exe.io/adrifenice
104.26.3.103301 Moved Permanently 0 B IP 104.26.3.103:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adrifenice HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 22:11:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 11 Dec 2022 23:11:51 GMT
Location: https://exe.io/adrifenice
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bdoBMtB6ih%2FHAbKrhBo5MGi1YMys3qpa01Ozi9TGuQ2%2FCwSoGo8utiYA%2FYKF9dcNOgKM5fJ321tPb9Do9bZzb19DUBiiZMEkUw%2Bl%2FrpYPy9KR9EFyMtipw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77818ef53a980afe-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 43ad67f241ee3692a9c9c1da080dae58
6a024f7d71eeee257edc91ba9273416f634aaae5
636635b57f9e6d2ad9b1b949298ee7d3b5b7e251a63516ff68bfb1eceded5688
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "636635B57F9E6D2AD9B1B949298EE7D3B5B7E251A63516FF68BFB1ECEDED5688"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10038
Expires: Mon, 12 Dec 2022 00:59:09 GMT
Date: Sun, 11 Dec 2022 22:11:51 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 430f1651125c14bfa4924aa1f1a392e9
304141c5fe7ac8b370a67912b2592f9622de9600
315d77a9956f34b1615e38f5f1971dd05146980f8a36b35a8108d47ebba7e8e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "315D77A9956F34B1615E38F5F1971DD05146980F8A36B35A8108D47EBBA7E8E5"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3842
Expires: Sun, 11 Dec 2022 23:15:53 GMT
Date: Sun, 11 Dec 2022 22:11:51 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 11 Dec 2022 21:33:36 GMT
content-type: application/json
age: 2295
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dbd022fec0a71226daaf29b7563a8896
c37d14dc7b3849a4bb815fa325fb5e70fae54039
22da5e6e3f9507688fc8cb02183d52cf38f4adf8b2c6c52eaf5f88182471efeb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22DA5E6E3F9507688FC8CB02183D52CF38F4ADF8B2C6C52EAF5F88182471EFEB"
Last-Modified: Sun, 11 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10623
Expires: Mon, 12 Dec 2022 01:08:54 GMT
Date: Sun, 11 Dec 2022 22:11:51 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash bf62cc56fb052374f0bf1cf8aa721d16
a781284721b1c89bcf797cd63db7d22b240785c4
8000e8832589886a8a3276c6c17c51f54eefa4b993d55cc3fad770d8f653527f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1073
Cache-Control: max-age=169648
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:51 GMT
Etag: "63964526-117"
Expires: Tue, 13 Dec 2022 21:19:19 GMT
Last-Modified: Sun, 11 Dec 2022 21:01:26 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: OJ4CVRVinacqYvTTTLZJ0e90OEEXGWcnoLmyJKBpSAIn+/+/DJeJMzsxP4/jrLTYIMGX9O2fDfA=
x-amz-request-id: GJ3G6953JEQ3Y820
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 11 Dec 2022 21:51:14 GMT
age: 1237
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Dec 2022 22:11:51 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash bf62cc56fb052374f0bf1cf8aa721d16
a781284721b1c89bcf797cd63db7d22b240785c4
8000e8832589886a8a3276c6c17c51f54eefa4b993d55cc3fad770d8f653527f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1073
Cache-Control: max-age=169648
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:51 GMT
Etag: "63964526-117"
Expires: Tue, 13 Dec 2022 21:19:19 GMT
Last-Modified: Sun, 11 Dec 2022 21:01:26 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
exe.io/adrifenice
104.26.2.103302 Found 346 B IP 104.26.2.103:0
Hash b127f4a553d5bef70abfe5cbe6d621b1
21862b2730a62759276497fc8cdc51730e24f364
6b8e85299e53100486fc4fa84070c392fec71ef7172b780d19f900753207e311
GET /adrifenice HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sun, 11 Dec 2022 22:11:51 GMT
content-type: text/html; charset=UTF-8
location: https://exee.app/adrifenice
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=07b41686a03de793fb33855bb28127b6; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Od4xQSJl5AQglja7AzasMu8RzgaCGpafQJuGaemfkqzTBaHXwkcUu5MsOU97JTyEasDrR7qUMg4A6qFL5Emhhr%2FgKezy88z3ewPqYqOGewKUJwTkZ%2F08%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77818ef7599db512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 11 Dec 2022 21:33:16 GMT
age: 2315
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b127f4a553d5bef70abfe5cbe6d621b1
21862b2730a62759276497fc8cdc51730e24f364
6b8e85299e53100486fc4fa84070c392fec71ef7172b780d19f900753207e311
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "6B8E85299E53100486FC4FA84070C392FEC71EF7172B780D19F900753207E311"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11847
Expires: Mon, 12 Dec 2022 01:29:19 GMT
Date: Sun, 11 Dec 2022 22:11:52 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e12bb655426d080117693ba116f398cf
8fe1f7f8d0b191baed2decba3523656da97077f5
2c25ba0d1c806de98d5489934acd8e2f17487e4f7e40c7f0d39094ce49f91b8d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4750
Cache-Control: max-age=130454
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:52 GMT
Etag: "63959db0-1d7"
Expires: Tue, 13 Dec 2022 10:26:06 GMT
Last-Modified: Sun, 11 Dec 2022 09:06:56 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2bbc2a332da069e062c141b6755efb07
e7cb19a32562264a6858b73f90caff1fe7887a29
5fad6e64460cced764a9d312bc67cf858e5b28e5b2e107dc790bc5973f1ecd1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 44 kB IP 142.250.74.131:0
Hash 95f3325f1db115132259dacb9c7a63f1
b5a332cf35d8f7b4ab3fcdad625c9541a8c0c5a8
ef4e705dff24614aade1bf13d62c136357c84474f1855a61dc2263d6bfdc0a30
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2bbc2a332da069e062c141b6755efb07
e7cb19a32562264a6858b73f90caff1fe7887a29
5fad6e64460cced764a9d312bc67cf858e5b28e5b2e107dc790bc5973f1ecd1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 74d82b5960e5e12af402b01fa10b0829
4b80baad99eaafa43a8a78dbcd8e0df4141b3dd7
328abed4a3d2ea1d745c64c5c40925ae5efca25846d2e1c8457a030347473b51
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.106200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.106:0
Hash 463f577f1c54f4d3ab498b2d41d8c9ac
910d05dce87ec27516d0162b36f370bd4b2f56d6
0f38e415df0c1a5ed527d9d7749c6f9cb829a640ba5056ae7d4585234f243ec7
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 11 Dec 2022 22:11:52 GMT
date: Sun, 11 Dec 2022 22:11:52 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e79f2d42ecedf5ef6afa0984cd20a073
718134300e70f34a11eac393525c1b876df54f49
dafca77bc3ed861e0277f501f359e552a3f583b3df6cdf14ba6b27c40caea291
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAFCA77BC3ED861E0277F501F359E552A3F583B3DF6CDF14BA6B27C40CAEA291"
Last-Modified: Sun, 11 Dec 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7452
Expires: Mon, 12 Dec 2022 00:16:04 GMT
Date: Sun, 11 Dec 2022 22:11:52 GMT
Connection: keep-alive
qj.wimplesbooklet.com/1clkn/29529
172.255.6.87200 OK 26 B URL HTTP/1.1 qj.wimplesbooklet.com/1clkn/29529
IP 172.255.6.87:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: qj.wimplesbooklet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 22:11:52 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 12-Dec-2022 22:11:52 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Mon, 12-Dec-2022 22:11:52 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d8b6288aa182c59316c39ea8777fd31c
7e3a9cb2ee6f53c063161b881f99ab8b20851252
d188c187297ca0c01966dbc10159090ebbe8e0c96f5d7adc725fc2d3ee25f9c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6208
Cache-Control: max-age=135505
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:52 GMT
Etag: "6395abb9-118"
Expires: Tue, 13 Dec 2022 11:50:17 GMT
Last-Modified: Sun, 11 Dec 2022 10:06:49 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash af184f4a9dc1f33293111c0d8624cb33
2d8a3364b2e9ed5c6d85e5588653bd94bccf40c9
a7005a7ed17be8225d06ef0a249cced6c31d5904e6f113b717c4817990d57413
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "A7005A7ED17BE8225D06EF0A249CCED6C31D5904E6F113B717C4817990D57413"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19824
Expires: Mon, 12 Dec 2022 03:42:16 GMT
Date: Sun, 11 Dec 2022 22:11:52 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f34d5d5ef96bb69bcd8a13ea1ff45645
dde3db64eacaa03bfba2f4e59689a7d0c9f04602
f639a67a5e3072de1a52591ab6a32ce08418be093f73bbe1ae21a1dc4f643f78
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F639A67A5E3072DE1A52591AB6A32CE08418BE093F73BBE1AE21A1DC4F643F78"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10952
Expires: Mon, 12 Dec 2022 01:14:24 GMT
Date: Sun, 11 Dec 2022 22:11:52 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash af184f4a9dc1f33293111c0d8624cb33
2d8a3364b2e9ed5c6d85e5588653bd94bccf40c9
a7005a7ed17be8225d06ef0a249cced6c31d5904e6f113b717c4817990d57413
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "A7005A7ED17BE8225D06EF0A249CCED6C31D5904E6F113B717C4817990D57413"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19824
Expires: Mon, 12 Dec 2022 03:42:16 GMT
Date: Sun, 11 Dec 2022 22:11:52 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dd2754c7c3b7256a3fd6cd8cb1d99e72
ad5a838f69de2f7d9433521fecc532d6a4fe7749
23b6c7e1c243f59790617f8f0035e8508721bb7f88d65e77be630fc9f64babb2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "23B6C7E1C243F59790617F8F0035E8508721BB7F88D65E77BE630FC9F64BABB2"
Last-Modified: Sat, 10 Dec 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8681
Expires: Mon, 12 Dec 2022 00:36:33 GMT
Date: Sun, 11 Dec 2022 22:11:52 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 784e0439ec6be7b4ca1312cd7cfae85b
18dad06db451855d3009aa3207d868895c577666
6369a3e27c976088b4dda95da9422fdb201979fedfcb4edf9db60089fd9ea53b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdntechone.com/stattag.js
188.114.96.1200 OK 23 kB URL HTTP/2 cdntechone.com/stattag.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (12932), with no line terminators
Hash f6a8989ccec24f7386612bcf378533a5
1d29d3ebb6f77637ca7413f441855e5bed536813
eaf953b4faecd2557156c1fd2eee3972c6732381a853826a45ba0219289e1fe1
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:52 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6420
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mVz%2BLkvPDO9q8MUMf7HsnCfweuc8o9I5TOtwkzDWTcGaxJTPSFWDPIwBlX1x8UWaaTHXyoAnz47Mx4ejjIlr3lGgL7A7Te23pVfDwNRQOXQPI6TCi%2Bun%2FPfwwP%2BQRIy%2BMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77818efc89f5b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 784e0439ec6be7b4ca1312cd7cfae85b
18dad06db451855d3009aa3207d868895c577666
6369a3e27c976088b4dda95da9422fdb201979fedfcb4edf9db60089fd9ea53b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
34.210.150.237101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.210.150.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: czAx6YzkYaVc42QJd7Aw5A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dGvDLRmA7Z5nZcZTvYyg9tQ33fA=
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dd2754c7c3b7256a3fd6cd8cb1d99e72
ad5a838f69de2f7d9433521fecc532d6a4fe7749
23b6c7e1c243f59790617f8f0035e8508721bb7f88d65e77be630fc9f64babb2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "23B6C7E1C243F59790617F8F0035E8508721BB7F88D65E77BE630FC9F64BABB2"
Last-Modified: Sat, 10 Dec 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8681
Expires: Mon, 12 Dec 2022 00:36:33 GMT
Date: Sun, 11 Dec 2022 22:11:52 GMT
Connection: keep-alive
exee.app/adrifenice
104.21.48.127200 OK 1.2 kB IP 104.21.48.127:0
Hash f323daa8b6ae6dacee1e562e382619ed
de722258c4c6dd7e97e183f7355cd8500fa76437
d2553c6cb3e48778540fcfeed3ef930e8d53259b30e4681f3b9180599aa19ae6
GET /adrifenice HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:52 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=d4e654182c468b4a773173b119cd9f9b; path=/; HttpOnly
csrfToken=cc5af204f8ed76dc467671cc648c76f6e7ec41a86d2a861230b4b6e2e91c564eda08472cec9eeccf33872debd7811b54d7c5802f3401a8e786afba3266076249; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1fSWKB%2Fm%2BhubFye9bAg2P7sW03tGV%2FnmGKLI39WTR1QaJ1ifXpxeNeFs8CPKaywmmSnXGcHq9DK%2Fro1qBQATAERYwYQS%2B7DWqjzwKtjqg%2BptUcjbs5Gag2EYSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77818ef97dacb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:52:41 GMT
expires: Tue, 05 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 530351
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
superjuryger.xyz/MThSc2hQWjEeV1AFMFUdQ1RvVlp3HWA1DABLIwUcAg4/FFtFCTBdC11XJxcOQ1c8B0ZfXSZWWnd+Bh0MZ3cUHBx2fCYWMmVXNz45Z1E2GF1ZeQVGB3lrCCsmdQ0ZPDlebx4nH1ZaOz4mdkJjEiFwbRE3KgVNHDEmXnsaBAF3UiYVMgNfATxZRVY0Qi0BYBYbEmALHD4jWH0xEi5aChkbMQluOEdQc3sxFiRIARk8LlJfGAsbBG8KSlB8bxMkCVxMFCk6cEwYCwNJbitDUWRVMTomdUgBKR9ZSjQfBF1wBRglZFUxOiRiWwgqH0kdYDUOZW4lMAVeCgMkRXRcMyIQYmIlFAd+fhgeDWZMd0EqYFYhOgsDTBQpPgkdYDUkY09kOz9WcQAkPXtZPEYva2k+Vlp3XhcQEmRrNQEtZUgTFVtGQAgyAEdhFxcSZW82Vlp3HjgAB19Ibx9afVsZBj5Iez4bCktzJyo
143.204.55.24200 OK 1.2 kB URL HTTP/2 superjuryger.xyz/MThSc2hQWjEeV1AFMFUdQ1RvVlp3HWA1DABLIwUcAg4/FFtFCTBdC11XJxcOQ1c8B0ZfXSZWWnd+Bh0MZ3cUHBx2fCYWMmVXNz45Z1E2GF1ZeQVGB3lrCCsmdQ0ZPDlebx4nH1ZaOz4mdkJjEiFwbRE3KgVNHDEmXnsaBAF3UiYVMgNfATxZRVY0Qi0BYBYbEmALHD4jWH0xEi5aChkbMQluOEdQc3sxFiRIARk8LlJfGAsbBG8KSlB8bxMkCVxMFCk6cEwYCwNJbitDUWRVMTomdUgBKR9ZSjQfBF1wBRglZFUxOiRiWwgqH0kdYDUOZW4lMAVeCgMkRXRcMyIQYmIlFAd+fhgeDWZMd0EqYFYhOgsDTBQpPgkdYDUkY09kOz9WcQAkPXtZPEYva2k+Vlp3XhcQEmRrNQEtZUgTFVtGQAgyAEdhFxcSZW82Vlp3HjgAB19Ibx9afVsZBj5Iez4bCktzJyo
IP 143.204.55.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3051), with no line terminators
Hash 132c743f130fee79350968f0c5a220cf
247a8dba71048040e55f49d9d399a5d8031f8848
696e9baa1c97bc235eb9be6a2d4394e2bf59131357ac013b9387c54626419bf2
GET /MThSc2hQWjEeV1AFMFUdQ1RvVlp3HWA1DABLIwUcAg4/FFtFCTBdC11XJxcOQ1c8B0ZfXSZWWnd+Bh0MZ3cUHBx2fCYWMmVXNz45Z1E2GF1ZeQVGB3lrCCsmdQ0ZPDlebx4nH1ZaOz4mdkJjEiFwbRE3KgVNHDEmXnsaBAF3UiYVMgNfATxZRVY0Qi0BYBYbEmALHD4jWH0xEi5aChkbMQluOEdQc3sxFiRIARk8LlJfGAsbBG8KSlB8bxMkCVxMFCk6cEwYCwNJbitDUWRVMTomdUgBKR9ZSjQfBF1wBRglZFUxOiRiWwgqH0kdYDUOZW4lMAVeCgMkRXRcMyIQYmIlFAd+fhgeDWZMd0EqYFYhOgsDTBQpPgkdYDUkY09kOz9WcQAkPXtZPEYva2k+Vlp3XhcQEmRrNQEtZUgTFVtGQAgyAEdhFxcSZW82Vlp3HjgAB19Ibx9afVsZBj5Iez4bCktzJyo HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1201
date: Sun, 11 Dec 2022 22:11:52 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: sQZTZmlYKK3HGPCoXITE3F4VFGYm5ZWKERBAGEZX8byhRPmGINhMZw==
X-Firefox-Spdy: h2
superjuryger.xyz/utx?cb=uaM91Yu69mDm&top=exee.app&tid=822524
143.204.55.24204 No Content 0 B URL HTTP/2 superjuryger.xyz/utx?cb=uaM91Yu69mDm&top=exee.app&tid=822524
IP 143.204.55.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=uaM91Yu69mDm&top=exee.app&tid=822524 HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 22:11:52 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 11 Dec 2022 22:12:52 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: GoZ8sG8_Uzqsy_-C49nB5e0o7OzgZhvqfY3G-aV2MC1vFCZFyh-BVg==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 784e0439ec6be7b4ca1312cd7cfae85b
18dad06db451855d3009aa3207d868895c577666
6369a3e27c976088b4dda95da9422fdb201979fedfcb4edf9db60089fd9ea53b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
superjuryger.xyz/cURqdkgQJgkbdxB5CFA9AyhXU3o3YVgwLEA3GwA8QnIHEXsFdQhYKx0rHxIuAysEAmYfIR5Tejd8JBwaIB4yEh4mPl4yGzQODjgOGRQrESwYEVovGSktJz0PJB0gNyA/DAgxDUAUECAjIxwzJAwnDSAvDTwmPEcnQhMsMBwmLiQvGhkGPDgJFQ8rHgEdBi8GKiY9BTsPQDQ8Eh4SPCsOOBYVLyMPOQcJOw8nDgg8MCsXKDcZVHYoMx44ASgxDicTOy8aKD0OJQowFQQyChoFKz4eJgo4Ow8oBls0CRkCADx5OAEoNQElEQ0geSgSPDUPMBZfJw0kAz8MZSQDIjAjIx0DOA4zIzwRHiQdLTQQJxw4RwoVDQ03GiYREkceCwEiNA8nCDgOCjMmPCduGzcFGDhMFhxGEiQhMDQaAA
143.204.55.24200 OK 1.2 kB URL HTTP/2 superjuryger.xyz/cURqdkgQJgkbdxB5CFA9AyhXU3o3YVgwLEA3GwA8QnIHEXsFdQhYKx0rHxIuAysEAmYfIR5Tejd8JBwaIB4yEh4mPl4yGzQODjgOGRQrESwYEVovGSktJz0PJB0gNyA/DAgxDUAUECAjIxwzJAwnDSAvDTwmPEcnQhMsMBwmLiQvGhkGPDgJFQ8rHgEdBi8GKiY9BTsPQDQ8Eh4SPCsOOBYVLyMPOQcJOw8nDgg8MCsXKDcZVHYoMx44ASgxDicTOy8aKD0OJQowFQQyChoFKz4eJgo4Ow8oBls0CRkCADx5OAEoNQElEQ0geSgSPDUPMBZfJw0kAz8MZSQDIjAjIx0DOA4zIzwRHiQdLTQQJxw4RwoVDQ03GiYREkceCwEiNA8nCDgOCjMmPCduGzcFGDhMFhxGEiQhMDQaAA
IP 143.204.55.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3016), with no line terminators
Hash de0c50bea5795afe42a981b1c5cc382f
9a7e469555075413dce5c75db1d9a1a9fe013475
b024ef519c65d03887dc60208a35405581d296883c9dc857baf4ab5d3ff39372
GET /cURqdkgQJgkbdxB5CFA9AyhXU3o3YVgwLEA3GwA8QnIHEXsFdQhYKx0rHxIuAysEAmYfIR5Tejd8JBwaIB4yEh4mPl4yGzQODjgOGRQrESwYEVovGSktJz0PJB0gNyA/DAgxDUAUECAjIxwzJAwnDSAvDTwmPEcnQhMsMBwmLiQvGhkGPDgJFQ8rHgEdBi8GKiY9BTsPQDQ8Eh4SPCsOOBYVLyMPOQcJOw8nDgg8MCsXKDcZVHYoMx44ASgxDicTOy8aKD0OJQowFQQyChoFKz4eJgo4Ow8oBls0CRkCADx5OAEoNQElEQ0geSgSPDUPMBZfJw0kAz8MZSQDIjAjIx0DOA4zIzwRHiQdLTQQJxw4RwoVDQ03GiYREkceCwEiNA8nCDgOCjMmPCduGzcFGDhMFhxGEiQhMDQaAA HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1168
date: Sun, 11 Dec 2022 22:11:52 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: LAunYZd6fh2R8m5J1z3qluiq_gBwenCrYyubH01etRmEoz-0iw3m6Q==
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash af184f4a9dc1f33293111c0d8624cb33
2d8a3364b2e9ed5c6d85e5588653bd94bccf40c9
a7005a7ed17be8225d06ef0a249cced6c31d5904e6f113b717c4817990d57413
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "A7005A7ED17BE8225D06EF0A249CCED6C31D5904E6F113B717C4817990D57413"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19824
Expires: Mon, 12 Dec 2022 03:42:16 GMT
Date: Sun, 11 Dec 2022 22:11:52 GMT
Connection: keep-alive
superjuryger.xyz/utx?cb=vLDsO07cz9mi&top=exee.app&tid=889494
143.204.55.24204 No Content 0 B URL HTTP/2 superjuryger.xyz/utx?cb=vLDsO07cz9mi&top=exee.app&tid=889494
IP 143.204.55.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=vLDsO07cz9mi&top=exee.app&tid=889494 HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 22:11:52 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 11 Dec 2022 22:12:52 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zE9Cpg3HO-M5wHh6SODj0BS1P6XRDYs-moWKCWUc4yef3FiFyu0K2Q==
X-Firefox-Spdy: h2
keterrehepren.xyz/Uk5FNkl9cSZFdAt8E0IsORQSY3giCiFwBwMYAAd6BAgPUBhhC2NCIDZzfQR7Z3xxEDk7KngHbyE6JEI8IXN0ECA8KCoLbyRzdBh6ZmB2B2djaDALeHQ6NVcub39jRj0mIngHf2V+cg9/ZX91AX5i
188.114.96.1204 No Content 0 B URL HTTP/2 keterrehepren.xyz/Uk5FNkl9cSZFdAt8E0IsORQSY3giCiFwBwMYAAd6BAgPUBhhC2NCIDZzfQR7Z3xxEDk7KngHbyE6JEI8IXN0ECA8KCoLbyRzdBh6ZmB2B2djaDALeHQ6NVcub39jRj0mIngHf2V+cg9/ZX91AX5i
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Uk5FNkl9cSZFdAt8E0IsORQSY3giCiFwBwMYAAd6BAgPUBhhC2NCIDZzfQR7Z3xxEDk7KngHbyE6JEI8IXN0ECA8KCoLbyRzdBh6ZmB2B2djaDALeHQ6NVcub39jRj0mIngHf2V+cg9/ZX91AX5i HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 22:11:52 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jzr7pf0hv5ezIzWp96Xt5vKhGvUd4FvQUGZJeEpJeOtoX93DGo9Dzo61dUz1vuNXolqFqDbF2R0%2BlNLxM3fOVWMUHnZZghL%2Fq371uUF%2FvXG48S9CdfMUyN10P8XUW%2FovEk931Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77818efd6d950b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
keterrehepren.xyz/ZVBRb05KbzIccwAVHwAXVgofDAgnAQAEJhwHBxsIMWMXPhggM3cbJwFtaVt9V2ZgST4MNGxedkMjJQ46ECNsXmgMPjcAc0MmbF5gVX5jQXxDJWxeaBEgMAhzVHYhGzoJbWBZeVVnaFl5VGBpW38
188.114.96.1204 No Content 0 B URL HTTP/2 keterrehepren.xyz/ZVBRb05KbzIccwAVHwAXVgofDAgnAQAEJhwHBxsIMWMXPhggM3cbJwFtaVt9V2ZgST4MNGxedkMjJQ46ECNsXmgMPjcAc0MmbF5gVX5jQXxDJWxeaBEgMAhzVHYhGzoJbWBZeVVnaFl5VGBpW38
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZVBRb05KbzIccwAVHwAXVgofDAgnAQAEJhwHBxsIMWMXPhggM3cbJwFtaVt9V2ZgST4MNGxedkMjJQ46ECNsXmgMPjcAc0MmbF5gVX5jQXxDJWxeaBEgMAhzVHYhGzoJbWBZeVVnaFl5VGBpW38 HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 22:11:52 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HqTWVutdpIrGqARpaSe9FDD1s%2BeVr6NpVB%2B2G8iIWYZnVuMLtnT5l33c08aRIyL7hne249lk9qepRKwZr87cW5sCjF%2Bz1lffCgs5wkPveuNUqjYY4MSJWjcSncUIX6so9BEzUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77818efd6d960b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dd2754c7c3b7256a3fd6cd8cb1d99e72
ad5a838f69de2f7d9433521fecc532d6a4fe7749
23b6c7e1c243f59790617f8f0035e8508721bb7f88d65e77be630fc9f64babb2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "23B6C7E1C243F59790617F8F0035E8508721BB7F88D65E77BE630FC9F64BABB2"
Last-Modified: Sat, 10 Dec 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8681
Expires: Mon, 12 Dec 2022 00:36:33 GMT
Date: Sun, 11 Dec 2022 22:11:52 GMT
Connection: keep-alive
keterrehepren.xyz/WERYYjd3ezsRCjt1ElRWHjQeOGIoIjoJUzEQaVtFChMoIWA1cH4WXjx5YFoObH1sREcxIGVTESswORZCK3lpRF42IjdfES55aUwEbGprUxlpYi1fBn4wKANQZXV+EkMsKGVTAW90b1sBb3VoWgVq
188.114.96.1204 No Content 0 B URL HTTP/2 keterrehepren.xyz/WERYYjd3ezsRCjt1ElRWHjQeOGIoIjoJUzEQaVtFChMoIWA1cH4WXjx5YFoObH1sREcxIGVTESswORZCK3lpRF42IjdfES55aUwEbGprUxlpYi1fBn4wKANQZXV+EkMsKGVTAW90b1sBb3VoWgVq
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WERYYjd3ezsRCjt1ElRWHjQeOGIoIjoJUzEQaVtFChMoIWA1cH4WXjx5YFoObH1sREcxIGVTESswORZCK3lpRF42IjdfES55aUwEbGprUxlpYi1fBn4wKANQZXV+EkMsKGVTAW90b1sBb3VoWgVq HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 22:11:52 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WgSoSbDy1wJHScC3XTgQH9pctmvuXNNtRYnqgQeUI01uZCFge%2FGT%2Bw2HAkigKcf00g1NcJnqh9dfoB0r5ZuhYF6KjZpwLua9GmUD2ssJvD8qPt8Sq7AAwthQ%2BS0WD2svPD3Tag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77818efdbdcd0b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d8b6288aa182c59316c39ea8777fd31c
7e3a9cb2ee6f53c063161b881f99ab8b20851252
d188c187297ca0c01966dbc10159090ebbe8e0c96f5d7adc725fc2d3ee25f9c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6208
Cache-Control: max-age=135505
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:52 GMT
Etag: "6395abb9-118"
Expires: Tue, 13 Dec 2022 11:50:17 GMT
Last-Modified: Sun, 11 Dec 2022 10:06:49 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
d1sqvt36mg3t1b.cloudfront.net/2TVlwdU8uNh4TcDkwFEh3f2tFR3trMwMaIT1kFzoVPDNAIjUebSEAfCd/BA8rcGlWGS4jPk1TKiM6TURpLD0SSHtrLQAaJHA4HBEuJDcUBzw/fwUUciA2ChwjIThVRwl4d0BQfX1xBxwhKTYHBmp/aR4Ban9pQUVhfXxDN2p/aQccIXttVUYNaGtADXl5fE-M3an9pAgNqfhhBRXpjaVlQfX0+FRYkInxCM319aEBFfn1oVUd/KzACECkiIVVHCXxpRVt/ayxNRA
54.230.245.131200 OK 517 B URL HTTP/2 d1sqvt36mg3t1b.cloudfront.net/2TVlwdU8uNh4TcDkwFEh3f2tFR3trMwMaIT1kFzoVPDNAIjUebSEAfCd/BA8rcGlWGS4jPk1TKiM6TURpLD0SSHtrLQAaJHA4HBEuJDcUBzw/fwUUciA2ChwjIThVRwl4d0BQfX1xBxwhKTYHBmp/aR4Ban9pQUVhfXxDN2p/aQccIXttVUYNaGtADXl5fE-M3an9pAgNqfhhBRXpjaVlQfX0+FRYkInxCM319aEBFfn1oVUd/KzACECkiIVVHCXxpRVt/ayxNRA
IP 54.230.245.131:0
File type ASCII text, with very long lines (706), with no line terminators
Hash 4dc5a860b771dc7165dd26d62e6b0aa5
ec13a4192529832ab3242dadcbe9809e4bb9bf16
24d207d923851fa54d01231e1d2c649dea2af8660de1f75a2430e8bbb8fb0539
GET /2TVlwdU8uNh4TcDkwFEh3f2tFR3trMwMaIT1kFzoVPDNAIjUebSEAfCd/BA8rcGlWGS4jPk1TKiM6TURpLD0SSHtrLQAaJHA4HBEuJDcUBzw/fwUUciA2ChwjIThVRwl4d0BQfX1xBxwhKTYHBmp/aR4Ban9pQUVhfXxDN2p/aQccIXttVUYNaGtADXl5fE-M3an9pAgNqfhhBRXpjaVlQfX0+FRYkInxCM319aEBFfn1oVUd/KzACECkiIVVHCXxpRVt/ayxNRA HTTP/1.1
Host: d1sqvt36mg3t1b.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superjuryger.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 517
date: Sun, 11 Dec 2022 22:11:52 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: INcrRX94YSWaFniuKFg8tVpLXsZjmxSUQUanxlnuKHlSTlPzbpkV-A==
X-Firefox-Spdy: h2
d1sqvt36mg3t1b.cloudfront.net/8NjRQZXdVWz4DSEJdNFhPAgdiU0YQXiMKGUYJAhNHbGE1PzVkRXYRDVIJYEMbV1o3WFFTWjNYRhBVNAdKAhIlBEpbWyoMG1pVdVcxAxpgQEUGHCcMGVJbJxZSBAQ+EVIEBGFVWQYRYydSBAQnDBkAAHVWNRMGYB1BAhFjJ1IEBCITUgV1YVVCGAR5QEUGUz-UGHFkRYiNFBgVgVUYGBXVXR1BdIgARWUx1VzEHBGVLRxBBbVQ
54.230.245.131200 OK 189 B URL HTTP/2 d1sqvt36mg3t1b.cloudfront.net/8NjRQZXdVWz4DSEJdNFhPAgdiU0YQXiMKGUYJAhNHbGE1PzVkRXYRDVIJYEMbV1o3WFFTWjNYRhBVNAdKAhIlBEpbWyoMG1pVdVcxAxpgQEUGHCcMGVJbJxZSBAQ+EVIEBGFVWQYRYydSBAQnDBkAAHVWNRMGYB1BAhFjJ1IEBCITUgV1YVVCGAR5QEUGUz-UGHFkRYiNFBgVgVUYGBXVXR1BdIgARWUx1VzEHBGVLRxBBbVQ
IP 54.230.245.131:0
File type ASCII text, with no line terminators
Hash 53da17afc4657eb72df75f1c8c58580a
3f16d0bb0b79cf3650de178a45bd33e8cafff1d4
ff3a2c64c9f09e2674e75cdede631ecec17a5edfff358d4eee977746099d1f9e
GET /8NjRQZXdVWz4DSEJdNFhPAgdiU0YQXiMKGUYJAhNHbGE1PzVkRXYRDVIJYEMbV1o3WFFTWjNYRhBVNAdKAhIlBEpbWyoMG1pVdVcxAxpgQEUGHCcMGVJbJxZSBAQ+EVIEBGFVWQYRYydSBAQnDBkAAHVWNRMGYB1BAhFjJ1IEBCITUgV1YVVCGAR5QEUGUz-UGHFkRYiNFBgVgVUYGBXVXR1BdIgARWUx1VzEHBGVLRxBBbVQ HTTP/1.1
Host: d1sqvt36mg3t1b.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superjuryger.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 189
date: Sun, 11 Dec 2022 22:11:52 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5dSgfc_ZsuZCSkIR1Qv1ogX8YDt1f-CIrGqNzE0hleRfzuaq8Yl-3Q==
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 532 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash bfd45967d0d434e14d4a0db2be8145a2
05066f1428edc9c86c879c7cc3df6ce8ea3d5f85
dc706f4a26c482cba4123f8ffb272b984d594045cf5877fb4bd07733cb00e1e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C69F406541E10C6E70D4ABF880423BC730332F5700F13AD6697E1B6C4F31382F"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8557
Expires: Mon, 12 Dec 2022 00:34:29 GMT
Date: Sun, 11 Dec 2022 22:11:52 GMT
Connection: keep-alive
d1sqvt36mg3t1b.cloudfront.net/FTndVOFotGDteZToeMQVidk5hAW5oHSZXND5KOQoWLTwgbiMNGz1aIAUCDB4uNBNoCHwiFjtfZ2gSO1tnf1E0XDhzQ3NMKiEcaFk2KhY8Vj48BCceLy9KOFcgJxs5WX98MWAWamtFZRAtJxkxVy09UmcINDpSZwhrflllHWkMUmcILScZYwx/fTVwCmo2QW-EdaQxSZwgoOFJmeWt+QnsIc2tFZV8/LRw6HWgIRWUJan5GZQl/fEczUSgrETpAf3wxZAhvYEdzTWd/
54.230.245.131200 OK 611 B URL HTTP/2 d1sqvt36mg3t1b.cloudfront.net/FTndVOFotGDteZToeMQVidk5hAW5oHSZXND5KOQoWLTwgbiMNGz1aIAUCDB4uNBNoCHwiFjtfZ2gSO1tnf1E0XDhzQ3NMKiEcaFk2KhY8Vj48BCceLy9KOFcgJxs5WX98MWAWamtFZRAtJxkxVy09UmcINDpSZwhrflllHWkMUmcILScZYwx/fTVwCmo2QW-EdaQxSZwgoOFJmeWt+QnsIc2tFZV8/LRw6HWgIRWUJan5GZQl/fEczUSgrETpAf3wxZAhvYEdzTWd/
IP 54.230.245.131:0
File type ASCII text, with very long lines (876), with no line terminators
Hash ae5fd22a321f3e13c57f7eef14404efc
8b07bf4beae5d611f01ba70c5889d8fd9e7d0626
747286b290cfcd80b003ab43edb0090fdc50336ba49666903973a27d788a499f
GET /FTndVOFotGDteZToeMQVidk5hAW5oHSZXND5KOQoWLTwgbiMNGz1aIAUCDB4uNBNoCHwiFjtfZ2gSO1tnf1E0XDhzQ3NMKiEcaFk2KhY8Vj48BCceLy9KOFcgJxs5WX98MWAWamtFZRAtJxkxVy09UmcINDpSZwhrflllHWkMUmcILScZYwx/fTVwCmo2QW-EdaQxSZwgoOFJmeWt+QnsIc2tFZV8/LRw6HWgIRWUJan5GZQl/fEczUSgrETpAf3wxZAhvYEdzTWd/ HTTP/1.1
Host: d1sqvt36mg3t1b.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superjuryger.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 611
date: Sun, 11 Dec 2022 22:11:52 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IVBpGDb_WPLAGEFMDvismNjcp5JNCveX7-hSsST6tcb6ybrHYi8gNg==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8db5e5fdd6de1be318e1e2eb919fb0e7
8258c78d87a302be368193b851b55c8e32107c82
143d463b64c5b6772aa9f446e7ea1bb201fe8ce57b25779a6c99dd416a660c7f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 22:11:52 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Dec 2022 16:52:37 GMT
Expires: Thu, 15 Dec 2022 16:52:36 GMT
Etag: "8258c78d87a302be368193b851b55c8e32107c82"
Cache-Control: max-age=325843,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77818efe9b48b512-OSL
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
37.48.68.71200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 910
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 11 Dec 2022 22:11:52 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
192.243.59.12200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37186), with no line terminators
Hash 2095b9e7f16b4ffff59ad34890ccb848
de0442c1a46e24b9f159ebae8241fef29fbe0649
fd649029ac030164f169316be7e10980459dac193378bd320a3c19d02f619b45
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 11 Dec 2022 22:11:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7a4117dbf02f6d898e128927c07bec4d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
analytics.vdo.ai/logger
172.64.104.3200 OK 44 kB IP 172.64.104.3:0
Hash 0e60786faecf61eaa35dd34efcf51297
1582772ec4d4e06cf11682eaed054e2e59dd5a58
abfc9ce6dba42970d9f53f2570a51cdade13e8006eb08cefb9b97eb1e568959c
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 129
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:52 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jhX891MqfDy4NZitMFq20Q4Tj%2BtQWWLP%2Fs7Ed4yYQf8fNlRCkMR%2FWQt46BGTMRpw6WIZmdyjBIxYlta7gVqcwDZK8wMaVV3UABcTdB092M7XHKuTMJGQ3HeiU4Tz734B5Kiz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77818eff1c99d174-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7f2ac6af39ccbf385b011a10f91b1f3b
632e1c781f4c61580ba8d84e9180e6e369d59cb8
0a751bd9d1e7a7a1270dd70f018343aa89558f06a6ec33e657765be67898ddb3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0A751BD9D1E7A7A1270DD70F018343AA89558F06A6EC33E657765BE67898DDB3"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14198
Expires: Mon, 12 Dec 2022 02:08:31 GMT
Date: Sun, 11 Dec 2022 22:11:53 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 30f11462333fc35d7561d81e16c39073
52109e02981889cb701cf4a83d8abe89c13ce1aa
ea0ae9e41454e65dd6a7f9e48197c453e0d85dd80976c2baefd7432f83375f84
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA0AE9E41454E65DD6A7F9E48197C453E0D85DD80976C2BAEFD7432F83375F84"
Last-Modified: Fri, 09 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15802
Expires: Mon, 12 Dec 2022 02:35:15 GMT
Date: Sun, 11 Dec 2022 22:11:53 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash f0b47065b11cbea51cb76d12a9bfa1fb
e4297c96b6395dd7d35cac31717d3153fb3d95a4
7e851c843752269d2e3efd2908be5074cdd273eb839bf91bb7fbf57dacba5855
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=144398
Date: Sun, 11 Dec 2022 22:11:53 GMT
Etag: "6395db96-1d7"
Expires: Tue, 13 Dec 2022 14:18:31 GMT
Last-Modified: Sun, 11 Dec 2022 13:31:02 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wSHM8l4-xXnL3CmEWd8TwMjw8IG9wo1C3qt9vdxWNN4KY7YzBeLkgw==
Age: 2849
simplewebanalysis.com/stats
18.195.193.92200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.195.193.92:0
File type ASCII text, with no line terminators
Hash c001b106272231d0d19579f4d7deb4db
049c603c7c20988343ece871e3018f58e7f20152
fdf1cbf6058628bfc9b35134797bd31b56d69f07375d805b971bcfa19be8a5bb
Analyzer Verdict Alert fortinet Malware
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:53 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=3a981a6a-b19b-4aec-b290-db2098b30661:3:1; expires=Wed, 08 Dec 2032 22:11:53 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7f2ac6af39ccbf385b011a10f91b1f3b
632e1c781f4c61580ba8d84e9180e6e369d59cb8
0a751bd9d1e7a7a1270dd70f018343aa89558f06a6ec33e657765be67898ddb3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0A751BD9D1E7A7A1270DD70F018343AA89558F06A6EC33E657765BE67898DDB3"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14198
Expires: Mon, 12 Dec 2022 02:08:31 GMT
Date: Sun, 11 Dec 2022 22:11:53 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3a1942bd2fc7c60d1cfffd1b72f202c1
2b95e8b0f97322d14ba4797016bf34314795771f
219bdf287c5cd0a9141d291c0d07db3831f095f2be854cbfe654ac57f2b7e49e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5289
Cache-Control: max-age=160514
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:53 GMT
Etag: "63961102-1d7"
Expires: Tue, 13 Dec 2022 18:47:07 GMT
Last-Modified: Sun, 11 Dec 2022 17:18:58 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4f59766c2fbd3c45359e028feba76529
01ca4b880afac47af0d6c0cd7d996ffccff57132
d54cf91ffbf4c5147cc6ea9c5cae537d3ae442513a34e9c1fe6a5169aa13174d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4f59766c2fbd3c45359e028feba76529
01ca4b880afac47af0d6c0cd7d996ffccff57132
d54cf91ffbf4c5147cc6ea9c5cae537d3ae442513a34e9c1fe6a5169aa13174d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 11 Dec 2022 20:41:08 GMT
expires: Sun, 11 Dec 2022 22:41:08 GMT
cache-control: public, max-age=7200
age: 5445
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10044
Expires: Mon, 12 Dec 2022 00:59:17 GMT
Date: Sun, 11 Dec 2022 22:11:53 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10044
Expires: Mon, 12 Dec 2022 00:59:17 GMT
Date: Sun, 11 Dec 2022 22:11:53 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10044
Expires: Mon, 12 Dec 2022 00:59:17 GMT
Date: Sun, 11 Dec 2022 22:11:53 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 2.0 kB IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 56f8c65042da56ec75d62afcce85eec1
a68e1b2e91b17e293a5fce157e5d40e9e00b4588
314c91564de25def1f61019062a8546f4d36e47c398836e98286f8c3c5ebe139
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10044
Expires: Mon, 12 Dec 2022 00:59:17 GMT
Date: Sun, 11 Dec 2022 22:11:53 GMT
Connection: keep-alive
imasdk.googleapis.com/js/sdkloader/ima3.js
142.250.74.74200 OK 127 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/ima3.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (2791)
Size 127 kB (126857 bytes)
Hash 21194044394ef476e44611727d8f00dd
ba7ffffa00243495b382bdef73a0561f0f47f05d
bc67b3ddd745e176311e8f19bc0f4881f232b8a12813e76adc65767a78866254
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 126857
date: Sun, 11 Dec 2022 22:11:53 GMT
expires: Sun, 11 Dec 2022 22:11:53 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j98&a=711152942&t=timing&_s=1&dl=https%3A%2F%2Fexee.app%2Fadrifenice&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=240&_u=YEDAAUABCAAAACAAI~&jid=1808854472&gjid=956600551&cid=1442040450.1670796712&tid=UA-113932176-41&_gid=17840654.1670796712&_r=1>m=2oubu0&z=413788916
142.250.74.110200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=711152942&t=timing&_s=1&dl=https%3A%2F%2Fexee.app%2Fadrifenice&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=240&_u=YEDAAUABCAAAACAAI~&jid=1808854472&gjid=956600551&cid=1442040450.1670796712&tid=UA-113932176-41&_gid=17840654.1670796712&_r=1>m=2oubu0&z=413788916
IP 142.250.74.110:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=711152942&t=timing&_s=1&dl=https%3A%2F%2Fexee.app%2Fadrifenice&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=240&_u=YEDAAUABCAAAACAAI~&jid=1808854472&gjid=956600551&cid=1442040450.1670796712&tid=UA-113932176-41&_gid=17840654.1670796712&_r=1>m=2oubu0&z=413788916 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://exee.app
date: Sun, 11 Dec 2022 22:11:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6bca12a-103c-4b98-a218-27a61f8d6951.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6bca12a-103c-4b98-a218-27a61f8d6951.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2020df3404a4b7c3e142af4a1330b848
2fe69b52fe03128e86550bf08474ecac82682384
37a52c158d5cfdf3589e19163cf446c02ce1466f444656080b02da82d2bcefae
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6bca12a-103c-4b98-a218-27a61f8d6951.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6311
x-amzn-requestid: 46ccaee0-bde8-4be6-9dc8-46e3ae356dc8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c8xUYH10oAMF8Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6394fc1b-2440251f06cb950a57489555;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 21:37:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UU3eyJXDqth6F65_913HL9lqA3qZHfGExAV89BRzHpQho5wZbQRTmw==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:38:41 GMT
age: 1992
etag: "2fe69b52fe03128e86550bf08474ecac82682384"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: e68bff96-83e0-471c-95ed-d9773d2354a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c82_MHywoAMFe_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6395052d-23c53ea949b7266822b23787;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 22:16:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rB0PKLb094bjVAHEBqTXaHZfBWD2F6q8AEt3KL3gDJ53Dd-3GzZwWg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 05:47:56 GMT
age: 59037
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
patrondescendantprecursor.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
173.233.137.52200 OK 29 kB URL HTTP/1.1 patrondescendantprecursor.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 94d249ab23bdd179d60ca6713fcb84f7
b9cdf97ba03bf95a133ee7a924d994fb581feb53
cc52f115c0eeccef938e9c22ac3b38a55022b4f76e3a87158bca114f96b5b0a8
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/ed/da/e3edda287db626ee1ba52321f203a61e.js HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 22:11:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 54e7bfa8699a95fa64c2b4f5c816b862
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f74a7ce-34b1-4cb6-a68f-8fd3dc0a2b9f.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f74a7ce-34b1-4cb6-a68f-8fd3dc0a2b9f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6fa9fe07664d7ecc189f2ec5e88d82ab
6c9476510cac4e1aa7f96e46f659381c95de5a53
4955b29a4c20466c6e2f342c6d6e2ff060fe4943005fab0a930ca587e99efa7d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f74a7ce-34b1-4cb6-a68f-8fd3dc0a2b9f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7269
x-amzn-requestid: 0ca02ec9-910e-427f-92d4-c6f2de1a3529
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c82piGjdIAMFSnQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639504a3-20c792da66e8398c655dafd4;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 22:13:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KJYhsEThKbSj5L2xMkKzWXYD9D3LDMhskjxIV2AHetWv4az2l4zSqQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 15:07:59 GMT
age: 25434
etag: "6c9476510cac4e1aa7f96e46f659381c95de5a53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35586156-4c0f-4b7e-ade1-0373a473ecf2.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35586156-4c0f-4b7e-ade1-0373a473ecf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea3f48d55264e9000260f9076b1465de
f62e2445a3eecc698562b792c613de74fb77921a
2bc725ab7a45e573a10cf53050ecd79900eba2db14eb93fe4d206e4d7a7d4323
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35586156-4c0f-4b7e-ade1-0373a473ecf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5854
x-amzn-requestid: 53af7632-c8ac-4655-a424-076000e1aef2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c83JnGdFoAMF9cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63950570-72f4c342690eb06034e00954;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 22:17:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: beZLsCxEHJWPWmC_4IuRuyOgjPx7X7Y8cHm3iL-6VvXhsn-usz1ESg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 11:31:00 GMT
age: 38453
etag: "f62e2445a3eecc698562b792c613de74fb77921a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d0c96af-c60d-4600-85fc-ee30b7a0c931.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d0c96af-c60d-4600-85fc-ee30b7a0c931.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f01260130a9ea66e994137a2ac221122
85e58c55619e2cc855ff9dc5861e70be682bb247
987e83bd21ee86ba8384e5b28ab4e5536fc17c290d2e34f31734358208b246c0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d0c96af-c60d-4600-85fc-ee30b7a0c931.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4526
x-amzn-requestid: 3b956935-0d79-4261-845f-df3684758cd5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c83HuGTDIAMF77g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63950564-759a4eec01b8fa2e6ced2fb1;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 22:17:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: b-4z9EOV7HU3RuLlDd0NF5-AEB14E1dL6WHbSy0dzNKoVKhABaqAYw==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 13:40:21 GMT
age: 30692
etag: "85e58c55619e2cc855ff9dc5861e70be682bb247"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31aca93e-2858-4933-b847-8f2f94143051.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31aca93e-2858-4933-b847-8f2f94143051.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8fb99efffa43a89258e8f6fa88b57b3d
af9e7836bb609a2fa5ada07bb46a547f007a70ac
117238c7ac845cb0b65576ea779bb64e6f93ea715eaa2df5a05338743646839c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31aca93e-2858-4933-b847-8f2f94143051.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9385
x-amzn-requestid: c465c6db-4228-4455-b5d5-0b6bec43928c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c8xkmGn7oAMFTnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6394fc83-1903b69055c1d5bc70c3adea;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 21:39:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LLAXDHDQGFlojo0lXuvcOkPHt2OAYmDUguV7CK3H_Ddr7KO52oNIGQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 22:03:56 GMT
age: 477
etag: "af9e7836bb609a2fa5ada07bb46a547f007a70ac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.211.13302 Found 397 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.211.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash ed933206f9cf3e06d7caaeaf7f65afe0
9fa57441731e44a30355fabe8399fd6905e70dff
f86aa541527a84f8f0d6988c78e6e93b1fc03961b10bf8aea202c02bdd840016
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 11 Dec 2022 22:11:53 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1643418106%3A1670796713651272&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh51ZWC6AikRAmEhPRtamOHItRBTPkP0Lqh97pDAtCYrJLvigyFjU_A4L8bX7sFA1XcQduzPpg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-IpF2Gf2euNRFBJEmsYMAcQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 397
server: GSE
set-cookie: __Host-GAPS=1:nyJfuOsUQicVUUNeDXhw55VoG__2Yg:MLowhrbN7Qf6KSxH;Path=/;Expires=Tue, 10-Dec-2024 22:11:53 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3a1942bd2fc7c60d1cfffd1b72f202c1
2b95e8b0f97322d14ba4797016bf34314795771f
219bdf287c5cd0a9141d291c0d07db3831f095f2be854cbfe654ac57f2b7e49e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5289
Cache-Control: max-age=160514
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:53 GMT
Etag: "63961102-1d7"
Expires: Tue, 13 Dec 2022 18:47:07 GMT
Last-Modified: Sun, 11 Dec 2022 17:18:58 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7064f6619ec94ac742915441ddf9be63
07864ef6316dfb3bfd38d602d2c38d237da8e61e
501f0b2261360de41668fde33f0518321c9335d5e1eab0f4a1014f75e061cca1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
patrondescendantprecursor.com/pixel/purst?dl=0&th=0&sc=0&rs=2483&rd=2483&fd=543&bv=22.10.v.10&tmpl=136
173.233.137.52200 OK 0 B URL HTTP/1.1 patrondescendantprecursor.com/pixel/purst?dl=0&th=0&sc=0&rs=2483&rd=2483&fd=543&bv=22.10.v.10&tmpl=136
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2483&rd=2483&fd=543&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 22:11:53 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
patrondescendantprecursor.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=3a981a6a-b19b-4aec-b290-db2098b30661%3A3%3A1
173.233.137.52200 OK 4.1 kB URL HTTP/1.1 patrondescendantprecursor.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=3a981a6a-b19b-4aec-b290-db2098b30661%3A3%3A1
IP 173.233.137.52:0
File type JSON data\012- , ASCII text, with very long lines (5731), with no line terminators
Hash f8ec8ce29ff370125c8890202e140168
90d1eea6824f0959407f3390441b4329c36a6454
27db67464c3d335bbe16920f646cb3223bc4f526339f05ace015711b1484fc37
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=3a981a6a-b19b-4aec-b290-db2098b30661%3A3%3A1 HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 22:11:53 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://exee.app
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Mon, 12 Dec 2022 22:11:53 GMT; secure; SameSite=None
uid_id2=3a981a6a-b19b-4aec-b290-db2098b30661:3:1; expires=Sun, 18 Dec 2022 22:11:53 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 12 Dec 2022 22:11:53 GMT; secure; SameSite=None
uncs=1; expires=Mon, 12 Dec 2022 22:11:53 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 12 Dec 2022 22:11:53 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 12 Dec 2022 22:11:53 GMT; secure; SameSite=None
slecf585f65c6c65123b95dd09be324de3bb=[3364903]; expires=Sun, 11 Dec 2022 22:11:58 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c4b9ec56b2e7b5446bb1a9a625dc13af
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7064f6619ec94ac742915441ddf9be63
07864ef6316dfb3bfd38d602d2c38d237da8e61e
501f0b2261360de41668fde33f0518321c9335d5e1eab0f4a1014f75e061cca1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 633462c5bc4d631d0f28109676f1c4ef
5e971024687c599a40822616459355ab75a69aa6
464513db00c7735b28f8140ecd0a3a0641fce311481f736a946a1ed8e8e881d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
142.250.74.130200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 11 Dec 2022 22:04:29 GMT
expires: Sun, 11 Dec 2022 23:04:29 GMT
cache-control: public, max-age=3600
age: 445
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 25880c5debe9ae26baa02044822a1fbc
5ff23639c3183d18a20c5a3dbadaa0f809b080f0
2ecb24d2679e935e7ac85a3dfd9a0aad32138ca82764ae14263c6ebbf087a998
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4420
Cache-Control: max-age=163616
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:54 GMT
Etag: "63962086-117"
Expires: Tue, 13 Dec 2022 19:38:50 GMT
Last-Modified: Sun, 11 Dec 2022 18:25:10 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 633462c5bc4d631d0f28109676f1c4ef
5e971024687c599a40822616459355ab75a69aa6
464513db00c7735b28f8140ecd0a3a0641fce311481f736a946a1ed8e8e881d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash ab7e3876457704d11addbee121cd2bd7
e764783b909d925899facc2dde59c94f20b261dc
37ed52eaeaef24a31e5d436f44c12ee44f960445fe7c25bc7e43b7994ff3a159
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 11 Dec 2022 22:11:54 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 11 Dec 2022 19:38:47 GMT
Expires: Mon, 12 Dec 2022 19:38:47 GMT
ETag: "e764783b909d925899facc2dde59c94f20b261dc"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
patrondescendantprecursor.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9NZkf%2FMCNymwUhEYEFUynqqur0%2BUsBuM4EswkYT6IS99XdZ55Xa94r6qrExCCg8Ms2424rJzOBxkHccCtIB1BJCDYLiQL8w%2B4EmFWLqSThta7qHtPnbs459z3cK84Jz4KerZ%2B2%2BworelCVPdrb2yoVJjS1Vbv1QK%2F7l%2Bvbai01bxe608%2Btvd24Ed1%2F83a%2B5JvmYWGH%2Fh%2B4Ae1W8rKxPQXLlio7Ekc1GO%2F3mzUg6iJvv0vdoUHRz2I3jl5EUqM%2F7f501MoPkLa%2FeamdFu5yd56r1tomhuLnji6n26lpkzRnY2J9ZCkR9NtGDcm5MsrMOnR1AFMb3%2FiAEyNifdbAJYeTWWC9Q4ulTINmYKJ51D2RpB6BEVH4OYBlPiFAFxgdQ1p93DV2JJuX7J0wo7J1Wd%2FQZVjcvX3a0i7Xy9p1a%2FdNbrIlUkd%2BkkF1R9BdUbIihPkOx5UeQKefwolfiYLz1aQdvfXnDZQ4uy1kMbtgLboPAtiNt%2Bkks%2BzRuzPC9bw4zYL%2FVYruIhIqRFUMoKWA1A3h8J5KJSHIvFQZB664qxGozjx%2FcWEJWHYbnLOw5DzqN0SkQib7cRHwSceBsizAbgegNtdZHYXW2oAW3wPt1nBCQ8uJ%2BiJCqUkKB1BSQlKRVDmBGWvOhDaNVx1KLQrWDDtjWkPq6HJO3v0wOQdmZK97Jy8MAnOe%2F7xNWzJs1oStaOkFfEWb0VBI2RxJIQfMxk2mkKGjMGpCspdAXUedtSYzH3yBzI1JleWFsDoCZw%2BAVevghavgJbDxYYPujlstn3spIeyL%2BvKQJgKWX4V%2Bba3p8%2FJSxenCz98HZKf3viI3R7%2Fefw3uK2Q2Qofqx8IOvrR8I4pyf4dUzrydC3LVVft0MlZ7%2BY0l3OPP5DbpbFi%2BaYbHL%2FDJ8RkfHJPunyFpkKlHUe%2BWlJCSHvLWC7Jd8tuQ7L1wm0uFTYtspX1d28tdzMrnVMmHYGqMSE%2FnoKrMfn%2FtwcXT%2Fblzx5C2RFsUaFbnJJpQZkT8GwXLpvpd4bA6tkOyzyURTW0DTb7qRWBljNMWQX3L8xm8557hI71QPMHSLsVerZCT1egegBXzA3zzJ7e%2BDW8KDDtDZm23j7TVn9%2BGa5TZzUZJX4i%2FYZkScySReqLOGnGjMaBXGQRDZC7Mf%2Fi%2FvE%2FAAAA%2F%2F8BAAD%2F%2F03qTdiKBAAA
173.233.137.52200 OK 7 B URL HTTP/1.1 patrondescendantprecursor.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9NZkf%2FMCNymwUhEYEFUynqqur0%2BUsBuM4EswkYT6IS99XdZ55Xa94r6qrExCCg8Ms2424rJzOBxkHccCtIB1BJCDYLiQL8w%2B4EmFWLqSThta7qHtPnbs459z3cK84Jz4KerZ%2B2%2BworelCVPdrb2yoVJjS1Vbv1QK%2F7l%2Bvbai01bxe608%2Btvd24Ed1%2F83a%2B5JvmYWGH%2Fh%2B4Ae1W8rKxPQXLlio7Ekc1GO%2F3mzUg6iJvv0vdoUHRz2I3jl5EUqM%2F7f501MoPkLa%2FeamdFu5yd56r1tomhuLnji6n26lpkzRnY2J9ZCkR9NtGDcm5MsrMOnR1AFMb3%2FiAEyNifdbAJYeTWWC9Q4ulTINmYKJ51D2RpB6BEVH4OYBlPiFAFxgdQ1p93DV2JJuX7J0wo7J1Wd%2FQZVjcvX3a0i7Xy9p1a%2FdNbrIlUkd%2BkkF1R9BdUbIihPkOx5UeQKefwolfiYLz1aQdvfXnDZQ4uy1kMbtgLboPAtiNt%2Bkks%2BzRuzPC9bw4zYL%2FVYruIhIqRFUMoKWA1A3h8J5KJSHIvFQZB664qxGozjx%2FcWEJWHYbnLOw5DzqN0SkQib7cRHwSceBsizAbgegNtdZHYXW2oAW3wPt1nBCQ8uJ%2BiJCqUkKB1BSQlKRVDmBGWvOhDaNVx1KLQrWDDtjWkPq6HJO3v0wOQdmZK97Jy8MAnOe%2F7xNWzJs1oStaOkFfEWb0VBI2RxJIQfMxk2mkKGjMGpCspdAXUedtSYzH3yBzI1JleWFsDoCZw%2BAVevghavgJbDxYYPujlstn3spIeyL%2BvKQJgKWX4V%2Bba3p8%2FJSxenCz98HZKf3viI3R7%2Fefw3uK2Q2Qofqx8IOvrR8I4pyf4dUzrydC3LVVft0MlZ7%2BY0l3OPP5DbpbFi%2BaYbHL%2FDJ8RkfHJPunyFpkKlHUe%2BWlJCSHvLWC7Jd8tuQ7L1wm0uFTYtspX1d28tdzMrnVMmHYGqMSE%2FnoKrMfn%2FtwcXT%2Fblzx5C2RFsUaFbnJJpQZkT8GwXLpvpd4bA6tkOyzyURTW0DTb7qRWBljNMWQX3L8xm8557hI71QPMHSLsVerZCT1egegBXzA3zzJ7e%2BDW8KDDtDZm23j7TVn9%2BGa5TZzUZJX4i%2FYZkScySReqLOGnGjMaBXGQRDZC7Mf%2Fi%2FvE%2FAAAA%2F%2F8BAAD%2F%2F03qTdiKBAAA
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9NZkf%2FMCNymwUhEYEFUynqqur0%2BUsBuM4EswkYT6IS99XdZ55Xa94r6qrExCCg8Ms2424rJzOBxkHccCtIB1BJCDYLiQL8w%2B4EmFWLqSThta7qHtPnbs459z3cK84Jz4KerZ%2B2%2BworelCVPdrb2yoVJjS1Vbv1QK%2F7l%2Bvbai01bxe608%2Btvd24Ed1%2F83a%2B5JvmYWGH%2Fh%2B4Ae1W8rKxPQXLlio7Ekc1GO%2F3mzUg6iJvv0vdoUHRz2I3jl5EUqM%2F7f501MoPkLa%2FeamdFu5yd56r1tomhuLnji6n26lpkzRnY2J9ZCkR9NtGDcm5MsrMOnR1AFMb3%2FiAEyNifdbAJYeTWWC9Q4ulTINmYKJ51D2RpB6BEVH4OYBlPiFAFxgdQ1p93DV2JJuX7J0wo7J1Wd%2FQZVjcvX3a0i7Xy9p1a%2FdNbrIlUkd%2BkkF1R9BdUbIihPkOx5UeQKefwolfiYLz1aQdvfXnDZQ4uy1kMbtgLboPAtiNt%2Bkks%2BzRuzPC9bw4zYL%2FVYruIhIqRFUMoKWA1A3h8J5KJSHIvFQZB664qxGozjx%2FcWEJWHYbnLOw5DzqN0SkQib7cRHwSceBsizAbgegNtdZHYXW2oAW3wPt1nBCQ8uJ%2BiJCqUkKB1BSQlKRVDmBGWvOhDaNVx1KLQrWDDtjWkPq6HJO3v0wOQdmZK97Jy8MAnOe%2F7xNWzJs1oStaOkFfEWb0VBI2RxJIQfMxk2mkKGjMGpCspdAXUedtSYzH3yBzI1JleWFsDoCZw%2BAVevghavgJbDxYYPujlstn3spIeyL%2BvKQJgKWX4V%2Bba3p8%2FJSxenCz98HZKf3viI3R7%2Fefw3uK2Q2Qofqx8IOvrR8I4pyf4dUzrydC3LVVft0MlZ7%2BY0l3OPP5DbpbFi%2BaYbHL%2FDJ8RkfHJPunyFpkKlHUe%2BWlJCSHvLWC7Jd8tuQ7L1wm0uFTYtspX1d28tdzMrnVMmHYGqMSE%2FnoKrMfn%2FtwcXT%2Fblzx5C2RFsUaFbnJJpQZkT8GwXLpvpd4bA6tkOyzyURTW0DTb7qRWBljNMWQX3L8xm8557hI71QPMHSLsVerZCT1egegBXzA3zzJ7e%2BDW8KDDtDZm23j7TVn9%2BGa5TZzUZJX4i%2FYZkScySReqLOGnGjMaBXGQRDZC7Mf%2Fi%2FvE%2FAAAA%2F%2F8BAAD%2F%2F03qTdiKBAAA HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=3a981a6a-b19b-4aec-b290-db2098b30661:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 22:11:54 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2dbf9befee080f1f4b906d1450454e7a
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 424fe895daf4a7ae9f721aa122d1f430
3d1108bc3f15bd0c4f9e522ce610b36d56e388ab
1d1de3db8968af3e6c57613a4f1e92f51b7d787e0224ecfdc765e4c44ceffea4
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 11 Dec 2022 22:11:54 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 11 Dec 2022 19:38:47 GMT
Expires: Mon, 12 Dec 2022 19:38:47 GMT
ETag: "e764783b909d925899facc2dde59c94f20b261dc"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6da1a0019f5802275cbb126eb7dceec8
2bb9bea7bfbb26559d4bd9a81bd4f029800fa09d
615c4f00ee2efde05e8933e7601fff77447abeeebee42a29993a0ffd78ec4410
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "615C4F00EE2EFDE05E8933E7601FFF77447ABEEEBEE42A29993A0FFD78EC4410"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1387
Expires: Sun, 11 Dec 2022 22:35:01 GMT
Date: Sun, 11 Dec 2022 22:11:54 GMT
Connection: keep-alive
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
15.235.42.79204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP 15.235.42.79:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sun, 11 Dec 2022 22:11:54 GMT
Connection: keep-alive
Expires: Mon, 11 Dec 2023 22:11:54 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
patrondescendantprecursor.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Findex.html&l=1659&fd=76
173.233.137.52200 OK 0 B URL HTTP/1.1 patrondescendantprecursor.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Findex.html&l=1659&fd=76
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Findex.html&l=1659&fd=76 HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=3a981a6a-b19b-4aec-b290-db2098b30661:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 22:11:54 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/index.html
104.26.6.19200 OK 83 kB URL HTTP/2 cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/index.html
IP 104.26.6.19:0
File type HTML document text\012- HTML document, ASCII text
Hash de1b5cc1c90435fbbcfc3703dde9630d
ca89b91dce7e15fe940061d2e83e09b19799f9de
10c92879cb785e0c765a8d74599ed50cc72f1e51e35eafa8596da61319e59631
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:54 GMT
content-type: text/html
last-modified: Wed, 09 Feb 2022 11:25:40 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 767673
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ni6K4%2BBxcQ%2FPwBRh8BBcypOsQoDGpW8k9baIsl7dFqXNFpJHqAc%2FOZe9aYJGmLlnoncawBOpK%2BfVw%2FB%2FPSr%2F1wmkuHUufrntB2E97kRpK2Y8r6CtHXF2UjLufovAHkc7XA8wPk0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77818f099c1bb506-OSL
content-encoding: br
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f2fe38459d0ccc099737952c3fb1120d
ba046b002ef7febee75a5c144b2dee517d980ff0
47d8f1731767a59740ddecb7692a6e7697912303ca860e9900fee4b3f3a0a80a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "47D8F1731767A59740DDECB7692A6E7697912303CA860E9900FEE4B3F3A0A80A"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7036
Expires: Mon, 12 Dec 2022 00:09:10 GMT
Date: Sun, 11 Dec 2022 22:11:54 GMT
Connection: keep-alive
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 32 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
Hash 4babbffdd0272c3c7ee07417af640272
6543548a50d5ccbdbf68acfa5ca26c60291b1719
a47c0d9bdd56d6c3bf9b8042317ac198b42a5e889dc8790e0485ae8ca30e8d42
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: JOt1+efigzYk8oNLzCuLhGtQyOP2Oayul24n1hnUJtBjnBpt3jOaIp7RSFlKxfKxVF15Ie4KzgQZXu6jnfEJAg==
date: Sun, 11 Dec 2022 22:11:53 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.youtube.com/iframe_api
172.217.21.174200 OK 58 kB URL HTTP/2 www.youtube.com/iframe_api
IP 172.217.21.174:0
File type ASCII text, with very long lines (509)
Hash 0f0624b9ec5c89e245967290c1fb3843
9850b650f96e852b88f238a9f9814a845f7b78bb
db8d34e943fc8965bc39b29514e4160b2a7d0b805fbea7c74222f621cef3770c
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Sun, 11 Dec 2022 22:11:54 GMT
date: Sun, 11 Dec 2022 22:11:54 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=Kq9BYud2f7w; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=a635NOOJpQ4; Domain=.youtube.com; Expires=Fri, 09-Jun-2023 22:11:54 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+260; expires=Tue, 10-Dec-2024 22:11:54 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/close.svg
172.64.109.13200 OK 452 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/close.svg
IP 172.64.109.13:0
Hash 5b76c6498638d87b68d62a914960882f
9ff7881b63945bbb2c6cbb0eb70cfbcd5ab0f984
61298bd8fe7330b4b79ddfe4ace43951f9bdc833598ec376a82f044667aa00fa
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:54 GMT
content-type: image/svg+xml
last-modified: Mon, 17 Jan 2022 14:26:00 GMT
etag: W/"61e57c78-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2276419
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vHXgF5iXYrTAbuxyHM3DAGzfg%2BiJpNKws%2FErg%2FDvJ2q7bYQDS6194i4QCV1kwYhArkzM7LICIUw6AdI4%2FOesj%2BCpudMQbFk2PFku7a%2BTYJ9E9601I06VamaOBkaVlDyFRDjw54LpeLfO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77818f0b4dc2d184-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/style.css
172.64.109.13200 OK 2.5 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/style.css
IP 172.64.109.13:0
Hash 109d5da82e9a79678cdee29846a0b443
2241771c4af34ba7ef555d93056e2bedde9a044a
746e0e74d47cd045574da17a42605e7f7abb9eab5f4758a22fb7f138bd6a3a7b
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:54 GMT
content-type: text/css
last-modified: Wed, 09 Feb 2022 11:25:27 GMT
etag: W/"6203a4a7-2751"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1754235
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DVjCbsfyftHIUZ%2B9F%2BO0JDNG4LF9zRPKS6ykadB4Lr%2B8Aln6kYf5TRQyfjWBNNkH%2Fh3xBbNKDZPWak3%2Fjs1R5oJZX7kY7XlVZbAw8G39faqTG5so%2BluNBnnAf5%2Bvj2yVrpuEAmyt3llE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77818f0b1d89d184-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4ff941976d54fb3509d71d021fee5ec9
1d426b24ca16bb0043a838a9b066d44f23833468
bffa7b806f826caeee50cfc4a24b8ac1b1f9e7bc758cbb08c919c960bcaf082e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/instream/video/client.js
216.58.211.6200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP 216.58.211.6:0
File type ASCII text, with very long lines (2156)
Hash f45abe09864cec55c8b39318e86e71e6
dfeab6d2579f32dfddfb89cee44838d1939f887b
75a62fd8eb25fe7d8153c6a9b46faffd36acc5646c5a4200b798f854e1fc3338
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Sun, 11 Dec 2022 22:11:54 GMT
expires: Sun, 11 Dec 2022 22:11:54 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4ff941976d54fb3509d71d021fee5ec9
1d426b24ca16bb0043a838a9b066d44f23833468
bffa7b806f826caeee50cfc4a24b8ac1b1f9e7bc758cbb08c919c960bcaf082e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 22:11:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
patrondescendantprecursor.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fanimate.css&l=79245&fd=136
173.233.137.52200 OK 0 B URL HTTP/1.1 patrondescendantprecursor.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fanimate.css&l=79245&fd=136
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fanimate.css&l=79245&fd=136 HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=3a981a6a-b19b-4aec-b290-db2098b30661:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 22:11:54 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
patrondescendantprecursor.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fstyle.css&l=10065&fd=139
173.233.137.52200 OK 0 B URL HTTP/1.1 patrondescendantprecursor.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fstyle.css&l=10065&fd=139
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fstyle.css&l=10065&fd=139 HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=3a981a6a-b19b-4aec-b290-db2098b30661:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 22:11:54 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
15.235.42.79204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP 15.235.42.79:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sun, 11 Dec 2022 22:11:54 GMT
Connection: keep-alive
Expires: Mon, 11 Dec 2023 22:11:54 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 19:33:54 GMT
expires: Thu, 07 Dec 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 355081
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Dec 2022 13:33:13 GMT
expires: Sat, 09 Dec 2023 13:33:13 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 203922
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
patrondescendantprecursor.com/pixel/sbs?c=1
173.233.137.52200 OK 0 B URL HTTP/1.1 patrondescendantprecursor.com/pixel/sbs?c=1
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=3a981a6a-b19b-4aec-b290-db2098b30661:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 22:11:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
patrondescendantprecursor.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9NZkf%2FMCNymwUhEYEFUynPro63c5iMI4jwUwS5oO49H1V55nX9Yr3qro6ASE4OMyy3YjLyul8kHEQB9wK0hFEAoLtQrIw%2F4ArEWblQjppaL2LuvfUuYtzzn0P94pz4qOgZ%2Bu3zY7Smi7Edb%2F2xoZKhSldbfVeLfDr%2FvXahkqbjeu1%2FuRje28Hflz336y9L%2FmWWQj9wPcDP6jdUlYmpr9wwUJlT9pBve3XG2E9iBvo2%2F9iV3hw1IPonZMXocT4f5s%2FPYXiI6Tdb25Kt5Wb7K33uoWmubHoiaP76VZqyhTd2ZhYD0l6NN2GcWNCvrwCkx5NHcD09icOwNSYeL8FYOnRVCZY7%2BBSKdOQKZh4DmVvBKlHUHQEbh5AiV8IwAVW15B2D1eNLen2JUsn7JhcffYXVDkmV3%2B%2FhrT79ZJW%2Fdpdo4tcmdShn1RQ%2FRFUZ4SsOEG%2B40GVJ%2BD5p1DiZ7LwbAVpd3%2FNaQMlzl6LaLsV0CadZ0GbzTeo5PMsbPvzgoV%2Bu8Uiv9kMLiJSagSVjKDlANTNoXAeCuWhSDwUmYeuOKvRuJ34%2FmLCkihqNTjnUcR53GqKWESNVuKj4BMPA%2BTZAFwPwO0uMruLLTWALb6H26zghAeXE%2FREhVISlI6gpASlIihzgrJXHQjtQlcdCu0KFkx7OO1RNTR5Z48emLwjU7KXnZMXJsF5zz%2B%2Bhi15VkviVpw0Y97kzTgII9aOhfDbTEZhQ8iIMThVQbkroM7DjhqTuU%2F%2BQKbG5MrSAhg9gdMn4OpV0OIV0HK4GPqgm8NGy8dOeij7sq4MhKmQ5VeRb3t7%2Bpy8dHG66MPXIfnpjY%2FY7fGfx3%2BD2wqZrfCx%2BoGgox8N75iS7N8xpSNP17JcddUOnZz1bk5zOff4A7ldGiuWb7rB8Tt8QkzGJ%2Feky1doKlTaceSrJSWEtLeM5ZJ8t%2Bw2JFsv3OZSYdMiW1l%2F99ZyN7PSOWXSEagaE%2FLjKbgak%2F9%2Fe3DxZF%2F%2B7CGUHcEWFbrFKZkWlDkBz3bhspl%2BZwisnu2wzENZVEMbstlPrQi0nGHKKrh%2FYTab99wjdKwHmj9A2q3QsxV6ugLVA7hibphn9vTGr9FFgWlvyLT19pm2%2BvPLcJ06q8VBQ7ZYa5ELwSQXwWIYtSLfD4VoLLZl0EbuxvyL%2B8f%2FAAAA%2F%2F8BAAD%2F%2F1niwz6KBAAA
173.233.137.52200 OK 7 B URL HTTP/1.1 patrondescendantprecursor.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9NZkf%2FMCNymwUhEYEFUynPro63c5iMI4jwUwS5oO49H1V55nX9Yr3qro6ASE4OMyy3YjLyul8kHEQB9wK0hFEAoLtQrIw%2F4ArEWblQjppaL2LuvfUuYtzzn0P94pz4qOgZ%2Bu3zY7Smi7Edb%2F2xoZKhSldbfVeLfDr%2FvXahkqbjeu1%2FuRje28Hflz336y9L%2FmWWQj9wPcDP6jdUlYmpr9wwUJlT9pBve3XG2E9iBvo2%2F9iV3hw1IPonZMXocT4f5s%2FPYXiI6Tdb25Kt5Wb7K33uoWmubHoiaP76VZqyhTd2ZhYD0l6NN2GcWNCvrwCkx5NHcD09icOwNSYeL8FYOnRVCZY7%2BBSKdOQKZh4DmVvBKlHUHQEbh5AiV8IwAVW15B2D1eNLen2JUsn7JhcffYXVDkmV3%2B%2FhrT79ZJW%2Fdpdo4tcmdShn1RQ%2FRFUZ4SsOEG%2B40GVJ%2BD5p1DiZ7LwbAVpd3%2FNaQMlzl6LaLsV0CadZ0GbzTeo5PMsbPvzgoV%2Bu8Uiv9kMLiJSagSVjKDlANTNoXAeCuWhSDwUmYeuOKvRuJ34%2FmLCkihqNTjnUcR53GqKWESNVuKj4BMPA%2BTZAFwPwO0uMruLLTWALb6H26zghAeXE%2FREhVISlI6gpASlIihzgrJXHQjtQlcdCu0KFkx7OO1RNTR5Z48emLwjU7KXnZMXJsF5zz%2B%2Bhi15VkviVpw0Y97kzTgII9aOhfDbTEZhQ8iIMThVQbkroM7DjhqTuU%2F%2BQKbG5MrSAhg9gdMn4OpV0OIV0HK4GPqgm8NGy8dOeij7sq4MhKmQ5VeRb3t7%2Bpy8dHG66MPXIfnpjY%2FY7fGfx3%2BD2wqZrfCx%2BoGgox8N75iS7N8xpSNP17JcddUOnZz1bk5zOff4A7ldGiuWb7rB8Tt8QkzGJ%2Feky1doKlTaceSrJSWEtLeM5ZJ8t%2Bw2JFsv3OZSYdMiW1l%2F99ZyN7PSOWXSEagaE%2FLjKbgak%2F9%2Fe3DxZF%2F%2B7CGUHcEWFbrFKZkWlDkBz3bhspl%2BZwisnu2wzENZVEMbstlPrQi0nGHKKrh%2FYTab99wjdKwHmj9A2q3QsxV6ugLVA7hibphn9vTGr9FFgWlvyLT19pm2%2BvPLcJ06q8VBQ7ZYa5ELwSQXwWIYtSLfD4VoLLZl0EbuxvyL%2B8f%2FAAAA%2F%2F8BAAD%2F%2F1niwz6KBAAA
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9NZkf%2FMCNymwUhEYEFUynPro63c5iMI4jwUwS5oO49H1V55nX9Yr3qro6ASE4OMyy3YjLyul8kHEQB9wK0hFEAoLtQrIw%2F4ArEWblQjppaL2LuvfUuYtzzn0P94pz4qOgZ%2Bu3zY7Smi7Edb%2F2xoZKhSldbfVeLfDr%2FvXahkqbjeu1%2FuRje28Hflz336y9L%2FmWWQj9wPcDP6jdUlYmpr9wwUJlT9pBve3XG2E9iBvo2%2F9iV3hw1IPonZMXocT4f5s%2FPYXiI6Tdb25Kt5Wb7K33uoWmubHoiaP76VZqyhTd2ZhYD0l6NN2GcWNCvrwCkx5NHcD09icOwNSYeL8FYOnRVCZY7%2BBSKdOQKZh4DmVvBKlHUHQEbh5AiV8IwAVW15B2D1eNLen2JUsn7JhcffYXVDkmV3%2B%2FhrT79ZJW%2Fdpdo4tcmdShn1RQ%2FRFUZ4SsOEG%2B40GVJ%2BD5p1DiZ7LwbAVpd3%2FNaQMlzl6LaLsV0CadZ0GbzTeo5PMsbPvzgoV%2Bu8Uiv9kMLiJSagSVjKDlANTNoXAeCuWhSDwUmYeuOKvRuJ34%2FmLCkihqNTjnUcR53GqKWESNVuKj4BMPA%2BTZAFwPwO0uMruLLTWALb6H26zghAeXE%2FREhVISlI6gpASlIihzgrJXHQjtQlcdCu0KFkx7OO1RNTR5Z48emLwjU7KXnZMXJsF5zz%2B%2Bhi15VkviVpw0Y97kzTgII9aOhfDbTEZhQ8iIMThVQbkroM7DjhqTuU%2F%2BQKbG5MrSAhg9gdMn4OpV0OIV0HK4GPqgm8NGy8dOeij7sq4MhKmQ5VeRb3t7%2Bpy8dHG66MPXIfnpjY%2FY7fGfx3%2BD2wqZrfCx%2BoGgox8N75iS7N8xpSNP17JcddUOnZz1bk5zOff4A7ldGiuWb7rB8Tt8QkzGJ%2Feky1doKlTaceSrJSWEtLeM5ZJ8t%2Bw2JFsv3OZSYdMiW1l%2F99ZyN7PSOWXSEagaE%2FLjKbgak%2F9%2Fe3DxZF%2F%2B7CGUHcEWFbrFKZkWlDkBz3bhspl%2BZwisnu2wzENZVEMbstlPrQi0nGHKKrh%2FYTab99wjdKwHmj9A2q3QsxV6ugLVA7hibphn9vTGr9FFgWlvyLT19pm2%2BvPLcJ06q8VBQ7ZYa5ELwSQXwWIYtSLfD4VoLLZl0EbuxvyL%2B8f%2FAAAA%2F%2F8BAAD%2F%2F1niwz6KBAAA HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=3a981a6a-b19b-4aec-b290-db2098b30661:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 22:11:55 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 00b3e005fcf85d7c78b426d87a333a29
Strict-Transport-Security: max-age=0; includeSubdomains
adservice.google.com/adsid/integrator.js?domain=exee.app
142.250.74.2200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP 142.250.74.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 11 Dec 2022 22:11:55 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
15.235.42.79206 Partial Content 454 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP 15.235.42.79:0
Size 454 kB (453832 bytes)
Hash b2fa66eb6fbe5a86875597aafd72688e
3f3ffb07d91b34dcbaa886bbbb50c59ab33767c8
f2985ff1aa24da33cb50632ba0daed5632c90cd761f6a53c56084988c4ae4cc2
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-453831
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.20.1
Date: Sun, 11 Dec 2022 22:11:55 GMT
Content-Type: video/mp2t
Content-Length: 453832
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Connection: keep-alive
ETag: "62e47d37-cce09a8"
Expires: Mon, 11 Dec 2023 22:11:55 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-453831/214829480
pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2Fadrifenice&tfcd=0&npa=0&correlator=157047069332146&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2Fadrifenice&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.549.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.549.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2Fbdd5b116-aa50-45bb-9e36-51fdcdfaeeaa&sid=FABAB12F-B09B-4BC9-8C53-EA71F71DE65E&nel=0&eid=44748969%2C44765701&dlt=1670796710470&idt=2473&dt=1670796713969&cookie_enabled=1&scor=2851169157073288&ged=ve4_td4_tt1_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
142.250.74.162200 OK 113 B URL HTTP/2 pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2Fadrifenice&tfcd=0&npa=0&correlator=157047069332146&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2Fadrifenice&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.549.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.549.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2Fbdd5b116-aa50-45bb-9e36-51fdcdfaeeaa&sid=FABAB12F-B09B-4BC9-8C53-EA71F71DE65E&nel=0&eid=44748969%2C44765701&dlt=1670796710470&idt=2473&dt=1670796713969&cookie_enabled=1&scor=2851169157073288&ged=ve4_td4_tt1_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
IP 142.250.74.162:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash 9e5d36292a75aef07bdde5891b2e4a7b
8d69904b7df5e550f1884e06c139bd9661eb2917
92ffc3ec51e068750c23ae95041fd670aa4aa60ce3a5295ad27d2179d0780168
GET /gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2Fadrifenice&tfcd=0&npa=0&correlator=157047069332146&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2Fadrifenice&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.549.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.549.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2Fbdd5b116-aa50-45bb-9e36-51fdcdfaeeaa&sid=FABAB12F-B09B-4BC9-8C53-EA71F71DE65E&nel=0&eid=44748969%2C44765701&dlt=1670796710470&idt=2473&dt=1670796713969&cookie_enabled=1&scor=2851169157073288&ged=ve4_td4_tt1_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491 HTTP/1.1
Host: pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://imasdk.googleapis.com
google-lineitem-id: -2
google-creative-id: -2
google-mediationgroup-id: -2
google-mediationtag-id: -2
date: Sun, 11 Dec 2022 22:11:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 113
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 11-Dec-2022 22:26:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f90f9f624d5e77db67e23840673cb129
5f43dbc9b90d279552eb3a8006e32bf601a028af
6a32690735e555032b3271b2ecc5e33c631b4efbb63d296e53fd0c4b7f49a02e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A32690735E555032B3271B2ECC5E33C631B4EFBB63D296E53FD0C4B7F49A02E"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10127
Expires: Mon, 12 Dec 2022 01:00:43 GMT
Date: Sun, 11 Dec 2022 22:11:56 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f90f9f624d5e77db67e23840673cb129
5f43dbc9b90d279552eb3a8006e32bf601a028af
6a32690735e555032b3271b2ecc5e33c631b4efbb63d296e53fd0c4b7f49a02e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A32690735E555032B3271B2ECC5E33C631B4EFBB63D296E53FD0C4B7F49A02E"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10127
Expires: Mon, 12 Dec 2022 01:00:43 GMT
Date: Sun, 11 Dec 2022 22:11:56 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=3a981a6a-b19b-4aec-b290-db2098b30661&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=3a981a6a-b19b-4aec-b290-db2098b30661&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=3a981a6a-b19b-4aec-b290-db2098b30661&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 22:11:56 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6fbfb7b88b2569c36f468d06fb1f53a0
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=3a981a6a-b19b-4aec-b290-db2098b30661&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=3a981a6a-b19b-4aec-b290-db2098b30661&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=3a981a6a-b19b-4aec-b290-db2098b30661&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 22:11:56 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 796bca12613950fae130e51e30b10e1e
Strict-Transport-Security: max-age=0; includeSubdomains
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:52 GMT
content-type: text/plain
set-cookie: csu=989125383288399@1@1670796712; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iu7jDT8OfMd%2BB8vL8nxpVhQAvlR0Z9WG92jxeu0IgQQGShXVNMxsMUiUNNAezyF478Q5zjFA%2F0HC2RrTND5qyaHBuPcacD%2FVQIKquHdnJ99aVA%2FdZptpFcJpX0jxWQdv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77818efd7a677732-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.vdo.ai/core/v-exee-app/vdo.ai.js
172.64.105.3200 OK 0 B URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP 172.64.105.3:0
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:52 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
vdo-server: Tag2
cache-control: public, max-age=1800
x-varnish: 29874808 27443957
via: 1.1 varnish-v4
x-cache: HIT
cf-cache-status: EXPIRED
last-modified: Sun, 11 Dec 2022 22:11:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bAHF%2BVQeHvdKthkSrk7Yw4DWQUErwolBixCjIhxot%2BQYmeJDDCbq1AZJ%2Fj00z0NGsRSwgOM%2FIDVIXL%2BChy73KUTKOq%2BoCzQDglqEQ9L2lXo6xFytNvjqTELsMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77818efd2fb77302-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:52 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 288
last-modified: Sun, 11 Dec 2022 22:07:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tjHS1d8FFU1KIeY1iJ6L82zWk6caIvv2TYb9ik32reKh0oEyEVxyauakc2sXJ0W7f8Orn0zKBZ8irnbruMkjpamBafSNx41q4hmgGw52lPAKMVwvo7WRtgRezfMfClhf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77818efd5a167732-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.141.24200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.141.24:0
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:53 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: cbc9b0b621d53a72c63348b970f0d074
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 11 Dec 2022 22:11:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ufMYHL746ozbPLvGFo49Q5A7Ceq%2FAvLTlyN1ORbw7Dw4SHKmrt3M8dUsYOBEB4%2FzkwExq53KERoXLOoeumRQUDScqS0X3SiT0NB1I317pkrLRZEXc9WHAhZwS63CaCk77%2FUEYSA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77818f01abc4240f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/animate.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/animate.css
IP 172.64.109.13:0
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:54 GMT
content-type: text/css
last-modified: Mon, 17 Jan 2022 14:25:59 GMT
etag: W/"61e57c77-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1754235
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=42Uu7RoSDpsef6219vqbHtaipUh85trgllm5TcQRksjPCBlWWOYvcCPq2GZbb%2FYpHLfsxN1F9L4NFR%2BFZA4quUtiuVxDdoxW5RnBP4vOJVNhabK4LmUEbjcMFXyhCBZr2eXBOvtqTLNO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77818f0b2d95d184-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:52 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 288
last-modified: Sun, 11 Dec 2022 22:07:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IrJ7ZBL9CVcXbZKYnBVMmhqRH7Sb3BzXd%2FNoVsHw9g7Nhj5eyVqSypTFIUjbOJKpYE91fKzX8KlhOoyJgkW44cNL%2F43pX04CPpUsTdkMEKlOdJTdzYOP6oqQCC7h5mhr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77818efd5a117732-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2Fadrifenice&tag=v-exee-app&domain=exee.app
172.64.104.3200 OK 0 B URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2Fadrifenice&tag=v-exee-app&domain=exee.app
IP 172.64.104.3:0
GET /allowed_url.php?type=json&url=exee.app%2Fadrifenice&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:52 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y7IkMLN%2F5p%2BFazTSymPpBIcHsTCLaCoEeHEqiTN9ev5b3%2B1J89WzqeVifUlEDWRYPhYXFuX1m0gTWYaUfP9qFcSzf6H%2BYUzt4Crxa8DsDtWuM2gZ0Un1GwePeBcZC3n3TFpS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77818eff3f1324f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/js/script.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/js/script.js
IP 172.64.109.13:0
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 22:11:54 GMT
content-type: application/javascript
last-modified: Mon, 17 Jan 2022 14:40:54 GMT
etag: W/"61e57ff6-1e8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1026573
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7op3ggvi56ayLk4RJUQ4kVE%2FtoXdRlrFU7n4u9KynjmQKym62Ee8fsHeKn7KIMW9i8wO%2BFlAx8KrYD713v68kASGN5E1O5a%2BKYUPI%2FbXUMx%2B7X7ApP2XDwltYsmZGVmdzaTAwWH6SrLT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77818f0b2d90d184-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2