exe.io/0CYlt3zE
104.26.2.103301 Moved Permanently 0 B IP 104.26.2.103:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /0CYlt3zE HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 24 Dec 2022 00:42:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 24 Dec 2022 01:42:58 GMT
Location: https://exe.io/0CYlt3zE
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4BsSuLtBhTprtH9UkqwDlf4Tz994b9kpqmv8%2Fd7JiTY%2BxWHs%2FKUgkcyAI02D8deDHB5Yqmwlm3QFnZcviK8kLj3NcjnnWmUrqC%2B5kAn8q97zqEUsUA91UA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e54cd32cec1c0a-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d6a971d765338f107fe9d2c67fa4bbdf
a72bdf191446a37fa0420cc9d7c087aaff757cd6
dc5291c136b0b81621a02679a31f6b7c852e2803429d54c2a9afcc8edf031328
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DC5291C136B0B81621A02679A31F6B7C852E2803429D54C2A9AFCC8EDF031328"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10443
Expires: Sat, 24 Dec 2022 03:37:01 GMT
Date: Sat, 24 Dec 2022 00:42:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7e300ca7d2d586dd1ca0c185ef6b0da5
3914cfd3b7aa6e1d1117bf509319479e489ed2a4
91c8810ad137faf4393f7d15f9c619c06d124a7aaebfa21290dca614db2c7757
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91C8810AD137FAF4393F7D15F9C619C06D124A7AAEBFA21290DCA614DB2C7757"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3988
Expires: Sat, 24 Dec 2022 01:49:26 GMT
Date: Sat, 24 Dec 2022 00:42:58 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 23 Dec 2022 23:46:11 GMT
content-type: application/json
age: 3407
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 32167242c3bbe7e45a2a865279df94a6
d03436f418ff77d50a553daa892c05e0725ba908
d5578d537296da18f3f349a98465e9fe930dca60a8ed62c183e9c9f6eb53f493
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D5578D537296DA18F3F349A98465E9FE930DCA60A8ED62C183E9C9F6EB53F493"
Last-Modified: Wed, 21 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8067
Expires: Sat, 24 Dec 2022 02:57:25 GMT
Date: Sat, 24 Dec 2022 00:42:58 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5509f841eae2066ac52da469a101c645
2988c20ff3e4d22d20b342b357d9178e384a26f0
94d33bf211fc0c9430d6e1f0aa2974cf8ef085376dc19199baa6e24c77aada30
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3450
Cache-Control: max-age=162926
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:58 GMT
Etag: "63a61706-117"
Expires: Sun, 25 Dec 2022 21:58:24 GMT
Last-Modified: Fri, 23 Dec 2022 21:00:54 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: X/EDOusvHbzeEkxvrw+b7QoairVqHhtn9ANxlQLR04jni/TDSFYUgZ1fzTZudkDHei9A9yzhP7Q=
x-amz-request-id: DC79TF8V5NY4FXWE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 23 Dec 2022 23:54:15 GMT
age: 2923
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 00:42:58 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5509f841eae2066ac52da469a101c645
2988c20ff3e4d22d20b342b357d9178e384a26f0
94d33bf211fc0c9430d6e1f0aa2974cf8ef085376dc19199baa6e24c77aada30
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3450
Cache-Control: max-age=162926
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:58 GMT
Etag: "63a61706-117"
Expires: Sun, 25 Dec 2022 21:58:24 GMT
Last-Modified: Fri, 23 Dec 2022 21:00:54 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0ca04e42e8a651a40c882aa44c6682b7
1c208a6005efbd87e990646f0aa96a648e89f63e
a07d0f344389f73ede104750e9f3717d9343ee344dc32fd74bb99cf50b28e7b0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A07D0F344389F73EDE104750E9F3717D9343EE344DC32FD74BB99CF50B28E7B0"
Last-Modified: Thu, 22 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5585
Expires: Sat, 24 Dec 2022 02:16:03 GMT
Date: Sat, 24 Dec 2022 00:42:58 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 24 Dec 2022 00:33:25 GMT
age: 574
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5509f841eae2066ac52da469a101c645
2988c20ff3e4d22d20b342b357d9178e384a26f0
94d33bf211fc0c9430d6e1f0aa2974cf8ef085376dc19199baa6e24c77aada30
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3451
Cache-Control: max-age=162926
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Etag: "63a61706-117"
Expires: Sun, 25 Dec 2022 21:58:25 GMT
Last-Modified: Fri, 23 Dec 2022 21:00:54 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 305e61785b6a439d62cc6d1eb782acf0
51c1e3e213b20326f9b0a6089a07d64559945d85
b04548c1d4e00ddc872aad4bd3b532cade0bf423138620e351a6d58a2e8f19fc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash dc2725df0fb812e32298bb7faaf0c231
4ce4ac649b05b8eedab5bda51f4baf5f98417689
1a60eb1f9b71718c2061dfeb9de8241bef6fecab5d48adbc8ce3a89d1dddb8f5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
exe.io/img/logo_sm.png
104.26.3.103200 OK 7.3 kB IP 104.26.3.103:0
File type PNG image data, 262 x 110, 8-bit/color RGBA, non-interlaced\012- data
Hash 8c6ea820184e2fed66d46bea0961727b
3f4c8a3b29ec92470986f0073faf93f6d5cb8c35
7b5909e1e74fbd27e91e37fb276c6a440ee23d05cf4a03fb6af5455e0812686c
GET /img/logo_sm.png HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: image/png
content-length: 7266
cache-control: max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10989, status=vary_header_present
expires: Tue, 12 Dec 2023 17:30:47 GMT
last-modified: Sun, 28 Mar 2021 18:01:57 GMT
vary: User-Agent, Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 976332
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GPmzzary20HaQxHwtz%2FWwTrJzGhf7knTasOHk5Pffgw%2BSlZJBwlYGWH5qWcLNAm%2FpoNW4C7TehIpot5Q8%2FLUN4Fn8zwmpouJovwL6XOvQFyHcqxBGYYoOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77e54cd91d1a0b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-135952122-1
142.250.74.40200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP 142.250.74.40:0
File type ASCII text, with very long lines (1921)
Hash 3910d3bab9425d5442694fc55468cc43
26f3b3446771664f8c7b9ce7a4c59f896dec2d9c
56fc0b63a4fcb9baebac093b760e8da82faad42af73fd44b2c4f85c198446562
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 24 Dec 2022 00:42:59 GMT
expires: Sat, 24 Dec 2022 00:42:59 GMT
cache-control: private, max-age=900
last-modified: Sat, 24 Dec 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43580
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 908314917f04ac321d044070b43aa444
580b2639c1bb1609fa767331e50b94363333cf05
a4a95087a92058a5b00afc85cec78ea6f820facddd3fc279ddd1208d7d1028c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4688
Cache-Control: max-age=152666
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Etag: "63a5ea1d-116"
Expires: Sun, 25 Dec 2022 19:07:25 GMT
Last-Modified: Fri, 23 Dec 2022 17:49:17 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 278
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9fdfc8b21641f66ff38b7ee06bc18715
70c3a649fa96037b54cb76678bd4274d698cda58
75b4c0b7b45fa2addaa25810c6a41fa58bd8cea1f795adacd50d4f4a0a9877b8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "75B4C0B7B45FA2ADDAA25810C6A41FA58BD8CEA1F795ADACD50D4F4A0A9877B8"
Last-Modified: Thu, 22 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7564
Expires: Sat, 24 Dec 2022 02:49:03 GMT
Date: Sat, 24 Dec 2022 00:42:59 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c615c937e6371bda0824b44af0c21c74
b097d69452bcc60085f563d094388185c26f0e7d
9f1194921b5d57dd52a217a47e69ad4cec7c08378c73c8dfccc3817119fcbb41
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1195
Cache-Control: max-age=117823
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Etag: "63a56fa7-1d7"
Expires: Sun, 25 Dec 2022 09:26:42 GMT
Last-Modified: Fri, 23 Dec 2022 09:06:47 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash dc2725df0fb812e32298bb7faaf0c231
4ce4ac649b05b8eedab5bda51f4baf5f98417689
1a60eb1f9b71718c2061dfeb9de8241bef6fecab5d48adbc8ce3a89d1dddb8f5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 305e61785b6a439d62cc6d1eb782acf0
51c1e3e213b20326f9b0a6089a07d64559945d85
b04548c1d4e00ddc872aad4bd3b532cade0bf423138620e351a6d58a2e8f19fc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9fdfc8b21641f66ff38b7ee06bc18715
70c3a649fa96037b54cb76678bd4274d698cda58
75b4c0b7b45fa2addaa25810c6a41fa58bd8cea1f795adacd50d4f4a0a9877b8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "75B4C0B7B45FA2ADDAA25810C6A41FA58BD8CEA1F795ADACD50D4F4A0A9877B8"
Last-Modified: Thu, 22 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7564
Expires: Sat, 24 Dec 2022 02:49:03 GMT
Date: Sat, 24 Dec 2022 00:42:59 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48d9c2cd502a59d5b39a09866954a5b7
a16fab9335030912b0bfb759ca833bc25325396a
0a7b393647d94803b39f4fe639e908f063e9f926e9cd01acf2f63e4e50ee5f11
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0A7B393647D94803B39F4FE639E908F063E9F926E9CD01ACF2F63E4E50EE5F11"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10420
Expires: Sat, 24 Dec 2022 03:36:39 GMT
Date: Sat, 24 Dec 2022 00:42:59 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48d9c2cd502a59d5b39a09866954a5b7
a16fab9335030912b0bfb759ca833bc25325396a
0a7b393647d94803b39f4fe639e908f063e9f926e9cd01acf2f63e4e50ee5f11
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0A7B393647D94803B39F4FE639E908F063E9F926E9CD01ACF2F63E4E50EE5F11"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10420
Expires: Sat, 24 Dec 2022 03:36:39 GMT
Date: Sat, 24 Dec 2022 00:42:59 GMT
Connection: keep-alive
didmakingby.xyz/utx?cb=Ida55pa4jmi4&top=exeo.app&tid=822524
54.230.111.76204 No Content 0 B URL HTTP/2 didmakingby.xyz/utx?cb=Ida55pa4jmi4&top=exeo.app&tid=822524
IP 54.230.111.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=Ida55pa4jmi4&top=exeo.app&tid=822524 HTTP/1.1
Host: didmakingby.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 24 Dec 2022 00:42:59 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 24 Dec 2022 00:43:59 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UMv3lrjD0cHFVElSkfbxisDvKp5-hbKBVgBADSj9SQp_1qYD9AXFWA==
X-Firefox-Spdy: h2
didmakingby.xyz/amduRTkLBQ0oBgtaDGNMGAtTYAssQlwDXVkdCnBcAAUHcVVTEEAmVQUSCiNLBQkaa1cPE0t3f10GXRNNPCEjDH4NKhcne1IELRJVGDA7IWAwCgoLcRJTWRVrHi4lInxZKAkyATo1HS59PxQJDmhTLjYdcE9VKAZRGSwPHWwlIBlwSTMMXhB6Pj0bHQgnPSQBTis0LyZeJSUBA34+DEt3eyIfVwlwPi05AngjEiEiWjAjJgNRJjIsAWMiPTQXbD8NISJsOCYHCF4+DAohdgMDIRcIWws3dW8sNCkmaz4MCiFwEAgoFAgGHzcGVTs/XBRLMjIoDGMSISEXCEdXAw9sXyAiAm8APwIxXQw/NB9rOwgWCHgrBj0CYDwwOxNaMCAgJGs8HxYcbxkzLAZgWCM8Km8JMCsxayxWBiNvHjMpAlUDQQQ2VgQXUwJsDjYXFFAiKBY
54.230.111.76200 OK 1.2 kB URL HTTP/2 didmakingby.xyz/amduRTkLBQ0oBgtaDGNMGAtTYAssQlwDXVkdCnBcAAUHcVVTEEAmVQUSCiNLBQkaa1cPE0t3f10GXRNNPCEjDH4NKhcne1IELRJVGDA7IWAwCgoLcRJTWRVrHi4lInxZKAkyATo1HS59PxQJDmhTLjYdcE9VKAZRGSwPHWwlIBlwSTMMXhB6Pj0bHQgnPSQBTis0LyZeJSUBA34+DEt3eyIfVwlwPi05AngjEiEiWjAjJgNRJjIsAWMiPTQXbD8NISJsOCYHCF4+DAohdgMDIRcIWws3dW8sNCkmaz4MCiFwEAgoFAgGHzcGVTs/XBRLMjIoDGMSISEXCEdXAw9sXyAiAm8APwIxXQw/NB9rOwgWCHgrBj0CYDwwOxNaMCAgJGs8HxYcbxkzLAZgWCM8Km8JMCsxayxWBiNvHjMpAlUDQQQ2VgQXUwJsDjYXFFAiKBY
IP 54.230.111.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3036), with no line terminators
Hash 206356c94a73bff11e00cf6be74a2fdf
8a481f6e18f7d9865d3d8222fa2fe40eae40cd07
11a9e27df3eb663de3f7b2dc0484299ca8341db7a4c23f26dae7648095b05531
GET /amduRTkLBQ0oBgtaDGNMGAtTYAssQlwDXVkdCnBcAAUHcVVTEEAmVQUSCiNLBQkaa1cPE0t3f10GXRNNPCEjDH4NKhcne1IELRJVGDA7IWAwCgoLcRJTWRVrHi4lInxZKAkyATo1HS59PxQJDmhTLjYdcE9VKAZRGSwPHWwlIBlwSTMMXhB6Pj0bHQgnPSQBTis0LyZeJSUBA34+DEt3eyIfVwlwPi05AngjEiEiWjAjJgNRJjIsAWMiPTQXbD8NISJsOCYHCF4+DAohdgMDIRcIWws3dW8sNCkmaz4MCiFwEAgoFAgGHzcGVTs/XBRLMjIoDGMSISEXCEdXAw9sXyAiAm8APwIxXQw/NB9rOwgWCHgrBj0CYDwwOxNaMCAgJGs8HxYcbxkzLAZgWCM8Km8JMCsxayxWBiNvHjMpAlUDQQQ2VgQXUwJsDjYXFFAiKBY HTTP/1.1
Host: didmakingby.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1188
date: Sat, 24 Dec 2022 00:42:59 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MbE3yJe1YCHBTRUdzne7V4IehgqwepAPFzH1rG_VJowiIkgeDoduDA==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b9643a377daeefa9e867de25d84d90a4
7ab8aade6752606edfa9a6e68248fdbdca76dae8
0265378147b5eaa4ad2c4f570790b2b71b1abe8386e674c565bf0885396c04d0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
didmakingby.xyz/utx?cb=SMxK3VpkKDla&top=exeo.app&tid=889494
54.230.111.76204 No Content 0 B URL HTTP/2 didmakingby.xyz/utx?cb=SMxK3VpkKDla&top=exeo.app&tid=889494
IP 54.230.111.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=SMxK3VpkKDla&top=exeo.app&tid=889494 HTTP/1.1
Host: didmakingby.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 24 Dec 2022 00:42:59 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 24 Dec 2022 00:43:59 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7S2bFgUEIBvCzp2BLXHMhDTKpTjCfquzhLe3YidAKgzDxUYwgVTvPw==
X-Firefox-Spdy: h2
didmakingby.xyz/eHAySm4ZElEnURlNUGwbChwPb1w+VQAMCksKVn8LEhJbfgJBBxwpAhcFViwcFx5GZAAdBBd4KDAhXxA2HENnIi0sG2AZBCEgf3oeNhVecwQsG3QhKjshaw0UMhJwLVopOgNyXjIzaw4mECZgCzofM1MhCiw8VSlbPTVaIS8CG2cZJjYxfCIjIBYDABY5B2c+Ki8fVgs9Eyh4PSMhPEoDVy0hcyA5Ah9rDhcLO30yNCkTcQgHLyVkJDg/FFQLBws5fzIJOz1nBAIqCEF4P0omehgmMjloeyQ/MXcEAioHezgtPzZ2HyY9G1EhOD4/XggELRtrCz9KXWQCLAIidhAqIjVRJiBNIgMyAC43URsrOzV8BSgyOHAMPBYiWRwXLkJWDTswMmUHPEw4eD0vTDQDCBkxN2gCPz8IZSk/MjlRPUgSA10kHkUhSy8LQRNhGS8AMg
54.230.111.76200 OK 1.2 kB URL HTTP/2 didmakingby.xyz/eHAySm4ZElEnURlNUGwbChwPb1w+VQAMCksKVn8LEhJbfgJBBxwpAhcFViwcFx5GZAAdBBd4KDAhXxA2HENnIi0sG2AZBCEgf3oeNhVecwQsG3QhKjshaw0UMhJwLVopOgNyXjIzaw4mECZgCzofM1MhCiw8VSlbPTVaIS8CG2cZJjYxfCIjIBYDABY5B2c+Ki8fVgs9Eyh4PSMhPEoDVy0hcyA5Ah9rDhcLO30yNCkTcQgHLyVkJDg/FFQLBws5fzIJOz1nBAIqCEF4P0omehgmMjloeyQ/MXcEAioHezgtPzZ2HyY9G1EhOD4/XggELRtrCz9KXWQCLAIidhAqIjVRJiBNIgMyAC43URsrOzV8BSgyOHAMPBYiWRwXLkJWDTswMmUHPEw4eD0vTDQDCBkxN2gCPz8IZSk/MjlRPUgSA10kHkUhSy8LQRNhGS8AMg
IP 54.230.111.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3039), with no line terminators
Hash 8744940033b2c55ee7c9d4ca165316b5
ec3ac84b9304ad3bd1975df4905d008cc8136aa3
c6c43dad47ee22ca6b5d5af0acec996abc64d1b7acbdbb1c59cb503df710708c
GET /eHAySm4ZElEnURlNUGwbChwPb1w+VQAMCksKVn8LEhJbfgJBBxwpAhcFViwcFx5GZAAdBBd4KDAhXxA2HENnIi0sG2AZBCEgf3oeNhVecwQsG3QhKjshaw0UMhJwLVopOgNyXjIzaw4mECZgCzofM1MhCiw8VSlbPTVaIS8CG2cZJjYxfCIjIBYDABY5B2c+Ki8fVgs9Eyh4PSMhPEoDVy0hcyA5Ah9rDhcLO30yNCkTcQgHLyVkJDg/FFQLBws5fzIJOz1nBAIqCEF4P0omehgmMjloeyQ/MXcEAioHezgtPzZ2HyY9G1EhOD4/XggELRtrCz9KXWQCLAIidhAqIjVRJiBNIgMyAC43URsrOzV8BSgyOHAMPBYiWRwXLkJWDTswMmUHPEw4eD0vTDQDCBkxN2gCPz8IZSk/MjlRPUgSA10kHkUhSy8LQRNhGS8AMg HTTP/1.1
Host: didmakingby.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1193
date: Sat, 24 Dec 2022 00:42:59 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mna_1fXCXbj7gF7uchbjXYVXpPB9yOZErnMZjTXmTkTcYf__2F-n7Q==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b9643a377daeefa9e867de25d84d90a4
7ab8aade6752606edfa9a6e68248fdbdca76dae8
0265378147b5eaa4ad2c4f570790b2b71b1abe8386e674c565bf0885396c04d0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
142.250.74.35200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Dec 2022 18:56:07 GMT
expires: Tue, 19 Dec 2023 18:56:07 GMT
cache-control: public, max-age=31536000
age: 366412
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/dpmMhbCpXac
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dpmMhbCpXac
IP 142.250.74.131:0
Hash acdf9c2e32c7f8742a253a1c8bb29270
25f4ee9374290e5e6cc9439e9ce10a05e45c5661
633e0ffb460c134df2354a09ad0c00f0f68d9ba2c84b463e7536e8f9d7ef61fd
POST /s/gts1p5/dpmMhbCpXac HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
live.demand.supply/e/e.js?e=ll&d=174&cs=c&dsReferer=ZXhlby5hcHAvMENZbHQzekU=
104.16.133.22200 OK 0 B URL HTTP/2 live.demand.supply/e/e.js?e=ll&d=174&cs=c&dsReferer=ZXhlby5hcHAvMENZbHQzekU=
IP 104.16.133.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /e/e.js?e=ll&d=174&cs=c&dsReferer=ZXhlby5hcHAvMENZbHQzekU= HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
etag: "9664438fc0db5c4deed9238aef210660-ssl"
x-nf-request-id: 01GM32FRGGARDGXY1X31YKZ3XW
cf-cache-status: HIT
age: 955721
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77e54cdadb4c1bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 908314917f04ac321d044070b43aa444
580b2639c1bb1609fa767331e50b94363333cf05
a4a95087a92058a5b00afc85cec78ea6f820facddd3fc279ddd1208d7d1028c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4688
Cache-Control: max-age=152666
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Etag: "63a5ea1d-116"
Expires: Sun, 25 Dec 2022 19:07:25 GMT
Last-Modified: Fri, 23 Dec 2022 17:49:17 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 278
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Dec 2022 18:52:41 GMT
expires: Tue, 19 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 366618
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bcfade1a311a3e0864616f3274a1d9b4
264d662370eb97d31368b06b6224069efc538695
a10abbc5883ca21f610513ff9e72054b8b8950fcaa56c53d0a8ca1ff89cb4585
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A10ABBC5883CA21F610513FF9E72054B8B8950FCAA56C53D0A8CA1FF89CB4585"
Last-Modified: Fri, 23 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4209
Expires: Sat, 24 Dec 2022 01:53:08 GMT
Date: Sat, 24 Dec 2022 00:42:59 GMT
Connection: keep-alive
didmakingby.xyz/UjF0MkIzUxdffTMMFhQ3IF1JF3AUFEZ0JmFLEAcnOFMdBi5rRlpRLj1EEFQwPV8AHCw3RVEABBNoHmgMH2cxcBUBfyxQKghXP2M6ImcTZGdgdzYAABdpMAcnAkk9fgRhXQR5EwNpLHMXF2s1VikCdCZxDGNnB2cqE1khdnoUckZGFwJGMX4kEFIDcC4ARjZqIQpnR3AhAlkcVAsEAQNgNQN9Nnp7AXRHCgA3YyJUC2NkUQAAFGQiXQNgdDljLzV1LWQPFWgDdHIHaSZdA2B0Imo7H3kuZyEUdQxgKAdaQQUACmMmVgU1dS1gABNQNXsTB0YuBgpgdzh3cX8JNnwlNmc+XndiZDxwZ2B3NWUAAXMaRQALdBd3JARSQHcEH0MsWy4aczVBAwtnF2skAFIfajUxFx5BLTxBSWgKanpGaC8GVyZ4Fz8
54.230.111.76200 OK 1.2 kB URL HTTP/2 didmakingby.xyz/UjF0MkIzUxdffTMMFhQ3IF1JF3AUFEZ0JmFLEAcnOFMdBi5rRlpRLj1EEFQwPV8AHCw3RVEABBNoHmgMH2cxcBUBfyxQKghXP2M6ImcTZGdgdzYAABdpMAcnAkk9fgRhXQR5EwNpLHMXF2s1VikCdCZxDGNnB2cqE1khdnoUckZGFwJGMX4kEFIDcC4ARjZqIQpnR3AhAlkcVAsEAQNgNQN9Nnp7AXRHCgA3YyJUC2NkUQAAFGQiXQNgdDljLzV1LWQPFWgDdHIHaSZdA2B0Imo7H3kuZyEUdQxgKAdaQQUACmMmVgU1dS1gABNQNXsTB0YuBgpgdzh3cX8JNnwlNmc+XndiZDxwZ2B3NWUAAXMaRQALdBd3JARSQHcEH0MsWy4aczVBAwtnF2skAFIfajUxFx5BLTxBSWgKanpGaC8GVyZ4Fz8
IP 54.230.111.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3022), with no line terminators
Hash f03e534256b09db3c9dcbfeab1c5e63e
655080338cfb5541c6b2dd46eb9424bac8510c5c
62a2be20b075fc0f217b16e84f7b86cd7e68dbd3a8f5c2a16d7dab2e7aa01a65
GET /UjF0MkIzUxdffTMMFhQ3IF1JF3AUFEZ0JmFLEAcnOFMdBi5rRlpRLj1EEFQwPV8AHCw3RVEABBNoHmgMH2cxcBUBfyxQKghXP2M6ImcTZGdgdzYAABdpMAcnAkk9fgRhXQR5EwNpLHMXF2s1VikCdCZxDGNnB2cqE1khdnoUckZGFwJGMX4kEFIDcC4ARjZqIQpnR3AhAlkcVAsEAQNgNQN9Nnp7AXRHCgA3YyJUC2NkUQAAFGQiXQNgdDljLzV1LWQPFWgDdHIHaSZdA2B0Imo7H3kuZyEUdQxgKAdaQQUACmMmVgU1dS1gABNQNXsTB0YuBgpgdzh3cX8JNnwlNmc+XndiZDxwZ2B3NWUAAXMaRQALdBd3JARSQHcEH0MsWy4aczVBAwtnF2skAFIfajUxFx5BLTxBSWgKanpGaC8GVyZ4Fz8 HTTP/1.1
Host: didmakingby.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1176
date: Sat, 24 Dec 2022 00:42:59 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: o3nMOefOljUWmMF3UY-2ktXgyNF8aJKB74Wu7UPIuJ_2D2tHELt_hA==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/dpmMhbCpXac
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dpmMhbCpXac
IP 142.250.74.131:0
Hash acdf9c2e32c7f8742a253a1c8bb29270
25f4ee9374290e5e6cc9439e9ce10a05e45c5661
633e0ffb460c134df2354a09ad0c00f0f68d9ba2c84b463e7536e8f9d7ef61fd
POST /s/gts1p5/dpmMhbCpXac HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/dpmMhbCpXac
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dpmMhbCpXac
IP 142.250.74.131:0
Hash acdf9c2e32c7f8742a253a1c8bb29270
25f4ee9374290e5e6cc9439e9ce10a05e45c5661
633e0ffb460c134df2354a09ad0c00f0f68d9ba2c84b463e7536e8f9d7ef61fd
POST /s/gts1p5/dpmMhbCpXac HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b9643a377daeefa9e867de25d84d90a4
7ab8aade6752606edfa9a6e68248fdbdca76dae8
0265378147b5eaa4ad2c4f570790b2b71b1abe8386e674c565bf0885396c04d0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
qj.wimplesbooklet.com/1clkn/29529
172.255.6.54200 OK 26 B URL HTTP/1.1 qj.wimplesbooklet.com/1clkn/29529
IP 172.255.6.54:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: qj.wimplesbooklet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 24 Dec 2022 00:42:59 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sun, 25-Dec-2022 00:42:59 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sun, 25-Dec-2022 00:42:59 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48d9c2cd502a59d5b39a09866954a5b7
a16fab9335030912b0bfb759ca833bc25325396a
0a7b393647d94803b39f4fe639e908f063e9f926e9cd01acf2f63e4e50ee5f11
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0A7B393647D94803B39F4FE639E908F063E9F926E9CD01ACF2F63E4E50EE5F11"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10420
Expires: Sat, 24 Dec 2022 03:36:39 GMT
Date: Sat, 24 Dec 2022 00:42:59 GMT
Connection: keep-alive
push.services.mozilla.com/
54.149.203.40101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.203.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PI6ApLZn53UnNSsbLsMcPg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2/1FjvD+UfMgPpA/sYq1co6rzTY=
dwaterverya.xyz/U2VqTWJ8Wgk+XwcyHng2Gw1TGlInUT4VFjE0MiUjNlRTDwdjFkw5CzdYUnlRYVNbaxI6AVd8WnUWHiwWJhZXfEQ6CwwiX3UTV3xMY0tYY1B1EFd8RCcVCypfYkMaORY/WFt7VWJdXn9XZFJTelQ
172.67.189.163204 No Content 0 B URL HTTP/2 dwaterverya.xyz/U2VqTWJ8Wgk+XwcyHng2Gw1TGlInUT4VFjE0MiUjNlRTDwdjFkw5CzdYUnlRYVNbaxI6AVd8WnUWHiwWJhZXfEQ6CwwiX3UTV3xMY0tYY1B1EFd8RCcVCypfYkMaORY/WFt7VWJdXn9XZFJTelQ
IP 172.67.189.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /U2VqTWJ8Wgk+XwcyHng2Gw1TGlInUT4VFjE0MiUjNlRTDwdjFkw5CzdYUnlRYVNbaxI6AVd8WnUWHiwWJhZXfEQ6CwwiX3UTV3xMY0tYY1B1EFd8RCcVCypfYkMaORY/WFt7VWJdXn9XZFJTelQ HTTP/1.1
Host: dwaterverya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 24 Dec 2022 00:42:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPfr%2BhQDcOOTKEdvc8KR9Gd3FDPVO6CKio8kTCAlZsZluxf53yP%2BPc4%2B2pAsmFOKgsYkWZLKEdakO7ESkT6td3KEEbegNGr%2FiX1k1Dl65ZA94y0OxbxpYOf%2BBZoVxSB15mI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77e54cdaee39b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dwaterverya.xyz/QlJvZEZtbQwXeyFhNTESFxQrNgEQagxUIgcLNzZ3ETklCSIaA0kQLyZvV1x/dmtbQjYrNlJVYDEmDhAzMW9eQi8sNABZYDRvXkp1dnxcVWhwdBpZd2QmHwUhf2NJFDI2PlJVcHVjV1B0d2VYXXBw
172.67.189.163204 No Content 0 B URL HTTP/2 dwaterverya.xyz/QlJvZEZtbQwXeyFhNTESFxQrNgEQagxUIgcLNzZ3ETklCSIaA0kQLyZvV1x/dmtbQjYrNlJVYDEmDhAzMW9eQi8sNABZYDRvXkp1dnxcVWhwdBpZd2QmHwUhf2NJFDI2PlJVcHVjV1B0d2VYXXBw
IP 172.67.189.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /QlJvZEZtbQwXeyFhNTESFxQrNgEQagxUIgcLNzZ3ETklCSIaA0kQLyZvV1x/dmtbQjYrNlJVYDEmDhAzMW9eQi8sNABZYDRvXkp1dnxcVWhwdBpZd2QmHwUhf2NJFDI2PlJVcHVjV1B0d2VYXXBw HTTP/1.1
Host: dwaterverya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 24 Dec 2022 00:42:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QZLz5iprmEBGZP69F%2FlCwC6REol7yFeqX64MBGbV3yYSteUrAkh3xVzYHLp9LR5AXWSYPtev8%2FwDC3E%2BczdMK6oci1TIrozelbPa3XM%2BX0UM0S0o0EJnFSGCFEkwFhL%2FIqU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77e54cdb0e50b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dwaterverya.xyz/ek1sZGhVcg8XVSAbAFA7SD0/PT08ejsIDA4cNAw8LBocKw5LdUoQAR5wVFZaT39YQhgTKVFVTgk5DRAdCXBdQgEUKwNZTgxwXUpbTmNfVUZIaxlZWVw5HAUPR3xKFBwOIVFVXk18VFBaT3pbXVlD
172.67.189.163204 No Content 0 B URL HTTP/2 dwaterverya.xyz/ek1sZGhVcg8XVSAbAFA7SD0/PT08ejsIDA4cNAw8LBocKw5LdUoQAR5wVFZaT39YQhgTKVFVTgk5DRAdCXBdQgEUKwNZTgxwXUpbTmNfVUZIaxlZWVw5HAUPR3xKFBwOIVFVXk18VFBaT3pbXVlD
IP 172.67.189.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ek1sZGhVcg8XVSAbAFA7SD0/PT08ejsIDA4cNAw8LBocKw5LdUoQAR5wVFZaT39YQhgTKVFVTgk5DRAdCXBdQgEUKwNZTgxwXUpbTmNfVUZIaxlZWVw5HAUPR3xKFBwOIVFVXk18VFBaT3pbXVlD HTTP/1.1
Host: dwaterverya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 24 Dec 2022 00:42:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Xg%2Fv7z7kiMWR%2FY91oRp%2FQlYjvHiViF97x1ukD%2BknRcO0dTeI%2F5ivudH0mJHuJp%2BVuuluy7Zz4WFo1B2CWi2rYiYzS%2Fv7tGXM8bkmgmpvLEwXt4Lq6SG6ocWdJ1q2G9TBm4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77e54cdb7eaab4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d3zd5ejbi4l9w.cloudfront.net/AYjZNMVEBWSNXbhZfKQxpVgV/B2BEXD5ePxILF3lpKQQXXAUEZAdkPERCN1VsUhAhUD8FC2tUPwELfBcwBlRwBXcXV3BcPhhfIV0wRwQLBH9SE38BeRVfI1U+FUVoA2EMQmgDYVMGYwF0UXRoA2EVXyMHZUcFDxRjUk57BXRRdGgDYRBAaAIQUwZ4H2FLE3-8BNgdVJl50UHB/AWBSBnwBYEcEfVc4EFMrXilHBAsAYVcYfRckXwc
54.230.245.29200 OK 180 B URL HTTP/2 d3zd5ejbi4l9w.cloudfront.net/AYjZNMVEBWSNXbhZfKQxpVgV/B2BEXD5ePxILF3lpKQQXXAUEZAdkPERCN1VsUhAhUD8FC2tUPwELfBcwBlRwBXcXV3BcPhhfIV0wRwQLBH9SE38BeRVfI1U+FUVoA2EMQmgDYVMGYwF0UXRoA2EVXyMHZUcFDxRjUk57BXRRdGgDYRBAaAIQUwZ4H2FLE3-8BNgdVJl50UHB/AWBSBnwBYEcEfVc4EFMrXilHBAsAYVcYfRckXwc
IP 54.230.245.29:0
File type ASCII text, with no line terminators
Hash afc89a190209b9a13bfc7ff3828ad50f
009335d3c93eae74d35ca182fced4751ee73cf0a
1391a4921d6306e3ad3722e837ca1b6477c50bd4da1eb04c3ec3e1d6d7b5dbbc
GET /AYjZNMVEBWSNXbhZfKQxpVgV/B2BEXD5ePxILF3lpKQQXXAUEZAdkPERCN1VsUhAhUD8FC2tUPwELfBcwBlRwBXcXV3BcPhhfIV0wRwQLBH9SE38BeRVfI1U+FUVoA2EMQmgDYVMGYwF0UXRoA2EVXyMHZUcFDxRjUk57BXRRdGgDYRBAaAIQUwZ4H2FLE3-8BNgdVJl50UHB/AWBSBnwBYEcEfVc4EFMrXilHBAsAYVcYfRckXwc HTTP/1.1
Host: d3zd5ejbi4l9w.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://didmakingby.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 180
date: Sat, 24 Dec 2022 00:42:59 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TPfffjcZt9X6M5WUjOm2JikMUOQgNugSXp8vXysEPSG0--fJMUYJTQ==
X-Firefox-Spdy: h2
live.demand.supply/impl.v16.3.0.js
104.16.133.22200 OK 24 kB URL HTTP/2 live.demand.supply/impl.v16.3.0.js
IP 104.16.133.22:0
File type ASCII text, with very long lines (26438)
Hash 16e4cb8e072f4c9f0b9d2792b8bc389f
5ac06b6b2cabb633b245c842fe9ba9899c9832dc
36e5930856bbf9dd4ab6926e95222e2088e841d297af130bd0aeaaa6ef9129be
GET /impl.v16.3.0.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Cookie: demandSupplyTi=16870ad6-ea7f-4355-ba19-ea17ce082bb4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=74953
etag: W/"b19940580c70e30455a2254a785a8919-ssl-df"
timing-allow-origin: *
vary: Accept-Encoding
x-nf-request-id: 01GMX2V689ENQZTBQ4NFCNSXD1
cf-cache-status: HIT
age: 124207
server: cloudflare
cf-ray: 77e54cda883b1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d3zd5ejbi4l9w.cloudfront.net/7a3VtVFMIGgMybB8cCWlrWUdYZmdNHx47PRtIKgE3Ogw8PRskDUsgKQ9IXXI/ChsKaXUOGw5pYk0UCTZuX1MZJDwASAcgOBoFGTk+Hx9LITJWGAIuOgcZDHFhLUBDZHZZRUUjOgURAiMgTkddOidOR11lY0VFSGcRTkddIzoFQ1lxYClQX2QrXUFIZxFOR1-0mJU5GLGVjXltdfXZZRQoxMAAaSGYVWUVcZGNaRVxxYVsTBCY2DRoVcWEtRF1hfVtTGGli
54.230.245.29200 OK 504 B URL HTTP/2 d3zd5ejbi4l9w.cloudfront.net/7a3VtVFMIGgMybB8cCWlrWUdYZmdNHx47PRtIKgE3Ogw8PRskDUsgKQ9IXXI/ChsKaXUOGw5pYk0UCTZuX1MZJDwASAcgOBoFGTk+Hx9LITJWGAIuOgcZDHFhLUBDZHZZRUUjOgURAiMgTkddOidOR11lY0VFSGcRTkddIzoFQ1lxYClQX2QrXUFIZxFOR1-0mJU5GLGVjXltdfXZZRQoxMAAaSGYVWUVcZGNaRVxxYVsTBCY2DRoVcWEtRF1hfVtTGGli
IP 54.230.245.29:0
File type ASCII text, with very long lines (686), with no line terminators
Hash 25fc95f235d4eb5c6cb76c07a15baf59
72ebc5295484bef339e633f49a1445d7e198941d
5aa37214be088d00426ab86c3e324ef52d09a528c44df708581ca8b69d6c1a3e
GET /7a3VtVFMIGgMybB8cCWlrWUdYZmdNHx47PRtIKgE3Ogw8PRskDUsgKQ9IXXI/ChsKaXUOGw5pYk0UCTZuX1MZJDwASAcgOBoFGTk+Hx9LITJWGAIuOgcZDHFhLUBDZHZZRUUjOgURAiMgTkddOidOR11lY0VFSGcRTkddIzoFQ1lxYClQX2QrXUFIZxFOR1-0mJU5GLGVjXltdfXZZRQoxMAAaSGYVWUVcZGNaRVxxYVsTBCY2DRoVcWEtRF1hfVtTGGli HTTP/1.1
Host: d3zd5ejbi4l9w.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://didmakingby.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 504
date: Sat, 24 Dec 2022 00:42:59 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tfktRXuMg9iwxW1XbrAuUwr8DN7rm0Ov33ph-omqz41oc7dLxFki2Q==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/dpmMhbCpXac
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dpmMhbCpXac
IP 142.250.74.131:0
Hash acdf9c2e32c7f8742a253a1c8bb29270
25f4ee9374290e5e6cc9439e9ce10a05e45c5661
633e0ffb460c134df2354a09ad0c00f0f68d9ba2c84b463e7536e8f9d7ef61fd
POST /s/gts1p5/dpmMhbCpXac HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:42:59 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1dff53e8811ed358c6312229839778e0
79b4bb8a649b28725355d550dcddedab8ce3b29c
8aa0e7c04e39ac810428a9cace465fc9d7fe99b0224443cdf2eed12b148260cc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3179
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:00 GMT
Last-Modified: Fri, 23 Dec 2022 23:50:01 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 034f06ffe21c09bc64e487db781efa0f
6b40ce36cb3ab0ff1244af32e6b4f61781c59289
32da0a27097271991f020b761224104e2de198ebb37beda659761e5a0afd40a9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 24 Dec 2022 00:41:11 GMT
expires: Sat, 24 Dec 2022 02:41:11 GMT
cache-control: public, max-age=7200
age: 109
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 034f06ffe21c09bc64e487db781efa0f
6b40ce36cb3ab0ff1244af32e6b4f61781c59289
32da0a27097271991f020b761224104e2de198ebb37beda659761e5a0afd40a9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e2b94572412cbd6dec9120f26fbd8edd
4ded5a76d85e2c35e8d3b1c5c196fa58159ba2a5
1371df100af0981a2cc1a7d9796c06dd16b71bd3e94f3439d7f789281853bb82
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.77302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.77:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash 92947d2e76446e88955dcd2b79642141
4ef9c6256f2c9bef20364cb715160cc8f3e6535a
9848356966bfa33c297035aec2ddf7083151730e8e268a0b3b2d484bd9c7b825
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 24 Dec 2022 00:43:00 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S268531387%3A1671842580065857&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh512fNajKUDzXtxcm86m-343LD4e2CCDBwbrBlM6cqNq6dxNBkqj-5WCtpwsVCPW_YS3ZD0
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-l6nY0ZkoePP6SvoXhowwog' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:hPZmdrGCzX2IgZ7O1fOxeoiFjWcoKA:L1xPV_0S4styXE2v;Path=/;Expires=Mon, 23-Dec-2024 00:43:00 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
live.demand.supply/p4/v16-2-0/ZXhlby5hcHAvMENZbHQzekU=
104.16.133.22200 OK 28 kB URL HTTP/2 live.demand.supply/p4/v16-2-0/ZXhlby5hcHAvMENZbHQzekU=
IP 104.16.133.22:0
File type ASCII text, with very long lines (909), with no line terminators
Hash 54f0c80e10936bbb783a9aa4e44b968c
c316d9aed1f00dc84c15b53b6b5f3ff778704d26
c16bfc69b97e246fabd4067e64030802b1bfd15dbbd0f07cd6d36169a8ec4831
GET /p4/v16-2-0/ZXhlby5hcHAvMENZbHQzekU= HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Cookie: demandSupplyTi=16870ad6-ea7f-4355-ba19-ea17ce082bb4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
vary: Accept-Encoding
server: cloudflare
cf-ray: 77e54cda984f1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 4520987e43f1961867ed52d00b1a5dd9
48d26ca30d8f20bb77ba538c92b9bcb1f01e9a25
4865aa67755f602ed0050bb0eb1a5ccc04e63fff4b4d15bce39a3218c925c7a2
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 24 Dec 2022 00:43:00 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Dec 2022 14:07:07 GMT
Expires: Thu, 29 Dec 2022 14:07:06 GMT
Etag: "48d26ca30d8f20bb77ba538c92b9bcb1f01e9a25"
Cache-Control: max-age=479645,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77e54cdc6fa9b4f9-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e2b94572412cbd6dec9120f26fbd8edd
4ded5a76d85e2c35e8d3b1c5c196fa58159ba2a5
1371df100af0981a2cc1a7d9796c06dd16b71bd3e94f3439d7f789281853bb82
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.77302 Found 388 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.77:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (378)
Hash ec33ad3f7f519d62845fcd36d7f95a0c
5d4ade3ce9fc583752c8b6f38d2cb3d3ca0f7eec
804c1144b2a8732e1887772b866514f1f813e0fc98c499f256aa0d694440af77
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 24 Dec 2022 00:43:00 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1309083594%3A1671842580112321&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5LScd7ZZ6NIiIY7TC5a7r552nEnMpXQ6w6-hj0tses5E-Eg5o-kFJQGa7114jwdU-sDtsR
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-CFLnCqZ_a8fuJeDFf2OzyQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 388
server: GSE
set-cookie: __Host-GAPS=1:G7RoM3k2it_NosI_rFDmIqG0tXdXJg:x0JKzsCLNoPG0KaL;Path=/;Expires=Mon, 23-Dec-2024 00:43:00 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f37c9faffd8b6d93a4994c02ff1d3d21
b41b823e9b33d7fff8c1670cf510edda28f7082b
7494a95cab50f2a0409796d95e999fc5add96030fba70be912c1c80124169bc6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
139.45.195.253200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 906
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 24 Dec 2022 00:43:00 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exeo.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1dff53e8811ed358c6312229839778e0
79b4bb8a649b28725355d550dcddedab8ce3b29c
8aa0e7c04e39ac810428a9cace465fc9d7fe99b0224443cdf2eed12b148260cc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3179
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:00 GMT
Last-Modified: Fri, 23 Dec 2022 23:50:01 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b9e17fae8e9b08b0f8b1424a9a62a36f
4c8cbf014cf2c86b62782d7722339e0a56fa64ba
974089d8226c3e6858a54fa7b4dae361662c86462864e8500250bd8660ac6bba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
exeo.app/fv.ico
104.26.8.233200 OK 2.0 kB IP 104.26.8.233:0
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash d0e609d7c63bbe4291bd52332ec199da
10ea0bcc46a798ecf87b1aa8ff95254e9f57c2e7
676d7e2dbc384351018ad645565575f04fc15c08c5780f0461b4a94c59790a6b
Analyzer Verdict Alert fortinet Malware
GET /fv.ico HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/0CYlt3zE
Cookie: AppSession=0fd541b5067984bd0436e01efa44bc46; csrfToken=e2c0ad664463a28c76953863f1fe101bf5a95c8fbcf1eec665c6a7d1a0fa2a06c34c392c4ad38747673bdcefb214db960dcda4e87430d0c273bf354a3aba6ceb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: image/x-icon
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Aug 2019 06:50:33 GMT
cache-control: max-age=31536000
expires: Tue, 12 Dec 2023 22:59:02 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 956637
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o6TIt5GZNjkvIzC6lsLsVkN%2BRsBjXF9oNhMwzwIBy7kenH1G7zOTXadeFNbD%2BmRR%2FdJl6K%2FNXQQtRRnliTZoFR8vuUzUUDyTUYEde%2F4Heihx%2BQfpvWcJBRqR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77e54cdcef8b1bfe-OSL
content-encoding: br
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=exeo.app
142.250.74.2200 OK 135 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=exeo.app
IP 142.250.74.2:0
Hash cf88d171cd8e3d3f534c3490ad99f4bb
176da3483e3f4a332511141a92c5865b55373cb3
1cd97ab9a49705ca4f09771f6aa4285f7e254d0df42e0dc7694a3362ea579930
GET /adsid/integrator.js?domain=exeo.app HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 24 Dec 2022 00:43:00 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=exeo.app
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exeo.app
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exeo.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 24 Dec 2022 00:43:00 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 103 kB IP 172.64.172.27:0
Size 103 kB (102871 bytes)
Hash c79bf2e9da828852ebae8cff8009ff5d
c2cce20f882011b02c01f8879799dd344d98b3ba
77a8afdf64cafa1abc1feb299dac8124674da7b2e4813da63c603ccd3a4ce6d4
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1603
last-modified: Sat, 24 Dec 2022 00:16:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NA%2Bvt5fYHfC9SWRu4YV4K%2BQ68bbcDib7doKsSJseauyNg5r4YG83LLZYIXyOPyNgAQrxuDTegAMQFeIZx03wTyVuQH0ANmW3YI21O2YCNvo04TVp3Y3M4GypuRIl%2FL0p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77e54cda794076f6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exeo.app/css/continue.css
104.26.8.233200 OK 52 kB URL HTTP/2 exeo.app/css/continue.css
IP 104.26.8.233:0
File type ASCII text, with very long lines (65079)
Hash 8e4689fb40fb6f9aaf17b1cf37ba5a38
b96ffaca9b95a6c44eb6a43252582dbd791a99a9
6521242e726f7f7c12f4dd681047923b804d8a4506996ea67542ffb323ef05b7
GET /css/continue.css HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/0CYlt3zE
Cookie: AppSession=0fd541b5067984bd0436e01efa44bc46; csrfToken=e2c0ad664463a28c76953863f1fe101bf5a95c8fbcf1eec665c6a7d1a0fa2a06c34c392c4ad38747673bdcefb214db960dcda4e87430d0c273bf354a3aba6ceb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: text/css
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=211688
expires: Wed, 11 Jan 2023 22:59:01 GMT
last-modified: Mon, 12 Dec 2022 17:28:40 GMT
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 956638
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4kKoW%2FO%2BO57MmiPQyvkVpdncrEeNkn5b87S53ro4tp89eRoxWLm14YzAE8IQHzW9FAhaeDeecNlIpo3a8OwFuK1%2BLe31b3KB%2BDCx9JCT90pHZ579uhZwCtNO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77e54cd89de01bfe-OSL
content-encoding: br
X-Firefox-Spdy: h2
ebe5ecc18e8ada08934629a4dca9d59f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
142.250.74.97200 OK 2.7 kB URL HTTP/2 ebe5ecc18e8ada08934629a4dca9d59f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: ebe5ecc18e8ada08934629a4dca9d59f.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Sat, 24 Dec 2022 00:43:00 GMT
expires: Sun, 24 Dec 2023 00:43:00 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9564eb6f71fa10a5170c928454387a4a
592668eae50f9d76fc000075682e5b5c35bf1235
e9addf356cb7baa6e8846428c22dfa6f130fcd0f32a87a8bf9be7b086bf3ff5a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
172.217.21.161200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 172.217.21.161:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sat, 24 Dec 2022 00:43:00 GMT
expires: Sat, 24 Dec 2022 00:43:00 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
172.217.21.161200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Dec 2022 17:31:48 GMT
expires: Sat, 23 Dec 2023 17:31:48 GMT
cache-control: public, max-age=31536000
age: 25872
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ca9512237f87f9b258f470a0569c483e
81d7f7b1e8ab5657d33944a55a07ac22af57f473
faf3fce2abb109bb79e5e808a7de6ae04ba070a115b6ac6c8dbb393d3bd0069b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.132200 OK 512 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 90f1610e0bfa8e5a8745d37ec6e6a4e9
478f566a6312a963f925678c35a0c89067bd3000
556a23eb1bf37f22c3c54615afcdc0148eff675419928b62f64aa60e376824c0
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 24 Dec 2022 00:43:00 GMT
date: Sat, 24 Dec 2022 00:43:00 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-A0bUA4Atc3h6OnfF4huwWA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 8.4 kB IP 172.64.172.27:0
File type ASCII text, with no line terminators
Hash 45feceb3599272f411c8e153d6322680
6f5277d435df91e18e401e59f9514de2087e5a56
6844e65ad510839a433e295812bdb3ee84aaa8177d782f1b21437463d3e46852
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: text/plain
set-cookie: csu=244983681283112@1@1671842579; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lau68PEeWvVrjxulkGDg14ktT3P5litnR6eQ6mdj1gkS2P%2FyveUUfhwG1Vbfir932LjVBz0bA6hErYnYGr5g8ouBAovcqAu7LOHgESR2hbTImvyR371kh5BopKM5QeKh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77e54cdb8a5076f6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
live.demand.supply/ds.2.html
104.16.133.22200 OK 445 B URL HTTP/2 live.demand.supply/ds.2.html
IP 104.16.133.22:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c5c42721f3f2dfebedef38a3044d43d1
c19986a2da41525fe251be3c5f7aa1ae8c334b88
8ad3819dc30c1a62eb0a95ebbcdc952a68e1874874af40909deb5b552e1990d9
GET /ds.2.html HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
x-nf-request-id: 01GM32FRGGXY91P3W7PAZSC246
cf-cache-status: HIT
age: 955721
vary: Accept-Encoding
server: cloudflare
cf-ray: 77e54cda98501c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
142.250.74.35200 OK 28 kB URL HTTP/2 fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 28288, version 1.0\012- data
Hash 53b5e785dfdca21fa7adf7119fa1f8cc
a3a86dfd216ad29183ba5493ae39d45b62f9d8b8
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
GET /s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28288
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Dec 2022 20:35:00 GMT
expires: Thu, 21 Dec 2023 20:35:00 GMT
cache-control: public, max-age=31536000
age: 187680
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cbb5736919172725447fd74672ed0f52
92892deaeeab3c2a85cd9fd9f24e48daa062fb7e
4ff96d028cad150403e9fc6e007ffabce3f3e4d682a0d527825fb1a060c720b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cbb5736919172725447fd74672ed0f52
92892deaeeab3c2a85cd9fd9f24e48daa062fb7e
4ff96d028cad150403e9fc6e007ffabce3f3e4d682a0d527825fb1a060c720b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.id5-sync.com/api/1.0/esp.js
104.22.52.86200 OK 18 kB URL HTTP/2 cdn.id5-sync.com/api/1.0/esp.js
IP 104.22.52.86:0
Hash 312554103c0e1bf0007e7e06302b8ef6
97e9cbfbe957c3c51b665ce057527ed45a3ab87b
08eaf8f43a6eeb93d9cea3722d0a2dc8f73412ff7515a78ea0d0b7e56850ec9e
GET /api/1.0/esp.js HTTP/1.1
Host: cdn.id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:43:00 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: br8ocj5fWmQgOqNy/Y5LiIH5q+MAwLmtxoIHmumKrdJnVOflpFk2DrvLlhRMxH1N156iQZCmWrRJmSpedVGlPA==
x-amz-request-id: 9KT5DTFKEWY7HC5S
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
etag: W/"91dadf6b1eddd8d91a5cc2e3be5ea8cf"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 1476
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 77e54ce2ab42b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cbb5736919172725447fd74672ed0f52
92892deaeeab3c2a85cd9fd9f24e48daa062fb7e
4ff96d028cad150403e9fc6e007ffabce3f3e4d682a0d527825fb1a060c720b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cbb5736919172725447fd74672ed0f52
92892deaeeab3c2a85cd9fd9f24e48daa062fb7e
4ff96d028cad150403e9fc6e007ffabce3f3e4d682a0d527825fb1a060c720b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
142.250.74.1200 OK 62 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
IP 142.250.74.1:0
File type Unicode text, UTF-8 text, with very long lines (65008)
Hash 190bcb4c44fd9e0e93baa80c9b2535b8
97bda56ddc8d6a00d19e1747d63325051f3fd144
b7677f820f06329e357561f570729fe4110af4ac5fb741b97567e20a0f533301
GET /rtv/012211060024000/amp4ads-v0.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 61592
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Dec 2022 18:08:54 GMT
expires: Tue, 19 Dec 2023 18:08:54 GMT
cache-control: public, max-age=31536000
age: 369247
etag: "a2fca7132416d151"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs
142.250.74.1200 OK 5.2 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs
IP 142.250.74.1:0
File type ASCII text, with very long lines (14697)
Hash ae1a9f090984c448deb0629cc2304ee3
e601825ccec746695f370ed68fa33325152e0d9f
6a947bfcdeea64faa6c795caea11ee09dbe00f5d4003b7b9d47e4945c05ac1e4
GET /rtv/012211060024000/v0/amp-ad-exit-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 5218
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Dec 2022 13:33:12 GMT
expires: Sat, 23 Dec 2023 13:33:12 GMT
cache-control: public, max-age=31536000
age: 40189
etag: "abd4378f71571d78"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S268531387%3A1671842580065857&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh512fNajKUDzXtxcm86m-343LD4e2CCDBwbrBlM6cqNq6dxNBkqj-5WCtpwsVCPW_YS3ZD0
142.250.74.77403 Forbidden 30 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S268531387%3A1671842580065857&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh512fNajKUDzXtxcm86m-343LD4e2CCDBwbrBlM6cqNq6dxNBkqj-5WCtpwsVCPW_YS3ZD0
IP 142.250.74.77:0
Hash 9af86b65ac5d21c667808f2ecf3f8d03
12d84d116b95e186bd8af189698aa7ef0cac170e
d651f81519fea96b1ad400f69f2e35f4afe57c228b7759aa87abdbbfc2c8f20b
GET /v3/signin/identifier?dsh=S268531387%3A1671842580065857&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh512fNajKUDzXtxcm86m-343LD4e2CCDBwbrBlM6cqNq6dxNBkqj-5WCtpwsVCPW_YS3ZD0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 24 Dec 2022 00:43:00 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-2PuTGJ6a6b6G-ENAsGvm_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs
142.250.74.1200 OK 13 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs
IP 142.250.74.1:0
File type Unicode text, UTF-8 text, with very long lines (41057)
Hash 2f873064835eed23708bde2a16830216
7559437b82b9b761e02549d8d51f9e3571e5ed2c
0f5d00ac674cc34652997f2e0dd7fb6eb1a5b22010989c35a81cd7a388c84fdd
GET /rtv/012211060024000/v0/amp-form-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 12946
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Dec 2022 18:08:54 GMT
expires: Tue, 19 Dec 2023 18:08:54 GMT
cache-control: public, max-age=31536000
age: 369247
etag: "0bacd3f1ce38a7db"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs
142.250.74.1200 OK 1.9 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs
IP 142.250.74.1:0
File type ASCII text, with very long lines (5046)
Hash 669c8592ef8f63e7404e45dd6ca56b71
3f6753966361bb86594193009c9097612c361064
d174ae2c0722ab8d4bf736f0200dc5b15d288f9500a706bb161b64f5a3b74f01
GET /rtv/012211060024000/v0/amp-fit-text-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 1913
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Dec 2022 13:33:12 GMT
expires: Sat, 23 Dec 2023 13:33:12 GMT
cache-control: public, max-age=31536000
age: 40189
etag: "403438c4d550ee88"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a1752f5cbd02e1197766d79f37daa661
dcbdc805b541f6d2147658e79cda778b3096bdac
f0510b8a603361973b6410dbbf880ff2cd2c911afb72de38b3add29197b0d4e1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F0510B8A603361973B6410DBBF880FF2CD2C911AFB72DE38B3ADD29197B0D4E1"
Last-Modified: Thu, 22 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7544
Expires: Sat, 24 Dec 2022 02:48:45 GMT
Date: Sat, 24 Dec 2022 00:43:01 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cbb5736919172725447fd74672ed0f52
92892deaeeab3c2a85cd9fd9f24e48daa062fb7e
4ff96d028cad150403e9fc6e007ffabce3f3e4d682a0d527825fb1a060c720b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6163
Expires: Sat, 24 Dec 2022 02:25:44 GMT
Date: Sat, 24 Dec 2022 00:43:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6163
Expires: Sat, 24 Dec 2022 02:25:44 GMT
Date: Sat, 24 Dec 2022 00:43:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6163
Expires: Sat, 24 Dec 2022 02:25:44 GMT
Date: Sat, 24 Dec 2022 00:43:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6163
Expires: Sat, 24 Dec 2022 02:25:44 GMT
Date: Sat, 24 Dec 2022 00:43:01 GMT
Connection: keep-alive
googleads.g.doubleclick.net/xbbe/pixel?d=CIilIBCoruWcAxiRwu_IATAB&v=APEucNWxWF5aH4ruZ8uvZ0tCl4B1_R_XnzD6XwnLJqL67rdBzYPkJh_0ICIneg4OnmIpuLJ5oi_osBIiuYFCYef_N12r4PQ5pSoRMbp7SGLoASyBgzxHgXkE6-a4xeg_Pg1K2U0mNX4bv4ES1PE0g2a0yh-gg5qQj9t7fmTLJhPfdGg1geJ_K9xdhUho7FChk6Gqr7v3Izo9KSWWS0TNus4HFF4sm6V6Pw
142.250.74.34200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CIilIBCoruWcAxiRwu_IATAB&v=APEucNWxWF5aH4ruZ8uvZ0tCl4B1_R_XnzD6XwnLJqL67rdBzYPkJh_0ICIneg4OnmIpuLJ5oi_osBIiuYFCYef_N12r4PQ5pSoRMbp7SGLoASyBgzxHgXkE6-a4xeg_Pg1K2U0mNX4bv4ES1PE0g2a0yh-gg5qQj9t7fmTLJhPfdGg1geJ_K9xdhUho7FChk6Gqr7v3Izo9KSWWS0TNus4HFF4sm6V6Pw
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CIilIBCoruWcAxiRwu_IATAB&v=APEucNWxWF5aH4ruZ8uvZ0tCl4B1_R_XnzD6XwnLJqL67rdBzYPkJh_0ICIneg4OnmIpuLJ5oi_osBIiuYFCYef_N12r4PQ5pSoRMbp7SGLoASyBgzxHgXkE6-a4xeg_Pg1K2U0mNX4bv4ES1PE0g2a0yh-gg5qQj9t7fmTLJhPfdGg1geJ_K9xdhUho7FChk6Gqr7v3Izo9KSWWS0TNus4HFF4sm6V6Pw HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ebe5ecc18e8ada08934629a4dca9d59f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 24 Dec 2022 00:43:01 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 24-Dec-2022 00:58:01 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 24 Dec 2022 00:43:01 GMT
cache-control: private
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F521ed1a6-b90d-4f16-ac47-f5778ba57056.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F521ed1a6-b90d-4f16-ac47-f5778ba57056.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7ff51ff86770154a8b01b98e6302efa
fdfeff41daa3872042615af9faaea28416d05ee5
d016ff5427d4ec9a0da5858c1c0b2f29f9c10f872d0c90dcd216e99ec8089bb8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F521ed1a6-b90d-4f16-ac47-f5778ba57056.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5370
x-amzn-requestid: bec8ffc7-e6e9-4b4e-aa6c-273e08c7b641
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dlnDjE1rIAMF5Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a55216-2e477e1c3a56014b2d137ef7;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 07:00:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cRELFti8oXMQ9ES1ZMolNLJmDY22EZOZQTmWLd4tsiXAK5VAQVUPGg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 07:16:26 GMT
age: 62795
etag: "fdfeff41daa3872042615af9faaea28416d05ee5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d8a813d-10ee-4216-bb6b-8bcd1d8141e4.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d8a813d-10ee-4216-bb6b-8bcd1d8141e4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6d90b80ebad103c48c3043c8d5e4c3ca
ab36c9309ce13b2a3d075461c2445f76bfc582aa
2287a6db0a6a58c570930c1f94c3b36d7acf383b26cdfa42261eb254598fa7c2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d8a813d-10ee-4216-bb6b-8bcd1d8141e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7669
x-amzn-requestid: 4b35e79d-21c8-48d7-b11b-44bd820e29d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnnROG4UoAMFZdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f3a-765739ad7e9063781ccb12b2;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:35:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lhQA2yVBNtJ04goTms0KXhX6Q4v86TEe4EUioQs3eJzzMsCxbVmykw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:39:58 GMT
age: 10983
etag: "ab36c9309ce13b2a3d075461c2445f76bfc582aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6163
Expires: Sat, 24 Dec 2022 02:25:44 GMT
Date: Sat, 24 Dec 2022 00:43:01 GMT
Connection: keep-alive
id5-sync.com/api/esp/increment?counter=no-config
141.95.98.65204 0 B URL HTTP/1.1 id5-sync.com/api/esp/increment?counter=no-config
IP 141.95.98.65:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/esp/increment?counter=no-config HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
date: Sat, 24 Dec 2022 00:43:00 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
142.250.74.130200 OK 48 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 142.250.74.130:0
File type ASCII text, with very long lines (3501)
Hash 0aea457deb170b60b680d7d723b4a6e2
3acbe700c709c2c5c07d6fb145ea7b448cc07a90
86c662679bc2508be7e8064c91055a3c5be7db2c24d58e5f27676f35702ba339
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ebe5ecc18e8ada08934629a4dca9d59f.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 47725
date: Sat, 24 Dec 2022 00:43:01 GMT
expires: Sat, 24 Dec 2022 00:43:01 GMT
cache-control: private, max-age=3000
etag: "1670417373259609"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F626da29b-d70f-4848-8a1b-cf70a01d8da9.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F626da29b-d70f-4848-8a1b-cf70a01d8da9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a41cf13f4970b1cb479194c1baab7223
ab59fa2cb8359ae9f5e037cdf1fe2684be034731
5ac5a0616f104b0f235f93be9f6b48c7a7f6b3326b7611c4e9a63127a13ebf1e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F626da29b-d70f-4848-8a1b-cf70a01d8da9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7886
x-amzn-requestid: 2f30ee9a-839a-4f78-9dc5-d4c588f7d866
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnnquGXLIAMFWRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61fde-72fad8c258a58ec44a066f71;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:38:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IMoohQaJ7gigLk1KCKd7O7idyo9-5i7HyTycOo0FVtfnY0hs_Pj2UA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:46:07 GMT
etag: "ab59fa2cb8359ae9f5e037cdf1fe2684be034731"
content-type: image/jpeg
age: 10614
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D00c6wBFVsh0QcGUB4I2w-eWTzxNmcnSurJrE1fQ9WXSHuUufPaTPgfWhfOoJ7Lt1zV0d-PfX4e7k-f9dBUztX-H3GhQ&cry=1&dbm_d=AKAmf-CUYw8MTNmUQy50-GAXD14e7GU9VlKid0qIpkfZUYf9D6wV9EFQIVWHKQDaSR4bDUmy_6fGUBKdOuxx2H6Pvz7l_xYvVaGcewpvMX9Ow-ZWO481qGbSYRa2rqJHYWHyz9fqvDr2F0Ty2EinyLoVhbFRtFm5d6jh8jfAvPlc8l8vGuXvPsadH8Q8wkliPdKSv0Zc5vrgEYygO6huhX2yCX9esU282Y2EUm_fwDlptJ1datIeFzZlgSvJv_HmU64wAIYtzrbx4Mh0a2VpY60kkLDRH6AB_0W-055leEDAxdNxwNCIJvLYDkr_VIVLrr1UDubclGNeK92y5fc60ICbMFwXxmQKaz1SuipWdZVUljU0X7PfrAUA0D1fan968IEhEDDYgbyTnXvq6svnnbgjlIYD5WUsvoHBMXmhfnGIHXRmkuChk0nLfT6u-nSd6xF-RVEai0oxMjgjnc4KCJbM8NouOYUQGGTJRwSPkWzlWQBd9zTlPwwGKL7ijoVAA6Bkx2M-UZVFU9e-jKCd73DRXXVb9gSGJ1zF_KqjRJAevb5p7m05O5fkRmduOsvdXc9A7SFAYACcEWrZRF5pDRitnnDckzAJOO3-Fz2l9JhANs-0em_MT9nBVVGcm0kcL6hiTkVQevJ6_FUz1unQllk1Ox-rUR7n8YlmvkrMUrUXia1cCcB5v_yn2jQpBtGlzmsaxkg2uCNvjhMDtg-LosI_jW6I-D_4X4sQZnGWrt4SpTArNoELtihXo88HP7VV8PhPhxDEfG_bUL4_mnU-IwQy1HzHs2wfBLbXN5K03e7N6gx4WnxaYkBa7S0XvBUjgR_RGnfrYCOIF1V1tFrNq2ra1OPfKFQ-eJshzYPCx3uEEe3OJZDNSWvvZ4DCjBRl7cVvtz9twSVIoMwg_sBqhC9sJ6X9oE2csqbbXc5KPK55YOuYIwb0NePbK531474XKiusP0DD8SHH9HJQ5Ey0HIFqwmq_umcGiOxPJF6ze_stMEtvZPEb7gCMuQGvAnDDAQVl8RExYAzU5PZY0fKQI2SPFXNNzkFmfIHQZubx9wHPNzRATNLQq2sn0Vb20H8fwcP_M1J-o9mdhQp8gEdiDtRhZz88sJuhm_hYZK7KeDORB2FrT6QNlu_QTfLF8GBmUL6LfoeXWq75t6Uqqm0sFHHBcjRJV5q0klRCTA5o_yNHd8oxXbS8_tt-xmbWa0_od2YeEt3WuGtD4dvqW8_H8cvTQvGNMCwXP_6XPvULVbQG02zA3EvL-wjmYSRJ46YKTEJhK6lZMLnWaZMz8HKoU__dZf0bwubToRebJkqgKnPCRDy8Oyt3FvM6M442CEbccwOw1Igm4VEi4wzxXfsLwmCzWURyxPsDFhdmoNOcvmHH4J17Yefge1n-ob2mNkPNci4YcxGet0WVQJeQTUPb0o13e8zYV92aCSGDmvJB1JsrCU6onKi9_U2f7E9DFFBaApbQ5jXsCk_F5qqOPchZQCxgj0u-vhp-FSVFl2mwWXS6zNxbVNPsJDzWTYXQ3dyejn6UhxQlBy8BwK7seF9jjNXdI4SrkkKVK6TtMZVQtB8f7sB7uZql27CumJy3pJPEz4wHGw_PeccdgBfjFARdYMfLC6-Wz6yLVwMC9JiruSfAXGkWiy4bAI_Of4sCXidWvWUE6lNxA48ix4KKWGEiw3zkGlDxBlWz4S6IubjexjbQ-04Rs360lmylaGkOt6A8w0YXSoRplY9QHNR_WSMf789RmmiDwAnkFHMOEHhEXQwYzEamjmyXaZfC1icm35P2d_baLYJ3JZzF05x8X4F3eTmmqEkI7rpKDF_cldeFSOxTGRROa_gmLSvKOnNWDMUQsKc-tDmdEavg-y_Tg6JSGNa4jTn7N8W26CBgEL4EQEObgaiIICZ8h7KMJvi8mLq7meY9e54J7NtyGb5hb3LSLcCEkUfy6JsqjM1zETKMXTRa27Ej3Ww0Z1ffSMEPcT1eA6umRPeJAjEmHxccpv5GPvXPjL4f1uaCgtKeBz38EbAkTUnblStR2jPe2sjDVyv_JIOitj9ymJmW15OY8-Zm-pAuc3GUMi_KC0mu-5urxNt-ik7q9gVJ09VQVdY4HtaWo7NAH4xzhhhHFBDsUn6nCRZpKVQaN3haGX7ykti1EvgRMNoTTKpQS2k5stEqZJZC-O5zYEY9sNGOi39-5umDhpFOjrNN53t5Aw5vQ7u8KXwB3I63g_Sa26ixM_QiM1VR8dmh1Cflpi6BEBCkgX4avH_i4scaMU6z4JDhgbu4SS7levrgQW8M56wb9ThqUQDs-L2aRXt8Npy24h434kg2LwtDTsjbUkMXdtHJD5WsTxWhktm3pD7zkz3gBbZ2AlYf-zEDkt5V8jDCUjtvVR6ytkZX774n-xsGZyq5UMT8rcduueKAkcsRO8L2KkD-hk6fj7mZvTf49NTuMHcSa5pOdjV8sZVy_UInWi_TIbj0BH0fOQYCMgoMXyh1HZaV_jPWZoWC_7zu9R2oqwtK-WocLRKi5s0daGYaMW9xW6bUOP113NIRoSVvAfs-RKqdBOPh9Z6K4wGE0_TseWIfDP0vABBASUFLMqXm0Q7oIZ6IQu5ZjVxYazYKxmDJgYm5BCCXgRhOIhO6XJQSiRTa_sZmPPqPEgvqIjzylzzAv9DUYynrUIIbk4llApNEgRp2askElGkNLcSsK6pT7Gvce5aCOS1HYYFCapcCOpKVLG5my19nRnAy5UroUYyPpZFPJwLWbs-KABDKdb_XXbWc3NHziRiF4Tsc95LDdYY5rkHAMyRNLEYpEfShVgM0JDmLoDoHuVuJAW0QbUA1kngauc9mtgVpcD1xwRs393NZqDH8FiGAxtTgayVch-g54RDPevWveMtUDhmTymmD0rHSYNd7vdOQanxByhIc2M7rzZwbQrQaBbXJvsBwmkkQLXVccvit2LP3vsATw4LnsEfc6eeVr6_MjUcwtxvN748CE7P2VYX_lIsGk5LwAIlgHZS10hlhjz9bjLAu5hvNaF17NFWtFaog9C-OINVPFiRggNxCE77Gb_keHrwbHhpSO_LDF1wZdDdvVlUJDBBZ4tVybhh2edgNG8aKBsWpUeJ1NcEF-JrRGzx0RS3I7LwtGd4IQUD94EiHUqLugJMna-cKBakULQcdRI46AqKtn7SApA6viPTUpYMMeOvMC4o-jjSLrC7N3PFuYiayA6IsUAke4_FCdpPW2HteO9HFj2t2F6X7_1ZdbTkzkpbv_TgovkYtm-tAeYrqtqAp2LnA&cid=CAQSTADq26N9NO9I5A1dkHBuRkQr1KbnroiWfundnrPHhmt-2ichtWs1SSVkajUGQwElAcxnFLfyLs5P0Mx1TuNpEMJMYipfAXbKH93pD68YASAT&rfl=2%2Chttps%253A%252F%252Fexeo.app%252F%240
142.250.74.34200 OK 34 kB URL HTTP/2 googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D00c6wBFVsh0QcGUB4I2w-eWTzxNmcnSurJrE1fQ9WXSHuUufPaTPgfWhfOoJ7Lt1zV0d-PfX4e7k-f9dBUztX-H3GhQ&cry=1&dbm_d=AKAmf-CUYw8MTNmUQy50-GAXD14e7GU9VlKid0qIpkfZUYf9D6wV9EFQIVWHKQDaSR4bDUmy_6fGUBKdOuxx2H6Pvz7l_xYvVaGcewpvMX9Ow-ZWO481qGbSYRa2rqJHYWHyz9fqvDr2F0Ty2EinyLoVhbFRtFm5d6jh8jfAvPlc8l8vGuXvPsadH8Q8wkliPdKSv0Zc5vrgEYygO6huhX2yCX9esU282Y2EUm_fwDlptJ1datIeFzZlgSvJv_HmU64wAIYtzrbx4Mh0a2VpY60kkLDRH6AB_0W-055leEDAxdNxwNCIJvLYDkr_VIVLrr1UDubclGNeK92y5fc60ICbMFwXxmQKaz1SuipWdZVUljU0X7PfrAUA0D1fan968IEhEDDYgbyTnXvq6svnnbgjlIYD5WUsvoHBMXmhfnGIHXRmkuChk0nLfT6u-nSd6xF-RVEai0oxMjgjnc4KCJbM8NouOYUQGGTJRwSPkWzlWQBd9zTlPwwGKL7ijoVAA6Bkx2M-UZVFU9e-jKCd73DRXXVb9gSGJ1zF_KqjRJAevb5p7m05O5fkRmduOsvdXc9A7SFAYACcEWrZRF5pDRitnnDckzAJOO3-Fz2l9JhANs-0em_MT9nBVVGcm0kcL6hiTkVQevJ6_FUz1unQllk1Ox-rUR7n8YlmvkrMUrUXia1cCcB5v_yn2jQpBtGlzmsaxkg2uCNvjhMDtg-LosI_jW6I-D_4X4sQZnGWrt4SpTArNoELtihXo88HP7VV8PhPhxDEfG_bUL4_mnU-IwQy1HzHs2wfBLbXN5K03e7N6gx4WnxaYkBa7S0XvBUjgR_RGnfrYCOIF1V1tFrNq2ra1OPfKFQ-eJshzYPCx3uEEe3OJZDNSWvvZ4DCjBRl7cVvtz9twSVIoMwg_sBqhC9sJ6X9oE2csqbbXc5KPK55YOuYIwb0NePbK531474XKiusP0DD8SHH9HJQ5Ey0HIFqwmq_umcGiOxPJF6ze_stMEtvZPEb7gCMuQGvAnDDAQVl8RExYAzU5PZY0fKQI2SPFXNNzkFmfIHQZubx9wHPNzRATNLQq2sn0Vb20H8fwcP_M1J-o9mdhQp8gEdiDtRhZz88sJuhm_hYZK7KeDORB2FrT6QNlu_QTfLF8GBmUL6LfoeXWq75t6Uqqm0sFHHBcjRJV5q0klRCTA5o_yNHd8oxXbS8_tt-xmbWa0_od2YeEt3WuGtD4dvqW8_H8cvTQvGNMCwXP_6XPvULVbQG02zA3EvL-wjmYSRJ46YKTEJhK6lZMLnWaZMz8HKoU__dZf0bwubToRebJkqgKnPCRDy8Oyt3FvM6M442CEbccwOw1Igm4VEi4wzxXfsLwmCzWURyxPsDFhdmoNOcvmHH4J17Yefge1n-ob2mNkPNci4YcxGet0WVQJeQTUPb0o13e8zYV92aCSGDmvJB1JsrCU6onKi9_U2f7E9DFFBaApbQ5jXsCk_F5qqOPchZQCxgj0u-vhp-FSVFl2mwWXS6zNxbVNPsJDzWTYXQ3dyejn6UhxQlBy8BwK7seF9jjNXdI4SrkkKVK6TtMZVQtB8f7sB7uZql27CumJy3pJPEz4wHGw_PeccdgBfjFARdYMfLC6-Wz6yLVwMC9JiruSfAXGkWiy4bAI_Of4sCXidWvWUE6lNxA48ix4KKWGEiw3zkGlDxBlWz4S6IubjexjbQ-04Rs360lmylaGkOt6A8w0YXSoRplY9QHNR_WSMf789RmmiDwAnkFHMOEHhEXQwYzEamjmyXaZfC1icm35P2d_baLYJ3JZzF05x8X4F3eTmmqEkI7rpKDF_cldeFSOxTGRROa_gmLSvKOnNWDMUQsKc-tDmdEavg-y_Tg6JSGNa4jTn7N8W26CBgEL4EQEObgaiIICZ8h7KMJvi8mLq7meY9e54J7NtyGb5hb3LSLcCEkUfy6JsqjM1zETKMXTRa27Ej3Ww0Z1ffSMEPcT1eA6umRPeJAjEmHxccpv5GPvXPjL4f1uaCgtKeBz38EbAkTUnblStR2jPe2sjDVyv_JIOitj9ymJmW15OY8-Zm-pAuc3GUMi_KC0mu-5urxNt-ik7q9gVJ09VQVdY4HtaWo7NAH4xzhhhHFBDsUn6nCRZpKVQaN3haGX7ykti1EvgRMNoTTKpQS2k5stEqZJZC-O5zYEY9sNGOi39-5umDhpFOjrNN53t5Aw5vQ7u8KXwB3I63g_Sa26ixM_QiM1VR8dmh1Cflpi6BEBCkgX4avH_i4scaMU6z4JDhgbu4SS7levrgQW8M56wb9ThqUQDs-L2aRXt8Npy24h434kg2LwtDTsjbUkMXdtHJD5WsTxWhktm3pD7zkz3gBbZ2AlYf-zEDkt5V8jDCUjtvVR6ytkZX774n-xsGZyq5UMT8rcduueKAkcsRO8L2KkD-hk6fj7mZvTf49NTuMHcSa5pOdjV8sZVy_UInWi_TIbj0BH0fOQYCMgoMXyh1HZaV_jPWZoWC_7zu9R2oqwtK-WocLRKi5s0daGYaMW9xW6bUOP113NIRoSVvAfs-RKqdBOPh9Z6K4wGE0_TseWIfDP0vABBASUFLMqXm0Q7oIZ6IQu5ZjVxYazYKxmDJgYm5BCCXgRhOIhO6XJQSiRTa_sZmPPqPEgvqIjzylzzAv9DUYynrUIIbk4llApNEgRp2askElGkNLcSsK6pT7Gvce5aCOS1HYYFCapcCOpKVLG5my19nRnAy5UroUYyPpZFPJwLWbs-KABDKdb_XXbWc3NHziRiF4Tsc95LDdYY5rkHAMyRNLEYpEfShVgM0JDmLoDoHuVuJAW0QbUA1kngauc9mtgVpcD1xwRs393NZqDH8FiGAxtTgayVch-g54RDPevWveMtUDhmTymmD0rHSYNd7vdOQanxByhIc2M7rzZwbQrQaBbXJvsBwmkkQLXVccvit2LP3vsATw4LnsEfc6eeVr6_MjUcwtxvN748CE7P2VYX_lIsGk5LwAIlgHZS10hlhjz9bjLAu5hvNaF17NFWtFaog9C-OINVPFiRggNxCE77Gb_keHrwbHhpSO_LDF1wZdDdvVlUJDBBZ4tVybhh2edgNG8aKBsWpUeJ1NcEF-JrRGzx0RS3I7LwtGd4IQUD94EiHUqLugJMna-cKBakULQcdRI46AqKtn7SApA6viPTUpYMMeOvMC4o-jjSLrC7N3PFuYiayA6IsUAke4_FCdpPW2HteO9HFj2t2F6X7_1ZdbTkzkpbv_TgovkYtm-tAeYrqtqAp2LnA&cid=CAQSTADq26N9NO9I5A1dkHBuRkQr1KbnroiWfundnrPHhmt-2ichtWs1SSVkajUGQwElAcxnFLfyLs5P0Mx1TuNpEMJMYipfAXbKH93pD68YASAT&rfl=2%2Chttps%253A%252F%252Fexeo.app%252F%240
IP 142.250.74.34:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 320dbe8d16b1b317749b990b8d5a753b
46592ddc276367071c8873e02aa9312a9624b9e6
1caa93b31fc51d1174480698836781d7e5a4934cecdc79f6dc31cd85648b3a92
GET /dbm/ad?dbm_c=AKAmf-D00c6wBFVsh0QcGUB4I2w-eWTzxNmcnSurJrE1fQ9WXSHuUufPaTPgfWhfOoJ7Lt1zV0d-PfX4e7k-f9dBUztX-H3GhQ&cry=1&dbm_d=AKAmf-CUYw8MTNmUQy50-GAXD14e7GU9VlKid0qIpkfZUYf9D6wV9EFQIVWHKQDaSR4bDUmy_6fGUBKdOuxx2H6Pvz7l_xYvVaGcewpvMX9Ow-ZWO481qGbSYRa2rqJHYWHyz9fqvDr2F0Ty2EinyLoVhbFRtFm5d6jh8jfAvPlc8l8vGuXvPsadH8Q8wkliPdKSv0Zc5vrgEYygO6huhX2yCX9esU282Y2EUm_fwDlptJ1datIeFzZlgSvJv_HmU64wAIYtzrbx4Mh0a2VpY60kkLDRH6AB_0W-055leEDAxdNxwNCIJvLYDkr_VIVLrr1UDubclGNeK92y5fc60ICbMFwXxmQKaz1SuipWdZVUljU0X7PfrAUA0D1fan968IEhEDDYgbyTnXvq6svnnbgjlIYD5WUsvoHBMXmhfnGIHXRmkuChk0nLfT6u-nSd6xF-RVEai0oxMjgjnc4KCJbM8NouOYUQGGTJRwSPkWzlWQBd9zTlPwwGKL7ijoVAA6Bkx2M-UZVFU9e-jKCd73DRXXVb9gSGJ1zF_KqjRJAevb5p7m05O5fkRmduOsvdXc9A7SFAYACcEWrZRF5pDRitnnDckzAJOO3-Fz2l9JhANs-0em_MT9nBVVGcm0kcL6hiTkVQevJ6_FUz1unQllk1Ox-rUR7n8YlmvkrMUrUXia1cCcB5v_yn2jQpBtGlzmsaxkg2uCNvjhMDtg-LosI_jW6I-D_4X4sQZnGWrt4SpTArNoELtihXo88HP7VV8PhPhxDEfG_bUL4_mnU-IwQy1HzHs2wfBLbXN5K03e7N6gx4WnxaYkBa7S0XvBUjgR_RGnfrYCOIF1V1tFrNq2ra1OPfKFQ-eJshzYPCx3uEEe3OJZDNSWvvZ4DCjBRl7cVvtz9twSVIoMwg_sBqhC9sJ6X9oE2csqbbXc5KPK55YOuYIwb0NePbK531474XKiusP0DD8SHH9HJQ5Ey0HIFqwmq_umcGiOxPJF6ze_stMEtvZPEb7gCMuQGvAnDDAQVl8RExYAzU5PZY0fKQI2SPFXNNzkFmfIHQZubx9wHPNzRATNLQq2sn0Vb20H8fwcP_M1J-o9mdhQp8gEdiDtRhZz88sJuhm_hYZK7KeDORB2FrT6QNlu_QTfLF8GBmUL6LfoeXWq75t6Uqqm0sFHHBcjRJV5q0klRCTA5o_yNHd8oxXbS8_tt-xmbWa0_od2YeEt3WuGtD4dvqW8_H8cvTQvGNMCwXP_6XPvULVbQG02zA3EvL-wjmYSRJ46YKTEJhK6lZMLnWaZMz8HKoU__dZf0bwubToRebJkqgKnPCRDy8Oyt3FvM6M442CEbccwOw1Igm4VEi4wzxXfsLwmCzWURyxPsDFhdmoNOcvmHH4J17Yefge1n-ob2mNkPNci4YcxGet0WVQJeQTUPb0o13e8zYV92aCSGDmvJB1JsrCU6onKi9_U2f7E9DFFBaApbQ5jXsCk_F5qqOPchZQCxgj0u-vhp-FSVFl2mwWXS6zNxbVNPsJDzWTYXQ3dyejn6UhxQlBy8BwK7seF9jjNXdI4SrkkKVK6TtMZVQtB8f7sB7uZql27CumJy3pJPEz4wHGw_PeccdgBfjFARdYMfLC6-Wz6yLVwMC9JiruSfAXGkWiy4bAI_Of4sCXidWvWUE6lNxA48ix4KKWGEiw3zkGlDxBlWz4S6IubjexjbQ-04Rs360lmylaGkOt6A8w0YXSoRplY9QHNR_WSMf789RmmiDwAnkFHMOEHhEXQwYzEamjmyXaZfC1icm35P2d_baLYJ3JZzF05x8X4F3eTmmqEkI7rpKDF_cldeFSOxTGRROa_gmLSvKOnNWDMUQsKc-tDmdEavg-y_Tg6JSGNa4jTn7N8W26CBgEL4EQEObgaiIICZ8h7KMJvi8mLq7meY9e54J7NtyGb5hb3LSLcCEkUfy6JsqjM1zETKMXTRa27Ej3Ww0Z1ffSMEPcT1eA6umRPeJAjEmHxccpv5GPvXPjL4f1uaCgtKeBz38EbAkTUnblStR2jPe2sjDVyv_JIOitj9ymJmW15OY8-Zm-pAuc3GUMi_KC0mu-5urxNt-ik7q9gVJ09VQVdY4HtaWo7NAH4xzhhhHFBDsUn6nCRZpKVQaN3haGX7ykti1EvgRMNoTTKpQS2k5stEqZJZC-O5zYEY9sNGOi39-5umDhpFOjrNN53t5Aw5vQ7u8KXwB3I63g_Sa26ixM_QiM1VR8dmh1Cflpi6BEBCkgX4avH_i4scaMU6z4JDhgbu4SS7levrgQW8M56wb9ThqUQDs-L2aRXt8Npy24h434kg2LwtDTsjbUkMXdtHJD5WsTxWhktm3pD7zkz3gBbZ2AlYf-zEDkt5V8jDCUjtvVR6ytkZX774n-xsGZyq5UMT8rcduueKAkcsRO8L2KkD-hk6fj7mZvTf49NTuMHcSa5pOdjV8sZVy_UInWi_TIbj0BH0fOQYCMgoMXyh1HZaV_jPWZoWC_7zu9R2oqwtK-WocLRKi5s0daGYaMW9xW6bUOP113NIRoSVvAfs-RKqdBOPh9Z6K4wGE0_TseWIfDP0vABBASUFLMqXm0Q7oIZ6IQu5ZjVxYazYKxmDJgYm5BCCXgRhOIhO6XJQSiRTa_sZmPPqPEgvqIjzylzzAv9DUYynrUIIbk4llApNEgRp2askElGkNLcSsK6pT7Gvce5aCOS1HYYFCapcCOpKVLG5my19nRnAy5UroUYyPpZFPJwLWbs-KABDKdb_XXbWc3NHziRiF4Tsc95LDdYY5rkHAMyRNLEYpEfShVgM0JDmLoDoHuVuJAW0QbUA1kngauc9mtgVpcD1xwRs393NZqDH8FiGAxtTgayVch-g54RDPevWveMtUDhmTymmD0rHSYNd7vdOQanxByhIc2M7rzZwbQrQaBbXJvsBwmkkQLXVccvit2LP3vsATw4LnsEfc6eeVr6_MjUcwtxvN748CE7P2VYX_lIsGk5LwAIlgHZS10hlhjz9bjLAu5hvNaF17NFWtFaog9C-OINVPFiRggNxCE77Gb_keHrwbHhpSO_LDF1wZdDdvVlUJDBBZ4tVybhh2edgNG8aKBsWpUeJ1NcEF-JrRGzx0RS3I7LwtGd4IQUD94EiHUqLugJMna-cKBakULQcdRI46AqKtn7SApA6viPTUpYMMeOvMC4o-jjSLrC7N3PFuYiayA6IsUAke4_FCdpPW2HteO9HFj2t2F6X7_1ZdbTkzkpbv_TgovkYtm-tAeYrqtqAp2LnA&cid=CAQSTADq26N9NO9I5A1dkHBuRkQr1KbnroiWfundnrPHhmt-2ichtWs1SSVkajUGQwElAcxnFLfyLs5P0Mx1TuNpEMJMYipfAXbKH93pD68YASAT&rfl=2%2Chttps%253A%252F%252Fexeo.app%252F%240 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ebe5ecc18e8ada08934629a4dca9d59f.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 24 Dec 2022 00:43:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 34302
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 24-Dec-2022 00:58:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49fa7cd8-f48a-4820-8943-7f876a15bfe2.webp
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49fa7cd8-f48a-4820-8943-7f876a15bfe2.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b971f9cebfb83d4e05f58c5e0c7e2436
440e6429b1e04564052e1de277b2cfafdc3203fd
bf885ad9432b12fb3ad6c62204892d2521a4ab967e635de8af584b6a1e21bbab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49fa7cd8-f48a-4820-8943-7f876a15bfe2.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4597
x-amzn-requestid: 156d6291-928f-4c2d-93f5-edf1ac1a95bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnoRuHHjoAMFZfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a620d7-7f7726b749a2dd6f3be7ac2b;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:42:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fnogiAnwKVwFGLK46je5N0ArNnF4uINmHHprxKMa-4YbpMFOOGUaxQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:42:48 GMT
etag: "440e6429b1e04564052e1de277b2cfafdc3203fd"
content-type: image/jpeg
age: 10813
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b7298a2-2f41-4b7e-a1c6-2819da4067a7.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b7298a2-2f41-4b7e-a1c6-2819da4067a7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 50705ab69dfed4f096be357417729ea6
86b6a457d2eefd5104561d15a9557441f10804f2
30cc593e7bf3cf1af8977f7c7a22c12f5c4e859c55a4efffcd504b7e56c74dbf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b7298a2-2f41-4b7e-a1c6-2819da4067a7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12686
x-amzn-requestid: 5ff517eb-a8ea-4051-9277-7730c04003d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dhyVlH_toAMF-QA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a3ca89-197af9f660f57fd11e178cd6;Sampled=0
x-amzn-remapped-date: Thu, 22 Dec 2022 03:10:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: niapAUk39VyD6tjbfb91o8MoKBAEVV97AVmVIbC9qKRR_S8HbraMCQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 04:07:49 GMT
age: 74112
etag: "86b6a457d2eefd5104561d15a9557441f10804f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e3f349d1d8399a24315e98fc54179857
cdab7a12ec47358b257ba217173e088323aadc1f
f6262476101b554129fcbf637f6ae7658311cf11e63dc942639ea04fc86b8ae4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
142.250.74.70200 OK 38 kB URL HTTP/2 s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
IP 142.250.74.70:0
File type ASCII text, with very long lines (3095)
Hash 4f9b890a6c4cfbbfd0fb7eff98bf4dde
2db204fb0ee448842b40f84463234ea496763130
8e0d4c67a688228e1ba10b1e1dc367c078edf7e9bc35be0bd4ae8c0ce980647c
GET /879366/express_html_inpage_rendering_lib_200_276.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ebe5ecc18e8ada08934629a4dca9d59f.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://ebe5ecc18e8ada08934629a4dca9d59f.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 37872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Dec 2022 13:33:10 GMT
expires: Sat, 24 Dec 2022 13:33:10 GMT
cache-control: public, max-age=86400
age: 40191
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e3f349d1d8399a24315e98fc54179857
cdab7a12ec47358b257ba217173e088323aadc1f
f6262476101b554129fcbf637f6ae7658311cf11e63dc942639ea04fc86b8ae4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 00:43:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu2rkw7Wxed6AmYnVPGJ4ODI5wP8DLxVs_BWZ6qMLgxYAU2wqRhmXuv2QWF8Y4onJQq_gjVeAAQu8MOSO0H51zGb08GHFCdkTY0PLX07HUcRkfCbT6nO46IgEyOwRzXUmZsLocLHL5IZxezYg9e4awA1BPn1jH7Id_8tI6thsNJu9VSrNmdi0XfQYQ_fsR7KPhfGOV-G5Tn9hCyNJ7a_rIdA2toDVpCm5hm-Vq5Oe5dd_Nanfi_WsnLRVxYxv6KtBJGfZCVIw63sRgV4HeZI6OE7YpOig2uHd0V6RsuvdBPgN7oSO0ov4RwjXVnjyJOS4zLqCPksI2K701h-vW3wszQnDH91apo4lUTAFyFX7lLayq0ZLbq-Kvagwy9A2AXrFO1lxKvaOkdAae2R6IIoSfsWYrEVYnFeooTQ9kZPVkMjudcU3Et8kmy8RWSoS6RwuoPx7QvaOXR6Q-PfP15CNcDs7iRoKY4fvDcIqXD6_8ZrkVvU11w4o74-10w58zBgo6eYhV_Uaxv8b19JIJP-8Eku0ufkIL6-EPDFQSQsc_0948SLIAy07PwcZv8SYJQuThaYnYU_kXQ1rqIs5a7-trGnUIZOZAN7QO2LUY2Lb9yHFrz--FZsuon5EUZmdiWcN_-8fq_84GFZVxVmCX2z5OWl4CnuHhBcZCOjwntSskLO0yuv6AMYALMOs4Q5BZJ4h-vqGkpqVnCa5fu4YyUQh2XYI9owMsmzJLNnZ9zvYxvJSeHX99DDoYNPY04cts30hH-G-E9ilPL-TLIMKI3ZcpQQ79wxV5iuK6jk4jEEaTfM4PRSxJBoI05nTVHtbkSTxAJmNo03lWIUc42tUezfwBrzHCIeRFg-b0mykYM4G_PpbdlHKONhaDaTxmHlhb4cD-C9JCzxeJ3RpxWV0frvfNmtLPNKSgJZMZzWjWXQEbKlGAc8ut7zQusuYxge1C_4U58IIxaSLXSS0VAanlzLYUgvk0PZWNnlfJ0_VWtalojz60q394rX2mEty3p37lJhMnhQwTMICaSNHltULgnax1TKgniZbMRk5Snsu-HQ_gLorvPn0GVr4cN15eeCO0TlYnHVroxreIENmNv0olSKKgLyxGiLuXjaJk2fHxOy8ro33J5Flyna0G5HFy7xKK68gUalVCv7yd8wHCBF2ajeZq-Mq7I6SkTiMqwfEcOOSLjOXRKxg&sai=AMfl-YRwVaJKHcaUnMFZNIDu1wZ706jX9-0I54AAoB2dyxP4q8Dn1Qoz9PVhz4DpZOBNvSgo22PACc8vlmaW1vlaZQVBqsrPNrgYMXL1bpFQMlndYL2MK1AAmaadD7l9FPqbtTs3J6aGMLERcnt-6P6ssbZzmJ1E57EpejzxRBgBNAEyogN2JBH0i1_O0NlCnkrZ1jdlAA-Jr8FBqu6M13HrFrZKC6TFr2gK04ZrcVDBUUIIci6uL75rpNSr4VFzWADBLOBF9A4M12bt4wlH5RGyhpFMr7bf7QfF4aDZCcFd3a_Q2b7JA2s&sig=Cg0ArKJSzAcrn6hbc--wEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=127&cbvp=1&cstd=120&cisv=r20221207.91205&arae=0&ftch=1&adurl=
142.250.74.98200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu2rkw7Wxed6AmYnVPGJ4ODI5wP8DLxVs_BWZ6qMLgxYAU2wqRhmXuv2QWF8Y4onJQq_gjVeAAQu8MOSO0H51zGb08GHFCdkTY0PLX07HUcRkfCbT6nO46IgEyOwRzXUmZsLocLHL5IZxezYg9e4awA1BPn1jH7Id_8tI6thsNJu9VSrNmdi0XfQYQ_fsR7KPhfGOV-G5Tn9hCyNJ7a_rIdA2toDVpCm5hm-Vq5Oe5dd_Nanfi_WsnLRVxYxv6KtBJGfZCVIw63sRgV4HeZI6OE7YpOig2uHd0V6RsuvdBPgN7oSO0ov4RwjXVnjyJOS4zLqCPksI2K701h-vW3wszQnDH91apo4lUTAFyFX7lLayq0ZLbq-Kvagwy9A2AXrFO1lxKvaOkdAae2R6IIoSfsWYrEVYnFeooTQ9kZPVkMjudcU3Et8kmy8RWSoS6RwuoPx7QvaOXR6Q-PfP15CNcDs7iRoKY4fvDcIqXD6_8ZrkVvU11w4o74-10w58zBgo6eYhV_Uaxv8b19JIJP-8Eku0ufkIL6-EPDFQSQsc_0948SLIAy07PwcZv8SYJQuThaYnYU_kXQ1rqIs5a7-trGnUIZOZAN7QO2LUY2Lb9yHFrz--FZsuon5EUZmdiWcN_-8fq_84GFZVxVmCX2z5OWl4CnuHhBcZCOjwntSskLO0yuv6AMYALMOs4Q5BZJ4h-vqGkpqVnCa5fu4YyUQh2XYI9owMsmzJLNnZ9zvYxvJSeHX99DDoYNPY04cts30hH-G-E9ilPL-TLIMKI3ZcpQQ79wxV5iuK6jk4jEEaTfM4PRSxJBoI05nTVHtbkSTxAJmNo03lWIUc42tUezfwBrzHCIeRFg-b0mykYM4G_PpbdlHKONhaDaTxmHlhb4cD-C9JCzxeJ3RpxWV0frvfNmtLPNKSgJZMZzWjWXQEbKlGAc8ut7zQusuYxge1C_4U58IIxaSLXSS0VAanlzLYUgvk0PZWNnlfJ0_VWtalojz60q394rX2mEty3p37lJhMnhQwTMICaSNHltULgnax1TKgniZbMRk5Snsu-HQ_gLorvPn0GVr4cN15eeCO0TlYnHVroxreIENmNv0olSKKgLyxGiLuXjaJk2fHxOy8ro33J5Flyna0G5HFy7xKK68gUalVCv7yd8wHCBF2ajeZq-Mq7I6SkTiMqwfEcOOSLjOXRKxg&sai=AMfl-YRwVaJKHcaUnMFZNIDu1wZ706jX9-0I54AAoB2dyxP4q8Dn1Qoz9PVhz4DpZOBNvSgo22PACc8vlmaW1vlaZQVBqsrPNrgYMXL1bpFQMlndYL2MK1AAmaadD7l9FPqbtTs3J6aGMLERcnt-6P6ssbZzmJ1E57EpejzxRBgBNAEyogN2JBH0i1_O0NlCnkrZ1jdlAA-Jr8FBqu6M13HrFrZKC6TFr2gK04ZrcVDBUUIIci6uL75rpNSr4VFzWADBLOBF9A4M12bt4wlH5RGyhpFMr7bf7QfF4aDZCcFd3a_Q2b7JA2s&sig=Cg0ArKJSzAcrn6hbc--wEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=127&cbvp=1&cstd=120&cisv=r20221207.91205&arae=0&ftch=1&adurl=
IP 142.250.74.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsu2rkw7Wxed6AmYnVPGJ4ODI5wP8DLxVs_BWZ6qMLgxYAU2wqRhmXuv2QWF8Y4onJQq_gjVeAAQu8MOSO0H51zGb08GHFCdkTY0PLX07HUcRkfCbT6nO46IgEyOwRzXUmZsLocLHL5IZxezYg9e4awA1BPn1jH7Id_8tI6thsNJu9VSrNmdi0XfQYQ_fsR7KPhfGOV-G5Tn9hCyNJ7a_rIdA2toDVpCm5hm-Vq5Oe5dd_Nanfi_WsnLRVxYxv6KtBJGfZCVIw63sRgV4HeZI6OE7YpOig2uHd0V6RsuvdBPgN7oSO0ov4RwjXVnjyJOS4zLqCPksI2K701h-vW3wszQnDH91apo4lUTAFyFX7lLayq0ZLbq-Kvagwy9A2AXrFO1lxKvaOkdAae2R6IIoSfsWYrEVYnFeooTQ9kZPVkMjudcU3Et8kmy8RWSoS6RwuoPx7QvaOXR6Q-PfP15CNcDs7iRoKY4fvDcIqXD6_8ZrkVvU11w4o74-10w58zBgo6eYhV_Uaxv8b19JIJP-8Eku0ufkIL6-EPDFQSQsc_0948SLIAy07PwcZv8SYJQuThaYnYU_kXQ1rqIs5a7-trGnUIZOZAN7QO2LUY2Lb9yHFrz--FZsuon5EUZmdiWcN_-8fq_84GFZVxVmCX2z5OWl4CnuHhBcZCOjwntSskLO0yuv6AMYALMOs4Q5BZJ4h-vqGkpqVnCa5fu4YyUQh2XYI9owMsmzJLNnZ9zvYxvJSeHX99DDoYNPY04cts30hH-G-E9ilPL-TLIMKI3ZcpQQ79wxV5iuK6jk4jEEaTfM4PRSxJBoI05nTVHtbkSTxAJmNo03lWIUc42tUezfwBrzHCIeRFg-b0mykYM4G_PpbdlHKONhaDaTxmHlhb4cD-C9JCzxeJ3RpxWV0frvfNmtLPNKSgJZMZzWjWXQEbKlGAc8ut7zQusuYxge1C_4U58IIxaSLXSS0VAanlzLYUgvk0PZWNnlfJ0_VWtalojz60q394rX2mEty3p37lJhMnhQwTMICaSNHltULgnax1TKgniZbMRk5Snsu-HQ_gLorvPn0GVr4cN15eeCO0TlYnHVroxreIENmNv0olSKKgLyxGiLuXjaJk2fHxOy8ro33J5Flyna0G5HFy7xKK68gUalVCv7yd8wHCBF2ajeZq-Mq7I6SkTiMqwfEcOOSLjOXRKxg&sai=AMfl-YRwVaJKHcaUnMFZNIDu1wZ706jX9-0I54AAoB2dyxP4q8Dn1Qoz9PVhz4DpZOBNvSgo22PACc8vlmaW1vlaZQVBqsrPNrgYMXL1bpFQMlndYL2MK1AAmaadD7l9FPqbtTs3J6aGMLERcnt-6P6ssbZzmJ1E57EpejzxRBgBNAEyogN2JBH0i1_O0NlCnkrZ1jdlAA-Jr8FBqu6M13HrFrZKC6TFr2gK04ZrcVDBUUIIci6uL75rpNSr4VFzWADBLOBF9A4M12bt4wlH5RGyhpFMr7bf7QfF4aDZCcFd3a_Q2b7JA2s&sig=Cg0ArKJSzAcrn6hbc--wEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=127&cbvp=1&cstd=120&cisv=r20221207.91205&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ebe5ecc18e8ada08934629a4dca9d59f.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sat, 24 Dec 2022 00:43:01 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 24-Dec-2022 00:58:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 24 Dec 2022 00:43:01 GMT
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu2rkw7Wxed6AmYnVPGJ4ODI5wP8DLxVs_BWZ6qMLgxYAU2wqRhmXuv2QWF8Y4onJQq_gjVeAAQu8MOSO0H51zGb08GHFCdkTY0PLX07HUcRkfCbT6nO46IgEyOwRzXUmZsLocLHL5IZxezYg9e4awA1BPn1jH7Id_8tI6thsNJu9VSrNmdi0XfQYQ_fsR7KPhfGOV-G5Tn9hCyNJ7a_rIdA2toDVpCm5hm-Vq5Oe5dd_Nanfi_WsnLRVxYxv6KtBJGfZCVIw63sRgV4HeZI6OE7YpOig2uHd0V6RsuvdBPgN7oSO0ov4RwjXVnjyJOS4zLqCPksI2K701h-vW3wszQnDH91apo4lUTAFyFX7lLayq0ZLbq-Kvagwy9A2AXrFO1lxKvaOkdAae2R6IIoSfsWYrEVYnFeooTQ9kZPVkMjudcU3Et8kmy8RWSoS6RwuoPx7QvaOXR6Q-PfP15CNcDs7iRoKY4fvDcIqXD6_8ZrkVvU11w4o74-10w58zBgo6eYhV_Uaxv8b19JIJP-8Eku0ufkIL6-EPDFQSQsc_0948SLIAy07PwcZv8SYJQuThaYnYU_kXQ1rqIs5a7-trGnUIZOZAN7QO2LUY2Lb9yHFrz--FZsuon5EUZmdiWcN_-8fq_84GFZVxVmCX2z5OWl4CnuHhBcZCOjwntSskLO0yuv6AMYALMOs4Q5BZJ4h-vqGkpqVnCa5fu4YyUQh2XYI9owMsmzJLNnZ9zvYxvJSeHX99DDoYNPY04cts30hH-G-E9ilPL-TLIMKI3ZcpQQ79wxV5iuK6jk4jEEaTfM4PRSxJBoI05nTVHtbkSTxAJmNo03lWIUc42tUezfwBrzHCIeRFg-b0mykYM4G_PpbdlHKONhaDaTxmHlhb4cD-C9JCzxeJ3RpxWV0frvfNmtLPNKSgJZMZzWjWXQEbKlGAc8ut7zQusuYxge1C_4U58IIxaSLXSS0VAanlzLYUgvk0PZWNnlfJ0_VWtalojz60q394rX2mEty3p37lJhMnhQwTMICaSNHltULgnax1TKgniZbMRk5Snsu-HQ_gLorvPn0GVr4cN15eeCO0TlYnHVroxreIENmNv0olSKKgLyxGiLuXjaJk2fHxOy8ro33J5Flyna0G5HFy7xKK68gUalVCv7yd8wHCBF2ajeZq-Mq7I6SkTiMqwfEcOOSLjOXRKxg&sai=AMfl-YRwVaJKHcaUnMFZNIDu1wZ706jX9-0I54AAoB2dyxP4q8Dn1Qoz9PVhz4DpZOBNvSgo22PACc8vlmaW1vlaZQVBqsrPNrgYMXL1bpFQMlndYL2MK1AAmaadD7l9FPqbtTs3J6aGMLERcnt-6P6ssbZzmJ1E57EpejzxRBgBNAEyogN2JBH0i1_O0NlCnkrZ1jdlAA-Jr8FBqu6M13HrFrZKC6TFr2gK04ZrcVDBUUIIci6uL75rpNSr4VFzWADBLOBF9A4M12bt4wlH5RGyhpFMr7bf7QfF4aDZCcFd3a_Q2b7JA2s&sig=Cg0ArKJSzAcrn6hbc--wEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=447&vt=11&dtpt=320&dett=3&cstd=120&cisv=r20221207.91205&arae=0&ftch=1&adurl=
142.250.74.98200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu2rkw7Wxed6AmYnVPGJ4ODI5wP8DLxVs_BWZ6qMLgxYAU2wqRhmXuv2QWF8Y4onJQq_gjVeAAQu8MOSO0H51zGb08GHFCdkTY0PLX07HUcRkfCbT6nO46IgEyOwRzXUmZsLocLHL5IZxezYg9e4awA1BPn1jH7Id_8tI6thsNJu9VSrNmdi0XfQYQ_fsR7KPhfGOV-G5Tn9hCyNJ7a_rIdA2toDVpCm5hm-Vq5Oe5dd_Nanfi_WsnLRVxYxv6KtBJGfZCVIw63sRgV4HeZI6OE7YpOig2uHd0V6RsuvdBPgN7oSO0ov4RwjXVnjyJOS4zLqCPksI2K701h-vW3wszQnDH91apo4lUTAFyFX7lLayq0ZLbq-Kvagwy9A2AXrFO1lxKvaOkdAae2R6IIoSfsWYrEVYnFeooTQ9kZPVkMjudcU3Et8kmy8RWSoS6RwuoPx7QvaOXR6Q-PfP15CNcDs7iRoKY4fvDcIqXD6_8ZrkVvU11w4o74-10w58zBgo6eYhV_Uaxv8b19JIJP-8Eku0ufkIL6-EPDFQSQsc_0948SLIAy07PwcZv8SYJQuThaYnYU_kXQ1rqIs5a7-trGnUIZOZAN7QO2LUY2Lb9yHFrz--FZsuon5EUZmdiWcN_-8fq_84GFZVxVmCX2z5OWl4CnuHhBcZCOjwntSskLO0yuv6AMYALMOs4Q5BZJ4h-vqGkpqVnCa5fu4YyUQh2XYI9owMsmzJLNnZ9zvYxvJSeHX99DDoYNPY04cts30hH-G-E9ilPL-TLIMKI3ZcpQQ79wxV5iuK6jk4jEEaTfM4PRSxJBoI05nTVHtbkSTxAJmNo03lWIUc42tUezfwBrzHCIeRFg-b0mykYM4G_PpbdlHKONhaDaTxmHlhb4cD-C9JCzxeJ3RpxWV0frvfNmtLPNKSgJZMZzWjWXQEbKlGAc8ut7zQusuYxge1C_4U58IIxaSLXSS0VAanlzLYUgvk0PZWNnlfJ0_VWtalojz60q394rX2mEty3p37lJhMnhQwTMICaSNHltULgnax1TKgniZbMRk5Snsu-HQ_gLorvPn0GVr4cN15eeCO0TlYnHVroxreIENmNv0olSKKgLyxGiLuXjaJk2fHxOy8ro33J5Flyna0G5HFy7xKK68gUalVCv7yd8wHCBF2ajeZq-Mq7I6SkTiMqwfEcOOSLjOXRKxg&sai=AMfl-YRwVaJKHcaUnMFZNIDu1wZ706jX9-0I54AAoB2dyxP4q8Dn1Qoz9PVhz4DpZOBNvSgo22PACc8vlmaW1vlaZQVBqsrPNrgYMXL1bpFQMlndYL2MK1AAmaadD7l9FPqbtTs3J6aGMLERcnt-6P6ssbZzmJ1E57EpejzxRBgBNAEyogN2JBH0i1_O0NlCnkrZ1jdlAA-Jr8FBqu6M13HrFrZKC6TFr2gK04ZrcVDBUUIIci6uL75rpNSr4VFzWADBLOBF9A4M12bt4wlH5RGyhpFMr7bf7QfF4aDZCcFd3a_Q2b7JA2s&sig=Cg0ArKJSzAcrn6hbc--wEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=447&vt=11&dtpt=320&dett=3&cstd=120&cisv=r20221207.91205&arae=0&ftch=1&adurl=
IP 142.250.74.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsu2rkw7Wxed6AmYnVPGJ4ODI5wP8DLxVs_BWZ6qMLgxYAU2wqRhmXuv2QWF8Y4onJQq_gjVeAAQu8MOSO0H51zGb08GHFCdkTY0PLX07HUcRkfCbT6nO46IgEyOwRzXUmZsLocLHL5IZxezYg9e4awA1BPn1jH7Id_8tI6thsNJu9VSrNmdi0XfQYQ_fsR7KPhfGOV-G5Tn9hCyNJ7a_rIdA2toDVpCm5hm-Vq5Oe5dd_Nanfi_WsnLRVxYxv6KtBJGfZCVIw63sRgV4HeZI6OE7YpOig2uHd0V6RsuvdBPgN7oSO0ov4RwjXVnjyJOS4zLqCPksI2K701h-vW3wszQnDH91apo4lUTAFyFX7lLayq0ZLbq-Kvagwy9A2AXrFO1lxKvaOkdAae2R6IIoSfsWYrEVYnFeooTQ9kZPVkMjudcU3Et8kmy8RWSoS6RwuoPx7QvaOXR6Q-PfP15CNcDs7iRoKY4fvDcIqXD6_8ZrkVvU11w4o74-10w58zBgo6eYhV_Uaxv8b19JIJP-8Eku0ufkIL6-EPDFQSQsc_0948SLIAy07PwcZv8SYJQuThaYnYU_kXQ1rqIs5a7-trGnUIZOZAN7QO2LUY2Lb9yHFrz--FZsuon5EUZmdiWcN_-8fq_84GFZVxVmCX2z5OWl4CnuHhBcZCOjwntSskLO0yuv6AMYALMOs4Q5BZJ4h-vqGkpqVnCa5fu4YyUQh2XYI9owMsmzJLNnZ9zvYxvJSeHX99DDoYNPY04cts30hH-G-E9ilPL-TLIMKI3ZcpQQ79wxV5iuK6jk4jEEaTfM4PRSxJBoI05nTVHtbkSTxAJmNo03lWIUc42tUezfwBrzHCIeRFg-b0mykYM4G_PpbdlHKONhaDaTxmHlhb4cD-C9JCzxeJ3RpxWV0frvfNmtLPNKSgJZMZzWjWXQEbKlGAc8ut7zQusuYxge1C_4U58IIxaSLXSS0VAanlzLYUgvk0PZWNnlfJ0_VWtalojz60q394rX2mEty3p37lJhMnhQwTMICaSNHltULgnax1TKgniZbMRk5Snsu-HQ_gLorvPn0GVr4cN15eeCO0TlYnHVroxreIENmNv0olSKKgLyxGiLuXjaJk2fHxOy8ro33J5Flyna0G5HFy7xKK68gUalVCv7yd8wHCBF2ajeZq-Mq7I6SkTiMqwfEcOOSLjOXRKxg&sai=AMfl-YRwVaJKHcaUnMFZNIDu1wZ706jX9-0I54AAoB2dyxP4q8Dn1Qoz9PVhz4DpZOBNvSgo22PACc8vlmaW1vlaZQVBqsrPNrgYMXL1bpFQMlndYL2MK1AAmaadD7l9FPqbtTs3J6aGMLERcnt-6P6ssbZzmJ1E57EpejzxRBgBNAEyogN2JBH0i1_O0NlCnkrZ1jdlAA-Jr8FBqu6M13HrFrZKC6TFr2gK04ZrcVDBUUIIci6uL75rpNSr4VFzWADBLOBF9A4M12bt4wlH5RGyhpFMr7bf7QfF4aDZCcFd3a_Q2b7JA2s&sig=Cg0ArKJSzAcrn6hbc--wEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=447&vt=11&dtpt=320&dett=3&cstd=120&cisv=r20221207.91205&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ebe5ecc18e8ada08934629a4dca9d59f.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sat, 24 Dec 2022 00:43:01 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 24-Dec-2022 00:58:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 24 Dec 2022 00:43:01 GMT
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1603
last-modified: Sat, 24 Dec 2022 00:16:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6xkl9CTN4ksRxrxoI4Pobixi3AuZvzdXC59i64gCkL038J8eqPNa7jqGJ%2FzSbM4d54UELKSPat2zZCqTrfS7Jfhgl1AUGW4PVnWiTuT9rEUCchgX3oUFSsKPa93wRl8y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77e54cdab98276f6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: D5ajV3hpvoh+GdkCPfrIEahS1Ndhf8rX7nkWwEeJVOINwnAK2cpRjyHCKOZPK3u7BmTQQfHPhUp6x6YC6Z5vpw==
date: Sat, 24 Dec 2022 00:43:00 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
172.67.149.153200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP 172.67.149.153:0
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 677
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nzbe%2FHcL%2F7f3bERp847IbEFL0J3VDG0WxvJufc48A%2Fvyvr4zgNcy4BD8SUPvCigMUYTvmi4CL3qZ2mVmqEXbbV1KbbuRvPajkiCGj0QoNjRDiERAZvHOTNmDWLE9wILUsA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77e54cd9cdbcb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.106:0
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 24 Dec 2022 00:42:59 GMT
date: Sat, 24 Dec 2022 00:42:59 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
live.demand.supply/up.js
104.16.133.22200 OK 0 B IP 104.16.133.22:0
GET /up.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 77e54cd9cfe61c0a-OSL
age: 981
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
etag: W/"30cd4982b290dd406327b3dd39f1ea22-ssl-df"
link: <https://live.demand.supply/impl.v16.3.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v16-2-0/ZXhlby5hcHAv>; rel=preload; as=script
set-cookie: demandSupplyTi=16870ad6-ea7f-4355-ba19-ea17ce082bb4; demandSupplyTc = null; demandSupplyTcI = null; SameSite=None; Secure; Max-Age=63072000
vary: Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
cf-polished: origSize=4391
timing-allow-origin: *
x-nf-request-id: 01GMX2WC7DDRK600SK19DPWQGC
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafc522eb-7237-4387-a813-3d8a7c2ad6cc.jpeg
34.120.237.76200 OK 0 B URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafc522eb-7237-4387-a813-3d8a7c2ad6cc.jpeg
IP 34.120.237.76:0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafc522eb-7237-4387-a813-3d8a7c2ad6cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6157
x-amzn-requestid: 10e24df4-2ac1-46cc-86ac-6fbbb25a2ece
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnnbBHexIAMFX4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f79-13279779115da25e040775f7;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:36:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: v_XlpT3Oy2lyDC3c0wjqIcD4oKjU0Ry9zSaly_xbX-62sF40OWXuhg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:56:20 GMT
age: 10001
etag: "2970cf26ace931d06195838af978ae13b8ccd843"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
api.demand.supply/v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvMENZbHQzekU=
104.16.133.22200 OK 0 B URL HTTP/2 api.demand.supply/v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvMENZbHQzekU=
IP 104.16.133.22:0
GET /v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvMENZbHQzekU= HTTP/1.1
Host: api.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
etag: W/"130-OctHC+S13KEX87JXYtfy5TOU5+I"
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77e54cdb7b851bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exeo.app/0CYlt3zE
104.26.8.233200 OK 0 B IP 104.26.8.233:0
Analyzer Verdict Alert fortinet Malware
GET /0CYlt3zE HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=0fd541b5067984bd0436e01efa44bc46; path=/; HttpOnly
csrfToken=e2c0ad664463a28c76953863f1fe101bf5a95c8fbcf1eec665c6a7d1a0fa2a06c34c392c4ad38747673bdcefb214db960dcda4e87430d0c273bf354a3aba6ceb; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4Zh2iFoaHyArGSEH4H97hHKkQ2UkuF4zV6TVmnfJYtwDNnPLSMyQuMHiV06zQ6B%2Bg6%2Bv95pOpOYQDooVHYqCoEFt2NWJNQ7LpBgfY%2Ff8yk9pvisdqRCd3Fd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77e54cd68d4a1bfe-OSL
content-encoding: br
X-Firefox-Spdy: h2
exeo.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1671840000
104.26.8.233200 OK 0 B URL HTTP/2 exeo.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1671840000
IP 104.26.8.233:0
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1671840000 HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: AppSession=0fd541b5067984bd0436e01efa44bc46; csrfToken=e2c0ad664463a28c76953863f1fe101bf5a95c8fbcf1eec665c6a7d1a0fa2a06c34c392c4ad38747673bdcefb214db960dcda4e87430d0c273bf354a3aba6ceb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
cache-control: max-age=14400, public
x-control-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N5UBFWvM7fMTNmfqC5j61gfEj9J%2FaxaZ%2Fia9ADahvY3ws2WqzvLUf1STYv%2BYW2CeDX4y99PJcVtsvZXVcTXWq%2B%2FoTbyqL2dnAgMIk8PdNGkKGNY%2F39L6aH1J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77e54cda5e811bfe-OSL
content-encoding: br
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Dec 2022 00:42:59 GMT
content-type: text/plain
set-cookie: csu=98309696392210@1@1671842579; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=leINEub%2FzQWTymHoeXXpZen%2FWLyOrGui5M5T6p1GlFoROYtyAutSTxx8PE7%2FJSsOaJXxofIdeDkCDjgpgXRrKpW70JybRNXl%2Bx2il5Nxp1BVpx6RloxFApsA9KGexBnf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77e54cda996476f6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exe.io/0CYlt3zE
104.26.2.103302 Found 0 B IP 104.26.2.103:0
GET /0CYlt3zE HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sat, 24 Dec 2022 00:42:58 GMT
content-type: text/html; charset=UTF-8
location: https://exeo.app/0CYlt3zE
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=5dab25f65e264a1efc79a6d76ba41c00; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wdiD1OttNWo9FoNP8lvLKTFzzteQxb%2BomKk75WKIQSiYuzxgYHwXQ%2FShBRFZPaUcy%2FODrWxXfVs%2FWjPgyp%2FUCjs%2FWQUrQAgvLF5o9Nb0Q8LoXdenzWfFMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77e54cd50e26b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2