exe.io/4gPNMa3e
301 Moved Permanently 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /4gPNMa3e HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Dec 2022 22:40:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 07 Dec 2022 23:40:24 GMT
Location: https://exe.io/4gPNMa3e
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CV%2FZ8XilCIAz4cAUt0afWtyjBi%2BwVOpueBVSUxT53J28jkQ6NJWd15VDuVA1PW78MQGP45zv5ebB0zGjqECOkz8QMipvTo142dwpdaU3ATtdBcneyQoc%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7760c34728d4b518-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8681
Expires: Thu, 08 Dec 2022 01:05:05 GMT
Date: Wed, 07 Dec 2022 22:40:24 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13909
Expires: Thu, 08 Dec 2022 02:32:13 GMT
Date: Wed, 07 Dec 2022 22:40:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 22:08:06 GMT
content-type: application/json
age: 1938
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4648
Expires: Wed, 07 Dec 2022 23:57:52 GMT
Date: Wed, 07 Dec 2022 22:40:24 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 279 B IP
Hash d35e79a7a87fd0861c569a4da50627a4
bd88c3c5fa7e04f223dfa3cdb5b76e845fbefafe
0182851b8ad326dccaaf6c8e52e43eef8f45c67a10f423f57181f9481ef1d96b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5327
Cache-Control: max-age=85755
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:24 GMT
Etag: "638fad84-117"
Expires: Thu, 08 Dec 2022 22:29:39 GMT
Last-Modified: Tue, 06 Dec 2022 21:00:52 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: OsKfJiz4keLQJGCyCcLP3v7KiVMQqMKWNw2tGs6zvGa8tGGcXd4foaWsmgeBvycXnpRjUgxHmJY=
x-amz-request-id: 0DSCNZNS4NZTKYNW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 21:47:40 GMT
age: 3164
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 22:40:24 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash d35e79a7a87fd0861c569a4da50627a4
bd88c3c5fa7e04f223dfa3cdb5b76e845fbefafe
0182851b8ad326dccaaf6c8e52e43eef8f45c67a10f423f57181f9481ef1d96b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5327
Cache-Control: max-age=85755
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:24 GMT
Etag: "638fad84-117"
Expires: Thu, 08 Dec 2022 22:29:39 GMT
Last-Modified: Tue, 06 Dec 2022 21:00:52 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash c60c2123426686d7a152be20d9fc69a5
7e70926256b7ea6310a2ed5ddfab288699f93974
a4e03dcf4daba37f345242c687a2956f3af01f8955f94a455209ca274e18fe65
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A4E03DCF4DABA37F345242C687A2956F3AF01F8955F94A455209CA274E18FE65"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4138
Expires: Wed, 07 Dec 2022 23:49:22 GMT
Date: Wed, 07 Dec 2022 22:40:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 22:07:58 GMT
age: 1946
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash c60c2123426686d7a152be20d9fc69a5
7e70926256b7ea6310a2ed5ddfab288699f93974
a4e03dcf4daba37f345242c687a2956f3af01f8955f94a455209ca274e18fe65
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A4E03DCF4DABA37F345242C687A2956F3AF01F8955F94A455209CA274E18FE65"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4137
Expires: Wed, 07 Dec 2022 23:49:22 GMT
Date: Wed, 07 Dec 2022 22:40:25 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4087
Cache-Control: max-age=128072
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:25 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:14:57 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 44 kB IP
Hash 2b4eaf6faea0e1bd5736684e51852073
3c85d53d27276e87fafc861e0c7d39dadab32af9
b130b6acdee8fbbcb15acd9b19d71d17f5351d65ef7127a2e83bcd6fbb9eb3e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 30aec170d58f580f2ed4da4b92d72cc7
3b11a98ba9563f7f266e7a935e3b78bd0c0712aa
7b25e66e4383cdb29228d0451a4810eeab7d194ca81045e066c00c9467f29312
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP
File type ASCII text, with very long lines (1921)
Hash 6a414a8cf1478e5df6718874b57d128a
a2c90f7e8de5f5352f4821891af6ffd283d63bb3
8fae038267c02edab9b2dc6a2e86a0585e0c771fe2efe1cce177c7e5b539e939
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 07 Dec 2022 22:40:25 GMT
expires: Wed, 07 Dec 2022 22:40:25 GMT
cache-control: private, max-age=900
last-modified: Wed, 07 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43633
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 30aec170d58f580f2ed4da4b92d72cc7
3b11a98ba9563f7f266e7a935e3b78bd0c0712aa
7b25e66e4383cdb29228d0451a4810eeab7d194ca81045e066c00c9467f29312
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash b3487d39a8fa6e910fc56ab7474c31dc
0cbc4f05a4af90b697770ac52aee943613ff65b4
adbf7426bb660d1f7889f11b27e53419d7416ef806ba5a204a4b3cc22adcf153
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "ADBF7426BB660D1F7889F11B27E53419D7416EF806BA5A204A4B3CC22ADCF153"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3253
Expires: Wed, 07 Dec 2022 23:34:38 GMT
Date: Wed, 07 Dec 2022 22:40:25 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash b3487d39a8fa6e910fc56ab7474c31dc
0cbc4f05a4af90b697770ac52aee943613ff65b4
adbf7426bb660d1f7889f11b27e53419d7416ef806ba5a204a4b3cc22adcf153
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "ADBF7426BB660D1F7889F11B27E53419D7416EF806BA5A204A4B3CC22ADCF153"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3253
Expires: Wed, 07 Dec 2022 23:34:38 GMT
Date: Wed, 07 Dec 2022 22:40:25 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 279 B IP
Hash bdb7258c93b1966efa9cfaa0db1a066d
97e9dccd115f9bb4a26717b3d653d4ed9e474b9a
7b60369a983e68fa2c4085c520093c266216e13020a03935582bacf0bc87c9d6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2754
Cache-Control: max-age=130337
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:25 GMT
Etag: "639065b8-117"
Expires: Fri, 09 Dec 2022 10:52:42 GMT
Last-Modified: Wed, 07 Dec 2022 10:06:48 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qxmGFsu5MdqGhzfbHCTgiw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dU9vaHoGe9oO10w3xA5nvkufAB0=
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 0a7f3569daca0714122cf2c2e2145763
a286adaa66480bb99214659c2e78f26723eec5cf
24153f851e57ee0c86efdb33ee350e608e1e1eb67a8e481afca65ffaafdaada9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "24153F851E57EE0C86EFDB33EE350E608E1E1EB67A8E481AFCA65FFAAFDAADA9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4015
Expires: Wed, 07 Dec 2022 23:47:20 GMT
Date: Wed, 07 Dec 2022 22:40:25 GMT
Connection: keep-alive
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:56:07 GMT
expires: Tue, 05 Dec 2023 18:56:07 GMT
cache-control: public, max-age=31536000
age: 186258
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 72498aa7410b19359c8a651c9c84cf5d
c67b11b5f97b7d3687ef17235d04f57092d282a6
b4fdbd853f83a0b0e4401df31d5ffafa229a8a74e51dbe388a69f5df405eeb50
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B4FDBD853F83A0B0E4401DF31D5FFAFA229A8A74E51DBE388A69F5DF405EEB50"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3884
Expires: Wed, 07 Dec 2022 23:45:09 GMT
Date: Wed, 07 Dec 2022 22:40:25 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP
Hash 4eb6b6b44e82e088f27dd5c58edc5114
8fe2d591d197f4708f525b2b6fd094c1496020aa
6cb700348b7cf57e7d24579c4fdf1ace1027137006e00f2b6a9ed0a7dc8ada88
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:25 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:52:41 GMT
expires: Tue, 05 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 186464
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP
Hash 4eb6b6b44e82e088f27dd5c58edc5114
8fe2d591d197f4708f525b2b6fd094c1496020aa
6cb700348b7cf57e7d24579c4fdf1ace1027137006e00f2b6a9ed0a7dc8ada88
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:25 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
uthecrimorew.com/utx?cb=K1IEVL7dkEDf&top=exee.app&tid=822524
204 No Content 0 B URL HTTP/2 uthecrimorew.com/utx?cb=K1IEVL7dkEDf&top=exee.app&tid=822524
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=K1IEVL7dkEDf&top=exee.app&tid=822524 HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 22:40:25 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 07 Dec 2022 22:41:25 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: Y5ZkCvOeEQmdYcesBMOzEScs7GFZ6EZEVtC-SM8TIDCq-f7NTr5yYA==
X-Firefox-Spdy: h2
uthecrimorew.com/S2JsdW8qAA8YUCpfDlMaOQ5RUF0NR14zC3kICwVXeg8GAggsGx5bDCcNGREJOQ0CAUElBxhQXQ0oOTMAezgpGhUFNAM2CxgzFiApJxsNMiIKOjRAXQYnDzklCCACEzsSAA0kVj8jPjQuLSctECMmUx0wCCwQPB9fATMFTUp5ICMkAx0AKDBKeSA6GQNuUC4RBn4nLwwpPzIpJAsbJlhENwlWSUcpBToUNy0TAVU7On8sJh8YfCc6LCIROj0wPhMKCxYEBiwmMT56MxQRGRIPHBQqDFsFFAgdNzYyLW5QKjcWERQ1GB8PJj8nAikKKi0sAzQDNy0zWjY9VwMoAUwGKglBLDwpUCEXLR0wSUcpLQ8DET4TCgslOQ4qJSFWblAqNwYBVjUyHA40JAEIKhoqIgohOxYnCA4RPAwmGTQLDQcqBSo+CiU7GjY5HkQGBgAlElE8PRpbOSwKETI
200 OK 1.2 kB URL HTTP/2 uthecrimorew.com/S2JsdW8qAA8YUCpfDlMaOQ5RUF0NR14zC3kICwVXeg8GAggsGx5bDCcNGREJOQ0CAUElBxhQXQ0oOTMAezgpGhUFNAM2CxgzFiApJxsNMiIKOjRAXQYnDzklCCACEzsSAA0kVj8jPjQuLSctECMmUx0wCCwQPB9fATMFTUp5ICMkAx0AKDBKeSA6GQNuUC4RBn4nLwwpPzIpJAsbJlhENwlWSUcpBToUNy0TAVU7On8sJh8YfCc6LCIROj0wPhMKCxYEBiwmMT56MxQRGRIPHBQqDFsFFAgdNzYyLW5QKjcWERQ1GB8PJj8nAikKKi0sAzQDNy0zWjY9VwMoAUwGKglBLDwpUCEXLR0wSUcpLQ8DET4TCgslOQ4qJSFWblAqNwYBVjUyHA40JAEIKhoqIgohOxYnCA4RPAwmGTQLDQcqBSo+CiU7GjY5HkQGBgAlElE8PRpbOSwKETI
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 9a5158b970e9fa9aca9afd0b9e65c67f
f00469f4cde4c14529070892f3c4cea6c2b109ad
f01a60ad75e3e321bc8e2b040e9bf059b4fd0c14adbae74e0f9e6c7691031e08
GET /S2JsdW8qAA8YUCpfDlMaOQ5RUF0NR14zC3kICwVXeg8GAggsGx5bDCcNGREJOQ0CAUElBxhQXQ0oOTMAezgpGhUFNAM2CxgzFiApJxsNMiIKOjRAXQYnDzklCCACEzsSAA0kVj8jPjQuLSctECMmUx0wCCwQPB9fATMFTUp5ICMkAx0AKDBKeSA6GQNuUC4RBn4nLwwpPzIpJAsbJlhENwlWSUcpBToUNy0TAVU7On8sJh8YfCc6LCIROj0wPhMKCxYEBiwmMT56MxQRGRIPHBQqDFsFFAgdNzYyLW5QKjcWERQ1GB8PJj8nAikKKi0sAzQDNy0zWjY9VwMoAUwGKglBLDwpUCEXLR0wSUcpLQ8DET4TCgslOQ4qJSFWblAqNwYBVjUyHA40JAEIKhoqIgohOxYnCA4RPAwmGTQLDQcqBSo+CiU7GjY5HkQGBgAlElE8PRpbOSwKETI HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1188
date: Wed, 07 Dec 2022 22:40:25 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: ZrMaVsMAn-l3aEpQ6n2jFODHHbLJCezotE8wwK8fS4QHctXk-D5DkA==
X-Firefox-Spdy: h2
uthecrimorew.com/bnZBVTYPFCI4CQ9LI3NDHBp8cAQoU3MTUlwcJiUOXxsrIlEJDzN7VQIZNDFQHBkvIRgAEzVwBCggFx1nXCUJMgUpRyYgZBc3JQBYODcYEFUrECo5TyYdFDtwByQLB2cjOhERfBQTFG0COx0ILH4pGgQQdT8sDj17IhQpZQAoATVgbgQjEAN+ODsiMnA2EhMAASoaeT5wKiATF3dbOCQ+ZzoTKj0OL0d5OH4qBQUHYV89GxdGLRQUJV08Jxs4ZSYwCTFxXz0bFHgIPCpgUTsnFB5uOSwEAVhbOyIAUl4UFCVdLB0DIWUWIAcXWF8hGxMGOhMqMkwrIGwAXChFBxJVJgYID2M/MSQAXgIjEAcCJhxxEmMXQhkZcCszBT5aBScTPQI2HwcfdBlQKyZZAAZ8Jn0dHgcQB1ka
200 OK 1.2 kB URL HTTP/2 uthecrimorew.com/bnZBVTYPFCI4CQ9LI3NDHBp8cAQoU3MTUlwcJiUOXxsrIlEJDzN7VQIZNDFQHBkvIRgAEzVwBCggFx1nXCUJMgUpRyYgZBc3JQBYODcYEFUrECo5TyYdFDtwByQLB2cjOhERfBQTFG0COx0ILH4pGgQQdT8sDj17IhQpZQAoATVgbgQjEAN+ODsiMnA2EhMAASoaeT5wKiATF3dbOCQ+ZzoTKj0OL0d5OH4qBQUHYV89GxdGLRQUJV08Jxs4ZSYwCTFxXz0bFHgIPCpgUTsnFB5uOSwEAVhbOyIAUl4UFCVdLB0DIWUWIAcXWF8hGxMGOhMqMkwrIGwAXChFBxJVJgYID2M/MSQAXgIjEAcCJhxxEmMXQhkZcCszBT5aBScTPQI2HwcfdBlQKyZZAAZ8Jn0dHgcQB1ka
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3014), with no line terminators
Hash 8ef1a05b8d4bf6fd70af699ec3b0ff08
a567cafd74521333ebf7d1747184818fc426eac6
9f7f8e64d1eb7e430f4e2e75c05d074379d8a44fce30220ee1f837a6188cf65d
GET /bnZBVTYPFCI4CQ9LI3NDHBp8cAQoU3MTUlwcJiUOXxsrIlEJDzN7VQIZNDFQHBkvIRgAEzVwBCggFx1nXCUJMgUpRyYgZBc3JQBYODcYEFUrECo5TyYdFDtwByQLB2cjOhERfBQTFG0COx0ILH4pGgQQdT8sDj17IhQpZQAoATVgbgQjEAN+ODsiMnA2EhMAASoaeT5wKiATF3dbOCQ+ZzoTKj0OL0d5OH4qBQUHYV89GxdGLRQUJV08Jxs4ZSYwCTFxXz0bFHgIPCpgUTsnFB5uOSwEAVhbOyIAUl4UFCVdLB0DIWUWIAcXWF8hGxMGOhMqMkwrIGwAXChFBxJVJgYID2M/MSQAXgIjEAcCJhxxEmMXQhkZcCszBT5aBScTPQI2HwcfdBlQKyZZAAZ8Jn0dHgcQB1ka HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Wed, 07 Dec 2022 22:40:25 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: sTgaQ_uQ17DFFYMhG_Lq5CUTfYAq3vqumngYAaUHO0IZADi4_6N6Mw==
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 0a7f3569daca0714122cf2c2e2145763
a286adaa66480bb99214659c2e78f26723eec5cf
24153f851e57ee0c86efdb33ee350e608e1e1eb67a8e481afca65ffaafdaada9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "24153F851E57EE0C86EFDB33EE350E608E1E1EB67A8E481AFCA65FFAAFDAADA9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4015
Expires: Wed, 07 Dec 2022 23:47:20 GMT
Date: Wed, 07 Dec 2022 22:40:25 GMT
Connection: keep-alive
thethesmahat.com/cmN6M3FdXBlATCU1HmMTHAsdUR9HAC50BR4FFkM+E1EeByZCV1xHGBZeQgtIRlpOFQEbB0cCVwEXG0cEAV5LFRgcBRUOVwReSx1CRk1JAl9DRQ8OQFQXClIWT1JcQwUGD0cCR0VTTgZDSlFOC0hB
204 No Content 0 B URL HTTP/2 thethesmahat.com/cmN6M3FdXBlATCU1HmMTHAsdUR9HAC50BR4FFkM+E1EeByZCV1xHGBZeQgtIRlpOFQEbB0cCVwEXG0cEAV5LFRgcBRUOVwReSx1CRk1JAl9DRQ8OQFQXClIWT1JcQwUGD0cCR0VTTgZDSlFOC0hB
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cmN6M3FdXBlATCU1HmMTHAsdUR9HAC50BR4FFkM+E1EeByZCV1xHGBZeQgtIRlpOFQEbB0cCVwEXG0cEAV5LFRgcBRUOVwReSx1CRk1JAl9DRQ8OQFQXClIWT1JcQwUGD0cCR0VTTgZDSlFOC0hB HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 22:40:25 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2BdxSwhBAYULS2D%2FuE0DSJ7lVAr6zZZtGGLAC%2BmXGAuNqJ9eYNy7R1zrpAECKxUJF6pq7whuYE14cvkL7desceLm0ydIiEY2nuuWEt4oFSqO8AmkYbzvV%2FJx7pkk%2B%2FLxgFjO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c34f2af3b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP
Hash 4eb6b6b44e82e088f27dd5c58edc5114
8fe2d591d197f4708f525b2b6fd094c1496020aa
6cb700348b7cf57e7d24579c4fdf1ace1027137006e00f2b6a9ed0a7dc8ada88
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:25 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pogothere.xyz/asd100.bin
200 OK 146 kB IP
Size 146 kB (145977 bytes)
Hash 2dfb25f50201cc5735896ff7533e91ae
2588aca2a813a41df50e0257b2df96ba8981eb68
e794dc1589f93c93a4f0b8b05e4de8740247361820cbfa51b7e57e01804a6bf4
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:25 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3189
last-modified: Wed, 07 Dec 2022 21:47:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ItuiTXNBNqOHO4l71Eh%2BEQB4mA5lHcCGqikVXGKwP8BP%2F1DxTzFY9myrjGvgWCxryisuxc9%2B54FsyuXpMxAAv6ThBdj6%2Bf0TAs5TbK2QngjDE4IBPVPhVa95om8it0a6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7760c34f0bd023cf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thethesmahat.com/TG51WWVjURYqWBs5EQEHfwoSDDIODSFrDRQ3GTUgLQIRMDInP1MtDChTTWtXeVxBfxUlCkhoQz8aFC0QP1NEfwwiCBpkQzpTRHdWeEBGaEt9SABkVGoaBTgCcV9TKRE4AkhoU3teQWxXdFxBYVF+
204 No Content 0 B URL HTTP/2 thethesmahat.com/TG51WWVjURYqWBs5EQEHfwoSDDIODSFrDRQ3GTUgLQIRMDInP1MtDChTTWtXeVxBfxUlCkhoQz8aFC0QP1NEfwwiCBpkQzpTRHdWeEBGaEt9SABkVGoaBTgCcV9TKRE4AkhoU3teQWxXdFxBYVF+
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TG51WWVjURYqWBs5EQEHfwoSDDIODSFrDRQ3GTUgLQIRMDInP1MtDChTTWtXeVxBfxUlCkhoQz8aFC0QP1NEfwwiCBpkQzpTRHdWeEBGaEt9SABkVGoaBTgCcV9TKRE4AkhoU3teQWxXdFxBYVF+ HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 22:40:25 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3VbLAvoIl6wJcwr2%2BIWXWB5N5Zej07%2BL0veZsbJGiF8LwWIitK%2FhtXY4VlONr9TF2aIQXrwwfj1VIjiSFeYLuoiL5rP1NCrbenQxzFSakPOYD3PE4WD%2BfYMV55Lb4Gk3QCcx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c34f5b1ab4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5204f71dc2dc79ec007d4b7c9200f551
4d2ce95b75425121fa6ca110c3dd591827b37f06
c9442f7c8db06fe6f3bf01e3a46c634be1dd7b6b17229a62efac4f6e7139ce85
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9442F7C8DB06FE6F3BF01E3A46C634BE1DD7B6B17229A62EFAC4F6E7139CE85"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11881
Expires: Thu, 08 Dec 2022 01:58:26 GMT
Date: Wed, 07 Dec 2022 22:40:25 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
200 OK 2.0 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP
File type ASCII text, with very long lines (3047)
Hash 42e4bcba44220768d317d66b8a1d0df2
7643bddc85524e902674bd16382e305513ed3f3a
e573018b308be81b74dfdb3b26a404c7a4b59c43cee90e40970534f9645a31f4
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Dec 2022 22:40:25 GMT
date: Wed, 07 Dec 2022 22:40:25 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash bdb7258c93b1966efa9cfaa0db1a066d
97e9dccd115f9bb4a26717b3d653d4ed9e474b9a
7b60369a983e68fa2c4085c520093c266216e13020a03935582bacf0bc87c9d6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2754
Cache-Control: max-age=130337
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:25 GMT
Etag: "639065b8-117"
Expires: Fri, 09 Dec 2022 10:52:42 GMT
Last-Modified: Wed, 07 Dec 2022 10:06:48 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279
uthecrimorew.com/utx?cb=VsiXL3mPdAoU&top=exee.app&tid=889494
204 No Content 0 B URL HTTP/2 uthecrimorew.com/utx?cb=VsiXL3mPdAoU&top=exee.app&tid=889494
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=VsiXL3mPdAoU&top=exee.app&tid=889494 HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 22:40:25 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 07 Dec 2022 22:41:25 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: cUiiqyErcKPtND2kBs0n3_6Gsrq8VUqvHW3J0WQ4DFRediwXnCCWOA==
X-Firefox-Spdy: h2
exee.app/4gPNMa3e
200 OK 181 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61744)
Size 181 kB (181135 bytes)
Hash 54a27525419ea843d468e487903212fa
a1be3d3f39f207cebf3bb52af8e95f6d39e793a0
bb52f7953d8b943d572b528577479fee0706a2c134a03dc7164a59678137625e
GET /4gPNMa3e HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:24 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=df455546de1c0b537392ae084112b536; path=/; HttpOnly
csrfToken=1df21f42eb0aa7985bcdbde02a2c38a6f204af2d0c6a0dca577f13f97ca3134cef678c95bc2e7f4103f28eb212244396bf58f8ab276c55568a9323540fd05c94; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P44nLYfaYy8xfjkLdb%2BYoX5QKfDhCDwE90kqKnhB2FlZczh02rHIevembpOcuH53purnU7EVspLAsxRaKCYtz4GXy8lCwALCMlodCxHBMYckl6PQmBkqw9OXkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c34ae9ef0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fn.deulspoorn.com/1clkn/29529
200 OK 26 B URL HTTP/1.1 fn.deulspoorn.com/1clkn/29529
IP
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: fn.deulspoorn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 22:40:25 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Thu, 08-Dec-2022 22:40:25 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Thu, 08-Dec-2022 22:40:25 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP
Hash 4eb6b6b44e82e088f27dd5c58edc5114
8fe2d591d197f4708f525b2b6fd094c1496020aa
6cb700348b7cf57e7d24579c4fdf1ace1027137006e00f2b6a9ed0a7dc8ada88
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:25 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thethesmahat.com/YUZxbHBOeRIfTTYOPyI9UjYBPUMWDSUBCCYiMDo7AAMrVDMKD1cYGQV7SVhDU3BASgAIIkxdSEc1BQ0EFDVMXVYIKBcDTUcwTF1eUWhDQkJHM0xdVhU2EAtNUGABGAQNe0BaR1FyRF5IU3JIXUA
204 No Content 0 B URL HTTP/2 thethesmahat.com/YUZxbHBOeRIfTTYOPyI9UjYBPUMWDSUBCCYiMDo7AAMrVDMKD1cYGQV7SVhDU3BASgAIIkxdSEc1BQ0EFDVMXVYIKBcDTUcwTF1eUWhDQkJHM0xdVhU2EAtNUGABGAQNe0BaR1FyRF5IU3JIXUA
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /YUZxbHBOeRIfTTYOPyI9UjYBPUMWDSUBCCYiMDo7AAMrVDMKD1cYGQV7SVhDU3BASgAIIkxdSEc1BQ0EFDVMXVYIKBcDTUcwTF1eUWhDQkJHM0xdVhU2EAtNUGABGAQNe0BaR1FyRF5IU3JIXUA HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 22:40:25 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7i5qnNXXoGMF3NZsJk39GBZEuWUE%2FImCEo1OfhQCDjkhrfsGYh%2Fc%2Fj6Z6t1cMlrCTnB8xCqSBNfKR0ILPFvdDXYuh%2F7lGeAyQxeHoM1yjrOYH6urFLOiNO8HpPIY3Bq8sPsV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c3502bccb4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 903b57e9469c6f9aed96e4c10f8d335d
a6a4b2f07388b846299e86785a8c746a71632ed3
1ed983e83ea9a1c376a5b801250b9f22aecdffddf4f4600b5b92646fe0609f6a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1ED983E83EA9A1C376A5B801250B9F22AECDFFDDF4F4600B5B92646FE0609F6A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8149
Expires: Thu, 08 Dec 2022 00:56:14 GMT
Date: Wed, 07 Dec 2022 22:40:25 GMT
Connection: keep-alive
d2jgp81mjwggyr.cloudfront.net/VVHQ2SHg3G1guRyAdUnVAYEcEfklyHkUnFiRJRQMLPDJzeU84UkIyHGlEECQZOhMLbh06Fwt5XjUQVHVMcgFXdRU7Dl8kFDVRBA5NekQTekh8A18mHDsDRW1KZBpCbUpkRQZmSHFHdG1KZANfJk5gUQUKXWZETn5McUd0bUpkBkBtSxVFBn1WZF0TekgzEV-UjF3FGcHpIZUQGeUhlUQR4Hj0GUy4XLFEEDklkQRh4XiFJBw
200 OK 181 B URL HTTP/2 d2jgp81mjwggyr.cloudfront.net/VVHQ2SHg3G1guRyAdUnVAYEcEfklyHkUnFiRJRQMLPDJzeU84UkIyHGlEECQZOhMLbh06Fwt5XjUQVHVMcgFXdRU7Dl8kFDVRBA5NekQTekh8A18mHDsDRW1KZBpCbUpkRQZmSHFHdG1KZANfJk5gUQUKXWZETn5McUd0bUpkBkBtSxVFBn1WZF0TekgzEV-UjF3FGcHpIZUQGeUhlUQR4Hj0GUy4XLFEEDklkQRh4XiFJBw
IP
File type ASCII text, with no line terminators
Hash 09dcc0982711b4663588a9700862ff53
7c50c3cb04888479050e2dfb60d6b448a4863c12
d8042be9956077a7b223bfd5c846ae1c7636f370cdd01454d1188d1b6bf6cf03
GET /VVHQ2SHg3G1guRyAdUnVAYEcEfklyHkUnFiRJRQMLPDJzeU84UkIyHGlEECQZOhMLbh06Fwt5XjUQVHVMcgFXdRU7Dl8kFDVRBA5NekQTekh8A18mHDsDRW1KZBpCbUpkRQZmSHFHdG1KZANfJk5gUQUKXWZETn5McUd0bUpkBkBtSxVFBn1WZF0TekgzEV-UjF3FGcHpIZUQGeUhlUQR4Hj0GUy4XLFEEDklkQRh4XiFJBw HTTP/1.1
Host: d2jgp81mjwggyr.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uthecrimorew.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 181
date: Wed, 07 Dec 2022 22:40:25 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8M3bjTAOEGo4KZPZ1DV7UMPf26lJrG-VgIlBJFUHL3PMPFV593Q6gA==
X-Firefox-Spdy: h2
d2jgp81mjwggyr.cloudfront.net/JUFo0ZEozNVoCdSQzUFlyaGMAXX52MEcLJCBnfTYbaQ9tARAAfEAeLm1qEggrPj0JQi8+OQlVbDE+Vll+di5ECyFtPEQdPD41XB4/NXxBBXc9NU4NJjw7EVYMZXQEQXhgckMNJDQ1QxdvYmpaEG9iagVUZGB/ByZvYmpDDSRmbhFXCHVoBBx8ZH8HJm9iak-YSb2MbBVR/fmodQXhgPVEHIT9/BiJ4YGsEVHtgaxFWejYzRgEsPyIRVgxhagFKenYvCVU
200 OK 618 B URL HTTP/2 d2jgp81mjwggyr.cloudfront.net/JUFo0ZEozNVoCdSQzUFlyaGMAXX52MEcLJCBnfTYbaQ9tARAAfEAeLm1qEggrPj0JQi8+OQlVbDE+Vll+di5ECyFtPEQdPD41XB4/NXxBBXc9NU4NJjw7EVYMZXQEQXhgckMNJDQ1QxdvYmpaEG9iagVUZGB/ByZvYmpDDSRmbhFXCHVoBBx8ZH8HJm9iak-YSb2MbBVR/fmodQXhgPVEHIT9/BiJ4YGsEVHtgaxFWejYzRgEsPyIRVgxhagFKenYvCVU
IP
File type ASCII text, with very long lines (869), with no line terminators
Hash 7cca0c774f23861e9898cab9e8f8998f
bebf09fdbb6227c5089a0eaa71dabe16bfdf8b53
b1839ae3175f80e057b1906bd87a250352dab8bdb38ef3ecce3aae27d85577ff
GET /JUFo0ZEozNVoCdSQzUFlyaGMAXX52MEcLJCBnfTYbaQ9tARAAfEAeLm1qEggrPj0JQi8+OQlVbDE+Vll+di5ECyFtPEQdPD41XB4/NXxBBXc9NU4NJjw7EVYMZXQEQXhgckMNJDQ1QxdvYmpaEG9iagVUZGB/ByZvYmpDDSRmbhFXCHVoBBx8ZH8HJm9iak-YSb2MbBVR/fmodQXhgPVEHIT9/BiJ4YGsEVHtgaxFWejYzRgEsPyIRVgxhagFKenYvCVU HTTP/1.1
Host: d2jgp81mjwggyr.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uthecrimorew.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 618
date: Wed, 07 Dec 2022 22:40:25 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: q5VWqw7QXp_kZxSdvBXt7qcS0SHoCs5Cg48N22SN87WyDhtDn1lKSA==
X-Firefox-Spdy: h2
d2jgp81mjwggyr.cloudfront.net/mbjBzMXcNXx1XSBpZFwxPXAJGA0NIWgBeGR4NHnggNFgbZzsNXyd6ACAWB0sTUwBVXRYAV04XEgBTTgBRD1QRDENIRANeHFNWA0gBAF8bSwILFgZQSgNfCVgbAlFWAzFbHkMURV4YBFgZCl8EQlJcAB1FUlwAQgFZXhVAc1JcAARYGVgEVgI1SwJDSUFaFU-BzUlwAAUdSXXFCAUJAAFoURV5XFlIcARVBd0VeAUMBRl4BVgNHCFkBVBEBSFYDMV8ARh9HSEVOAA
200 OK 521 B URL HTTP/2 d2jgp81mjwggyr.cloudfront.net/mbjBzMXcNXx1XSBpZFwxPXAJGA0NIWgBeGR4NHnggNFgbZzsNXyd6ACAWB0sTUwBVXRYAV04XEgBTTgBRD1QRDENIRANeHFNWA0gBAF8bSwILFgZQSgNfCVgbAlFWAzFbHkMURV4YBFgZCl8EQlJcAB1FUlwAQgFZXhVAc1JcAARYGVgEVgI1SwJDSUFaFU-BzUlwAAUdSXXFCAUJAAFoURV5XFlIcARVBd0VeAUMBRl4BVgNHCFkBVBEBSFYDMV8ARh9HSEVOAA
IP
File type ASCII text, with very long lines (706), with no line terminators
Hash 67afd46fe843b701f5dbca6cbf7b523a
746fbe0935f704de66a286d8740dcbec89574a1b
a1e4fd2cfa0ba71b0450b1ddee359627387e4064b52f0ac7f342f41962f3f6ab
GET /mbjBzMXcNXx1XSBpZFwxPXAJGA0NIWgBeGR4NHnggNFgbZzsNXyd6ACAWB0sTUwBVXRYAV04XEgBTTgBRD1QRDENIRANeHFNWA0gBAF8bSwILFgZQSgNfCVgbAlFWAzFbHkMURV4YBFgZCl8EQlJcAB1FUlwAQgFZXhVAc1JcAARYGVgEVgI1SwJDSUFaFU-BzUlwAAUdSXXFCAUJAAFoURV5XFlIcARVBd0VeAUMBRl4BVgNHCFkBVBEBSFYDMV8ARh9HSEVOAA HTTP/1.1
Host: d2jgp81mjwggyr.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uthecrimorew.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 521
date: Wed, 07 Dec 2022 22:40:25 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EcN2j_AZyl0gDbLx4kUzSPn7SJXoQT8oL2nTX4Vw39_dMzjWhRx7kg==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 688b45eb160bc1d3c007143fd57ffca4
fc3d05405c60679f2916d4d7f9456f66ee17b47e
fc2909dede0f02f33d873592a40c1617f8097be4e23990e4bde7806b2811c369
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 22:40:25 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 04:52:36 GMT
Expires: Mon, 12 Dec 2022 04:52:35 GMT
Etag: "fc3d05405c60679f2916d4d7f9456f66ee17b47e"
Cache-Control: max-age=367329,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7760c3506e45b512-OSL
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 2b30426b2ebadaeefe42e0df47296748
921c1e9f523c4ce527d56b6115c9ed68d5916757
abce6391e73f193d1338618d44d1e83403aeca6b58a280f08a6a6fa5baf6223a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=142677
Date: Wed, 07 Dec 2022 22:40:25 GMT
Etag: "63909596-1d7"
Expires: Fri, 09 Dec 2022 14:18:22 GMT
Last-Modified: Wed, 07 Dec 2022 13:31:02 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: c3ZrNK26TybjqcgekqeD8LFeKDngS312TwZ5Vot3r91pkQ9yR2VLlQ==
Age: 2840
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 906
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 07 Dec 2022 22:40:25 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 61bf824853fdee021bbf98237f60124f
46a0404b5042999afb996464247eb6fae040f324
56594960e927cd677d533b73ad3b568e1d27033a7d969177eb6ab6f9e2722df8
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:25 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=00a22523-2f36-41c8-9094-cde0b225ea48:1:1; expires=Sat, 04 Dec 2032 22:40:25 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 08b38b5da82d2ae53533ca2699f68a73
ed9c79621ffd5eb113d44e9e29989fdf7f27316d
f4f824163f4744b937c7b21335c9193c0f4558b0e89dd82a13d36044d0c94d44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4F824163F4744B937C7B21335C9193C0F4558B0E89DD82A13D36044D0C94D44"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3014
Expires: Wed, 07 Dec 2022 23:30:39 GMT
Date: Wed, 07 Dec 2022 22:40:25 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 903b57e9469c6f9aed96e4c10f8d335d
a6a4b2f07388b846299e86785a8c746a71632ed3
1ed983e83ea9a1c376a5b801250b9f22aecdffddf4f4600b5b92646fe0609f6a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1ED983E83EA9A1C376A5B801250B9F22AECDFFDDF4F4600B5B92646FE0609F6A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8148
Expires: Thu, 08 Dec 2022 00:56:14 GMT
Date: Wed, 07 Dec 2022 22:40:26 GMT
Connection: keep-alive
clergymanwonderful.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
200 OK 29 kB URL HTTP/1.1 clergymanwonderful.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 5075b43350c0085b7928b364def82fdc
1e4fdd685cd001529c36f497932a80b8a8b2e807
d3c19b45f0a64326ca605bac959b2811f2c879f8e78b58b0915b16d95e668d9d
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/ed/da/e3edda287db626ee1ba52321f203a61e.js HTTP/1.1
Host: clergymanwonderful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 22:40:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 97ef14f15d104ccd287df6f4d0928dd6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
clergymanwonderful.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=00a22523-2f36-41c8-9094-cde0b225ea48%3A1%3A1
200 OK 4.3 kB URL HTTP/1.1 clergymanwonderful.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=00a22523-2f36-41c8-9094-cde0b225ea48%3A1%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d55f8127fb1f2e7cbaa676c9b65bb82b
7adaf939e422e264b37c1b326756011426fc3768
a282f72d7322c4c370e58c8086fcecf15993786705f861884839ee38204b0325
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=00a22523-2f36-41c8-9094-cde0b225ea48%3A1%3A1 HTTP/1.1
Host: clergymanwonderful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 22:40:26 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://exee.app
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Thu, 08 Dec 2022 22:40:26 GMT; secure; SameSite=None
uid_id2=00a22523-2f36-41c8-9094-cde0b225ea48:1:1; expires=Wed, 14 Dec 2022 22:40:26 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 08 Dec 2022 22:40:26 GMT; secure; SameSite=None
uncs=1; expires=Thu, 08 Dec 2022 22:40:26 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 08 Dec 2022 22:40:26 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 08 Dec 2022 22:40:26 GMT; secure; SameSite=None
slecf585f65c6c65123b95dd09be324de3bb=[3842225]; expires=Wed, 07 Dec 2022 22:40:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9e78d27983083da73d1cf84f43e696a4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16581
Expires: Thu, 08 Dec 2022 03:16:47 GMT
Date: Wed, 07 Dec 2022 22:40:26 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16581
Expires: Thu, 08 Dec 2022 03:16:47 GMT
Date: Wed, 07 Dec 2022 22:40:26 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 3041a0828d1aeb289bac655852c04bbb
e7ac7db3b4861c0c269170a4b9f9cfcc07f30647
07600c5e37975e1e64911afe5150beb53526a4c552295fec54cda73347ebd833
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4567
Cache-Control: max-age=107650
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:26 GMT
Etag: "63900605-1d7"
Expires: Fri, 09 Dec 2022 04:34:36 GMT
Last-Modified: Wed, 07 Dec 2022 03:18:29 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2809
Expires: Wed, 07 Dec 2022 23:27:15 GMT
Date: Wed, 07 Dec 2022 22:40:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43fdc85bfd574fa803f0bcdc216ef622
27f558d5cdc150a50f080c054423500666b63d74
fafd2a81cddacdb4e5fd7c9963a784e6e56d06ac98f0bd4124fd74fa3ba015e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5245
x-amzn-requestid: 9770ebcd-fb1e-4b81-bb87-1e98ef024741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy-E8HugoAMFsKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911085-54eb7a48323113d52329abf5;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:15:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: d2DHUS5fGT4uoPPdjDXmHUOQVF93ULtO4zSHRmrx7KMu3lO0y0K9ag==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:24:13 GMT
age: 973
etag: "27f558d5cdc150a50f080c054423500666b63d74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: va_vly0iX6rzm_aTWrryPRjoTWlI-_0m6rpS6VrTx-nsd71dk1cSZw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 08:32:51 GMT
age: 50855
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc231183-b100-4921-9a48-0bac91da0d2b.jpeg
200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc231183-b100-4921-9a48-0bac91da0d2b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 280c788841ca669f2c8556f03ee85b68
c15a4519a69eb6b5cc624344a7c3d99335a095d9
451a816aa2129c3a7712a01b96daee492ae2ab25c4940405063098f3b7ad10ae
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc231183-b100-4921-9a48-0bac91da0d2b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6032
x-amzn-requestid: 22b80af7-87cf-4719-8bc8-927077cc3aa1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4hoFraoAMFpVA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639107a3-42927c064ee65d3b23121b36;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6M8oH6MMBavZDrPB-1sohGs3gJK1LjDbeDYZ0OAIlTLqJ6LdGbkCTg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 21:59:08 GMT
age: 2478
etag: "c15a4519a69eb6b5cc624344a7c3d99335a095d9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16581
Expires: Thu, 08 Dec 2022 03:16:47 GMT
Date: Wed, 07 Dec 2022 22:40:26 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b8d79685682ab0684ebcd9873dc9f1ad
de00fe0fd4b99a98433a0161801244047115d456
42212f48d6d7f7e7fb0a771330dca03001c513a90364a2e5a0b69813ad0bbecf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8011441-85ad-4414-9c3d-7ae1b86acd3f.jpeg
200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8011441-85ad-4414-9c3d-7ae1b86acd3f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dc3cc57336eca8e3d0e307bbd970b90e
cd3fffde0e1ab3cdd48b1fd969dbc7cb77daaf6e
9aae742b419b8b6d2371c3e2082d15a8974f530230367e82b6aa7961e41919c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8011441-85ad-4414-9c3d-7ae1b86acd3f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6926
x-amzn-requestid: ef7f28d4-3d5e-40ad-89f8-77817630530e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctERRH3ToAMFylg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb407-42738f8437edfc5440ae59e7;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:16:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: c_-xjk5YlgjsKQG_Jd-YL3G4bGYCBiOZvg-1IP-0sxbNgtI9ZgHpcg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 03:37:11 GMT
age: 68595
etag: "cd3fffde0e1ab3cdd48b1fd969dbc7cb77daaf6e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 149 kB IP
Size 149 kB (149194 bytes)
Hash 5cb1b3cc4fe9f3ca2074eb11a0d4636e
366de444e5358f0440bf2bfc1fb5f94ad051cabe
8b0c72cfb70c0a437c04d8341b618673c36a9be7ca0509177da8bf2dbcae0695
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 127
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:25 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rrE1kHWJyB8vKcN3CLRhon2hQPYG87VkuO4W76Rg%2BZ%2F5KeAWd3LTxfJH04suQH%2FwLdC1g2wSmNiMeEagoChkepOTCuOsX%2FOlt2AqzIiKRogB%2Bu%2FcOSRAEKvVTuwtzCf1z1ES"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c350af4f71e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3d44d17585c9a536c8da0e75ed90d175
9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1
6d14a5b5c43b39244434560a83a2bfea6604a4d072943b6147293b7adfd1b7b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10164
x-amzn-requestid: a0cb7259-0a07-44f5-91cd-e96b8d9c9cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cnAPOGSnoAMFUUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c472e-799b6ee425e29fb70ff7e4ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 07:07:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5Q2LRCrEYVZz_KldQARUQ26O1mv0G7rMAPQXGkBzUnERF-WjtZPMJA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 10:23:11 GMT
age: 44235
etag: "9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fbdf939d23b987fd36a86b7a1258b10d
2cad45ad8e56699db3457501cf1e488fe85d479a
285a8a3d3ec439f493ca5d586477c3e3ed3b9e5d7a0133da73c426b69e112cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10861
x-amzn-requestid: ad568a35-9eba-4c6d-a09d-97e518fbf503
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4gIFN4oAMFqrw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391079a-434ca8281e48538e69e72e05;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4MrxT27cyrFqR70ofprhh4FbJAfVpKb787jT3TsH0l7BxQOf2tWh6g==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 21:51:32 GMT
age: 2934
etag: "2cad45ad8e56699db3457501cf1e488fe85d479a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 82cd1ce897294f8b6283690009066d4d
239c6d29c3574a2b4d591729f0ec5691875f1649
9141e07fa8daf3d95d50d43ad596b80e671693a4dd268f39cc83456cd07e93af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2F4gPNMa3e&tag=v-exee-app&domain=exee.app
200 OK 128 kB URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2F4gPNMa3e&tag=v-exee-app&domain=exee.app
IP
File type JSON data\012- , ASCII text, with very long lines (9656)
Size 128 kB (128490 bytes)
Hash 094e7300f227888224230400a902a61f
78c0cd2bbd99c65312b000ddffaf46a1af8ac9c6
c8490cf5006f6a6d05d3533c2d34fb010c3926be49f77f8df5804cb884e14f2c
GET /allowed_url.php?type=json&url=exee.app%2F4gPNMa3e&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:25 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NVOGEZX6U4zfm7AiFwlRToldvTl1Zb6a%2BV%2FmDSqM9weZ9ZcNDX0MCcxT7%2FqnTrnJU1B6P%2Fmhx13AtFMSPauYJyHXULOxi2S6Az%2Fd%2BUrM9nSTUcL14IeLyr2C0ElPHccFIymb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c35098ae23ab-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 452 B IP
File type ASCII text, with no line terminators
Hash 40c29d22e7f81ba98cf44e507dc0f6d5
7fa400d1f700f61115b8ef6a4ec86dc823cdcac0
d67006b9dab2886ca4487a395a2dddbeb7ffb595673854bbeb334783b7f036cc
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:25 GMT
content-type: text/plain
set-cookie: csu=839217681619518@1@1670452825; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VI8lFhx79ZO1ZubUPHyqeBUCgMdjvLWY1pdi3M1XgDru8Z73mmfYbZOXQPMGlS%2Fy8jNMYHE%2FcT3Gbm0eESQPiVD4rMMhYCbPmdktV9hzBDkN8fEE79NQBvgSb5of6Hd0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c34f0bc123cf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 398 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash af79518dae309aefd414499bda21baf2
c008fbe2786df7a0fdeb8b4969cd3eacc667b44a
566c11d4f75157dc243e2315037843f921f8342bcbd398b9e815f4dd9c6497a3
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Dec 2022 22:40:26 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-620332069%3A1670452826705053&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuVMmmWJLi8nOs95HRUQxVAUzgNrBB2IYM-M3iZBpN1MJeb4wCEY0r7UH9T4O1nDYqho9xLSQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-H5EyBNIqAUJ-Qz1fuwbhLg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:du64km-RV9aWhl8JOQRwOYcuRnwfJw:_GiIK1AaqybAXD3z;Path=/;Expires=Fri, 06-Dec-2024 22:40:26 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
clergymanwonderful.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTvLBh15UguBBHUREwZ2t7p6enUmQ4BojwZiEJLLgrX71bLk1XU1V9%2FRkQQgGJBdhcvPY%2B8xmF2MQ9%2BBRkFkPyoLgeNAV3H%2FAm2LOMrMDqy90v2%2FV8xY8z%2FO%2Bn2yVR4SiZIfX37Ob2hi2nDRp49U1nUlb%2BcbVW42QNun5xprO2q3zjeHs5wbnQpo06WuNd5TYsMsRDSkNadi4pJ1K7XB5jkLnj7phs0ubragZJi0M3X%2FPvgzgWQA5OCLPQMvp%2F9Z%2F2IMWE2T9ry4qv1HY%2FPW3%2B6VhhXUYyN33s43MVhn6J2XqAqTZ7qIb1k8J%2BewUbLa7UAA72J4pANdTEvwSgme7C5rggwfHTLmBysDlk6gGEygzgWYTCHsXWv5EACFx9Rqy%2Fs5V6yp2%2BxhlM3RKzjz%2BC7qakjO%2Fn0XW%2F3LV6GHjpjVloW3mMUxr6OEEujdBXu6j2Aygq32I4mNo%2BSNZfnwFWX%2F7mjcWWh6%2BTCmLoiSKl6I0bi%2B1QtFZ6tJua0lIRXkUJYq1OnOLtJ5ApxMYNQLzAcrZpwOUaYAyD9CXhw2WdFNKV1KexnGnJYSIYyGSTlsmMm51UopSzDSMUOQjCDOCcHeQuzvY0CO48lv49RpeBvAFwUDWqBRB5QkqRlBpgqogqAb1A2l85OsdaXzJw0WOFjmux7bobbEHtuipjGzlR%2BTpmXHBUw%2FPYkMdNtKkk6TtRLRFOwmjmHcTKWmXqzhqSRVzDq9raH9qLnNTT8npj%2F5Arqfk1OoyONuHN%2FsQ%2BiWw8nmwarwSUbD1catDsZntqKFqagtpa%2BTFGRS3gy1zRJ6bj%2B5cvQclDi78mc4DwtXIXY0P9XcEPXNvfMNWZPuGrTzZu5YXuq832WysNwtWqNMP31W3K%2Bvk5Yt%2B9PmbYgbMyke3lC%2BusEzqrOfJF6taSuUuWScU%2BeayX1P8eunXV0uXlfmV629dutzPnfJe22wCNlvR%2F78BoafkifrX%2Bcq%2BqD6FdhO4ska%2FPCCLgLb7EPkd%2BPyEv7cEzpz08DxAVdZjF%2FGTS6OnJH7lbxh1cOHr73e3X1j7DYzX8OpfD0%2FqLX8PPReAFXeR9WsMXI2BqcHMCL48PS5yd3Dh53ge4CYYc%2BOCbW6cuX9ssNeHDZWkNFU0Ujzt8nSFUdlNW13OuqFa4QkLUfipuP%2FsB%2F8AAAD%2F%2FwEAAP%2F%2F4YnoeY4EAAA%3D
200 OK 7 B URL HTTP/1.1 clergymanwonderful.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTvLBh15UguBBHUREwZ2t7p6enUmQ4BojwZiEJLLgrX71bLk1XU1V9%2FRkQQgGJBdhcvPY%2B8xmF2MQ9%2BBRkFkPyoLgeNAV3H%2FAm2LOMrMDqy90v2%2FV8xY8z%2FO%2Bn2yVR4SiZIfX37Ob2hi2nDRp49U1nUlb%2BcbVW42QNun5xprO2q3zjeHs5wbnQpo06WuNd5TYsMsRDSkNadi4pJ1K7XB5jkLnj7phs0ubragZJi0M3X%2FPvgzgWQA5OCLPQMvp%2F9Z%2F2IMWE2T9ry4qv1HY%2FPW3%2B6VhhXUYyN33s43MVhn6J2XqAqTZ7qIb1k8J%2BewUbLa7UAA72J4pANdTEvwSgme7C5rggwfHTLmBysDlk6gGEygzgWYTCHsXWv5EACFx9Rqy%2Fs5V6yp2%2BxhlM3RKzjz%2BC7qakjO%2Fn0XW%2F3LV6GHjpjVloW3mMUxr6OEEujdBXu6j2Aygq32I4mNo%2BSNZfnwFWX%2F7mjcWWh6%2BTCmLoiSKl6I0bi%2B1QtFZ6tJua0lIRXkUJYq1OnOLtJ5ApxMYNQLzAcrZpwOUaYAyD9CXhw2WdFNKV1KexnGnJYSIYyGSTlsmMm51UopSzDSMUOQjCDOCcHeQuzvY0CO48lv49RpeBvAFwUDWqBRB5QkqRlBpgqogqAb1A2l85OsdaXzJw0WOFjmux7bobbEHtuipjGzlR%2BTpmXHBUw%2FPYkMdNtKkk6TtRLRFOwmjmHcTKWmXqzhqSRVzDq9raH9qLnNTT8npj%2F5Arqfk1OoyONuHN%2FsQ%2BiWw8nmwarwSUbD1catDsZntqKFqagtpa%2BTFGRS3gy1zRJ6bj%2B5cvQclDi78mc4DwtXIXY0P9XcEPXNvfMNWZPuGrTzZu5YXuq832WysNwtWqNMP31W3K%2Bvk5Yt%2B9PmbYgbMyke3lC%2BusEzqrOfJF6taSuUuWScU%2BeayX1P8eunXV0uXlfmV629dutzPnfJe22wCNlvR%2F78BoafkifrX%2Bcq%2BqD6FdhO4ska%2FPCCLgLb7EPkd%2BPyEv7cEzpz08DxAVdZjF%2FGTS6OnJH7lbxh1cOHr73e3X1j7DYzX8OpfD0%2FqLX8PPReAFXeR9WsMXI2BqcHMCL48PS5yd3Dh53ge4CYYc%2BOCbW6cuX9ssNeHDZWkNFU0Ujzt8nSFUdlNW13OuqFa4QkLUfipuP%2FsB%2F8AAAD%2F%2FwEAAP%2F%2F4YnoeY4EAAA%3D
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTvLBh15UguBBHUREwZ2t7p6enUmQ4BojwZiEJLLgrX71bLk1XU1V9%2FRkQQgGJBdhcvPY%2B8xmF2MQ9%2BBRkFkPyoLgeNAV3H%2FAm2LOMrMDqy90v2%2FV8xY8z%2FO%2Bn2yVR4SiZIfX37Ob2hi2nDRp49U1nUlb%2BcbVW42QNun5xprO2q3zjeHs5wbnQpo06WuNd5TYsMsRDSkNadi4pJ1K7XB5jkLnj7phs0ubragZJi0M3X%2FPvgzgWQA5OCLPQMvp%2F9Z%2F2IMWE2T9ry4qv1HY%2FPW3%2B6VhhXUYyN33s43MVhn6J2XqAqTZ7qIb1k8J%2BewUbLa7UAA72J4pANdTEvwSgme7C5rggwfHTLmBysDlk6gGEygzgWYTCHsXWv5EACFx9Rqy%2Fs5V6yp2%2BxhlM3RKzjz%2BC7qakjO%2Fn0XW%2F3LV6GHjpjVloW3mMUxr6OEEujdBXu6j2Aygq32I4mNo%2BSNZfnwFWX%2F7mjcWWh6%2BTCmLoiSKl6I0bi%2B1QtFZ6tJua0lIRXkUJYq1OnOLtJ5ApxMYNQLzAcrZpwOUaYAyD9CXhw2WdFNKV1KexnGnJYSIYyGSTlsmMm51UopSzDSMUOQjCDOCcHeQuzvY0CO48lv49RpeBvAFwUDWqBRB5QkqRlBpgqogqAb1A2l85OsdaXzJw0WOFjmux7bobbEHtuipjGzlR%2BTpmXHBUw%2FPYkMdNtKkk6TtRLRFOwmjmHcTKWmXqzhqSRVzDq9raH9qLnNTT8npj%2F5Arqfk1OoyONuHN%2FsQ%2BiWw8nmwarwSUbD1catDsZntqKFqagtpa%2BTFGRS3gy1zRJ6bj%2B5cvQclDi78mc4DwtXIXY0P9XcEPXNvfMNWZPuGrTzZu5YXuq832WysNwtWqNMP31W3K%2Bvk5Yt%2B9PmbYgbMyke3lC%2BusEzqrOfJF6taSuUuWScU%2BeayX1P8eunXV0uXlfmV629dutzPnfJe22wCNlvR%2F78BoafkifrX%2Bcq%2BqD6FdhO4ska%2FPCCLgLb7EPkd%2BPyEv7cEzpz08DxAVdZjF%2FGTS6OnJH7lbxh1cOHr73e3X1j7DYzX8OpfD0%2FqLX8PPReAFXeR9WsMXI2BqcHMCL48PS5yd3Dh53ge4CYYc%2BOCbW6cuX9ssNeHDZWkNFU0Ujzt8nSFUdlNW13OuqFa4QkLUfipuP%2FsB%2F8AAAD%2F%2FwEAAP%2F%2F4YnoeY4EAAA%3D HTTP/1.1
Host: clergymanwonderful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=00a22523-2f36-41c8-9094-cde0b225ea48:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3842225]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 22:40:26 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4a2f4fddb97b4d61f87c5261d2618b94
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash cd6dabd083ee1c237c8ea3ba38cc48d5
bbe4420bf1c0fe0d5621336865563418d2f16f39
c9314cdac13bc2ea94505f473538ab4d5c0a940dfbc2f5447e6f22a5af580572
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 3041a0828d1aeb289bac655852c04bbb
e7ac7db3b4861c0c269170a4b9f9cfcc07f30647
07600c5e37975e1e64911afe5150beb53526a4c552295fec54cda73347ebd833
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4567
Cache-Control: max-age=107650
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:26 GMT
Etag: "63900605-1d7"
Expires: Fri, 09 Dec 2022 04:34:36 GMT
Last-Modified: Wed, 07 Dec 2022 03:18:29 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 8ac6bb5ec410082735de861edb520b25
b06f6ea6673e2960489debb6bae693de841407ec
fbd9c5239531d5ffbc1cc788a87f98b91e7b05b4dacaffebce2ca7370215afe3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FBD9C5239531D5FFBC1CC788A87F98B91E7B05B4DACAFFEBCE2CA7370215AFE3"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9072
Expires: Thu, 08 Dec 2022 01:11:38 GMT
Date: Wed, 07 Dec 2022 22:40:26 GMT
Connection: keep-alive
clergymanwonderful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2Fa4%2F96%2F29a4965e1015f036b834d9da1d4a5e6c%2F1632399618.html&l=1379&fd=116
200 OK 0 B URL HTTP/1.1 clergymanwonderful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2Fa4%2F96%2F29a4965e1015f036b834d9da1d4a5e6c%2F1632399618.html&l=1379&fd=116
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2Fa4%2F96%2F29a4965e1015f036b834d9da1d4a5e6c%2F1632399618.html&l=1379&fd=116 HTTP/1.1
Host: clergymanwonderful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=00a22523-2f36-41c8-9094-cde0b225ea48:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3842225]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 22:40:26 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
analytics.vdo.ai/logger
200 OK 504 B IP
Hash 964292b099f3dac3bbde135168980a0c
e41967d9d15a1265123ecd0017af422bff1ae709
e706c763cc8e84998e051af1938f51bd76bd67c436151137ee60b13bd44c73ea
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 180
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:26 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LgmzbB2r%2B8BJ5jYW0ZPnnpeHQmHW8iqfi%2BzbxT%2F0YWp%2Be4xtgmcnjhb9ZGDK%2BH8wK7BISiGMa8GhPUIuEoon1dKnwBoG6jIe1BnW50g1tKE2563hl83zqYgPro9iGMIFPUpz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c357cfe271e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 11 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
Hash 2fcc44550a52013f1f91928c2c4ff1dc
e8bb4d268a8a9d0bb5c2e70351862f23faecf771
728be10a8be84ecb254abb6b3656df23f27605a3acc7f38dfb9e2468b5658513
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 0Pmgqe/TuCIauDpsqSnMGdbBQ+mlSdE01cIlgP0Ohz2SHjKlwi1JLObU5DfuM5Bi1myJOwH0IUeM1g9Jes4bUA==
date: Wed, 07 Dec 2022 22:40:26 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/img/close.png
200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/img/close.png
IP
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/ssp/sweep/social-box/white-small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:26 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 21 Sep 2021 12:02:03 GMT
etag: "6149c9bb-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 235103
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nTZzy5nr%2F9%2FT2989nxJPMLAiad4J%2B6HCY4TkDkO%2FowB3MVMDA4z9VNXfWmCxyaX2BEomKFVy0YqcqsR%2BBInrMtamxMNFGj0glgknDz0BFvr0S5htL16FVOJ7JRbuh2A9VWd8BtK2I9vo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7760c3584a7b2405-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
clergymanwonderful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fcss%2Fanimate.css&l=79249&fd=136
200 OK 0 B URL HTTP/1.1 clergymanwonderful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fcss%2Fanimate.css&l=79249&fd=136
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fcss%2Fanimate.css&l=79249&fd=136 HTTP/1.1
Host: clergymanwonderful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=00a22523-2f36-41c8-9094-cde0b225ea48:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3842225]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 22:40:27 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 63a533e7b5caf59058266a837420c342
4eca831fb15dccf4eb608e983fe8b89250fc0313
d8904e4cc9a407e7c154cbbf6afe3985a55adcb878dacfb80a0e3cd92ea9703e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8904E4CC9A407E7C154CBBF6AFE3985A55ADCB878DACFB80A0E3CD92EA9703E"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3126
Expires: Wed, 07 Dec 2022 23:32:33 GMT
Date: Wed, 07 Dec 2022 22:40:27 GMT
Connection: keep-alive
clergymanwonderful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fcss%2Fstyle.css&l=4667&fd=146
200 OK 0 B URL HTTP/1.1 clergymanwonderful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fcss%2Fstyle.css&l=4667&fd=146
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fcss%2Fstyle.css&l=4667&fd=146 HTTP/1.1
Host: clergymanwonderful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=00a22523-2f36-41c8-9094-cde0b225ea48:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3842225]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 22:40:27 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
trapexpansionmoss.com/pixel/purst?dl=0&th=0&sc=0&rs=2184&rd=2184&fd=619&bv=22.10.v.10&tmpl=136
200 OK 0 B URL HTTP/1.1 trapexpansionmoss.com/pixel/purst?dl=0&th=0&sc=0&rs=2184&rd=2184&fd=619&bv=22.10.v.10&tmpl=136
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2184&rd=2184&fd=619&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: trapexpansionmoss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 22:40:27 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/style.css
200 OK 1.2 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/style.css
IP
Hash 682493c96254fabb42352d74834f89a0
c7870411adb238a792bf504a5b73aeb39e755b23
d61907c08860f3f23f0e9ffb4d4369103faa21f1ccda50ddcd1943b4434a1338
GET /sb/ssp/sweep/social-box/white-small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:26 GMT
content-type: text/css
last-modified: Mon, 24 Jan 2022 10:39:40 GMT
etag: W/"61ee81ec-123b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1416769
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zTpoV%2FZq260Dy8gLLlxqyfMAVzMlgMHi9UKoA%2F8%2FUvnMN%2BTs1CfsLjq6qJ4vS7UFP2OQdcHFn%2FZ6s05Un010qythnyiNqsbYoziDovf%2Fu9NyX2oS1pfhIRCXpwnDrvrhUaJ9cssRKabh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7760c357e8ac718c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/71/33/89/713389a15a1e4ed9b19d57e1ffa427f7/1670417529.png
200 OK 68 kB URL HTTP/2 cdn.cloudimagesb.com/si/71/33/89/713389a15a1e4ed9b19d57e1ffa427f7/1670417529.png
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash a8707309054df77af3ec31ee2561c730
92aabdf28e22b622d6795c373da7c95b3d59b983
57f0ec37a90e12a7267e6708a3538552e68ca231bb2e9b44fe093ac8575e3aa3
GET /si/71/33/89/713389a15a1e4ed9b19d57e1ffa427f7/1670417529.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:27 GMT
content-type: image/png
content-length: 67457
server: nginx/1.17.6
last-modified: Wed, 07 Dec 2022 12:52:18 GMT
etag: "63908c82-10781"
expires: Fri, 09 Dec 2022 22:40:27 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash cd6dabd083ee1c237c8ea3ba38cc48d5
bbe4420bf1c0fe0d5621336865563418d2f16f39
c9314cdac13bc2ea94505f473538ab4d5c0a940dfbc2f5447e6f22a5af580572
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/jquery.min.js
200 OK 44 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/jquery.min.js
IP
File type ASCII text, with very long lines (32025)
Hash 691167382392195a1c15b64ee3df838e
abb4bda3402a0a893b15e79d2fd71d0efa80f6a7
262b721d572ac75138c592773fda62d39b20da26055e637fbecd180c6e642249
GET /sb/ssp/sweep/social-box/white-small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:26 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:02:04 GMT
etag: W/"6149c9bc-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 235103
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LQ9R8uHhwlhTjoPrYzNTZyXVa3J7blyjeKfvku874NFqlD4dhsmEdHW1FxwY9%2FLe4G6GVPtHlf6JzRnUJdinqIaifbfT%2FSzdt3XHEEd2IMPc3LzTOe82SBCj7vtET3GlxcXSgBGgzu9U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7760c3584a862405-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash ca55b94db6b0f59786fb0373050d6769
99a4f9391898ff04c85b6ff8bdbd3b713b766767
84d9d61dc3d8e577c92834e7c81e25987c4d508dc1c0b55c5225ef766507b808
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 07 Dec 2022 22:40:27 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Dec 2022 18:32:17 GMT
Expires: Thu, 08 Dec 2022 18:32:17 GMT
ETag: "99a4f9391898ff04c85b6ff8bdbd3b713b766767"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash ca55b94db6b0f59786fb0373050d6769
99a4f9391898ff04c85b6ff8bdbd3b713b766767
84d9d61dc3d8e577c92834e7c81e25987c4d508dc1c0b55c5225ef766507b808
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 07 Dec 2022 22:40:27 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Dec 2022 18:32:17 GMT
Expires: Thu, 08 Dec 2022 18:32:17 GMT
ETag: "99a4f9391898ff04c85b6ff8bdbd3b713b766767"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.youtube.com/iframe_api
200 OK 835 B URL HTTP/2 www.youtube.com/iframe_api
IP
File type ASCII text, with very long lines (509)
Hash be0ab9cf00f0fce1f3e95f9df247de47
2fc68ab6e158cd1a48331c68f7afa68cb0114cc9
855a1a51b45ead07eac9d2f478a8f97016ef80c005069c78693dc01dc895b7e8
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Wed, 07 Dec 2022 22:40:27 GMT
date: Wed, 07 Dec 2022 22:40:27 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=Uev81j_cGaQ; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=maXv0P6s2ic; Domain=.youtube.com; Expires=Mon, 05-Jun-2023 22:40:27 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+500; expires=Fri, 06-Dec-2024 22:40:27 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
clergymanwonderful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fjs%2Fscript.js&l=774&fd=34
200 OK 0 B URL HTTP/1.1 clergymanwonderful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fjs%2Fscript.js&l=774&fd=34
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fjs%2Fscript.js&l=774&fd=34 HTTP/1.1
Host: clergymanwonderful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=00a22523-2f36-41c8-9094-cde0b225ea48:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3842225]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 22:40:27 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
200 OK 7.6 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP
Hash 328c6e3376b5f6a768ef9e2e60edc0c7
f8d239b58fe8c4674b2a74d17b0eeb7adbda5128
5326fa8f8372b7cd25ad24264f49a19cc9807b39113af68b63a30188b02778db
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 07 Dec 2022 22:40:27 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d37-bf80"
Expires: Thu, 07 Dec 2023 22:40:27 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
200 OK 58 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
IP
File type PNG image data, 320 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash cf8ffcaf217375cf9bb01c612300b25a
5d033771d013ab4364a83c6302b473c6f64ff722
2b14b918bb31b4672d92b0287ed00c91c74e5d315759da2deb6028b0b4e9f909
GET /media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 07 Dec 2022 22:40:27 GMT
Content-Type: image/png
Content-Length: 57775
Last-Modified: Fri, 01 Apr 2022 10:50:46 GMT
Connection: keep-alive
ETag: "6246d906-e1af"
Expires: Thu, 07 Dec 2023 22:40:27 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
analytics.vdo.ai/logger
200 OK 16 kB IP
Hash 2467faa0c123b6f4035d36ce64fd4d26
4483844f3f09a9d055c11907e4ef4179f13a333d
ba1be561ec76e63c87a590b406e43003319eec56071814620ebccaa484103047
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 182
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:27 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=46%2BPnUKjOI0vj5EwDGv%2BGzQB9vE0OHcby6EX0yEr13TuM3kxMr%2FhXV0XcOIHfw0aiU%2FMvN9y3MMTV6CiU9mFpraqVxbFgSR9AST2odEnuNgxMtWhyqySLruWOfXrblgGjwg%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c35cee5471e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 19:34:15 GMT
expires: Thu, 07 Dec 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 11172
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 8 B IP
Hash 3906cd80742de180e89653ddef72bca2
0e87a2f73be3c8ce3f316065a79017c20ad8f09c
3f57726bc10fc28cad1488d3a34f23ef3d0ef64fee7074493308205868b2c8e5
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 181
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:27 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OTd5onBqYiHEI54c9Df4KKR1Bz%2B5gidEh86UDnClGR53UjK4t1W7GpyLh%2FoWgDyA9Wfi8UB41p%2BA8xyUx72M2UzZBxkvssI84sf1U8PmXjTqemI%2BLWj4BwE5zbnBtHk1ApVq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c35cce2571e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 1 B IP
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 189
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:27 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EfimrcJnXm1T%2BYaIXARTpCPnDE%2FDwXWWIbWpkCMU8ndJgtGRRd25hj9GpSijKkxkVxEKpvH%2Bd49uTMxEiLaJZ1QzJLZZ8LhF4WqKUz6eufpnEC5IhQ9aKUHEiGaOEBq1XkyD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c35cce3271e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 1 B IP
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 183
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:27 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BI3xyE9epqpygSbb0mSBvM%2F05mh%2FZjlk1jYXoV9b6hKb3FxLozhybaXRLc7OFCY3yU1NQiMCfhhNcMFVThN2lb2mkWofPwhwJWC7vvYmZQahAulTXt53XzYRhewo9gab5ZHI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c35cde4c71e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 38d1c089860ce360f5266ae101ab05ca
31705702b50e1c818c052b6d2a23f22583aa07d1
097ac1bb8edd3ef2e02fa551d824a0104c6995e130f9cdc4bcfa65583a9785d0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/instream/video/client.js
200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Wed, 07 Dec 2022 22:40:28 GMT
expires: Wed, 07 Dec 2022 22:40:28 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 38d1c089860ce360f5266ae101ab05ca
31705702b50e1c818c052b6d2a23f22583aa07d1
097ac1bb8edd3ef2e02fa551d824a0104c6995e130f9cdc4bcfa65583a9785d0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
206 Partial Content 454 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP
Size 454 kB (453832 bytes)
Hash b2fa66eb6fbe5a86875597aafd72688e
3f3ffb07d91b34dcbaa886bbbb50c59ab33767c8
f2985ff1aa24da33cb50632ba0daed5632c90cd761f6a53c56084988c4ae4cc2
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-453831
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.20.1
Date: Wed, 07 Dec 2022 22:40:28 GMT
Content-Type: video/mp2t
Content-Length: 453832
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Connection: keep-alive
ETag: "62e47d37-cce09a8"
Expires: Thu, 07 Dec 2023 22:40:28 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-453831/214829480
adservice.google.com/adsid/integrator.js?domain=exee.app
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 07 Dec 2022 22:40:28 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 43965e8362467edc064e07984ceb6468
6317037ffe022b657a87db808ae6641e7ca3325f
ff348f0f8947e883866aa8f1cab9b98eeb0ebcd4be85550d780c6282018f08c5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF348F0F8947E883866AA8F1CAB9B98EEB0EBCD4BE85550D780C6282018F08C5"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3927
Expires: Wed, 07 Dec 2022 23:45:56 GMT
Date: Wed, 07 Dec 2022 22:40:29 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a97365c616bd1d8258c787156621a9e2
d0e11c7ebf38a5280c8b427fd78af66acecbd340
34d05f2a636840fd1b74a8e9d9065b4c92e91e02f5b540089abf47ba10e36fde
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "34D05F2A636840FD1B74A8E9D9065B4C92E91E02F5B540089ABF47BA10E36FDE"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7400
Expires: Thu, 08 Dec 2022 00:43:49 GMT
Date: Wed, 07 Dec 2022 22:40:29 GMT
Connection: keep-alive
pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2F4gPNMa3e&tfcd=0&npa=0&correlator=1273007812636316&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2F4gPNMa3e&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.548.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.548.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2Ff0a21733-afa1-4c5b-909e-f73136339e80&sid=F9FD4A1A-BDFD-4C34-A23E-DF05F565021F&nel=0&eid=44748969%2C44750824%2C44765701%2C44777649&dlt=1670452824547&idt=2541&dt=1670452828418&cookie_enabled=1&scor=3461619307928452&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
200 OK 113 B URL HTTP/2 pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2F4gPNMa3e&tfcd=0&npa=0&correlator=1273007812636316&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2F4gPNMa3e&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.548.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.548.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2Ff0a21733-afa1-4c5b-909e-f73136339e80&sid=F9FD4A1A-BDFD-4C34-A23E-DF05F565021F&nel=0&eid=44748969%2C44750824%2C44765701%2C44777649&dlt=1670452824547&idt=2541&dt=1670452828418&cookie_enabled=1&scor=3461619307928452&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
IP
File type XML 1.0 document text\012- XML document, ASCII text
Hash 9e5d36292a75aef07bdde5891b2e4a7b
8d69904b7df5e550f1884e06c139bd9661eb2917
92ffc3ec51e068750c23ae95041fd670aa4aa60ce3a5295ad27d2179d0780168
GET /gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2F4gPNMa3e&tfcd=0&npa=0&correlator=1273007812636316&vpos=preroll&sz=800x450%7C640x360%7C635x357%7C444x250%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2F4gPNMa3e&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.548.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.548.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2Ff0a21733-afa1-4c5b-909e-f73136339e80&sid=F9FD4A1A-BDFD-4C34-A23E-DF05F565021F&nel=0&eid=44748969%2C44750824%2C44765701%2C44777649&dlt=1670452824547&idt=2541&dt=1670452828418&cookie_enabled=1&scor=3461619307928452&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491 HTTP/1.1
Host: pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://imasdk.googleapis.com
google-lineitem-id: -2
google-creative-id: -2
google-mediationgroup-id: -2
google-mediationtag-id: -2
date: Wed, 07 Dec 2022 22:40:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 113
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 07-Dec-2022 22:55:29 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=00a22523-2f36-41c8-9094-cde0b225ea48&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=00a22523-2f36-41c8-9094-cde0b225ea48&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=00a22523-2f36-41c8-9094-cde0b225ea48&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 22:40:29 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1253c5512f7c249f50756aa894d5978d
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=00a22523-2f36-41c8-9094-cde0b225ea48&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=00a22523-2f36-41c8-9094-cde0b225ea48&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=00a22523-2f36-41c8-9094-cde0b225ea48&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 22:40:29 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b746b461a50577b3b3183e784346ebd7
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash ca55b94db6b0f59786fb0373050d6769
99a4f9391898ff04c85b6ff8bdbd3b713b766767
84d9d61dc3d8e577c92834e7c81e25987c4d508dc1c0b55c5225ef766507b808
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 07 Dec 2022 22:40:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Dec 2022 18:32:17 GMT
Expires: Thu, 08 Dec 2022 18:32:17 GMT
ETag: "99a4f9391898ff04c85b6ff8bdbd3b713b766767"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6d7737802f93eeb14503d61c77c137bc
fa6861c298d00f879b9f16af4f05470cecfc80af
6b1b9763bcfaeb92a63ad6020651b3745e8279c634eb3505fc9fa875e772af42
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DyNFwygJnmwcO5YYutk5ymRP2MqwtlIn5jt-gD-C-SemUP0ax-juknRrxJ8W59UHgMBgbPEdEJHtTK6AHtvMyYJ5Zfbw&cry=1&dbm_d=AKAmf-Cy8j1KHWZDAwtS8x-GjqqTizD_SC_rAemsqPpuV70T-XDvKdVDm_qI4tAdM9Mx80W2ZNceyouC9GbCfgXoSftWeZBWfsJmwJQzZUm9g-Lw5fL0lZSCMc-tGGVds3m2A9gnzRkgF7RpNExc7s6BB_jVqRRa9RAvcG7aTAdRYLXFblIMehgBUUbPS5iVkSFTiR_FxgwQ0MEnWdsFTdgWcxdS9v2WruP3gzglGlYMYV-adukpckl-YAJYMQ_ZBgH063cCx1UlBi6tW3Ilq-8BdMnWfBO-UeG7628D10MvGnvdIF_yCbl-BSGlGJ-2V6GprbQsnOOJwmzWDlXcJOVPL1NRN3TDGMKnExzjw7Vafz7AhNeXEGL8aI3JZPUlNWcL9JFCwTKNIbLiQxwXKsgdCmJZFQdm9s9bV6cMYofWkfvziFnbGI58Lww2o92ClznzvvVu0T43wZ4zzVD5RQiBEkuA-sNIQelLJ62QQ-EGIAdRndKBt_JFeOsw1_0vmkQ01TUbROOjXZmdud57fUT_Bd3N2ZLZxAD6xdSC2OmqJ3p3LJ37zpalyU4QaBJwEerST98ztsQXL1bfZAb3T_RoCiqANEgV06YDZ_9Xtn6_2ACLC8Sr7vgypk4asvnGGyXfoVW6LuplvdZp_ER5ETM7aTVsb7ioJhxwoL7kHW0kE7tlOaP7x6R1cUTJJGCNQIhmkX8xElF9N4HDGjRp4x4_YwTxlCD4gbPQwwgymAqreZ-dKXHcifMVJmwccaTWjBuzatTb0XKEiPflhllSsICn9cmIVm1d1FHusDNexpvTKE495Fnby1ZF0aaH39Sd1PGUv0aAw9S0ZRpLw0FYaVAgFCX9QgjFsGwaWRDblkFQWXW_mZWgYbCE7QsjUkVI497SI7Dmf1GaLveV8RKceMDqG0YN5pdpU_TOInZ4ZUu17e4J1Zk_h93bjqeQEbDybYGBWM8wj-2xx5tx0AFobjkuyRrdM91cHz7Ewq_NxQ5fmzy2kpFpbR_jy2d4YS1VG4oVElFhr0PmmFjMOV9zAVCAtsrPolL6P72sxEINtGHf0DKk0B-hvqUZB4_Me0LIi7MFJfte9wN7MbDuoDT2UTiy5xnFyWDC_02rN75-42usIj6XkO_N2c7eNYm4qzkGJeRm9MI_JfjuO4B6t2PCHhKOK2OowDjpLfoQaD0s99cZDcLInasJcD4IL7x41TUFQshQCcyd7h5aYQjiTH4CNpp17hHsyy6WJQ-DePEnI253aKcCoX5ImLxVLRXpT-sQNiLkJGqEJutRQ4Cx1YQ6PhxlYrLFZi92J5K-TyYQpsteThPq639dUHixmznx4_lMWw4k0yoLQELrYjsY77FN3lYoC1Uv85nuOK1OZEjizm2obl4lfEH41hqJ64mHx-Ir2BmtGBPIPOxEgKRL4GXwMbkiwaueCDHdfJicaHcGjtJD8MPFX6iwztQBwUxsT9Ks9Eg614TlLBDP1XyxbNMfGxDM3l5z5AVDzMsOD4Ooam3h88JuaknCsidvca_BY6aYQkNzNlbKrs55xD18irLZuSslukcVeKvHeUffwbrSs8gLNxouG4avgj6KTbAkxszSM0UKL6fv0rSNi7llx0fE1-okzZ8HdIsjB4ft6xCiEIKa-un7wJ_E6fVfHaIVOiy3Wbk_Wzz0qrTRNo-dzE-q7SQSX0GsLBHfknbGMg18S0IkuUaGkKZ6IkKUd5H7slLWbz-99EV8wkT0o-1_C8ilwxomEtrJPP45qdfrb5rlFhev-sJbqXFEXjXMy9ldLiyKjI8RjYfbOj-wbsrhKDr3BD6Axh1W1b2tc8e-F2k2h1PH5aP0r4do88k1hu0MYVn6WX-soZVXeskuyG-Tvy-JJ7RX6KBxocsPH2feLVldRV_8WDycw9yxqpCGh_rK3sY7s4vf8CnYZCCbzWE_nfRVwTML7VrRYptCurc3KFdIJI9sEnEzWkDJZUlZfkhTRQfxDqCB1POAtbfoj8flyPzZAs67oBt5jKMnBE4a6PZgOy-EJ0fkrIVoZtQiprinGfVD1RbqzY0D5Eh4BhSIZtuyHLltIXUhl44RzusUc0Lz_FlaKbrCSYUUbVF0gDw0M3OWeo1r3lRG_Q8StWub8efN6KVsHxNyrqiik0Xo_IpoBPxdjGnGzJ_jIIl87BQiSvuBSoDY4ID7tzbzHjua5W-OqjzXH7tFiJRto2sm2ZC26LXqghi24Y3y_ewEFg2sE9LpaUHoOkX7PKmuuuSA68d6-juxTgReTOs9B3WKXl_EnECgV1diUNfDfnwDICivCZU-1jZst19AY8K-QyhWpL7yX9KUQTomQFgCRTLw6_EV1hUwAzKHGVhArVv47ZM2FAVet4WZwM1IBoVi1bgM62zWxD-A3epWPeGZtPNXsfA5inShPjVQ-6uTbThsMAvJ-2wy8T3fWtXknz-zYqkhYN7Ebmye7CZlh6etXfU4bJYu4rZjO8nDNyBp019mD4tmkQ01ziJXswUzjxN2PVlzskuMgGNJgcAkqiMA5__zEExhlW5gy5zOkXXACkwL4rpGTpWECWtqWgT9UheHRfzo8rRvsONrssa46cs8I8ta0akYsvqG8TX4h1au50bRFO6qAPsRhx2TCDDWyJyApsDQ9NvjlrizrXWz7pXuhcn7JuOTcYemMZ-2iDpMcM7tvFxhSlwoYqR0YCvMKIHMagSmpatAHLxAwZ8i2enx6l9QrD9LtdkTXN0kr0CJB07BEFNkj9SKPrNPcxKk8RgoP1Xgy1i4fkPwwo8t0PVlJPFAHUyL4VDcAdR-iBH_lPrdI5eOJao1LP-CYvBfaDSxgwXs80Z53TyWMYywoLptf6Jo01DqWszj9R1ANq7-VjOdiI1_qPEW-EQMwJ3aBgw9ccQJ0PFxTH9lzIf7Ls9Je6uTkcKnJC8P-RvA8wANOp56_748YkQNvaOUlWB-IJNI6LWew5VJRXRk_LPEz14kdlnWPs-c98Yp57JQXWwFGOCwWw3RTjTN6VzcosKq-mFmmgo_0kl9z7KQazUuBC8i4DioVcK2cZu_mkxRzRDswtXxER9CH87ZE6iSWDN0Bv0MgJMZlBjgedmb9KrZDCgv7aNnQwSQiK-Yts_7hGZvVyjss-4jdsiMCyxtcXdeoSP9gDf-i7OTl4Y-3G9_THuHSCFuvycxnX98NESY_YUB-HBq_A1Kk4-Fk7I5OUfjRUwDBWGFgCLKbYUBmmENeqrij5-ppSxm5C-KMAszjAFBRbVb4WgQWqoLLnB8HPXNiSxOjp_65nSd2f3gviqRsXzo5pRWh7pb58ixtYgKhpgOOGzo0bVqe9fseJQsEQ_VsF35LLZASnhZ--CuxFvTNJfWDO0NPwVZA7E0rCUyYgbQkpxRrm_bcrZrhDCSCgYcOV8jIHY-M7_GuUjhO3CbOUzx1CkfFOZGcrsCKfvhhbn8H5brb6wR3dfIRDP477QE1bkGj-KQ9-_p1ag4Y2obyl6HdJe8R1HW0anQ4mYMmqgFc_f33DUVmhwA1GmJpsjtWyalP7-rW6KY0UWTmDNbB1Ukzq4f7D2ghZapVF3F4G_9VSAZLgYeY8heEii4Prs5qKHymsj_e7doKzrursq9BELE0vAfA1SuZiEPZ7AwAZRYyqtiD7Je56bmVu__lF8Xlgh-D2_bP-rUrJ2ZTnBRLoKgWgzJzB20_FwNnktFDDYga8pZTLX6dn_l4fe8p6UTdAp3URV-lLwfAuPnaJFincEp2w&cid=CAQSPgDq26N99ICBn1mva9msdFyQYaItAQUsR1FSzJyuZWMN7u7iTJQBK_NPzWPtgy3R3l8EpLz3unWCL9l1ULJ2GAEgEw&vpa=click&vpmute=0&sdkv=h.3.548.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.548.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2Ff0a21733-afa1-4c5b-909e-f73136339e80&sid=F9FD4A1A-BDFD-4C34-A23E-DF05F565021F&nel=0&eid=44748969%2C44750824%2C44765701%2C44777649&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=https%3A%2F%2Fexee.app%2F4gPNMa3e&dlt=1670452824547&idt=2541&dt=1670452829805&ged=ve4_td5_tt2_pd5_la5000_er0.0.0.0_vi0.0.939.1280_vp0_ts1_eb16491
200 OK 4.9 kB URL HTTP/2 bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DyNFwygJnmwcO5YYutk5ymRP2MqwtlIn5jt-gD-C-SemUP0ax-juknRrxJ8W59UHgMBgbPEdEJHtTK6AHtvMyYJ5Zfbw&cry=1&dbm_d=AKAmf-Cy8j1KHWZDAwtS8x-GjqqTizD_SC_rAemsqPpuV70T-XDvKdVDm_qI4tAdM9Mx80W2ZNceyouC9GbCfgXoSftWeZBWfsJmwJQzZUm9g-Lw5fL0lZSCMc-tGGVds3m2A9gnzRkgF7RpNExc7s6BB_jVqRRa9RAvcG7aTAdRYLXFblIMehgBUUbPS5iVkSFTiR_FxgwQ0MEnWdsFTdgWcxdS9v2WruP3gzglGlYMYV-adukpckl-YAJYMQ_ZBgH063cCx1UlBi6tW3Ilq-8BdMnWfBO-UeG7628D10MvGnvdIF_yCbl-BSGlGJ-2V6GprbQsnOOJwmzWDlXcJOVPL1NRN3TDGMKnExzjw7Vafz7AhNeXEGL8aI3JZPUlNWcL9JFCwTKNIbLiQxwXKsgdCmJZFQdm9s9bV6cMYofWkfvziFnbGI58Lww2o92ClznzvvVu0T43wZ4zzVD5RQiBEkuA-sNIQelLJ62QQ-EGIAdRndKBt_JFeOsw1_0vmkQ01TUbROOjXZmdud57fUT_Bd3N2ZLZxAD6xdSC2OmqJ3p3LJ37zpalyU4QaBJwEerST98ztsQXL1bfZAb3T_RoCiqANEgV06YDZ_9Xtn6_2ACLC8Sr7vgypk4asvnGGyXfoVW6LuplvdZp_ER5ETM7aTVsb7ioJhxwoL7kHW0kE7tlOaP7x6R1cUTJJGCNQIhmkX8xElF9N4HDGjRp4x4_YwTxlCD4gbPQwwgymAqreZ-dKXHcifMVJmwccaTWjBuzatTb0XKEiPflhllSsICn9cmIVm1d1FHusDNexpvTKE495Fnby1ZF0aaH39Sd1PGUv0aAw9S0ZRpLw0FYaVAgFCX9QgjFsGwaWRDblkFQWXW_mZWgYbCE7QsjUkVI497SI7Dmf1GaLveV8RKceMDqG0YN5pdpU_TOInZ4ZUu17e4J1Zk_h93bjqeQEbDybYGBWM8wj-2xx5tx0AFobjkuyRrdM91cHz7Ewq_NxQ5fmzy2kpFpbR_jy2d4YS1VG4oVElFhr0PmmFjMOV9zAVCAtsrPolL6P72sxEINtGHf0DKk0B-hvqUZB4_Me0LIi7MFJfte9wN7MbDuoDT2UTiy5xnFyWDC_02rN75-42usIj6XkO_N2c7eNYm4qzkGJeRm9MI_JfjuO4B6t2PCHhKOK2OowDjpLfoQaD0s99cZDcLInasJcD4IL7x41TUFQshQCcyd7h5aYQjiTH4CNpp17hHsyy6WJQ-DePEnI253aKcCoX5ImLxVLRXpT-sQNiLkJGqEJutRQ4Cx1YQ6PhxlYrLFZi92J5K-TyYQpsteThPq639dUHixmznx4_lMWw4k0yoLQELrYjsY77FN3lYoC1Uv85nuOK1OZEjizm2obl4lfEH41hqJ64mHx-Ir2BmtGBPIPOxEgKRL4GXwMbkiwaueCDHdfJicaHcGjtJD8MPFX6iwztQBwUxsT9Ks9Eg614TlLBDP1XyxbNMfGxDM3l5z5AVDzMsOD4Ooam3h88JuaknCsidvca_BY6aYQkNzNlbKrs55xD18irLZuSslukcVeKvHeUffwbrSs8gLNxouG4avgj6KTbAkxszSM0UKL6fv0rSNi7llx0fE1-okzZ8HdIsjB4ft6xCiEIKa-un7wJ_E6fVfHaIVOiy3Wbk_Wzz0qrTRNo-dzE-q7SQSX0GsLBHfknbGMg18S0IkuUaGkKZ6IkKUd5H7slLWbz-99EV8wkT0o-1_C8ilwxomEtrJPP45qdfrb5rlFhev-sJbqXFEXjXMy9ldLiyKjI8RjYfbOj-wbsrhKDr3BD6Axh1W1b2tc8e-F2k2h1PH5aP0r4do88k1hu0MYVn6WX-soZVXeskuyG-Tvy-JJ7RX6KBxocsPH2feLVldRV_8WDycw9yxqpCGh_rK3sY7s4vf8CnYZCCbzWE_nfRVwTML7VrRYptCurc3KFdIJI9sEnEzWkDJZUlZfkhTRQfxDqCB1POAtbfoj8flyPzZAs67oBt5jKMnBE4a6PZgOy-EJ0fkrIVoZtQiprinGfVD1RbqzY0D5Eh4BhSIZtuyHLltIXUhl44RzusUc0Lz_FlaKbrCSYUUbVF0gDw0M3OWeo1r3lRG_Q8StWub8efN6KVsHxNyrqiik0Xo_IpoBPxdjGnGzJ_jIIl87BQiSvuBSoDY4ID7tzbzHjua5W-OqjzXH7tFiJRto2sm2ZC26LXqghi24Y3y_ewEFg2sE9LpaUHoOkX7PKmuuuSA68d6-juxTgReTOs9B3WKXl_EnECgV1diUNfDfnwDICivCZU-1jZst19AY8K-QyhWpL7yX9KUQTomQFgCRTLw6_EV1hUwAzKHGVhArVv47ZM2FAVet4WZwM1IBoVi1bgM62zWxD-A3epWPeGZtPNXsfA5inShPjVQ-6uTbThsMAvJ-2wy8T3fWtXknz-zYqkhYN7Ebmye7CZlh6etXfU4bJYu4rZjO8nDNyBp019mD4tmkQ01ziJXswUzjxN2PVlzskuMgGNJgcAkqiMA5__zEExhlW5gy5zOkXXACkwL4rpGTpWECWtqWgT9UheHRfzo8rRvsONrssa46cs8I8ta0akYsvqG8TX4h1au50bRFO6qAPsRhx2TCDDWyJyApsDQ9NvjlrizrXWz7pXuhcn7JuOTcYemMZ-2iDpMcM7tvFxhSlwoYqR0YCvMKIHMagSmpatAHLxAwZ8i2enx6l9QrD9LtdkTXN0kr0CJB07BEFNkj9SKPrNPcxKk8RgoP1Xgy1i4fkPwwo8t0PVlJPFAHUyL4VDcAdR-iBH_lPrdI5eOJao1LP-CYvBfaDSxgwXs80Z53TyWMYywoLptf6Jo01DqWszj9R1ANq7-VjOdiI1_qPEW-EQMwJ3aBgw9ccQJ0PFxTH9lzIf7Ls9Je6uTkcKnJC8P-RvA8wANOp56_748YkQNvaOUlWB-IJNI6LWew5VJRXRk_LPEz14kdlnWPs-c98Yp57JQXWwFGOCwWw3RTjTN6VzcosKq-mFmmgo_0kl9z7KQazUuBC8i4DioVcK2cZu_mkxRzRDswtXxER9CH87ZE6iSWDN0Bv0MgJMZlBjgedmb9KrZDCgv7aNnQwSQiK-Yts_7hGZvVyjss-4jdsiMCyxtcXdeoSP9gDf-i7OTl4Y-3G9_THuHSCFuvycxnX98NESY_YUB-HBq_A1Kk4-Fk7I5OUfjRUwDBWGFgCLKbYUBmmENeqrij5-ppSxm5C-KMAszjAFBRbVb4WgQWqoLLnB8HPXNiSxOjp_65nSd2f3gviqRsXzo5pRWh7pb58ixtYgKhpgOOGzo0bVqe9fseJQsEQ_VsF35LLZASnhZ--CuxFvTNJfWDO0NPwVZA7E0rCUyYgbQkpxRrm_bcrZrhDCSCgYcOV8jIHY-M7_GuUjhO3CbOUzx1CkfFOZGcrsCKfvhhbn8H5brb6wR3dfIRDP477QE1bkGj-KQ9-_p1ag4Y2obyl6HdJe8R1HW0anQ4mYMmqgFc_f33DUVmhwA1GmJpsjtWyalP7-rW6KY0UWTmDNbB1Ukzq4f7D2ghZapVF3F4G_9VSAZLgYeY8heEii4Prs5qKHymsj_e7doKzrursq9BELE0vAfA1SuZiEPZ7AwAZRYyqtiD7Je56bmVu__lF8Xlgh-D2_bP-rUrJ2ZTnBRLoKgWgzJzB20_FwNnktFDDYga8pZTLX6dn_l4fe8p6UTdAp3URV-lLwfAuPnaJFincEp2w&cid=CAQSPgDq26N99ICBn1mva9msdFyQYaItAQUsR1FSzJyuZWMN7u7iTJQBK_NPzWPtgy3R3l8EpLz3unWCL9l1ULJ2GAEgEw&vpa=click&vpmute=0&sdkv=h.3.548.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.548.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2Ff0a21733-afa1-4c5b-909e-f73136339e80&sid=F9FD4A1A-BDFD-4C34-A23E-DF05F565021F&nel=0&eid=44748969%2C44750824%2C44765701%2C44777649&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=https%3A%2F%2Fexee.app%2F4gPNMa3e&dlt=1670452824547&idt=2541&dt=1670452829805&ged=ve4_td5_tt2_pd5_la5000_er0.0.0.0_vi0.0.939.1280_vp0_ts1_eb16491
IP
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1802)
Hash 46624564c6644a2e6197530610d89a5a
8a6261bf42144d3294f7dba6c991bfb9fc10117e
b88cf523d48cf229b50232206ac04fd7a9616008f16314a61068fd3396969039
GET /dbm/vast?dbm_c=AKAmf-DyNFwygJnmwcO5YYutk5ymRP2MqwtlIn5jt-gD-C-SemUP0ax-juknRrxJ8W59UHgMBgbPEdEJHtTK6AHtvMyYJ5Zfbw&cry=1&dbm_d=AKAmf-Cy8j1KHWZDAwtS8x-GjqqTizD_SC_rAemsqPpuV70T-XDvKdVDm_qI4tAdM9Mx80W2ZNceyouC9GbCfgXoSftWeZBWfsJmwJQzZUm9g-Lw5fL0lZSCMc-tGGVds3m2A9gnzRkgF7RpNExc7s6BB_jVqRRa9RAvcG7aTAdRYLXFblIMehgBUUbPS5iVkSFTiR_FxgwQ0MEnWdsFTdgWcxdS9v2WruP3gzglGlYMYV-adukpckl-YAJYMQ_ZBgH063cCx1UlBi6tW3Ilq-8BdMnWfBO-UeG7628D10MvGnvdIF_yCbl-BSGlGJ-2V6GprbQsnOOJwmzWDlXcJOVPL1NRN3TDGMKnExzjw7Vafz7AhNeXEGL8aI3JZPUlNWcL9JFCwTKNIbLiQxwXKsgdCmJZFQdm9s9bV6cMYofWkfvziFnbGI58Lww2o92ClznzvvVu0T43wZ4zzVD5RQiBEkuA-sNIQelLJ62QQ-EGIAdRndKBt_JFeOsw1_0vmkQ01TUbROOjXZmdud57fUT_Bd3N2ZLZxAD6xdSC2OmqJ3p3LJ37zpalyU4QaBJwEerST98ztsQXL1bfZAb3T_RoCiqANEgV06YDZ_9Xtn6_2ACLC8Sr7vgypk4asvnGGyXfoVW6LuplvdZp_ER5ETM7aTVsb7ioJhxwoL7kHW0kE7tlOaP7x6R1cUTJJGCNQIhmkX8xElF9N4HDGjRp4x4_YwTxlCD4gbPQwwgymAqreZ-dKXHcifMVJmwccaTWjBuzatTb0XKEiPflhllSsICn9cmIVm1d1FHusDNexpvTKE495Fnby1ZF0aaH39Sd1PGUv0aAw9S0ZRpLw0FYaVAgFCX9QgjFsGwaWRDblkFQWXW_mZWgYbCE7QsjUkVI497SI7Dmf1GaLveV8RKceMDqG0YN5pdpU_TOInZ4ZUu17e4J1Zk_h93bjqeQEbDybYGBWM8wj-2xx5tx0AFobjkuyRrdM91cHz7Ewq_NxQ5fmzy2kpFpbR_jy2d4YS1VG4oVElFhr0PmmFjMOV9zAVCAtsrPolL6P72sxEINtGHf0DKk0B-hvqUZB4_Me0LIi7MFJfte9wN7MbDuoDT2UTiy5xnFyWDC_02rN75-42usIj6XkO_N2c7eNYm4qzkGJeRm9MI_JfjuO4B6t2PCHhKOK2OowDjpLfoQaD0s99cZDcLInasJcD4IL7x41TUFQshQCcyd7h5aYQjiTH4CNpp17hHsyy6WJQ-DePEnI253aKcCoX5ImLxVLRXpT-sQNiLkJGqEJutRQ4Cx1YQ6PhxlYrLFZi92J5K-TyYQpsteThPq639dUHixmznx4_lMWw4k0yoLQELrYjsY77FN3lYoC1Uv85nuOK1OZEjizm2obl4lfEH41hqJ64mHx-Ir2BmtGBPIPOxEgKRL4GXwMbkiwaueCDHdfJicaHcGjtJD8MPFX6iwztQBwUxsT9Ks9Eg614TlLBDP1XyxbNMfGxDM3l5z5AVDzMsOD4Ooam3h88JuaknCsidvca_BY6aYQkNzNlbKrs55xD18irLZuSslukcVeKvHeUffwbrSs8gLNxouG4avgj6KTbAkxszSM0UKL6fv0rSNi7llx0fE1-okzZ8HdIsjB4ft6xCiEIKa-un7wJ_E6fVfHaIVOiy3Wbk_Wzz0qrTRNo-dzE-q7SQSX0GsLBHfknbGMg18S0IkuUaGkKZ6IkKUd5H7slLWbz-99EV8wkT0o-1_C8ilwxomEtrJPP45qdfrb5rlFhev-sJbqXFEXjXMy9ldLiyKjI8RjYfbOj-wbsrhKDr3BD6Axh1W1b2tc8e-F2k2h1PH5aP0r4do88k1hu0MYVn6WX-soZVXeskuyG-Tvy-JJ7RX6KBxocsPH2feLVldRV_8WDycw9yxqpCGh_rK3sY7s4vf8CnYZCCbzWE_nfRVwTML7VrRYptCurc3KFdIJI9sEnEzWkDJZUlZfkhTRQfxDqCB1POAtbfoj8flyPzZAs67oBt5jKMnBE4a6PZgOy-EJ0fkrIVoZtQiprinGfVD1RbqzY0D5Eh4BhSIZtuyHLltIXUhl44RzusUc0Lz_FlaKbrCSYUUbVF0gDw0M3OWeo1r3lRG_Q8StWub8efN6KVsHxNyrqiik0Xo_IpoBPxdjGnGzJ_jIIl87BQiSvuBSoDY4ID7tzbzHjua5W-OqjzXH7tFiJRto2sm2ZC26LXqghi24Y3y_ewEFg2sE9LpaUHoOkX7PKmuuuSA68d6-juxTgReTOs9B3WKXl_EnECgV1diUNfDfnwDICivCZU-1jZst19AY8K-QyhWpL7yX9KUQTomQFgCRTLw6_EV1hUwAzKHGVhArVv47ZM2FAVet4WZwM1IBoVi1bgM62zWxD-A3epWPeGZtPNXsfA5inShPjVQ-6uTbThsMAvJ-2wy8T3fWtXknz-zYqkhYN7Ebmye7CZlh6etXfU4bJYu4rZjO8nDNyBp019mD4tmkQ01ziJXswUzjxN2PVlzskuMgGNJgcAkqiMA5__zEExhlW5gy5zOkXXACkwL4rpGTpWECWtqWgT9UheHRfzo8rRvsONrssa46cs8I8ta0akYsvqG8TX4h1au50bRFO6qAPsRhx2TCDDWyJyApsDQ9NvjlrizrXWz7pXuhcn7JuOTcYemMZ-2iDpMcM7tvFxhSlwoYqR0YCvMKIHMagSmpatAHLxAwZ8i2enx6l9QrD9LtdkTXN0kr0CJB07BEFNkj9SKPrNPcxKk8RgoP1Xgy1i4fkPwwo8t0PVlJPFAHUyL4VDcAdR-iBH_lPrdI5eOJao1LP-CYvBfaDSxgwXs80Z53TyWMYywoLptf6Jo01DqWszj9R1ANq7-VjOdiI1_qPEW-EQMwJ3aBgw9ccQJ0PFxTH9lzIf7Ls9Je6uTkcKnJC8P-RvA8wANOp56_748YkQNvaOUlWB-IJNI6LWew5VJRXRk_LPEz14kdlnWPs-c98Yp57JQXWwFGOCwWw3RTjTN6VzcosKq-mFmmgo_0kl9z7KQazUuBC8i4DioVcK2cZu_mkxRzRDswtXxER9CH87ZE6iSWDN0Bv0MgJMZlBjgedmb9KrZDCgv7aNnQwSQiK-Yts_7hGZvVyjss-4jdsiMCyxtcXdeoSP9gDf-i7OTl4Y-3G9_THuHSCFuvycxnX98NESY_YUB-HBq_A1Kk4-Fk7I5OUfjRUwDBWGFgCLKbYUBmmENeqrij5-ppSxm5C-KMAszjAFBRbVb4WgQWqoLLnB8HPXNiSxOjp_65nSd2f3gviqRsXzo5pRWh7pb58ixtYgKhpgOOGzo0bVqe9fseJQsEQ_VsF35LLZASnhZ--CuxFvTNJfWDO0NPwVZA7E0rCUyYgbQkpxRrm_bcrZrhDCSCgYcOV8jIHY-M7_GuUjhO3CbOUzx1CkfFOZGcrsCKfvhhbn8H5brb6wR3dfIRDP477QE1bkGj-KQ9-_p1ag4Y2obyl6HdJe8R1HW0anQ4mYMmqgFc_f33DUVmhwA1GmJpsjtWyalP7-rW6KY0UWTmDNbB1Ukzq4f7D2ghZapVF3F4G_9VSAZLgYeY8heEii4Prs5qKHymsj_e7doKzrursq9BELE0vAfA1SuZiEPZ7AwAZRYyqtiD7Je56bmVu__lF8Xlgh-D2_bP-rUrJ2ZTnBRLoKgWgzJzB20_FwNnktFDDYga8pZTLX6dn_l4fe8p6UTdAp3URV-lLwfAuPnaJFincEp2w&cid=CAQSPgDq26N99ICBn1mva9msdFyQYaItAQUsR1FSzJyuZWMN7u7iTJQBK_NPzWPtgy3R3l8EpLz3unWCL9l1ULJ2GAEgEw&vpa=click&vpmute=0&sdkv=h.3.548.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.548.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2Ff0a21733-afa1-4c5b-909e-f73136339e80&sid=F9FD4A1A-BDFD-4C34-A23E-DF05F565021F&nel=0&eid=44748969%2C44750824%2C44765701%2C44777649&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=https%3A%2F%2Fexee.app%2F4gPNMa3e&dlt=1670452824547&idt=2541&dt=1670452829805&ged=ve4_td5_tt2_pd5_la5000_er0.0.0.0_vi0.0.939.1280_vp0_ts1_eb16491 HTTP/1.1
Host: bid.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 22:40:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://imasdk.googleapis.com
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4866
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 07-Dec-2022 22:55:30 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6d7737802f93eeb14503d61c77c137bc
fa6861c298d00f879b9f16af4f05470cecfc80af
6b1b9763bcfaeb92a63ad6020651b3745e8279c634eb3505fc9fa875e772af42
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/interaction/?ai=CBak5XhaRY8CNAczl6wTmu5eYDb6hj95t2eSw48EQ_9GivcABEAEgrNaJRmDDhICAmBigAZie46QCyAEKqAMByAMTmAQAqgSPAk_QoQndaNAYE6Uuy3HDi1JLURfvQe37piu-eHJ8yupD0D-9lDU1mcrLu8DgA1q_cm40GwBv52atca9EswQUUgvG29ITmvWBnBxFcxMujCyv10lOXUZkiAqtEsediE8mLBaQYm_T6yFzlDHunYYl-VFipl6GpHEgAYJjIfw9SL42ZYuBTIcHYT4rgnji1-iPKUD88od5txkFjL8pBjrXGsklnyFPUkaHuZcuqCXpV7z8RVATMBFe2W1oHz5xaOW8UPuqyVcIoJzZJnNSl0bVGIoM-3Ta-tBNNVe0zRVigkhyIjhzQzeHc4S0TBX11pvgQpq2vIqlZ8JgeAifvGYk7_-ejYK8g-4MwEot-tFsJpHABKLVg-KWBOAEA5AGAaAGeoAH0OGc2wGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgdMgOqggE6AoBAgAoDyAsB4AsBgAwBsBPajLgR2BMNiBQE2BQB0BUB-BYBgBcB&sigh=IoNhJBxlf84&label=show_ad&sdkv=h.3.548.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2MzgxMzU5MjI0MjFA-QEKbggBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NDQ1NzE0ODEyCTE4MjcyOTUyMUCJAVIzCL8CEAclAADwQSgBOgs0NTkzODE1MTUtMUIER0RCTVAAWhBPTk80VWZOS1cwN3lfRVhfGAE.
200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/interaction/?ai=CBak5XhaRY8CNAczl6wTmu5eYDb6hj95t2eSw48EQ_9GivcABEAEgrNaJRmDDhICAmBigAZie46QCyAEKqAMByAMTmAQAqgSPAk_QoQndaNAYE6Uuy3HDi1JLURfvQe37piu-eHJ8yupD0D-9lDU1mcrLu8DgA1q_cm40GwBv52atca9EswQUUgvG29ITmvWBnBxFcxMujCyv10lOXUZkiAqtEsediE8mLBaQYm_T6yFzlDHunYYl-VFipl6GpHEgAYJjIfw9SL42ZYuBTIcHYT4rgnji1-iPKUD88od5txkFjL8pBjrXGsklnyFPUkaHuZcuqCXpV7z8RVATMBFe2W1oHz5xaOW8UPuqyVcIoJzZJnNSl0bVGIoM-3Ta-tBNNVe0zRVigkhyIjhzQzeHc4S0TBX11pvgQpq2vIqlZ8JgeAifvGYk7_-ejYK8g-4MwEot-tFsJpHABKLVg-KWBOAEA5AGAaAGeoAH0OGc2wGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgdMgOqggE6AoBAgAoDyAsB4AsBgAwBsBPajLgR2BMNiBQE2BQB0BUB-BYBgBcB&sigh=IoNhJBxlf84&label=show_ad&sdkv=h.3.548.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2MzgxMzU5MjI0MjFA-QEKbggBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NDQ1NzE0ODEyCTE4MjcyOTUyMUCJAVIzCL8CEAclAADwQSgBOgs0NTkzODE1MTUtMUIER0RCTVAAWhBPTk80VWZOS1cwN3lfRVhfGAE.
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/interaction/?ai=CBak5XhaRY8CNAczl6wTmu5eYDb6hj95t2eSw48EQ_9GivcABEAEgrNaJRmDDhICAmBigAZie46QCyAEKqAMByAMTmAQAqgSPAk_QoQndaNAYE6Uuy3HDi1JLURfvQe37piu-eHJ8yupD0D-9lDU1mcrLu8DgA1q_cm40GwBv52atca9EswQUUgvG29ITmvWBnBxFcxMujCyv10lOXUZkiAqtEsediE8mLBaQYm_T6yFzlDHunYYl-VFipl6GpHEgAYJjIfw9SL42ZYuBTIcHYT4rgnji1-iPKUD88od5txkFjL8pBjrXGsklnyFPUkaHuZcuqCXpV7z8RVATMBFe2W1oHz5xaOW8UPuqyVcIoJzZJnNSl0bVGIoM-3Ta-tBNNVe0zRVigkhyIjhzQzeHc4S0TBX11pvgQpq2vIqlZ8JgeAifvGYk7_-ejYK8g-4MwEot-tFsJpHABKLVg-KWBOAEA5AGAaAGeoAH0OGc2wGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggSCIjhgBAQARgdMgOqggE6AoBAgAoDyAsB4AsBgAwBsBPajLgR2BMNiBQE2BQB0BUB-BYBgBcB&sigh=IoNhJBxlf84&label=show_ad&sdkv=h.3.548.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2MzgxMzU5MjI0MjFA-QEKbggBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NDQ1NzE0ODEyCTE4MjcyOTUyMUCJAVIzCL8CEAclAADwQSgBOgs0NTkzODE1MTUtMUIER0RCTVAAWhBPTk80VWZOS1cwN3lfRVhfGAE. HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 22:40:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
access-control-allow-origin: *
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 07-Dec-2022 22:55:30 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gcdn.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/id,itag,source,ctier,ip,ipbits,expire/signature/F4B2070B25D477C06E7AADDF93E4942BA756A8.1E3BA2433E7A33B54EAE60E2316297D8E931344D/key/ck2/file/file.mp3?cpn=ONO4UfNKW07y_EX_
302 Found 652 B URL HTTP/2 gcdn.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/id,itag,source,ctier,ip,ipbits,expire/signature/F4B2070B25D477C06E7AADDF93E4942BA756A8.1E3BA2433E7A33B54EAE60E2316297D8E931344D/key/ck2/file/file.mp3?cpn=ONO4UfNKW07y_EX_
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (475), with CRLF, LF line terminators
Hash 5ac775f4427cd4c963fe452c8bea93f6
9d0f0036351b47f5436f9458a85fbbf75b509090
2bb893294ebc6febbf7f7876cf2e212346f1e1c86304f6e0d21aeaf54010a13a
GET /videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/id,itag,source,ctier,ip,ipbits,expire/signature/F4B2070B25D477C06E7AADDF93E4942BA756A8.1E3BA2433E7A33B54EAE60E2316297D8E931344D/key/ck2/file/file.mp3?cpn=ONO4UfNKW07y_EX_ HTTP/1.1
Host: gcdn.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 07 Dec 2022 22:40:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
location: https://r5---sn-5go7ynlk.c.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/07C3DDD8505A517D768DE6C9329FBC0762088B9C.1E58632D231474F9B30E707D88144A3A67817349/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5go7ynlk/ms/onc/mt/1670452623/mv/m/mvi/5/pl/21?cpn=ONO4UfNKW07y_EX_&file=file.mp3
content-type: text/html; charset=UTF-8
server: ClientMapServer
content-length: 652
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2e85bb840dddc518b096b076dc7c7a0c
0df63cdf100b337c786baaa44bd096dd3d89cb94
b12fd81d3812a25c20634c1ea91e3f343f5030a561a4cb30e6348f9565e0b0f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2e85bb840dddc518b096b076dc7c7a0c
0df63cdf100b337c786baaa44bd096dd3d89cb94
b12fd81d3812a25c20634c1ea91e3f343f5030a561a4cb30e6348f9565e0b0f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r5---sn-5go7ynlk.c.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/07C3DDD8505A517D768DE6C9329FBC0762088B9C.1E58632D231474F9B30E707D88144A3A67817349/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5go7ynlk/ms/onc/mt/1670452623/mv/m/mvi/5/pl/21?cpn=ONO4UfNKW07y_EX_&file=file.mp3
206 Partial Content 1.2 MB URL HTTP/1.1 r5---sn-5go7ynlk.c.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/07C3DDD8505A517D768DE6C9329FBC0762088B9C.1E58632D231474F9B30E707D88144A3A67817349/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5go7ynlk/ms/onc/mt/1670452623/mv/m/mvi/5/pl/21?cpn=ONO4UfNKW07y_EX_&file=file.mp3
IP
File type MPEG ADTS, layer III, v1, 320 kbps, 44.1 kHz, Stereo\012- data
Size 1.2 MB (1204766 bytes)
Hash 4f1ca5415b4e51bad24263dc7d382b11
046e74e914f65a9f702c4b166f76f1c1a3940a2a
892ae392d580de00e186369e2fc995d7144385e18474223be3c2ff82fff9512d
GET /videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/07C3DDD8505A517D768DE6C9329FBC0762088B9C.1E58632D231474F9B30E707D88144A3A67817349/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5go7ynlk/ms/onc/mt/1670452623/mv/m/mvi/5/pl/21?cpn=ONO4UfNKW07y_EX_&file=file.mp3 HTTP/1.1
Host: r5---sn-5go7ynlk.c.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Last-Modified: Tue, 29 Nov 2022 14:20:57 GMT
Content-Type: audio/mpeg
Date: Wed, 07 Dec 2022 22:40:30 GMT
Expires: Wed, 07 Dec 2022 22:40:30 GMT
Cache-Control: private, max-age=86400
Content-Range: bytes 0-1204765/1204766
Accept-Ranges: bytes
Content-Length: 1204766
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Vary: Origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
cdn.barscreative1.com/sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html
200 OK 1.9 kB URL HTTP/2 cdn.barscreative1.com/sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html
IP
ASN #39572 DataWeb Global Group B.V.
Hash 1e15b6cc061eb7df8efe7dd9b92542f6
b425f879da2f915ba36bc9816a21e10aef68d3b9
a11999c449c63b645d1994ef83df5db6121ee7f8ce3ef9ad8580045c9ee7ac55
GET /sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:26 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 23 Sep 2021 12:20:22 GMT
etag: W/"614c7106-563"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 07 Dec 2022 23:40:26 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
200 OK 5.3 kB URL HTTP/2 cdntechone.com/stattag.js
IP
File type ASCII text, with very long lines (12932), with no line terminators
Hash cbb6e214960facad30a8870a518c7f0a
64a309886751760b752c6eb0da16a3e146a9d742
4ba85ae943e91a965bb1025fcca16ce9f8aaf5b532f3fcc2b3f60a16dddada17
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:25 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1039
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rrnENCU%2FJA%2BsiMBHBtkaHtOdW8oWdYmPlzHK8aXSdEXOHDp7lKT0OW1rbH2OqEkHceogQtP7RoDX1%2Fli5M3RPJ3bgj%2FTMiOXE1nqdG4nagPev3M%2Fm3nBWwxumKvc12Rhgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7760c34e1d750b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ad.doubleclick.net/ddm/trackimp/N468401.3446421DISPLAY360/B22920954.353495029;dc_trk_aid=544408964;dc_trk_cid=183216483;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
200 OK 42 B URL HTTP/2 ad.doubleclick.net/ddm/trackimp/N468401.3446421DISPLAY360/B22920954.353495029;dc_trk_aid=544408964;dc_trk_cid=183216483;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ddm/trackimp/N468401.3446421DISPLAY360/B22920954.353495029;dc_trk_aid=544408964;dc_trk_cid=183216483;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 22:40:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 07-Dec-2022 22:55:30 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ade.googlesyndication.com/ddm/activity/dc_oe=ChMIo93G3Mno-wIV2UuRBR1r9wrhEAAYACCx9pBXQhMIwLSw3Mno-wIVzPKaCh3m3QXT;met=1;ecn1=1;etm1=0;eid1=200022;
200 OK 42 B URL HTTP/2 ade.googlesyndication.com/ddm/activity/dc_oe=ChMIo93G3Mno-wIV2UuRBR1r9wrhEAAYACCx9pBXQhMIwLSw3Mno-wIVzPKaCh3m3QXT;met=1;ecn1=1;etm1=0;eid1=200022;
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ddm/activity/dc_oe=ChMIo93G3Mno-wIV2UuRBR1r9wrhEAAYACCx9pBXQhMIwLSw3Mno-wIVzPKaCh3m3QXT;met=1;ecn1=1;etm1=0;eid1=200022; HTTP/1.1
Host: ade.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 22:40:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ade.googlesyndication.com/ddm/activity/dc_oe=ChMIo93G3Mno-wIV2UuRBR1r9wrhEAAYACCx9pBXQhMIwLSw3Mno-wIVzPKaCh3m3QXT;met=1;ecn1=1;etm1=0;eid1=200017;
200 OK 42 B URL HTTP/2 ade.googlesyndication.com/ddm/activity/dc_oe=ChMIo93G3Mno-wIV2UuRBR1r9wrhEAAYACCx9pBXQhMIwLSw3Mno-wIVzPKaCh3m3QXT;met=1;ecn1=1;etm1=0;eid1=200017;
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ddm/activity/dc_oe=ChMIo93G3Mno-wIV2UuRBR1r9wrhEAAYACCx9pBXQhMIwLSw3Mno-wIVzPKaCh3m3QXT;met=1;ecn1=1;etm1=0;eid1=200017; HTTP/1.1
Host: ade.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 22:40:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 1 B IP
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 240
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:30 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=elzcFT2%2BsZLzd1%2FA4urrw1w44oNEqBm2uImtDSJJmSeeVUa6eKtvWYAmEPzSgYoxMaVB2utLjFHeuvwhWdvY1HqjSLkgV%2BPx8VUFhwuEDaD8ZdW72sVsx5uHexX466z8kC%2FL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c370bce571e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 43 B IP
Hash 50745986240b73cb0547b0867030feb5
fb268574c28db4bfde68dcea97eb45d5f71cbb5b
9bddfd495eeb03db2e37ff2ea454b04e129e1c0cc649637be4d01692fa95098a
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 236
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:30 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T8s0ru3AwvIBq1phtMou8NbE8J6YNJTA2wIkbKsiAbGikChbucy0vMsuhB5IxkEDr0XXCBR7O21BT%2B1VMPMqZMX6nJSxQv2bBxXXDDebdBkOi6vA9Qip8SIWO20Mq9lD7PFb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c370cce771e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /uploads/videos/16552732563362a977286fb00.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Wed, 07 Dec 2022 22:40:30 GMT
Connection: keep-alive
Expires: Thu, 07 Dec 2023 22:40:30 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
200 OK 1.3 kB URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
IP
Hash e4fa2d0ca2740699f072678c596e61bf
e93ebc97eae0ed2e360d06189cdc6b7fb0eb74cd
52d0c8c1a160dd54f991f9e88520769e0476ba00c6f19d9767ce5d11936f1e0f
GET /uploads/videos/16552732563362a977286fb00.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 07 Dec 2022 22:40:31 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Fri, 29 Jul 2022 23:17:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e46a6c-25b6"
Expires: Thu, 07 Dec 2023 22:40:31 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /uploads/videos/16552732563362a977286fb00.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Wed, 07 Dec 2022 22:40:31 GMT
Connection: keep-alive
Expires: Thu, 07 Dec 2023 22:40:31 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 38ab64c8d5e963bd13caddb191950d94
b2aeb62771557e894a0c7a8e4e46dc13cc4c7f84
d1d95cac0816e3a1ed1fdc7e944029c805cd863e658ba87338436cd66d969cca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 22:40:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
csi.gstatic.com/csi?v=2&s=ima&puid=1~lbe8heie&c=4458811930805&slotId=2229405965402.5&qqid=CMC0sNzJ6PsCFczymgod5t0F0w&gqid=XRaRY5GzPJjn6gTGp4fQCA&fb=ima_html5-lima&sdkv=h.3.548.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44750824%2C44765701%2C44777649&wta=1&vmfc=3&vhc=0&ccc=1&ccrh=0&ccri=0&ccrs=1&ccru=0&ccrhc=false
204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&puid=1~lbe8heie&c=4458811930805&slotId=2229405965402.5&qqid=CMC0sNzJ6PsCFczymgod5t0F0w&gqid=XRaRY5GzPJjn6gTGp4fQCA&fb=ima_html5-lima&sdkv=h.3.548.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44750824%2C44765701%2C44777649&wta=1&vmfc=3&vhc=0&ccc=1&ccrh=0&ccri=0&ccrs=1&ccru=0&ccrhc=false
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&puid=1~lbe8heie&c=4458811930805&slotId=2229405965402.5&qqid=CMC0sNzJ6PsCFczymgod5t0F0w&gqid=XRaRY5GzPJjn6gTGp4fQCA&fb=ima_html5-lima&sdkv=h.3.548.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44750824%2C44765701%2C44777649&wta=1&vmfc=3&vhc=0&ccc=1&ccrh=0&ccri=0&ccrs=1&ccru=0&ccrhc=false HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Wed, 07 Dec 2022 22:40:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lbe8hdxb&c=4458811930805&slotId=2229405965402.5&eee=missing-element&bi=missing-id
204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lbe8hdxb&c=4458811930805&slotId=2229405965402.5&eee=missing-element&bi=missing-id
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&top=1&puid=1~lbe8hdxb&c=4458811930805&slotId=2229405965402.5&eee=missing-element&bi=missing-id HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Wed, 07 Dec 2022 22:40:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 473 B IP
Hash 70c80b8404f4a8073dce3bc654fd956f
6f7dbdc0f53bf49d229e77bd9ce907b9385d8877
7cb78060bd3ab0ebfffd8dace9bf7f40607da86cd40e227dc839b3e599658fbb
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 185
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:30 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WUHZ3jkhkAc3y4ImRRKftsf%2FvPtKUlH1xBIUUprvKIObUwJlCp2xDkGMtfEO23HIxx9pA6R8sdK42R8zRXp04UphDSX6iTlrM%2FSGwl2biGLJJJ7a9YVk0kkN0WOoyxnrXdaU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c370fd4571e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
206 Partial Content 259 kB URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
IP
Size 259 kB (258688 bytes)
Hash 83788bd4cc603c61f79c652266ad1647
71e8aee6ef1aa1b667796c87d267187a7b3a136f
565960ae5ab4cb3ddd2eb5f29e1be7eba68ef345f09fca29b40bb6b248334ef4
GET /uploads/videos/16552732563362a977286fb00.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-258687
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.20.1
Date: Wed, 07 Dec 2022 22:40:31 GMT
Content-Type: video/mp2t
Content-Length: 258688
Last-Modified: Fri, 29 Jul 2022 23:17:00 GMT
Connection: keep-alive
ETag: "62e46a6c-17b6408"
Expires: Thu, 07 Dec 2023 22:40:31 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-258687/24863752
exe.io/4gPNMa3e
302 Found 0 B IP
GET /4gPNMa3e HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Wed, 07 Dec 2022 22:40:24 GMT
content-type: text/html; charset=UTF-8
location: https://exee.app/4gPNMa3e
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=bff5c6c309d6dd145d28cd2878400b69; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ajo8Rlsph79bclVSdyWjXpju3WiTTYPwupkwA8b1qfjEvbAhK6DCcaZxXHtucDB2nFTP25%2F2Kt9Ga11PUiT6oej%2B0KpXhLvdPwCbrvEy8GnkSMGCrhblg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c348eb2eb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:25 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3189
last-modified: Wed, 07 Dec 2022 21:47:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lMG64vUWQC0cnKvuw0L365CmD96i%2BQVdUMzwY8lT1Xt5x%2Fa0CviQbbC5DaeJ5Td7n9ddap2kYYYFHCJx%2F%2FTLkQg6Da93Cm1S%2F6AL5v%2FO2hT1Hpkn8gLaeR5Ixbb7Idm6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7760c34f3c1223cf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 0 B IP
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 195
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:30 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jWjIXTheg27jHGZ0PQhTlmU74B17lYczZSdinV0r7GWuNp9WxIRmIxzaFeqNjeZF3HWiKqsYmAA06L4F%2FROPy5h0MGg1KnTw5DFANLYQpgNnPkKNHBHlfEUemg3NnoHW9qji"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c3710d5b71e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 0 B IP
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 187
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:30 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WnKn0cX645xKNfG%2FPpuHmLW3WeNWuEkA2VKvkQgNyovRZa2UUjaU%2FftY4x581OS6zvrzXptwT9Vxa3GUj2gfZPg1NoghzHG7YO6jPaXAH30g2lhn6j5ZInacT3xDF4%2FVIO0N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c3711d6771e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/animate.css
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/animate.css
IP
GET /sb/ssp/sweep/social-box/white-small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:26 GMT
content-type: text/css
last-modified: Tue, 21 Sep 2021 12:02:02 GMT
etag: W/"6149c9ba-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1416769
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WEzxKOJofo8zRfqxWNvaf9HuGrU%2BZFXHt2ID63JVUxmCh3RNrLJE7U%2FVYjGbfuZNB92dtt53p4uDdCw90CQRWoI7MdH3buK86hdiiMi6fHoClt8eZ79fbQl5EawTm0I6LpvMtuBwMUsa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7760c357d898718c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.vdo.ai/core/v-exee-app/vdo.ai.js
200 OK 0 B URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:25 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
vdo-server: Tag2
cache-control: public, max-age=1800
x-varnish: 7655585 4132269
via: 1.1 varnish-v4
x-cache: HIT
cf-cache-status: EXPIRED
last-modified: Wed, 07 Dec 2022 22:40:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z1ksEDHh8RbuJWzDqP0h3o413ehKtJdyeAgq6r0WO53sATuyY2mzXzbpXX4WkqB96S3ZZfykPfYzi7zx%2BPztXdWLopYx6APvntSm1C%2FRzSAEhluYxSrFWPFXeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7760c34eae8076d1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 22:40:25 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 8349578ba4ab1c85752efe5b0983a4f5
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 07 Dec 2022 22:40:25 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F8E5wydLNxTK%2BC%2F%2FcZz9JQZd84MHAhQEpqdb29UtOwrbsLmmi72F%2Fw9rb1r1Mc3IihhfuloVR9gO9wrjNlzyto87JTCJqTMmxSz58jxUa5JlwnkT5GuWdC%2BGVUxlLdalnvy4NsU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7760c3513e20772b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
104.26.3.103
23.33.119.27
104.21.48.127
23.109.87.55
52.28.211.11
139.45.195.253
15.235.42.79
188.114.97.1
31.13.72.36