max-age=31536000
Age: 265012
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
villasquinttolerance.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR9lYkgiqCSjQuxERcGnJ6qrqr%2BSJDgGCPBODMkkVm%2Fr%2Bp5zut6xXtVXT0DwmBAAm7aheCy5vR8YAxqfoAgPW5kQLBd6CycP%2BBOIWvpnobWu3j33nfu4pxz72f7xTnxUdCzjQ%2FNrtKarsR1v%2FbmpkqFKV1t7X4t8Ov%2B9dqmSpvR9dpg%2Btj%2BtcCP6%2F7V2vuSb5uVhh%2F4fuAHtVvKysQMVmYoVPa4E9Q7fj1q1IM4wsD%2Bv3eFB0c9iP45eRlKTJ7Z%2BvkJFB8j7X1%2FU7rt3GRvvdcrNM2NRV8cf5Rup6ZM0VuUifWQpMfzaRg3IeSrSzDp8VwBTP9gqgBMTYj3ewCWHs9pgvUPL5gyDZmCiedR9seQegxFx%2BDmAZT4lQBcYG0dae9ozdiS7lygdIpOyOWn%2F0CVE3L5zytIe9%2BuajWo3TO6yJVJHQZJBTUYQ3XHyIoT5LseVHkCnn8KJX4hK0%2FvIO0drDttoMTZG6H02wFjreV2RwTLkU%2Bj5U6jFS%2FHcRQ3Q9lshZ3mzCKlxlDJGFoOQd0SCuehUB6KxEOReeiJsxqNO4nvtxKWhGE74pyHIedxuyliEUbtxEfBpxqGyLMhuB6C2z1kdg%2Fbaghb%2FAi3VcEJDy4n6IsKpSQoHUFJCUpFUOYEZb86FNo1XHUktCtYMM%2BNeQ6rkcm7%2B%2FTQ5F2Zkv3snLw0Nc578dEVbMuzWhK346QZ8yZvxkEjZJ1YCL%2FDZNiIhAwZg1MVlLsE6jzsqglZ%2BuQvZGpCLq2ugNETOH0Crl4HLV4FLUethg%2B6NYraPnbTIzmQdWUgTIUsv4x8x9vX5%2BSV2equVd9B8tMbfyezALcVMlvhY%2FUTQVc%2FHN01JTm4a0pHnqxnueqpXTpd672c5nLp0QdypzRW3L7phl%2B%2Fw6fAtHx8X7r8Dk2FSruOfLOqhJD2lrFckh9uu03JNgq3tVrYtMjubLx763Yvs9I5ZdIx6PREn30bXE3Ic9Ufs5N9TX4OZcewRYVecUrmAWVOwLM9uGzB3xkCqxczLPNQFtXINtjiUysCLRc9ZRXcf3q2qPfdQ3StB5o%2FQNqr0LcV%2BroC1UO4YmmUZ%2Fb0xm%2FhLMC0N2LaegdMW%2F3FhblOndXiIJJt1m5xIZjkImg1wnbo%2Bw0holZHBh3kbsK%2FfOHqvwAAAP%2F%2FAQAA%2F%2F%2Bv05FhigQAAA%3D%3D
200 OK 7 B URL HTTP/1.1 villasquinttolerance.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR9lYkgiqCSjQuxERcGnJ6qrqr%2BSJDgGCPBODMkkVm%2Fr%2Bp5zut6xXtVXT0DwmBAAm7aheCy5vR8YAxqfoAgPW5kQLBd6CycP%2BBOIWvpnobWu3j33nfu4pxz72f7xTnxUdCzjQ%2FNrtKarsR1v%2FbmpkqFKV1t7X4t8Ov%2B9dqmSpvR9dpg%2Btj%2BtcCP6%2F7V2vuSb5uVhh%2F4fuAHtVvKysQMVmYoVPa4E9Q7fj1q1IM4wsD%2Bv3eFB0c9iP45eRlKTJ7Z%2BvkJFB8j7X1%2FU7rt3GRvvdcrNM2NRV8cf5Rup6ZM0VuUifWQpMfzaRg3IeSrSzDp8VwBTP9gqgBMTYj3ewCWHs9pgvUPL5gyDZmCiedR9seQegxFx%2BDmAZT4lQBcYG0dae9ozdiS7lygdIpOyOWn%2F0CVE3L5zytIe9%2BuajWo3TO6yJVJHQZJBTUYQ3XHyIoT5LseVHkCnn8KJX4hK0%2FvIO0drDttoMTZG6H02wFjreV2RwTLkU%2Bj5U6jFS%2FHcRQ3Q9lshZ3mzCKlxlDJGFoOQd0SCuehUB6KxEOReeiJsxqNO4nvtxKWhGE74pyHIedxuyliEUbtxEfBpxqGyLMhuB6C2z1kdg%2Fbaghb%2FAi3VcEJDy4n6IsKpSQoHUFJCUpFUOYEZb86FNo1XHUktCtYMM%2BNeQ6rkcm7%2B%2FTQ5F2Zkv3snLw0Nc578dEVbMuzWhK346QZ8yZvxkEjZJ1YCL%2FDZNiIhAwZg1MVlLsE6jzsqglZ%2BuQvZGpCLq2ugNETOH0Crl4HLV4FLUethg%2B6NYraPnbTIzmQdWUgTIUsv4x8x9vX5%2BSV2equVd9B8tMbfyezALcVMlvhY%2FUTQVc%2FHN01JTm4a0pHnqxnueqpXTpd672c5nLp0QdypzRW3L7phl%2B%2Fw6fAtHx8X7r8Dk2FSruOfLOqhJD2lrFckh9uu03JNgq3tVrYtMjubLx763Yvs9I5ZdIx6PREn30bXE3Ic9Ufs5N9TX4OZcewRYVecUrmAWVOwLM9uGzB3xkCqxczLPNQFtXINtjiUysCLRc9ZRXcf3q2qPfdQ3StB5o%2FQNqr0LcV%2BroC1UO4YmmUZ%2Fb0xm%2FhLMC0N2LaegdMW%2F3FhblOndXiIJJt1m5xIZjkImg1wnbo%2Bw0holZHBh3kbsK%2FfOHqvwAAAP%2F%2FAQAA%2F%2F%2Bv05FhigQAAA%3D%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR9lYkgiqCSjQuxERcGnJ6qrqr%2BSJDgGCPBODMkkVm%2Fr%2Bp5zut6xXtVXT0DwmBAAm7aheCy5vR8YAxqfoAgPW5kQLBd6CycP%2BBOIWvpnobWu3j33nfu4pxz72f7xTnxUdCzjQ%2FNrtKarsR1v%2FbmpkqFKV1t7X4t8Ov%2B9dqmSpvR9dpg%2Btj%2BtcCP6%2F7V2vuSb5uVhh%2F4fuAHtVvKysQMVmYoVPa4E9Q7fj1q1IM4wsD%2Bv3eFB0c9iP45eRlKTJ7Z%2BvkJFB8j7X1%2FU7rt3GRvvdcrNM2NRV8cf5Rup6ZM0VuUifWQpMfzaRg3IeSrSzDp8VwBTP9gqgBMTYj3ewCWHs9pgvUPL5gyDZmCiedR9seQegxFx%2BDmAZT4lQBcYG0dae9ozdiS7lygdIpOyOWn%2F0CVE3L5zytIe9%2BuajWo3TO6yJVJHQZJBTUYQ3XHyIoT5LseVHkCnn8KJX4hK0%2FvIO0drDttoMTZG6H02wFjreV2RwTLkU%2Bj5U6jFS%2FHcRQ3Q9lshZ3mzCKlxlDJGFoOQd0SCuehUB6KxEOReeiJsxqNO4nvtxKWhGE74pyHIedxuyliEUbtxEfBpxqGyLMhuB6C2z1kdg%2Fbaghb%2FAi3VcEJDy4n6IsKpSQoHUFJCUpFUOYEZb86FNo1XHUktCtYMM%2BNeQ6rkcm7%2B%2FTQ5F2Zkv3snLw0Nc578dEVbMuzWhK346QZ8yZvxkEjZJ1YCL%2FDZNiIhAwZg1MVlLsE6jzsqglZ%2BuQvZGpCLq2ugNETOH0Crl4HLV4FLUethg%2B6NYraPnbTIzmQdWUgTIUsv4x8x9vX5%2BSV2equVd9B8tMbfyezALcVMlvhY%2FUTQVc%2FHN01JTm4a0pHnqxnueqpXTpd672c5nLp0QdypzRW3L7phl%2B%2Fw6fAtHx8X7r8Dk2FSruOfLOqhJD2lrFckh9uu03JNgq3tVrYtMjubLx763Yvs9I5ZdIx6PREn30bXE3Ic9Ufs5N9TX4OZcewRYVecUrmAWVOwLM9uGzB3xkCqxczLPNQFtXINtjiUysCLRc9ZRXcf3q2qPfdQ3StB5o%2FQNqr0LcV%2BroC1UO4YmmUZ%2Fb0xm%2FhLMC0N2LaegdMW%2F3FhblOndXiIJJt1m5xIZjkImg1wnbo%2Bw0holZHBh3kbsK%2FfOHqvwAAAP%2F%2FAQAA%2F%2F%2Bv05FhigQAAA%3D%3D HTTP/1.1
Host: villasquinttolerance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Cookie: u_pl=17869332; uid_id2=3e081bb7-89d1-40a4-9275-554563e67396:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3842223]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 10 Dec 2022 22:50:19 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e895055adc15271854fe1c384350cc99
Strict-Transport-Security: max-age=0; includeSubdomains
villasquinttolerance.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fcss%2Fanimate.css&l=79245&fd=459
200 OK 0 B URL HTTP/1.1 villasquinttolerance.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fcss%2Fanimate.css&l=79245&fd=459
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fcss%2Fanimate.css&l=79245&fd=459 HTTP/1.1
Host: villasquinttolerance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 10 Dec 2022 22:50:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css
200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css
IP
Hash 21eb7a65c17a2c22ba104a7ecbf1dc0f
ea8c53be54889c7489aed04e30e3eb83af64dec9
090bd9ceb9a58da038e5ed4a39dfbb63ece49ed4f4f0656ce35f7faa41a3b237
GET /sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:19 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:46:51 GMT
etag: W/"602d022b-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1fb46vtHjIh5%2FIY6s6tfp%2BEXVXDMkpOOEw9GvVOL85D8MaYKZsgrvyNFhwPhxMPfX%2BeovNnkHbJivh0QITh9GUQuvuZA8CeZImWk2XkkWTsuVuTv2Y%2F3dhsFpabYIllFtHkkJDjjDpLH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 777989eb4e0474a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=exee.app
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 10 Dec 2022 22:50:19 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
206 Partial Content 454 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP
Size 454 kB (453832 bytes)
Hash b2fa66eb6fbe5a86875597aafd72688e
3f3ffb07d91b34dcbaa886bbbb50c59ab33767c8
f2985ff1aa24da33cb50632ba0daed5632c90cd761f6a53c56084988c4ae4cc2
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-453831
vdoai: true
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.20.1
Date: Sat, 10 Dec 2022 22:50:19 GMT
Content-Type: video/mp2t
Content-Length: 453832
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Connection: keep-alive
ETag: "62e47d37-cce09a8"
Expires: Sun, 10 Dec 2023 22:50:19 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-453831/214829480
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a7fcce3dc63f88fb3bb42fe1a285c7b9
867cf7966a5efc48c619653649f82d091b1bd8e0
94153fe13e128934e8bbb652b69720e96ffe8bc7d922c9ef75474149cdeb74f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/instream/video/client.js
200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Sat, 10 Dec 2022 22:50:19 GMT
expires: Sat, 10 Dec 2022 22:50:19 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a7fcce3dc63f88fb3bb42fe1a285c7b9
867cf7966a5efc48c619653649f82d091b1bd8e0
94153fe13e128934e8bbb652b69720e96ffe8bc7d922c9ef75474149cdeb74f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 22:50:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
unseenreport.com/pxf.gif?uuid=3e081bb7-89d1-40a4-9275-554563e67396&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
200 OK 2 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=3e081bb7-89d1-40a4-9275-554563e67396&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP
ASN #39572 DataWeb Global Group B.V.
Hash 309fc7d3bc53bb63ac42e359260ac740
2064f80f811db79a33c4e51c10221454e30c74ae
ac11339ffa8f270c4f781e0a3922bb1c80d9dee6e4b6911ca34538ed9ae03caa
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=3e081bb7-89d1-40a4-9275-554563e67396&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 10 Dec 2022 22:50:20 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b8b6d62736378ac5d2edbd9a09e81691
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=3e081bb7-89d1-40a4-9275-554563e67396&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=3e081bb7-89d1-40a4-9275-554563e67396&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=3e081bb7-89d1-40a4-9275-554563e67396&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 10 Dec 2022 22:50:20 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f880210e20effbb56684eef1988dbd5b
Strict-Transport-Security: max-age=0; includeSubdomains
bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-Co1HTPlY-bzDDuvYopjrODnojKizR-C-ixQs9rBtdGaeEmZ3_alD4t1cQiFaL0KT-INN06QLDTSvKZq0SnmLaYxW2h7A&cry=1&dbm_d=AKAmf-BukJ5nKGtlZ2iL3Qg2oxUhRKv58CKkip2Lf6puf7p-vL6h8aILyX9KKFqMw26bjGwjinGCP-wGM0BpBwDyJ74ueEwaDgnGYg4xYKJgXKgGP0vaLGDfiEgrmqz9UmRNtvWWQSFWOWOFZHDjTzuCOY5EoZTVb0Rgn4WKT0xJ30FIFN3HAWW_jH2Ki2vHTmi9c3b4vO489rLzN9frlAObG8LndbdpwpNXS2yTRAh4jtrH1HS2r8gh50Mnoa4lmB0G1RhmgMWoszrHorf5pSbDhY2Uiw4vkeQLnEK246F89FbMGduom_vxM6eIWDaXR6y6iv04nRWk9vkuer5uw4SbBwKSOqP7FBzQ3Q4y5eRR_7ouy-aYJA-6QfbnFm148mxtOUtODiSxjPoRs1WUiIMoySg9GUXf5KKzXhRE_ECKUBMAwY4fAHNmbhaU1WVsj_a8WrFqc35540APpQLzC9h6fqO5I3N1J6YalVwE3BgiA-NzJE139TkHnp8MTQRo41X5x1sEwdiPpyAh0NXDi1Kgh73nMuMsnmFFiNW5Ts5bQnQ2r19sNAWLDYtjGTnqDTfmzfoRiYf-86pQbswRfcxtNP4Ed6QDsbXLAFnMyeAD7Ytk0n7hsjbKOCPACi68Cv9Z6ZNs8F_-TxDgtSfDg4Li0s7qfWwfpwl_9-RSANt-33t8XMcEAu0nU-qomf3sBl6-Kyjr5RYBfWG4cMdTFhKxKng-kuWzX02Lbf976ixgj4Bn8euL2592kx4oJGCqUpmisKmEMHQXSNRhIpegwRW_c5pWS_8kx8D85hP07i69hnAmsx3-m2EBFV5GYNGrSkrQn9LqPNTjE3es6oq-bCFNjaoyrJI-1dJPMlXNINwllvTCqW78sSy-w1dIfg7n0Ro4-kAzAHbfUdMBNZMWYxrXN9lhA1Dsnf16huwyOBrv0yk3X1ekLz93VY9Xs2r8cvw7qeiQz9q9qI9An-lmoYXGfivbW5J2vjtRruArkf6LXExpvY0fGHept3otuxHkrwaORBAIXvi0D-XVD3toKfJK8P9BxD-iVFABK6Fo49IFuPjlGvZ_ZKfNJlvzWfCRRns55Z-2NhZujOaS_bysXg7l6w3CCUzIm0RqmhphrDfsO5de8UTgjD3a-Q0kfcnbHhqOETFF42pwNg8Zqp-pTwBJkmw6LIzoLlzztgn1RCvvC6QeQTfTuFQc0kcpeGkKcoxfYGCihr76uyNqEGUsEQQRq2gCtxSr9eWXDgXydCPKh5YPquLwiFMfJBMRCjjnOpxWT5BT95LXsWHet0q8PyMwnMWztM_L883tuZBaYgYQdoUacYQqJEhD71RyatHvBQ3kls5t3rp7mY8lw9Rn4OCp3PZdLMS4i1fjkSav1tWgWjeFJFd3R1Ty1pPRpSnsF9Zq8NDdn9j19g9C5uLvhITJ3VDQ7zXfKjYALHDpZfS7gsTzwNSc9Wb8MOPMY_QF7ilag7_gJuw0yZSTtr6X5q75s5RQ6DKDEZnqbz04WIf9K07-tfOPE5mU6dqbWGNXA06btFS6BZeEErjsswE0hvsxOfBccZFKZVeSjOXEIu6i1cTq5BRPTUH_Apv8ccaG56rEsMGS4euK8noi5Y_qiuGXewEI9rCVULBp3Vderwyl0NphGJzJZYW6uLEycw8xBiLj3wXoxSC4jXxt1phSB4u5sN4P0vwkGnK60V3uSin55JuU5xHtaB02-ArHygFwNBTzP2z_rjtfoiHZ4oP40ddfzdGcNCx9GiA_FUoCRmgC5xyVxOpXxKO8AQ8-m2nG_439rGSPMn033_CYXhvFSwm3Ofmne32LCvGHo52q6p3aFd3hHKYMxHTQ4FzDusgqEIQa7LeWiprjk6jUkdxktmYsfXxWSwcsOdylxwGfd3pUnLuZgPi2NXFPdxy3oedK_TPZKozJ9uyYtvqF6ixFuJvB8Qo3vvvLF_iYGD6rWlBkk36B5F47chaP731JMfTQ0W-n_PLYHDs3JFaqf2gsXDQvTEEuM0y0sA5DGZxo8xC9umUnW4hztv0PNg9G2Sfn5dYnC9LlIXe83r2W_jWaV0Q7P5QEmsgq_LDTuhL2-zHeyVDUDiABRrbSQi2yaNt18BfLh_LFDynY0QPhon0AWpvL8zVzBu2jDH559aiU6Tr9sy8AZY5BFr0EXy6r42qsQifHRD7uozCQRLtUWLw7DhXPP_vhpFj92SRBPvpF_1rXqvbGMecidvWIF_jqS6ofEiBBtqqP03K7eXg2bO6XygJgdfxf_zFdRFsE1-oiYGPbBh98XtCwu3PtUwGvu7X5SOPbrCVhKPC84NPtul0L-ZrDZtX7Ng6TAvzGgYBTCwZYlzeR4Jj5_mk6WV4F_Fwt4YhvLT0ppGaPdpLvZ-ITtwLXHmPjAokbqvaBUksWHRRmJ7b0NGO3Z2iqV8A6zXTdbGT3yULhyyyKvrWgoJznze5ALUrY-4Qb3Ac9H6saRMI-1IDCNUPYRyyUn3CGAFzU65jRmCCu-tfGN-6Eejf6RrC4Kypo6CaOzcl-ps-JX3HQbwJM_bO2klMxtNtHb09GIAvrVwFgOeXgGuHv9ZO-81C-JckHRo6CNmPgILRGDtDJHAvb9oqUrN3HJ_WEpa6_fW-pLh8Jv6UTUZ5mBL_f315eRm2RGNbI2r9Q13ddsBxOCgng74rHWjzBasuuje3uv53fyKXtFck71KImvXHTM7XV-_QA0WVstj-ROp0ay0kSJv6b0W95wB5a7Ttr9yrA6-Ouetl0fm_FYJ49lEbD25z02xTJDaZ6Rt96aCt8vozG3Zm3dZy20X0tBst2lgE2STCylNF-kP3GJlp0KxqnpWN-BbGGoQkMKVbnNdtxWj8Tzn28rFwTBcj29plzJSX-dNjnBUgwUIcQvy1yjTeR22BtUPL4CCzNdvU-wvfXq9Evqp8o9xLwLrnTDDY3R_PY-IOLJFOsmPqGF3hQZDoDsdDm0agG0kTIWwZrwJ7m6NiyP4Y_G8-EXzex3_GLlKSfZgSTQ8ve5_vRB2eDw0j2GYXqmmsbs0R4eL835F2dqm9hqdfw-GIEfRPwj9B6m0AX1_SLSa-VuhTZjHEFosFcVqZnUrFm8dB3SKVi2XpLCcS2DwcLU3Ft0WJ5R-w7c5UaRZw1e0lYzr1L6xJ_kIbJswi2PbgmR2a5HZW8fpThe4DjcmTgp0VNALtQr-P1LIN75Kb-r4xfF-lccW5JUQT8lOw2ZmE-m-9emia30wHwaIGyaej-V5t-it5ESfNQjt52Y3qV5BJn4oP9VWz7wrPrdREgYTbpOCjDImSTCDkKLly3E1rbyMR46xPyBQI7xJ1RVIc-5YyA2bd8B13lNaU1BDO-NtiNfaG8VQ&cid=CAQSPgDq26N9jCxOzDcX0en2Odk1j7-3fqv-WDbGVPTIgrQayMib9kXTsbksC9E75gRKgvFoX_Ods6aD-h5NekNIGAEgEw&vpa=click&vpmute=0&sdkv=h.3.549.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.549.0&media_url=blob%3Ahttp%253a%2F%2Fexee.app%2F7770a8ae-4bb0-4fa6-8204-58492e28b505&sid=BB0BCF87-C1CB-43CF-8C68-CD12A2048585&nel=0&eid=44748969%2C44765701&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=http%3A%2F%2Fexee.app%2FPV0Exm&dlt=1670712614209&idt=2966&dt=1670712621767&ged=ve4_td8_tt4_pd8_la8000_er0.0.0.0_vi0.0.939.1280_vp0_ts1_eb16491
200 OK 16 kB URL HTTP/2 bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-Co1HTPlY-bzDDuvYopjrODnojKizR-C-ixQs9rBtdGaeEmZ3_alD4t1cQiFaL0KT-INN06QLDTSvKZq0SnmLaYxW2h7A&cry=1&dbm_d=AKAmf-BukJ5nKGtlZ2iL3Qg2oxUhRKv58CKkip2Lf6puf7p-vL6h8aILyX9KKFqMw26bjGwjinGCP-wGM0BpBwDyJ74ueEwaDgnGYg4xYKJgXKgGP0vaLGDfiEgrmqz9UmRNtvWWQSFWOWOFZHDjTzuCOY5EoZTVb0Rgn4WKT0xJ30FIFN3HAWW_jH2Ki2vHTmi9c3b4vO489rLzN9frlAObG8LndbdpwpNXS2yTRAh4jtrH1HS2r8gh50Mnoa4lmB0G1RhmgMWoszrHorf5pSbDhY2Uiw4vkeQLnEK246F89FbMGduom_vxM6eIWDaXR6y6iv04nRWk9vkuer5uw4SbBwKSOqP7FBzQ3Q4y5eRR_7ouy-aYJA-6QfbnFm148mxtOUtODiSxjPoRs1WUiIMoySg9GUXf5KKzXhRE_ECKUBMAwY4fAHNmbhaU1WVsj_a8WrFqc35540APpQLzC9h6fqO5I3N1J6YalVwE3BgiA-NzJE139TkHnp8MTQRo41X5x1sEwdiPpyAh0NXDi1Kgh73nMuMsnmFFiNW5Ts5bQnQ2r19sNAWLDYtjGTnqDTfmzfoRiYf-86pQbswRfcxtNP4Ed6QDsbXLAFnMyeAD7Ytk0n7hsjbKOCPACi68Cv9Z6ZNs8F_-TxDgtSfDg4Li0s7qfWwfpwl_9-RSANt-33t8XMcEAu0nU-qomf3sBl6-Kyjr5RYBfWG4cMdTFhKxKng-kuWzX02Lbf976ixgj4Bn8euL2592kx4oJGCqUpmisKmEMHQXSNRhIpegwRW_c5pWS_8kx8D85hP07i69hnAmsx3-m2EBFV5GYNGrSkrQn9LqPNTjE3es6oq-bCFNjaoyrJI-1dJPMlXNINwllvTCqW78sSy-w1dIfg7n0Ro4-kAzAHbfUdMBNZMWYxrXN9lhA1Dsnf16huwyOBrv0yk3X1ekLz93VY9Xs2r8cvw7qeiQz9q9qI9An-lmoYXGfivbW5J2vjtRruArkf6LXExpvY0fGHept3otuxHkrwaORBAIXvi0D-XVD3toKfJK8P9BxD-iVFABK6Fo49IFuPjlGvZ_ZKfNJlvzWfCRRns55Z-2NhZujOaS_bysXg7l6w3CCUzIm0RqmhphrDfsO5de8UTgjD3a-Q0kfcnbHhqOETFF42pwNg8Zqp-pTwBJkmw6LIzoLlzztgn1RCvvC6QeQTfTuFQc0kcpeGkKcoxfYGCihr76uyNqEGUsEQQRq2gCtxSr9eWXDgXydCPKh5YPquLwiFMfJBMRCjjnOpxWT5BT95LXsWHet0q8PyMwnMWztM_L883tuZBaYgYQdoUacYQqJEhD71RyatHvBQ3kls5t3rp7mY8lw9Rn4OCp3PZdLMS4i1fjkSav1tWgWjeFJFd3R1Ty1pPRpSnsF9Zq8NDdn9j19g9C5uLvhITJ3VDQ7zXfKjYALHDpZfS7gsTzwNSc9Wb8MOPMY_QF7ilag7_gJuw0yZSTtr6X5q75s5RQ6DKDEZnqbz04WIf9K07-tfOPE5mU6dqbWGNXA06btFS6BZeEErjsswE0hvsxOfBccZFKZVeSjOXEIu6i1cTq5BRPTUH_Apv8ccaG56rEsMGS4euK8noi5Y_qiuGXewEI9rCVULBp3Vderwyl0NphGJzJZYW6uLEycw8xBiLj3wXoxSC4jXxt1phSB4u5sN4P0vwkGnK60V3uSin55JuU5xHtaB02-ArHygFwNBTzP2z_rjtfoiHZ4oP40ddfzdGcNCx9GiA_FUoCRmgC5xyVxOpXxKO8AQ8-m2nG_439rGSPMn033_CYXhvFSwm3Ofmne32LCvGHo52q6p3aFd3hHKYMxHTQ4FzDusgqEIQa7LeWiprjk6jUkdxktmYsfXxWSwcsOdylxwGfd3pUnLuZgPi2NXFPdxy3oedK_TPZKozJ9uyYtvqF6ixFuJvB8Qo3vvvLF_iYGD6rWlBkk36B5F47chaP731JMfTQ0W-n_PLYHDs3JFaqf2gsXDQvTEEuM0y0sA5DGZxo8xC9umUnW4hztv0PNg9G2Sfn5dYnC9LlIXe83r2W_jWaV0Q7P5QEmsgq_LDTuhL2-zHeyVDUDiABRrbSQi2yaNt18BfLh_LFDynY0QPhon0AWpvL8zVzBu2jDH559aiU6Tr9sy8AZY5BFr0EXy6r42qsQifHRD7uozCQRLtUWLw7DhXPP_vhpFj92SRBPvpF_1rXqvbGMecidvWIF_jqS6ofEiBBtqqP03K7eXg2bO6XygJgdfxf_zFdRFsE1-oiYGPbBh98XtCwu3PtUwGvu7X5SOPbrCVhKPC84NPtul0L-ZrDZtX7Ng6TAvzGgYBTCwZYlzeR4Jj5_mk6WV4F_Fwt4YhvLT0ppGaPdpLvZ-ITtwLXHmPjAokbqvaBUksWHRRmJ7b0NGO3Z2iqV8A6zXTdbGT3yULhyyyKvrWgoJznze5ALUrY-4Qb3Ac9H6saRMI-1IDCNUPYRyyUn3CGAFzU65jRmCCu-tfGN-6Eejf6RrC4Kypo6CaOzcl-ps-JX3HQbwJM_bO2klMxtNtHb09GIAvrVwFgOeXgGuHv9ZO-81C-JckHRo6CNmPgILRGDtDJHAvb9oqUrN3HJ_WEpa6_fW-pLh8Jv6UTUZ5mBL_f315eRm2RGNbI2r9Q13ddsBxOCgng74rHWjzBasuuje3uv53fyKXtFck71KImvXHTM7XV-_QA0WVstj-ROp0ay0kSJv6b0W95wB5a7Ttr9yrA6-Ouetl0fm_FYJ49lEbD25z02xTJDaZ6Rt96aCt8vozG3Zm3dZy20X0tBst2lgE2STCylNF-kP3GJlp0KxqnpWN-BbGGoQkMKVbnNdtxWj8Tzn28rFwTBcj29plzJSX-dNjnBUgwUIcQvy1yjTeR22BtUPL4CCzNdvU-wvfXq9Evqp8o9xLwLrnTDDY3R_PY-IOLJFOsmPqGF3hQZDoDsdDm0agG0kTIWwZrwJ7m6NiyP4Y_G8-EXzex3_GLlKSfZgSTQ8ve5_vRB2eDw0j2GYXqmmsbs0R4eL835F2dqm9hqdfw-GIEfRPwj9B6m0AX1_SLSa-VuhTZjHEFosFcVqZnUrFm8dB3SKVi2XpLCcS2DwcLU3Ft0WJ5R-w7c5UaRZw1e0lYzr1L6xJ_kIbJswi2PbgmR2a5HZW8fpThe4DjcmTgp0VNALtQr-P1LIN75Kb-r4xfF-lccW5JUQT8lOw2ZmE-m-9emia30wHwaIGyaej-V5t-it5ESfNQjt52Y3qV5BJn4oP9VWz7wrPrdREgYTbpOCjDImSTCDkKLly3E1rbyMR46xPyBQI7xJ1RVIc-5YyA2bd8B13lNaU1BDO-NtiNfaG8VQ&cid=CAQSPgDq26N9jCxOzDcX0en2Odk1j7-3fqv-WDbGVPTIgrQayMib9kXTsbksC9E75gRKgvFoX_Ods6aD-h5NekNIGAEgEw&vpa=click&vpmute=0&sdkv=h.3.549.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.549.0&media_url=blob%3Ahttp%253a%2F%2Fexee.app%2F7770a8ae-4bb0-4fa6-8204-58492e28b505&sid=BB0BCF87-C1CB-43CF-8C68-CD12A2048585&nel=0&eid=44748969%2C44765701&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=http%3A%2F%2Fexee.app%2FPV0Exm&dlt=1670712614209&idt=2966&dt=1670712621767&ged=ve4_td8_tt4_pd8_la8000_er0.0.0.0_vi0.0.939.1280_vp0_ts1_eb16491
IP
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (16345)
Hash cc1517afa80df1b6a86fa455aaa2f147
f2425dc1712312092b9b891ac90da5509908b442
fea5256e6b114e100077425af9b9ec9912bbf7c36422d88fcb45bc53946ae9a9
GET /dbm/vast?dbm_c=AKAmf-Co1HTPlY-bzDDuvYopjrODnojKizR-C-ixQs9rBtdGaeEmZ3_alD4t1cQiFaL0KT-INN06QLDTSvKZq0SnmLaYxW2h7A&cry=1&dbm_d=AKAmf-BukJ5nKGtlZ2iL3Qg2oxUhRKv58CKkip2Lf6puf7p-vL6h8aILyX9KKFqMw26bjGwjinGCP-wGM0BpBwDyJ74ueEwaDgnGYg4xYKJgXKgGP0vaLGDfiEgrmqz9UmRNtvWWQSFWOWOFZHDjTzuCOY5EoZTVb0Rgn4WKT0xJ30FIFN3HAWW_jH2Ki2vHTmi9c3b4vO489rLzN9frlAObG8LndbdpwpNXS2yTRAh4jtrH1HS2r8gh50Mnoa4lmB0G1RhmgMWoszrHorf5pSbDhY2Uiw4vkeQLnEK246F89FbMGduom_vxM6eIWDaXR6y6iv04nRWk9vkuer5uw4SbBwKSOqP7FBzQ3Q4y5eRR_7ouy-aYJA-6QfbnFm148mxtOUtODiSxjPoRs1WUiIMoySg9GUXf5KKzXhRE_ECKUBMAwY4fAHNmbhaU1WVsj_a8WrFqc35540APpQLzC9h6fqO5I3N1J6YalVwE3BgiA-NzJE139TkHnp8MTQRo41X5x1sEwdiPpyAh0NXDi1Kgh73nMuMsnmFFiNW5Ts5bQnQ2r19sNAWLDYtjGTnqDTfmzfoRiYf-86pQbswRfcxtNP4Ed6QDsbXLAFnMyeAD7Ytk0n7hsjbKOCPACi68Cv9Z6ZNs8F_-TxDgtSfDg4Li0s7qfWwfpwl_9-RSANt-33t8XMcEAu0nU-qomf3sBl6-Kyjr5RYBfWG4cMdTFhKxKng-kuWzX02Lbf976ixgj4Bn8euL2592kx4oJGCqUpmisKmEMHQXSNRhIpegwRW_c5pWS_8kx8D85hP07i69hnAmsx3-m2EBFV5GYNGrSkrQn9LqPNTjE3es6oq-bCFNjaoyrJI-1dJPMlXNINwllvTCqW78sSy-w1dIfg7n0Ro4-kAzAHbfUdMBNZMWYxrXN9lhA1Dsnf16huwyOBrv0yk3X1ekLz93VY9Xs2r8cvw7qeiQz9q9qI9An-lmoYXGfivbW5J2vjtRruArkf6LXExpvY0fGHept3otuxHkrwaORBAIXvi0D-XVD3toKfJK8P9BxD-iVFABK6Fo49IFuPjlGvZ_ZKfNJlvzWfCRRns55Z-2NhZujOaS_bysXg7l6w3CCUzIm0RqmhphrDfsO5de8UTgjD3a-Q0kfcnbHhqOETFF42pwNg8Zqp-pTwBJkmw6LIzoLlzztgn1RCvvC6QeQTfTuFQc0kcpeGkKcoxfYGCihr76uyNqEGUsEQQRq2gCtxSr9eWXDgXydCPKh5YPquLwiFMfJBMRCjjnOpxWT5BT95LXsWHet0q8PyMwnMWztM_L883tuZBaYgYQdoUacYQqJEhD71RyatHvBQ3kls5t3rp7mY8lw9Rn4OCp3PZdLMS4i1fjkSav1tWgWjeFJFd3R1Ty1pPRpSnsF9Zq8NDdn9j19g9C5uLvhITJ3VDQ7zXfKjYALHDpZfS7gsTzwNSc9Wb8MOPMY_QF7ilag7_gJuw0yZSTtr6X5q75s5RQ6DKDEZnqbz04WIf9K07-tfOPE5mU6dqbWGNXA06btFS6BZeEErjsswE0hvsxOfBccZFKZVeSjOXEIu6i1cTq5BRPTUH_Apv8ccaG56rEsMGS4euK8noi5Y_qiuGXewEI9rCVULBp3Vderwyl0NphGJzJZYW6uLEycw8xBiLj3wXoxSC4jXxt1phSB4u5sN4P0vwkGnK60V3uSin55JuU5xHtaB02-ArHygFwNBTzP2z_rjtfoiHZ4oP40ddfzdGcNCx9GiA_FUoCRmgC5xyVxOpXxKO8AQ8-m2nG_439rGSPMn033_CYXhvFSwm3Ofmne32LCvGHo52q6p3aFd3hHKYMxHTQ4FzDusgqEIQa7LeWiprjk6jUkdxktmYsfXxWSwcsOdylxwGfd3pUnLuZgPi2NXFPdxy3oedK_TPZKozJ9uyYtvqF6ixFuJvB8Qo3vvvLF_iYGD6rWlBkk36B5F47chaP731JMfTQ0W-n_PLYHDs3JFaqf2gsXDQvTEEuM0y0sA5DGZxo8xC9umUnW4hztv0PNg9G2Sfn5dYnC9LlIXe83r2W_jWaV0Q7P5QEmsgq_LDTuhL2-zHeyVDUDiABRrbSQi2yaNt18BfLh_LFDynY0QPhon0AWpvL8zVzBu2jDH559aiU6Tr9sy8AZY5BFr0EXy6r42qsQifHRD7uozCQRLtUWLw7DhXPP_vhpFj92SRBPvpF_1rXqvbGMecidvWIF_jqS6ofEiBBtqqP03K7eXg2bO6XygJgdfxf_zFdRFsE1-oiYGPbBh98XtCwu3PtUwGvu7X5SOPbrCVhKPC84NPtul0L-ZrDZtX7Ng6TAvzGgYBTCwZYlzeR4Jj5_mk6WV4F_Fwt4YhvLT0ppGaPdpLvZ-ITtwLXHmPjAokbqvaBUksWHRRmJ7b0NGO3Z2iqV8A6zXTdbGT3yULhyyyKvrWgoJznze5ALUrY-4Qb3Ac9H6saRMI-1IDCNUPYRyyUn3CGAFzU65jRmCCu-tfGN-6Eejf6RrC4Kypo6CaOzcl-ps-JX3HQbwJM_bO2klMxtNtHb09GIAvrVwFgOeXgGuHv9ZO-81C-JckHRo6CNmPgILRGDtDJHAvb9oqUrN3HJ_WEpa6_fW-pLh8Jv6UTUZ5mBL_f315eRm2RGNbI2r9Q13ddsBxOCgng74rHWjzBasuuje3uv53fyKXtFck71KImvXHTM7XV-_QA0WVstj-ROp0ay0kSJv6b0W95wB5a7Ttr9yrA6-Ouetl0fm_FYJ49lEbD25z02xTJDaZ6Rt96aCt8vozG3Zm3dZy20X0tBst2lgE2STCylNF-kP3GJlp0KxqnpWN-BbGGoQkMKVbnNdtxWj8Tzn28rFwTBcj29plzJSX-dNjnBUgwUIcQvy1yjTeR22BtUPL4CCzNdvU-wvfXq9Evqp8o9xLwLrnTDDY3R_PY-IOLJFOsmPqGF3hQZDoDsdDm0agG0kTIWwZrwJ7m6NiyP4Y_G8-EXzex3_GLlKSfZgSTQ8ve5_vRB2eDw0j2GYXqmmsbs0R4eL835F2dqm9hqdfw-GIEfRPwj9B6m0AX1_SLSa-VuhTZjHEFosFcVqZnUrFm8dB3SKVi2XpLCcS2DwcLU3Ft0WJ5R-w7c5UaRZw1e0lYzr1L6xJ_kIbJswi2PbgmR2a5HZW8fpThe4DjcmTgp0VNALtQr-P1LIN75Kb-r4xfF-lccW5JUQT8lOw2ZmE-m-9emia30wHwaIGyaej-V5t-it5ESfNQjt52Y3qV5BJn4oP9VWz7wrPrdREgYTbpOCjDImSTCDkKLly3E1rbyMR46xPyBQI7xJ1RVIc-5YyA2bd8B13lNaU1BDO-NtiNfaG8VQ&cid=CAQSPgDq26N9jCxOzDcX0en2Odk1j7-3fqv-WDbGVPTIgrQayMib9kXTsbksC9E75gRKgvFoX_Ods6aD-h5NekNIGAEgEw&vpa=click&vpmute=0&sdkv=h.3.549.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.549.0&media_url=blob%3Ahttp%253a%2F%2Fexee.app%2F7770a8ae-4bb0-4fa6-8204-58492e28b505&sid=BB0BCF87-C1CB-43CF-8C68-CD12A2048585&nel=0&eid=44748969%2C44765701&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=http%3A%2F%2Fexee.app%2FPV0Exm&dlt=1670712614209&idt=2966&dt=1670712621767&ged=ve4_td8_tt4_pd8_la8000_er0.0.0.0_vi0.0.939.1280_vp0_ts1_eb16491 HTTP/1.1
Host: bid.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://imasdk.googleapis.com
Connection: keep-alive
Referer: http://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 22:50:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: http://imasdk.googleapis.com
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 16260
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 10-Dec-2022 23:05:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/interaction/?ai=CCC9iLg2VY7abNbGBmAftj6zwB8rqkvFt4bLN3PsQ8C4QASCs1olGYMOEgICYGMgBBakCr65uqdEFgz6oAwHIAxOYBACqBJECT9DM8WVzgRt_M_NYN5MO2bmN16Cl7K-zgm5wJNDA1mxBxoyipzlqrMLjfgAKAv3RAmAHn3-UYOKqv9KDBHAX5xKNhC6l2YHX4HanSIGf8D-oPhQUH3OluTYMmCwXypKeMLa8sIp88XFOislgL9jnVcrRNQJdp99G2i3jhp-uh1td51xlB6zblf66IkIPpIBdefzsjN80UNnrSD6bcBnwyySLSAmbD9jZw_WUhfdHK9OHBQCE_AIOFgI25eBARtFHk7ZTEyR_ozhHnl7UY7_79AlptNu_aMXMTT_VlmtsJpII3lbYnVSOG3SpNOOHYPNUi2XYlw-4z9ldVfKXIq9FKEXnVzwi_smVY_P6k-g6mLdxwATn3fuCmQTgBAOQBgGgBk6AB-XI_okDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEgiI4YAQEAEYHTIDqoIBOgKAQIAKA5gLAcgLAYAMAbATz6e4EcgTi9C94QPQEwDYEwqIFAHYFAHQFQH4FgGAFwE&sigh=QxrPdqJtx94&label=videoplayfailed403&sdkv=h.3.549.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2MzcyODkxMjM3MjFAiwIKVggBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NDQ0MjE1NDgyCTE4MzA4NTU1NEBsUhwlAABwQSgBOgsxODMwODU1NTQtMUIER0RDTVAAGAE.
200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/interaction/?ai=CCC9iLg2VY7abNbGBmAftj6zwB8rqkvFt4bLN3PsQ8C4QASCs1olGYMOEgICYGMgBBakCr65uqdEFgz6oAwHIAxOYBACqBJECT9DM8WVzgRt_M_NYN5MO2bmN16Cl7K-zgm5wJNDA1mxBxoyipzlqrMLjfgAKAv3RAmAHn3-UYOKqv9KDBHAX5xKNhC6l2YHX4HanSIGf8D-oPhQUH3OluTYMmCwXypKeMLa8sIp88XFOislgL9jnVcrRNQJdp99G2i3jhp-uh1td51xlB6zblf66IkIPpIBdefzsjN80UNnrSD6bcBnwyySLSAmbD9jZw_WUhfdHK9OHBQCE_AIOFgI25eBARtFHk7ZTEyR_ozhHnl7UY7_79AlptNu_aMXMTT_VlmtsJpII3lbYnVSOG3SpNOOHYPNUi2XYlw-4z9ldVfKXIq9FKEXnVzwi_smVY_P6k-g6mLdxwATn3fuCmQTgBAOQBgGgBk6AB-XI_okDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEgiI4YAQEAEYHTIDqoIBOgKAQIAKA5gLAcgLAYAMAbATz6e4EcgTi9C94QPQEwDYEwqIFAHYFAHQFQH4FgGAFwE&sigh=QxrPdqJtx94&label=videoplayfailed403&sdkv=h.3.549.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2MzcyODkxMjM3MjFAiwIKVggBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NDQ0MjE1NDgyCTE4MzA4NTU1NEBsUhwlAABwQSgBOgsxODMwODU1NTQtMUIER0RDTVAAGAE.
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/interaction/?ai=CCC9iLg2VY7abNbGBmAftj6zwB8rqkvFt4bLN3PsQ8C4QASCs1olGYMOEgICYGMgBBakCr65uqdEFgz6oAwHIAxOYBACqBJECT9DM8WVzgRt_M_NYN5MO2bmN16Cl7K-zgm5wJNDA1mxBxoyipzlqrMLjfgAKAv3RAmAHn3-UYOKqv9KDBHAX5xKNhC6l2YHX4HanSIGf8D-oPhQUH3OluTYMmCwXypKeMLa8sIp88XFOislgL9jnVcrRNQJdp99G2i3jhp-uh1td51xlB6zblf66IkIPpIBdefzsjN80UNnrSD6bcBnwyySLSAmbD9jZw_WUhfdHK9OHBQCE_AIOFgI25eBARtFHk7ZTEyR_ozhHnl7UY7_79AlptNu_aMXMTT_VlmtsJpII3lbYnVSOG3SpNOOHYPNUi2XYlw-4z9ldVfKXIq9FKEXnVzwi_smVY_P6k-g6mLdxwATn3fuCmQTgBAOQBgGgBk6AB-XI_okDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEgiI4YAQEAEYHTIDqoIBOgKAQIAKA5gLAcgLAYAMAbATz6e4EcgTi9C94QPQEwDYEwqIFAHYFAHQFQH4FgGAFwE&sigh=QxrPdqJtx94&label=videoplayfailed403&sdkv=h.3.549.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2MzcyODkxMjM3MjFAiwIKVggBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NDQ0MjE1NDgyCTE4MzA4NTU1NEBsUhwlAABwQSgBOgsxODMwODU1NTQtMUIER0RDTVAAGAE. HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 22:50:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
access-control-allow-origin: *
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 10-Dec-2022 23:05:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=ima&puid=1~lbij5ltg&c=7292777943841&slotId=3646388971920.5&qqid=CLbqocOR8PsCFbEA5god7QcLfg&gqid=Lg2VY8m7M6yCxdwPk5-okAY&fb=ima_html5-lima&sdkv=h.3.549.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44765701&wta=1&vmfc=11&vhc=0
204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&puid=1~lbij5ltg&c=7292777943841&slotId=3646388971920.5&qqid=CLbqocOR8PsCFbEA5god7QcLfg&gqid=Lg2VY8m7M6yCxdwPk5-okAY&fb=ima_html5-lima&sdkv=h.3.549.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44765701&wta=1&vmfc=11&vhc=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&puid=1~lbij5ltg&c=7292777943841&slotId=3646388971920.5&qqid=CLbqocOR8PsCFbEA5god7QcLfg&gqid=Lg2VY8m7M6yCxdwPk5-okAY&fb=ima_html5-lima&sdkv=h.3.549.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44765701&wta=1&vmfc=11&vhc=0 HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://imasdk.googleapis.com
Connection: keep-alive
Referer: http://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Sat, 10 Dec 2022 22:50:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=ima&puid=2~lbij5pi0&c=7292777943841&slotId=3646388971920.5&qqid=CLbqocOR8PsCFbEA5god7QcLfg&gqid=Lg2VY8m7M6yCxdwPk5-okAY&fb=ima_html5-lima&sdkv=h.3.549.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&gpm_i=11&gpm_c=11&gpm_a=0&webm=0&vp9=0&vamt=application%2Fx-mpegurl%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false
204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&puid=2~lbij5pi0&c=7292777943841&slotId=3646388971920.5&qqid=CLbqocOR8PsCFbEA5god7QcLfg&gqid=Lg2VY8m7M6yCxdwPk5-okAY&fb=ima_html5-lima&sdkv=h.3.549.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&gpm_i=11&gpm_c=11&gpm_a=0&webm=0&vp9=0&vamt=application%2Fx-mpegurl%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&puid=2~lbij5pi0&c=7292777943841&slotId=3646388971920.5&qqid=CLbqocOR8PsCFbEA5god7QcLfg&gqid=Lg2VY8m7M6yCxdwPk5-okAY&fb=ima_html5-lima&sdkv=h.3.549.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&gpm_i=11&gpm_c=11&gpm_a=0&webm=0&vp9=0&vamt=application%2Fx-mpegurl%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://imasdk.googleapis.com
Connection: keep-alive
Referer: http://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Sat, 10 Dec 2022 22:50:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:16 GMT
content-type: text/plain
set-cookie: csu=468232878930468@1@1670712616; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W53Z2mYvcJFOl1%2B896ifzgPpoJy4SPH7NBvnzaZr71EbDrwmg5lNB34mGx8v2tIEcwstnSJg1vI3tMHaDoWiRHP1fjBplntOQFX%2FXla1b83cWNyO8ChGc%2FDF08xFmFO%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 777989db8a5f7447-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 0 B IP
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 124
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:16 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=omgGrEsTFt0QHLW9%2BxPf9O9Imv7t0WLjytcEcEBikbbU1vdLH0JfT8p2VMEDpW53YGSPwf3ZgJrQc%2BS1ruT2ot4efouLqE%2F46IoExviIzH%2B6oYHi71dY5wn58ZDn%2FLH2zHhR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 777989de6a627318-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:16 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1551
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q88IcCILY%2FS9sFNmE7fzg5bKLjvRQUNM2sNV0FomFBQfMOy%2BD0FKp5bpvigFL53QUSCD1qr3RwuAa7GkSd%2B8ZdUtZTc8qfS%2BJmAkUW21RHqlkK7bvMpxeTrQYYNknlwSKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 777989dafb0f1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:16 GMT
content-type: text/plain
set-cookie: csu=313328621756795@1@1670712616; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q1k8axFDrzRi5wgL06QNKC68AuUeunoEoOIpgHJGEZ%2BLXPVy%2Fv8MyTlOqDzfG1yboZyZJBTIOmBVzkQGTaT4o3STakV7A5eq431wCy9NvlN3G3aJG15HS%2BN7r4%2Bj4bIW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 777989dc6b1e7447-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:16 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Sat, 10 Dec 2022 22:50:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6QA889o%2Bo%2FZC8mrmiFe1yOCumCNMtuwraJE4CSB3OQQJkIrKsHKbGPDAbg3DiujEUd9SE3UJ6Uk0sjTCzUm87CSC7zgU8QPxDE%2Fq5asM8kDhe%2F8NYka22aXT%2Fx8EXM8e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 777989db8a607447-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.vdo.ai/core/v-exee-app/vdo.ai.js
200 OK 0 B URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:16 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
vdo-server: Tag2
cache-control: public, max-age=1800
x-varnish: 20514665 10838355
via: 1.1 varnish-v4
x-cache: HIT
cf-cache-status: EXPIRED
last-modified: Sat, 10 Dec 2022 22:49:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LKfsCcZjp5PlXFfgUp2%2F%2FxLwr%2F%2Ftf74Ih%2BjwyogPGMkF05G1otujGnOdnUUUMUQThJmy%2FF7K4a8dDSQjDr0i8VxvHQhRij3rE6t1zEiWBYGz7nRtdeREvhVtkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 777989dc4ea1730c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 0 B IP
ASN #20940 Akamai International B.V.
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3872
Expires: Sat, 10 Dec 2022 23:54:50 GMT
Date: Sat, 10 Dec 2022 22:50:18 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js
IP
GET /sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 22:50:18 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:46:52 GMT
etag: W/"602d022c-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=70wL1vFIAoisJdZzr2ZytyqHMKrimiecpGNc3Lne%2B4gm%2B94Mcnp%2Fw4cO%2FUsuxmoeVnDAlwQGz0FGtIK3CH9LrMQPEZACHQPfGXCr6cLeOUmRU6asKJEaDJM1RltRnFZrJzEEzmT43uUf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 777989eb3dfb74a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: eoq7glyVhTE9A0bHzsAhtW/UPAcePH+aeq+KPiPXOzz9ycHgj5tzXd57F6F9IU9RTJ4AJeb+dG6SWJq1l89Grg==
date: Sat, 10 Dec 2022 22:50:17 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S218173797%3A1670712617573033&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5SNjdVZ7tnSSbgsMT_mzfG-ACJd1kiZvc2Z3tA_ZCOSF1-J1kETsX55mH_u53ZDBxjUHhfBA
403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S218173797%3A1670712617573033&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5SNjdVZ7tnSSbgsMT_mzfG-ACJd1kiZvc2Z3tA_ZCOSF1-J1kETsX55mH_u53ZDBxjUHhfBA
IP
GET /v3/signin/identifier?dsh=S218173797%3A1670712617573033&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5SNjdVZ7tnSSbgsMT_mzfG-ACJd1kiZvc2Z3tA_ZCOSF1-J1kETsX55mH_u53ZDBxjUHhfBA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 10 Dec 2022 22:50:17 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-luGtNP-R86YpOHjwuqBOfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
104.21.48.127
172.64.105.3
31.13.72.36
95.101.11.115
172.255.6.46
104.21.234.92
18.185.190.54
188.114.97.1
93.184.220.29
15.235.42.80