Overview

URLexe.io/p6VLL
IP 104.26.3.103 (United States)
ASN#13335 CLOUDFLARENET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-29 23:03:23 UTC
StatusLoading report..
IDS alerts0
Blocklist alert13
urlquery alerts No alerts detected
Tags None

Domain Summary (43)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
fonts.gstatic.com (3) 0 2014-09-09 00:40:21 UTC 2022-11-29 07:36:52 UTC 216.58.207.227 Domain (gstatic.com) ranked at: 540
arthwhilearthu.com (5) 0 No data No data 54.230.111.68 Unknown ranking
cutopporting.com (3) 0 2022-11-23 08:42:19 UTC 2022-11-23 08:42:19 UTC 104.21.33.48 Unknown ranking
a.vdo.ai (1) 17809 2019-02-11 15:02:32 UTC 2022-11-29 08:51:43 UTC 172.64.104.3
fightingcowardlycoffin.com (1) 0 2022-09-14 14:27:40 UTC 2022-11-29 05:54:31 UTC 192.243.59.12 Unknown ranking
simplewebanalysis.com (1) 0 2022-02-25 04:06:25 UTC 2022-11-29 09:16:46 UTC 18.185.190.54 Unknown ranking
cdn.creative-bars1.com (4) 0 2022-11-15 16:46:22 UTC 2022-11-29 10:19:54 UTC 172.64.109.13 Unknown ranking
h5.vdo.ai (5) 113541 2022-02-15 16:27:53 UTC 2022-11-29 08:51:44 UTC 51.79.81.36
ocsp.digicert.com (7) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
ocsp.pki.goog (14) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.131
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-29 06:48:06 UTC 142.250.74.168
pogothere.xyz (2) 0 2022-09-04 19:11:25 UTC 2022-11-29 05:54:31 UTC 172.64.198.35 Unknown ranking
ocsp.sectigo.com (1) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 104.18.32.68
ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.88
targeting.vdo.ai (1) 19496 2020-07-02 15:38:05 UTC 2022-11-29 08:51:43 UTC 172.64.105.3
s0.2mdn.net (1) 263 2013-05-06 20:30:03 UTC 2022-11-29 05:52:08 UTC 142.250.74.70
unseenreport.com (1) 0 2022-03-30 14:33:17 UTC 2022-11-29 10:19:56 UTC 192.243.59.20 Unknown ranking
cdntechone.com (1) 64371 2021-12-24 17:09:58 UTC 2022-11-29 07:52:28 UTC 104.21.29.183
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 35.160.184.41
d1p7gp5w97u7t7.cloudfront.net (3) 0 No data No data 54.230.245.133 Unknown ranking
imasdk.googleapis.com (1) 11661 2014-10-30 17:42:18 UTC 2022-11-29 08:03:16 UTC 142.250.74.74
pagead2.googlesyndication.com (1) 101 2021-02-20 15:52:05 UTC 2022-11-29 09:51:17 UTC 142.250.74.98
ocsp.godaddy.com (3) 698 2012-05-20 19:28:57 UTC 2020-05-02 20:58:10 UTC 192.124.249.23
accounts.google.com (3) 81 2016-09-05 09:39:47 UTC 2022-11-29 06:55:08 UTC 142.250.74.77
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-29 09:35:58 UTC 142.250.74.106
e1.o.lencr.org (12) 6159 No data No data 23.36.77.32
www.youtube.com (1) 90 2013-05-30 23:21:49 UTC 2020-03-26 16:38:49 UTC 172.217.21.174
friendshipmale.com (1) 0 2022-10-21 12:15:25 UTC 2022-11-29 09:16:46 UTC 172.64.203.23 Unknown ranking
www.facebook.com (1) 99 2012-05-21 00:23:41 UTC 2021-06-08 06:38:51 UTC 31.13.72.36
exe.io (2) 154401 2019-05-30 18:07:26 UTC 2022-11-29 19:06:28 UTC 104.26.3.103
r3.o.lencr.org (11) 344 No data No data 23.36.76.226
exee.app (1) 0 2019-07-21 16:04:03 UTC 2022-11-29 19:06:32 UTC 172.67.151.153 Unknown ranking
analytics.vdo.ai (6) 16723 2020-07-13 14:10:23 UTC 2022-11-29 08:51:43 UTC 172.64.105.3
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
adservice.google.com (1) 76 2021-02-20 16:10:48 UTC 2022-11-29 09:56:39 UTC 172.217.21.162
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-29 05:48:55 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-29 05:51:44 UTC 34.117.237.239
datatechone.com (1) 0 2015-06-17 13:52:19 UTC 2022-11-29 09:38:37 UTC 139.45.195.253 Unknown ranking
www.google-analytics.com (3) 40 2012-10-03 01:04:21 UTC 2022-11-29 08:33:49 UTC 142.250.74.46
integrityprinciplesthorough.com (8) 0 2022-11-11 10:44:19 UTC 2022-11-29 10:10:36 UTC 192.243.59.12 Unknown ranking
cdn.yourwebbars.com (1) 62037 2021-02-15 20:26:53 UTC 2022-11-29 05:54:33 UTC 104.26.6.19
exe.io (2) 154401 2019-05-30 18:07:26 UTC 2022-11-29 19:06:28 UTC 104.26.2.103

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-29 2 integrityprinciplesthorough.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWhcVRi9L40b3 (...) Malware
2022-11-29 2 integrityprinciplesthorough.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRit3qwX (...) Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-29 2 datatechone.com Sinkholed
2022-11-29 2 fightingcowardlycoffin.com Sinkholed
2022-11-29 2 integrityprinciplesthorough.com Sinkholed
2022-11-29 2 integrityprinciplesthorough.com Sinkholed
2022-11-29 2 integrityprinciplesthorough.com Sinkholed
2022-11-29 2 integrityprinciplesthorough.com Sinkholed
2022-11-29 2 integrityprinciplesthorough.com Sinkholed
2022-11-29 2 integrityprinciplesthorough.com Sinkholed
2022-11-29 2 integrityprinciplesthorough.com Sinkholed
2022-11-29 2 integrityprinciplesthorough.com Sinkholed
2022-11-29 2 unseenreport.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 104.26.3.103
Date UQ / IDS / BL URL IP
2022-12-24 05:17:50 +0000 0 - 0 - 4 exe.io/Oh8FyIY 104.26.3.103
2022-12-24 00:48:46 +0000 0 - 0 - 4 exe.io/fabfil 104.26.3.103
2022-12-19 13:39:56 +0000 0 - 0 - 2 exe.io/st?api=8d305a8264758f0ceb0d4485ab2059f (...) 104.26.3.103
2022-12-19 07:12:48 +0000 0 - 0 - 1 exe.io/tYKILP 104.26.3.103
2022-12-11 22:12:02 +0000 0 - 0 - 15 exe.io/adrifenice 104.26.3.103


Last 5 reports on ASN: CLOUDFLARENET
Date UQ / IDS / BL URL IP
2023-02-05 04:19:35 +0000 0 - 3 - 0 grabify.world/image.php?id=DXHOR7.zip 172.67.161.186
2023-02-05 04:19:26 +0000 0 - 1 - 0 grabify.link/image.php?id=DXHOR7.zip 104.26.9.202
2023-02-05 04:12:23 +0000 0 - 6 - 0 88330.top/ 172.67.131.151
2023-02-05 04:11:56 +0000 0 - 2 - 1 strucicelollypot.top/ 104.21.4.113
2023-02-05 04:11:45 +0000 0 - 0 - 1 kektds.com/4kqbbHcw 188.114.97.1


Last 5 reports on domain: exe.io
Date UQ / IDS / BL URL IP
2023-02-04 20:53:22 +0000 0 - 0 - 4 exe.io/CdsgoZnx 104.21.84.66
2023-02-04 00:22:29 +0000 0 - 0 - 5 exe.io/st?api=f7c1724294337686fddc64d196d06fb (...) 188.114.97.1
2023-02-02 17:14:56 +0000 0 - 0 - 5 exe.io/st?api=f7c1724294337686fddc64d196d06fb (...) 188.114.96.1
2023-02-02 17:14:07 +0000 0 - 0 - 5 exe.io/st?api=f7c1724294337686fddc64d196d06fb (...) 188.114.97.1
2023-02-02 10:28:18 +0000 0 - 0 - 5 exe.io/lBzWJ 172.67.187.171


Last 2 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-11-29 21:28:16 +0000 0 - 0 - 13 exe.io/Mmq6v 172.67.71.40
2022-11-28 14:14:48 +0000 0 - 0 - 10 exee.app/539sTrKk 104.21.48.127

JavaScript

Executed Scripts (33)

Executed Evals (0)

Executed Writes (1)
#1 JavaScript::Write (size: 437) - SHA256: 909dc6805c810e1fe78a0a8362f1b1ff9a1368bdaeaf9974449ecb048dbd8764
< script src = https: //pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js></script>
    < script >
    window.addEventListener('message', function(e) {
        if (e.data.type === 'innerBridgeIframeLoaded') {
            window.frameElement.parentElement
                .querySelector('#goog_1889773859').contentWindow
                .postMessage({
                    type: 'omidIframeLoaded'
                }, '*');
        }
    }); < /script>


HTTP Transactions (125)


Request Response
                                        
                                            GET /p6VLL HTTP/1.1 
Host: exe.io
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         104.26.3.103
HTTP/1.1 301 Moved Permanently
                                        
Date: Tue, 29 Nov 2022 23:03:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 30 Nov 2022 00:03:12 GMT
Location: https://exe.io/p6VLL
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RpyxWHu%2FnZX1SUuc1y15ZVrV3imXEDeCIPj7AkowoJVano%2F5XsuFqaoWJJHzCs7%2B6BgQ1VE95j5thTJKX08LSfasb8Yvc81W0SVH3Qx8C0mCV2rsXrXrsA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771ef9adacda1bfa-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4472
Expires: Wed, 30 Nov 2022 00:17:44 GMT
Date: Tue, 29 Nov 2022 23:03:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6572
Expires: Wed, 30 Nov 2022 00:52:44 GMT
Date: Tue, 29 Nov 2022 23:03:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Accept-Ranges: bytes
Age: 5473
Date: Tue, 29 Nov 2022 23:03:12 GMT
Etag: "638651c5-37"
Last-Modified: Tue, 29 Nov 2022 18:39:01 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 55


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   55
Md5:    9f073354411bbaf7a319b1519f10b4b7
Sha1:   571498f38548829bf186f49f5be9d5fa6e689a68
Sha256: 4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 4Q9HDc8N0iHCfkztzx/mGnAHgliB1c455T/g4aMz7JwcAH92kJFmvwAH/n1G7NIstBsBAuwCp7E=
x-amz-request-id: 4SRZDMGZ83GS8ZAA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 22:45:38 GMT
age: 1054
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Accept-Ranges: bytes
Age: 4904
Cache-Control: public, max-age=1209600
Date: Tue, 29 Nov 2022 23:03:12 GMT
Etag: "63866bb2-37"
Last-Modified: Tue, 29 Nov 2022 20:29:38 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 55


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   55
Md5:    9f073354411bbaf7a319b1519f10b4b7
Sha1:   571498f38548829bf186f49f5be9d5fa6e689a68
Sha256: 4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 22:19:38 GMT
cache-control: public,max-age=3600
age: 2614
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 29 Nov 2022 23:03:12 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Accept-Ranges: bytes
Age: 4904
Cache-Control: public, max-age=1209600
Date: Tue, 29 Nov 2022 23:03:12 GMT
Etag: "63866bb2-37"
Last-Modified: Tue, 29 Nov 2022 20:29:38 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 55


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   55
Md5:    9f073354411bbaf7a319b1519f10b4b7
Sha1:   571498f38548829bf186f49f5be9d5fa6e689a68
Sha256: 4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "66A647639CF87ED0633D0A9B58779E5989A2AED1881804DCEB3CF97C11459824"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1864
Expires: Tue, 29 Nov 2022 23:34:16 GMT
Date: Tue, 29 Nov 2022 23:03:12 GMT
Connection: keep-alive

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 22:11:13 GMT
cache-control: public,max-age=3600
age: 3119
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "66A647639CF87ED0633D0A9B58779E5989A2AED1881804DCEB3CF97C11459824"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6940
Expires: Wed, 30 Nov 2022 00:58:52 GMT
Date: Tue, 29 Nov 2022 23:03:12 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Accept-Ranges: bytes
Age: 3467
Cache-Control: public, max-age=1209600
Date: Tue, 29 Nov 2022 23:03:13 GMT
Etag: "63866b88-37"
Last-Modified: Tue, 29 Nov 2022 20:28:56 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 55


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   55
Md5:    9f073354411bbaf7a319b1519f10b4b7
Sha1:   571498f38548829bf186f49f5be9d5fa6e689a68
Sha256: 4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
                                        
                                            GET /gtag/js?id=UA-135952122-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 29 Nov 2022 23:03:13 GMT
expires: Tue, 29 Nov 2022 23:03:13 GMT
cache-control: private, max-age=900
last-modified: Tue, 29 Nov 2022 22:20:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43611
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1921)
Size:   43611
Md5:    cc2f7f6ec7c7313950b86639f651d031
Sha1:   9335983fa4f104e9fd000f2a76f3a22b9ffe4d65
Sha256: 847199c108459d30c1d18f0fc863bfa5712fc2672c7fad2644986e30200c2b5c
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "EC1DACE4E9720C35CDAECC0B552C805852D307EEDBD02C06E9F3642FACD4B3D3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13386
Expires: Wed, 30 Nov 2022 02:46:19 GMT
Date: Tue, 29 Nov 2022 23:03:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C0F44122D6220549A46A1F1743A19D90FB8347FC07FA8877F05D6D19A917DB7E"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11477
Expires: Wed, 30 Nov 2022 02:14:30 GMT
Date: Tue, 29 Nov 2022 23:03:13 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "EC1DACE4E9720C35CDAECC0B552C805852D307EEDBD02C06E9F3642FACD4B3D3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13386
Expires: Wed, 30 Nov 2022 02:46:19 GMT
Date: Tue, 29 Nov 2022 23:03:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Accept-Ranges: bytes
Age: 3763
Cache-Control: public, max-age=1209600
Date: Tue, 29 Nov 2022 23:03:13 GMT
Etag: "63866b9a-37"
Last-Modified: Tue, 29 Nov 2022 20:29:14 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 55


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   55
Md5:    9f073354411bbaf7a319b1519f10b4b7
Sha1:   571498f38548829bf186f49f5be9d5fa6e689a68
Sha256: 4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
                                        
                                            GET /p6VLL HTTP/1.1 
Host: exee.app
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         172.67.151.153
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Tue, 29 Nov 2022 23:03:12 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=ffe37681b63d12fbda5bf592033b354b; path=/; HttpOnly csrfToken=a39ea08888e697d00d0053466d7b6b0857233d55103d3cda5cf310191cf772f06563d15476d9abe7a55925aeb5011442666a57fe457b0cabe78f31097660535d; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aG7LUh1n0TYjiEkZ3TdmB5%2B6ttmcBBjJvsjv8OKcLN%2Fp79P6dIPHUMK%2BAvT9atchEy%2Br2iK9S4ocq6l58VhyZY5CT6oWa47Ymvwz78TJMWbKNbqCQrdICr71eg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ef9b0ca5ab511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61750)
Size:   167981
Md5:    085b3f44f5c544349fbadaa474e35b9b
Sha1:   27316a1f65095074cd7b28252c69a5c6ffc70a4b
Sha256: 40c92eb88009065065259902cdd9b381d5a7a28bbe9596ea888cab00522d5f6b
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "FDCED6C4D035E8F40E719AAA50EB9AD071C404E78F71F99A3C2E7BF886283C91"
Last-Modified: Tue, 29 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3863
Expires: Wed, 30 Nov 2022 00:07:36 GMT
Date: Tue, 29 Nov 2022 23:03:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "F72A564BA72DCCD6B3B12D077276ED88CF244D8439C1980EECEFEF9C2948BAEC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6365
Expires: Wed, 30 Nov 2022 00:49:18 GMT
Date: Tue, 29 Nov 2022 23:03:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "F72A564BA72DCCD6B3B12D077276ED88CF244D8439C1980EECEFEF9C2948BAEC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6365
Expires: Wed, 30 Nov 2022 00:49:18 GMT
Date: Tue, 29 Nov 2022 23:03:13 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:52:41 GMT
expires: Tue, 28 Nov 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 101432
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size:   44856
Md5:    565ce506190ad3af920b40baf1794cec
Sha1:   ad3cba5d06100e09449a864d3b5e58403b478b3d
Sha256: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
                                        
                                            GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:56:05 GMT
expires: Tue, 28 Nov 2023 18:56:05 GMT
cache-control: public, max-age=31536000
age: 101228
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Size:   17820
Md5:    3d5107abaf7bf4df5478bd04625c0929
Sha1:   b04d394caabf6ea3e500b74781dc2bfd54f3c18d
Sha256: 9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
                                        
                                            GET /utx?cb=rx69SXGmJpKT&top=exee.app&tid=822524 HTTP/1.1 
Host: arthwhilearthu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.68
HTTP/2 204 No Content
                                        
date: Tue, 29 Nov 2022 23:03:13 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 29 Nov 2022 23:04:13 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: keL9UXT2S8CurqQKk2aLUxl7tCSqjrzn7brMb2joWizCzYtTfh6Eag==
X-Firefox-Spdy: h2

                                        
                                            GET /RDR1S2MlVhYmXCUJF20WNlhIblECEUcNB3VEQiwTcUNMfBZzQEJlAChbAC8FNlsbP00qUQFuUQJRJyYTDmEPEg8GZxZ6IBB9MQc0cHsRDQt8bSQBBAVwGnM0AG4tCQkGADQ8EAFzRH9QCVMjejIuQzovJAllPiwQKno0PwQATRY8IHdQOAAnIGEQelYyfkUSEwVsJDo7PQQRBCACdT48EC9QIAYNEk0kczcHDDIBNw1gEQgbfFIkEQkTfBl8MhcMMAc3PHY7HlpzbUQsGhAHASEhd24wLjsdcjcOWnNtRQ4VBnxMJSZ3YRopJAFzJScbfVASHiYQB1g/CRZwNxsGLH09Lw99WiwzWi5jPSBTEU0gCSkqbTAKJSwBLCw5dmNGJwoBBycqLz5EMAIUM1k+My10eD0jCQUGHSoBPW05LxRiXgYkDTQJOigtAVU4Aws1bDk HTTP/1.1 
Host: arthwhilearthu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.68
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1195
date: Tue, 29 Nov 2022 23:03:13 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IB6G1kd-KU-umJmtsghxSneyFJ2LPD3dxmYVCmnWOJ6rlV_k0UWBPg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3040), with no line terminators
Size:   1195
Md5:    3361f990b9d3a792d6bf3f7b40ce8b9b
Sha1:   a57b8c9406d12007909bfc67525574a1aa92f742
Sha256: 02b73845c733c310b6fd83150117fe3fe1c17019f08a3819ca94dfe845df16fa
                                        
                                            GET /utx?cb=jtLLyNXmgpRr&top=exee.app&tid=889494 HTTP/1.1 
Host: arthwhilearthu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.68
HTTP/2 204 No Content
                                        
date: Tue, 29 Nov 2022 23:03:13 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 29 Nov 2022 23:04:13 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: y9DmoJn-FXBRKAz1qe6rBWf__dtUBnb5wQAnp3BIDP1vc-HhWbB2OA==
X-Firefox-Spdy: h2

                                        
                                            GET /WkV2T3c7JxUiSDt4FGkCKClLakUcYEQJE2s1QSgHbzJPeAJtMUFhFDYqAysRKCoYO1k0IAJqRRx8IiEtHhExCgMdFkY+LzAqEAVEHB8SJE5pISAZGBIBNyUzIHA6ACYXDT4bNjcNNCREHB0VLiEbFEMVIz0nPSQDICQRfwEdBiQ3JSM2LwY/HBQXDRQ0CRo3QQ8BFXczMxM6AB4PDjkeFCIKETgBHXcjejYSCBQDMwMMPycYMyQgAj4Ld0d3JRI9MS4NKQw/DT4pCg4FBQgNOyYxDTEzLERrFy8KLTcjDwEFCA07eDQZBzcrRTYWMgk5IiM0I0MLKFsVUmgDP30DHyYMey87dSMMEQwDQRg/FCkkBw8dDzUkNBAXGiIRMyFOHRkQfSMXTh0mGyMjPC03Pic9FBkIIy41IzgfEiZFIyc8KTd9FAwEUCUENSsGcg0VIyUJEgo9DyxDDHA8AA HTTP/1.1 
Host: arthwhilearthu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.68
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1200
date: Tue, 29 Nov 2022 23:03:13 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: CKQHjdiVOwoTQBxeaEg3t8d0VGVvedG6bE9sNpiaGw8wRd6oA1pmSw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Size:   1200
Md5:    1e321510493c4e9ab104c62a77836393
Sha1:   a8bb37ea9add263b9e3c63764939ee01f973d313
Sha256: 3f47b6241dcce7bf2e331df6f9c32337f9efcfdcbb692f7450b209d68fc2904f
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /SDU3MFApV1RdbykIVRYlOlkKFWIOEAV2NHlFAFcgfUIOByV/QQAeMyRaQlQ2OlpZRH4mUEMVYg5aY3Y4H1cHQyYGT1B6NAxST308Ak9SdyQjYm9AIQVcYnEaHE1bYBJxDXB0NCF7Zl89Llx+Zhx7c1hTEQVEflppOmZkBDkHB0NVMhsFD34WAhAFdjEhBQRlORFfflpoDH9OAWkSdlsVYgpsWlgqEG1DWxwyDXV8KQVDfWUgfVNzaTkbW1sIMR9vdVViJEdxdSB9U3QIdXpzdmhhfFNgZSQqWwJfHCRZEgIWKWJEZQMmWQ97OQp+UnFhOG9bQDwufXFKCBBGRWAEZWByehckRHJ2YX9TYFg9EFtDCTYfZ1F8Ax1Eekc7I3t/ATsDbUcIMhBdUVIEJFltR3YiRlheIHVfRwcEJwFtcTo HTTP/1.1 
Host: arthwhilearthu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.68
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1169
date: Tue, 29 Nov 2022 23:03:13 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cxE3WN0ARMMQ4NFOJP8W0nT8L-LBGxsD1ur4doK073w6-onkRPeKeA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3014), with no line terminators
Size:   1169
Md5:    30e1f7dc68310704da81db699d5859c1
Sha1:   a229158c7f0805c9946c8ac606ee98b0d0efa149
Sha256: 71f6fd384337d62a8c64d773ae26a17d2d55a6b3e8aa4a6518ddad425552978d
                                        
                                            GET /N2g5azUYV1oYCFICbz94fzJ2KWJUKms+RnoJXil6ZB9vBXZyLR8fXFNVAV8GBV4ITUVeDARaDREbTQpBQhsEWhNeBl8ECBEeBFobB0YLRQcRHQRaE0MYWAwIBk5JH0FbVQhdAw5fD1kMDloLUwM HTTP/1.1 
Host: cutopporting.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.21.33.48
HTTP/2 204 No Content
                                        
date: Tue, 29 Nov 2022 23:03:13 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mYrA1SIKS3MRxrQYzhvMSy8lao%2FclTe3Xi6wM3AHIjMRhZtttPRJze49hOeU%2F6FygxSqmJ%2FkIr5haKCGJKdlGzuN%2F6h71s3k1G5keZqXgqy4DQTcp1JAfnUU4%2BNmmvyuN2rA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ef9b42fedb4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /VFJjMm17bQBBUBo/Nkg7EBMgZAogOSFFVAYTNGspFhQUcDQzH0VGBDBvWwBfYWBXFB09Nl4DSycmAkYYJ29SFAQ6NAwPSyJvUhxeYHxQA0NldBYPXHImE1MKaWNFQhkgPl4DW2JrVARfbWtRAF5m HTTP/1.1 
Host: cutopporting.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.33.48
HTTP/2 204 No Content
                                        
date: Tue, 29 Nov 2022 23:03:13 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=azXz9TJr9kQYNVLlPXCCsGr%2BzZ3BTm%2Bzz7qYiMr8H%2FV2iJEgCkOFR7%2FzvKFElE%2Fdq7101Sr6%2Be2Svl2PmI9IbR8ifUQ9ZlPemeoFlq%2FI5o46Rq8o60EDqhja1R%2BmB3FG3hl%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ef9b42fe6b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /cjZxcjldCRIBBCtYKzpqOnQiI1dHAiAkfzNSQgZxJwY3VwswUDQ7HwZfFU8BSg9FSw1URhgWBEMQAgZYBkMCTwhUXx8UVk8QB08IXAVFXApDGEBUTE8HVwZJE1FMQx8CQgUeBEMAR0sORARISwtAAUA HTTP/1.1 
Host: cutopporting.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.33.48
HTTP/2 204 No Content
                                        
date: Tue, 29 Nov 2022 23:03:13 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B9C86dSA0Zj7RrAJxPpToHP09%2F2J8lRKj2%2BaDd1KvBJW2qlZcX874RKZOJseW92xp73mn0VoqeH67vEgGx7NUlBhgn9PJteiwPVDKPYxXq1Q%2FiVe2OSmGlk9UKJZK2SUp9Xn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ef9b44819b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "FDCED6C4D035E8F40E719AAA50EB9AD071C404E78F71F99A3C2E7BF886283C91"
Last-Modified: Tue, 29 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3863
Expires: Wed, 30 Nov 2022 00:07:36 GMT
Date: Tue, 29 Nov 2022 23:03:13 GMT
Connection: keep-alive

                                        
                                            GET /asd100.bin HTTP/1.1 
Host: pogothere.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.198.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
date: Tue, 29 Nov 2022 23:03:13 GMT
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3650
last-modified: Tue, 29 Nov 2022 22:02:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NljPpp0RL4vJKK7REew7Gcdud%2BpUqR5q0V%2BpXDZmUwUIsmsXVuCpxOjSjL2%2FNIi0%2FyaQR4EX5jrEM98ULFNmsiRS5AoDJYG3EXzRQrKObXSKEWcSbfBshMWuxRoQ9QZS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771ef9b48906745b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   102745
Md5:    e8d3fd2de4c7c13e3f148258d2ca09a2
Sha1:   5266fb12839c3fdfe6a9ffd128038d47b9c960c5
Sha256: bd59db55250e1e87cd0a508ed3d732395d0bdff366d637cbd148919149f413f8
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JXXtF2Sn7O/4TMxv5XcX5Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         35.160.184.41
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vcw5YgUq4j0eFG539OZtdwCdcA0=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6917AEDC9D16CC4DEA35ED5FFFFF8A28BF5E75118F7444F350076773B58E9B4E"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9175
Expires: Wed, 30 Nov 2022 01:36:08 GMT
Date: Tue, 29 Nov 2022 23:03:13 GMT
Connection: keep-alive

                                        
                                            GET /core/v-exee-app/vdo.ai.js HTTP/1.1 
Host: a.vdo.ai
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.64.104.3
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
                                        
date: Tue, 29 Nov 2022 23:03:13 GMT
vary: Accept-Encoding
vdo-server: Tag2
cache-control: public, max-age=1800
x-varnish: 76737572 3361537
via: 1.1 varnish-v4
x-cache: HIT
cf-cache-status: EXPIRED
last-modified: Tue, 29 Nov 2022 23:02:48 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eiX3hj8mKEsS5MrrR4glW2LJSJIeU8pqRVMm%2FibgYv%2BH5WL0CD%2BpFWj8AdsKvi%2BrOFBfiylFRBtn4K3RhXagxqSCVBMNzIvBthbUYpmDUKp7j1iU5hyQvCe%2Fig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ef9b40ecb76c3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (8481)
Size:   4503
Md5:    e0f41486b75db420e984c33276c9ec1e
Sha1:   3b6fcee0cc651ed77cb5322e7c09b83d831bcee2
Sha256: e5e9972b2274e668ab6bd21cdef1ea9a392ba5e089c17eeb529e9f46b5e89e39
                                        
                                            GET /eRmpJUzYlBSc1CTIDLW4OdFh8YQJgADo8WDZXBjB4AwsEG143MgV1QjwOdGMQKgsnNAtgDycwC3dMKDdUe15vJ0YpAXQqXy0dOCFAKwskdUMnVyQ8TC8GJTITdCx8fQZjWHl7QS8ELTxBNU97Y1gyT3tjB3ZEeXYFBE97Y0EvBH9nE3UobGEGPlx9dgUET3-tjRDBPehIHdl9nYx9jWHk0UyUBJnYEAFh5YgZ2W3liE3RaLzpEIwwmKxN0LHhjA2habyYLdw HTTP/1.1 
Host: d1p7gp5w97u7t7.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://arthwhilearthu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.245.133
HTTP/2 200 OK
                                        
content-length: 504
date: Tue, 29 Nov 2022 23:03:13 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ItL8Hg3CEOMxtq-xSYxtsauZtSr5Yf5Gf9XsQrCBS1CEpZll_7YYVw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (699), with no line terminators
Size:   504
Md5:    956142744decad30c55a935a1cfe9e45
Sha1:   ab35e6a4ed943d084ad79bf8860bc2ddbfb0b9c4
Sha256: 9b5e54c53b8c3846db9539f36c8d62b3bd0d1bc55d3295060dc76718fdf55f45
                                        
                                            GET /oTFhWb0svNzgJdDgxMlJzeGtkWXpqMiUAJTxlPB98GDdiNQomfiIVL3FocAMqIj9rSS4iO2tebS08NFJ/ai03UiYjIj8DJy19ZCl+YmhzXXtkLz8BLyMvJUp5fDYiSnl8aWZBe2lrFEp5fC8/AX14fWUtbn5oLll/aWsUSnl8KiBKeA1pZlplfHFzXXsrPT-UEJGlqEF17fWhmXnt9fWRfLSUqMwkkNH1kKXp8bXhfbTllZw HTTP/1.1 
Host: d1p7gp5w97u7t7.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://arthwhilearthu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.245.133
HTTP/2 200 OK
                                        
content-length: 181
date: Tue, 29 Nov 2022 23:03:13 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lV3xftWyJbBqHWsh_MKj-Cf0Q3WR2hWBcKU-avdzFZHDHRvq1UaGlQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   181
Md5:    ab6cdfd19080dbf5d91eda9b62e8b005
Sha1:   d7b85e2f7a30cb049a30cb0d96ea8b3d5874a0c5
Sha256: a538076c2c3cee837c0dab061d75b1348d3f01e20a57186b52b97b5418b21376
                                        
                                            GET /9TnZDTGEtGS0qXjofJ3FZdk93dVVoHDAjDz5LOQMHHTAmHBk3FXcaVAQ5ZTgbKktzag0vGCRxRysYIHFQaBcnLlx6UDc8DiVLOiUKOQcxOgwvG2U5AHMbLDYIIhoiaVMIQ218RHxGazsIIBIsOxJrRHMiFWtEc31RYEZmfyNrRHM7CCBAd2lSDFNxfBl4Qm-Z/I2tEcz4Xa0UCfVF7WHNlRHxGJCkCJRlmfid8RnJ8UX9GcmlTfhAqPgQoGTtpUwhHc3lPflA2cVA HTTP/1.1 
Host: d1p7gp5w97u7t7.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://arthwhilearthu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.245.133
HTTP/2 200 OK
                                        
content-length: 626
date: Tue, 29 Nov 2022 23:03:13 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0_ynSHJoJIsxXeyiRw-n0OnjsxPAFp_11171lR427p7DxK7Vq4Nfgw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (875), with no line terminators
Size:   626
Md5:    0b9cf64ddc447c8f12593bf1c98b2f8b
Sha1:   52bf387853b4eb845c2e23b9a382f0c18dc94709
Sha256: af9f93be73e7072624e53a1ba3b76a6bcb0299c7a0bd72d68eacd11d355ae052
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:13 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 04:52:36 GMT
Expires: Mon, 05 Dec 2022 04:52:35 GMT
Etag: "102a56df28bfb864653439cf703e0d8ca45f23cf"
Cache-Control: max-age=452361,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771ef9b5dd221c0e-OSL

                                        
                                            POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1 
Host: datatechone.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 900
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Tue, 29 Nov 2022 23:03:13 GMT
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    444bcb3a3fcf8389296c49467f27e1d6
Sha1:   7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
Sha256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1 
Host: fightingcowardlycoffin.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.12
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.6
Date: Tue, 29 Nov 2022 23:03:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f25e9663a13200f2481e621463562425
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (37193), with no line terminators
Size:   13442
Md5:    582dd593bcff446141a85a81f6717671
Sha1:   239fced23a69721a06a1d946edb92dcd7f371a44
Sha256: 92061442edb061ba6d5e5048f356aa2b4b0b0b2c18b79d9a087a173215bb289f

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /logger HTTP/1.1 
Host: analytics.vdo.ai
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 124
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         172.64.105.3
HTTP/2 200 OK
content-type: text/html
                                        
date: Tue, 29 Nov 2022 23:03:13 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LqShohx9lmdHC%2FELcvCxc1CToIXw%2BTuG4D8V4vcSJMfJicMt2HwVvIAp2Vry35%2FOHYwtZ5yEjFYbhB8%2BmFfHILr47KbM0jSK%2BqSDhic2wHMjTQG7sY%2B2twpHH6W%2FSKLkP5to"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ef9b5fef271ec-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   43634
Md5:    e1f3949f4027661d32212df42c26f4dc
Sha1:   ba426d48842bfbaeb3f14aaa31790521fd4578ea
Sha256: 7bc045ddb3fd9ab4dff7bb4a771e99d3056d5726a2ee9ca8e757801caee868b3
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10648
Expires: Wed, 30 Nov 2022 02:00:42 GMT
Date: Tue, 29 Nov 2022 23:03:14 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Length: 55
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: public, max-age=1209600
Date: Tue, 29 Nov 2022 23:03:14 GMT
Etag: "638651c5-37"
Last-Modified: Tue, 29 Nov 2022 18:39:01 GMT
Server: ECS (nyb/1D05)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: F7YLWcwRCiabeBuKwVfc1aT_zvUCr2y8fghUceHmES77hSJXUJj7Qg==
Age: 2122


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   55
Md5:    9f073354411bbaf7a319b1519f10b4b7
Sha1:   571498f38548829bf186f49f5be9d5fa6e689a68
Sha256: 4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         18.185.190.54
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Tue, 29 Nov 2022 23:03:14 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=92a1792a-85e3-43e2-8387-fac79980e445:2:1; expires=Fri, 26 Nov 2032 23:03:14 GMT; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    7279f540b06128926e699280991cf35e
Sha1:   e4373279bf7e01d951858d6f0065c5ea99ba30eb
Sha256: 64ef655d60c7e8dba1f895c44a5f70748148cbed452476796719648eafbd4bbd
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Accept-Ranges: bytes
Age: 3731
Cache-Control: public, max-age=1209600
Date: Tue, 29 Nov 2022 23:03:14 GMT
Etag: "63866b9a-37"
Last-Modified: Tue, 29 Nov 2022 20:29:14 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 55


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   55
Md5:    9f073354411bbaf7a319b1519f10b4b7
Sha1:   571498f38548829bf186f49f5be9d5fa6e689a68
Sha256: 4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10648
Expires: Wed, 30 Nov 2022 02:00:42 GMT
Date: Tue, 29 Nov 2022 23:03:14 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   129384
Md5:    12b596f29ad1b0de126fe8d7f0f170a7
Sha1:   ab579d76772fe52942657a7126fb6e0dfa78936a
Sha256: 99f05025a191a775148cae74bf887cb4b85bdfb49423d6add142b0a14026a754
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.46
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 29 Nov 2022 22:46:55 GMT
expires: Wed, 30 Nov 2022 00:46:55 GMT
cache-control: public, max-age=7200
age: 979
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            GET /allowed_url.php?type=json&url=exee.app%2Fp6VLL&tag=v-exee-app&domain=exee.app HTTP/1.1 
Host: targeting.vdo.ai
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         172.64.105.3
HTTP/2 200 OK
content-type: application/json
                                        
date: Tue, 29 Nov 2022 23:03:13 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KwBSVJ4U9K7cFhw0uQRj9%2FBpqwYSaQV%2BTDkUXi8bUoRqaFI56g5eLTiPyLXbiYw%2F9jSEyvx2sFbN7qSVKnDZFZMr542KmIbEKz9XWBTyOCJI%2Bb1kHaduDzP%2B0R0q85AOW2D%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ef9b5e9ff76dd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (8589)
Size:   2140
Md5:    87c856489d807b1d00b381bfa75fbe7c
Sha1:   ddadcced63bc68b07e7c5c7f261d13094f8633a8
Sha256: 90093385fc9aed21a39192e055d711e1444fb8cbe89884350c5a53c4e7f66478
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /js/sdkloader/ima3.js HTTP/1.1 
Host: imasdk.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.74
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 126568
date: Tue, 29 Nov 2022 23:03:14 GMT
expires: Tue, 29 Nov 2022 23:03:14 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2791)
Size:   126568
Md5:    d298ebea71faa19cd8237ddf8c37d550
Sha1:   628f6436cdc4db74ecda4fad134b4499f41ad4cb
Sha256: f02e9221a17b677d0aa0b76876bd82931f57bf5dd1ff9aa24a1ab945838b0e64
                                        
                                            POST /j/collect?v=1&_v=j98&a=551255224&t=timing&_s=1&dl=https%3A%2F%2Fexee.app%2Fp6VLL&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=204&_u=YEDAAUABCAAAACAAI~&jid=916270036&gjid=1249550703&cid=1683891882.1669762993&tid=UA-113932176-41&_gid=7965578.1669762993&_r=1&gtm=2oub90&z=137154858 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.46
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://exee.app
date: Tue, 29 Nov 2022 23:03:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            POST /j/collect?v=1&_v=j98&a=551255224&t=pageview&_s=1&dl=https%3A%2F%2Fexee.app%2Fp6VLL&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEDAAUABCAAAACAAI~&jid=607053349&gjid=248714429&cid=1683891882.1669762993&tid=UA-135952122-1&_gid=7965578.1669762993&_r=1&gtm=2oub90&z=1553286776 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.46
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://exee.app
date: Tue, 29 Nov 2022 23:03:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.77
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 29 Nov 2022 23:03:14 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-871696138%3A1669762994505761&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvPRG_9oCqiq96iFHc_1EE6Zc2wKwMFmSGFEz-FQ9awz5bFXuAmen0niO4uO4LI4DYmHyFaIQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-DpKf70OYJm17mAmV-P56pw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:ba-sUQrRbYdAppwS3FlsKcImwfKsHQ:C_Sf7Mr3M3iYUskO;Path=/;Expires=Thu, 28-Nov-2024 23:03:14 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Size:   392
Md5:    93624e36adb60e40bc2a58bb0201bd8f
Sha1:   1eb184346cb50ea13634981136c9550972eef333
Sha256: 4bc0fcd53ef96df505001dc1ce3fd8125a5e6f3da5cd566df5d5ff7964daf9bc
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v3/signin/identifier?dsh=S1292202798%3A1669762994485838&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsvF_yHxOPMyh7oRggeAkWMXW_qxLlYp356qesgSwxXVQJXhM8o0HudYvOsqnqYpPo7ILjspA HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.77
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
                                        
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 29 Nov 2022 23:03:14 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin
content-security-policy: script-src 'nonce-lZ7l5-76J2FKhitiboZuLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11609
Expires: Wed, 30 Nov 2022 02:16:43 GMT
Date: Tue, 29 Nov 2022 23:03:14 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11609
Expires: Wed, 30 Nov 2022 02:16:43 GMT
Date: Tue, 29 Nov 2022 23:03:14 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11609
Expires: Wed, 30 Nov 2022 02:16:43 GMT
Date: Tue, 29 Nov 2022 23:03:14 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11609
Expires: Wed, 30 Nov 2022 02:16:43 GMT
Date: Tue, 29 Nov 2022 23:03:14 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11609
Expires: Wed, 30 Nov 2022 02:16:43 GMT
Date: Tue, 29 Nov 2022 23:03:14 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4f88ec5-5875-45d1-bcd3-d997040d6d42.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3719
x-amzn-requestid: 6fab3454-fedd-4a1e-ae47-468ddd6233bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaGQ4IAMFUkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-4b313cf054d6301e71cdc0c1;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: phw8DXQgjOyH5g4gvbqgZk-2sHr2n9cHVr4lqqPXfXtyhG32gs2pIg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:45 GMT
age: 4229
etag: "453067f6ab356aa87a3ad3b56e33545376597852"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3719
Md5:    ceb8e975fb408de32c43f55febaa6414
Sha1:   453067f6ab356aa87a3ad3b56e33545376597852
Sha256: e0ecbb6052b4fef75f58da8dae589c81ab9ec9d304de08f26c144a2c3ce9eaac
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7f230eb-6b67-4a80-b973-d8ea78fe73ae.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12853
x-amzn-requestid: 25e4402d-98d0-4c38-a927-397c37724bea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhdpHAuIAMFweQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867c57-506672a36959d9ea09ef5155;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:40:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gHL2sFE-o1u5kEIUiabbP6u5CXr3ihI4mKiAVkfReyuJuTF5k5ktSg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:17:16 GMT
age: 2758
etag: "151b60134a66305bd72dbb3810f67a57720b2af1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12853
Md5:    e08af5b1d18986e112913c6e69cc8ce6
Sha1:   151b60134a66305bd72dbb3810f67a57720b2af1
Sha256: 555a62d98f4002ad187a6b480d534a1dbe3c64d1f4d17cffad2ab985c10ca462
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7298
x-amzn-requestid: 381e55bb-876b-46ad-84b6-1ddf9f876f56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDcE3poAMFaAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-7c12394600900afc7281e858;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8heT2eN5oLbO14R9qLq78Vma_TkteufTyKM5i3K2XoJYXfWNwLMEwQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:56:25 GMT
age: 4009
etag: "e4ddf955e8ac1986045ed55880c43c69e588a021"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7298
Md5:    e00769bd1391b8f4f5b8ab128a825355
Sha1:   e4ddf955e8ac1986045ed55880c43c69e588a021
Sha256: 81ca4d20c28fed8fd3135515daadc1fdbfb4198535d7c46021b418b8b98e59a5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa44c8657-c62c-4dd0-8688-d6b89a767fb4.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8337
x-amzn-requestid: 88e6ec5a-6b04-4787-91e4-02f316d0d6e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhgYHViIAMFZrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867c68-10f0d81a09c0ae930f6be726;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:40:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CQERARyqGc2C8dEihlWw5X9eI6QqdR9Equ683aCy1XkizytQdod9Kw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:57:25 GMT
age: 3949
etag: "71e4307194ea9fb15d29c8a5e35f9bfd3cb0c6e0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8337
Md5:    2cb669522a324cd5d9ba1b1743138d38
Sha1:   71e4307194ea9fb15d29c8a5e35f9bfd3cb0c6e0
Sha256: a997731964710b80affb001f7f2e2f05a93550b06c1626279516d78b11332803
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37883a10-064d-451d-9dd4-bca0a5594e96.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11466
x-amzn-requestid: 40ae63d3-397e-4118-90b2-d48b1f4014c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaHUxIAMFxWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-2b309a0a5e93f68312a26fa1;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G2_x26WJ_ISQDsWfV3RzC_jCy5FLNLpblRk_GvuCn4i-ETBAsaKBjQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:45 GMT
age: 4229
etag: "49a82390cbf2139bf681d896f9467ab736e0b337"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11466
Md5:    0c14828912decf19c9d95fee93e92f00
Sha1:   49a82390cbf2139bf681d896f9467ab736e0b337
Sha256: bbafc9bd160a30c6a31954bdf66655e1decc59dead3bb94c6fa21cad1cd56fe3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52cf4797-5177-4859-9523-faeb4e38f224.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9812
x-amzn-requestid: 70bfeb68-0703-44bf-8550-50c759d52d86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDbFolIAMFYBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-73fb65ee2b9161372819207f;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QQCoNlJBSE2V-IQlZr37dhINTABRu3ms9Y1p4FweO36HD-U6m9vvwg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:45 GMT
age: 4229
etag: "ce411cc5b0a37bbd89551d06d7d0349f45734e97"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9812
Md5:    5c5277610f3a542571abb53ffb3d4df1
Sha1:   ce411cc5b0a37bbd89551d06d7d0349f45734e97
Sha256: 3bf1105631ef7fda0249a46390ca90f904ea73b0a4f017c2db85326550a80a3f
                                        
                                            GET /v3/signin/identifier?dsh=S-871696138%3A1669762994505761&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvPRG_9oCqiq96iFHc_1EE6Zc2wKwMFmSGFEz-FQ9awz5bFXuAmen0niO4uO4LI4DYmHyFaIQ HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.77
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
                                        
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 29 Nov 2022 23:03:14 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
content-security-policy: script-src 'nonce-DqMFFyaAKLO_mLxsGhhqlQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2290
Md5:    a2548efa448a8c8d402f6775c1d2dacb
Sha1:   bd1f8d877b848783c6f766559c71703c5082f705
Sha256: 6bbd42a3f90e7889ae317d4b4cd83b7e5f3dc3736e179fbdf27b7d15e6dca018
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "42B28A671F597CAF6A4C500A406DB5A7E4C350DDCB9181C9DA35E78E10E31D3E"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5009
Expires: Wed, 30 Nov 2022 00:26:43 GMT
Date: Tue, 29 Nov 2022 23:03:14 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /omsdk/releases/live/omweb-v1.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.98
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 22:04:29 GMT
expires: Tue, 29 Nov 2022 23:04:29 GMT
cache-control: public, max-age=3600
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
age: 3526
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   145749
Md5:    687b2b1cc7df0f38cd0e7d92d613e7d6
Sha1:   04cf9bb2e6bc835fa87602f495e9651724065e99
Sha256: eef42b8917ed2fcf721f02c31ba2f2a721a4de4598b9859cfdb5148709b5b199
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=92a1792a-85e3-43e2-8387-fac79980e445%3A2%3A1 HTTP/1.1 
Host: integrityprinciplesthorough.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.12
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.17.6
Date: Tue, 29 Nov 2022 23:03:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://exee.app
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Wed, 30 Nov 2022 23:03:15 GMT; secure; SameSite=None uid_id2=92a1792a-85e3-43e2-8387-fac79980e445:2:1; expires=Tue, 06 Dec 2022 23:03:15 GMT; secure; SameSite=None pdhtkv=true; expires=Wed, 30 Nov 2022 23:03:15 GMT; secure; SameSite=None uncs=1; expires=Wed, 30 Nov 2022 23:03:15 GMT; secure; SameSite=None pdhtkv29=true; expires=Wed, 30 Nov 2022 23:03:15 GMT; secure; SameSite=None uncs29=1; expires=Wed, 30 Nov 2022 23:03:15 GMT; secure; SameSite=None slecf585f65c6c65123b95dd09be324de3bb=[3760951]; expires=Tue, 29 Nov 2022 23:03:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 490d4b1b982e19df222c7435c3a14fab
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (5877), with no line terminators
Size:   4244
Md5:    c3ab8f7d41d7129c07fbb07139309c0d
Sha1:   df8ddb09af32a7afeb2a10e202b6e8c2c9119e40
Sha256: 69703f7c1c63bb63eccfb763e5f765b69083b7596ebc5a0748d8db1c743b8dc1

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         192.124.249.23
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Tue, 29 Nov 2022 23:03:14 GMT
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 29 Nov 2022 18:23:42 GMT
Expires: Wed, 30 Nov 2022 18:23:42 GMT
ETag: "fb4e99c55de2136b51e5654643f3433bd8a8f447"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1777
Md5:    d408a6e1bbc3d35236536361f0e5c37e
Sha1:   fb4e99c55de2136b51e5654643f3433bd8a8f447
Sha256: dd303c1822ae32f81831821f791684475237232549851a6b27a67e2e76b42e64
                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         192.124.249.23
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Tue, 29 Nov 2022 23:03:14 GMT
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 29 Nov 2022 18:23:42 GMT
Expires: Wed, 30 Nov 2022 18:23:42 GMT
ETag: "fb4e99c55de2136b51e5654643f3433bd8a8f447"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1777
Md5:    d408a6e1bbc3d35236536361f0e5c37e
Sha1:   fb4e99c55de2136b51e5654643f3433bd8a8f447
Sha256: dd303c1822ae32f81831821f791684475237232549851a6b27a67e2e76b42e64
                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         192.124.249.23
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Tue, 29 Nov 2022 23:03:14 GMT
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 29 Nov 2022 18:23:42 GMT
Expires: Wed, 30 Nov 2022 18:23:42 GMT
ETag: "fb4e99c55de2136b51e5654643f3433bd8a8f447"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1777
Md5:    d408a6e1bbc3d35236536361f0e5c37e
Sha1:   fb4e99c55de2136b51e5654643f3433bd8a8f447
Sha256: dd303c1822ae32f81831821f791684475237232549851a6b27a67e2e76b42e64
                                        
                                            OPTIONS /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8 HTTP/1.1 
Host: h5.vdo.ai
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         51.79.81.36
HTTP/1.1 204 No Content
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.16.1
Date: Tue, 29 Nov 2022 23:03:15 GMT
Connection: keep-alive
Expires: Wed, 29 Nov 2023 23:03:15 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Length: 0

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5527
Cache-Control: 'max-age=158059'
Date: Tue, 29 Nov 2022 23:03:15 GMT
Last-Modified: Tue, 29 Nov 2022 21:31:08 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWhcVRi9L40b3ah040IZRETBTN7PvMw8KwTTWin9pa10ff9ecs2ddx%2F3vjdvGhCChVJQcERQV%2FJyJm2wFrG6rspEhBIQOy4kCwOuXIgoiN24kUkGgt%2Fift%2B95yy%2Bc869vlHuER8l3b1w1qwprel83PQbL1xRmTCVa5y73Aj8pn%2BscUVlC61jjf7ksL2XAz9u%2Bi82Xpd81cyHfuD7gR80TiorU9Of30eh8jtJ0Ez8ZitsBnELffv%2Fuys9OOpB9PbIk1Bi%2FMjK%2FbtQfISs%2B8UJ6VYLk7%2F0WrfUtDAWPbH1RraamSpD93BMrYc025qyYdyYkI9nYLKtqQKY3uZEAZgaE%2B%2FnACzbmq4J1rt5sCnTkBmYeAxVbwSpR1B0BG6uQYkHBOAC584j6946Z2xFrx6gdIKOyezDv6GqMZn95Siy7udLWvUbl4wuC2Uyh35aQ%2FVHUMsj5OU2ijUPqtoGL96GEj%2BQ%2BYdnkHU3zzttoMTuc0lIg3YS0rlOLKO5ViTDuU7Uac%2BllLeTpOPLVivet0ipEVQ6gpYDUDeD0nkolYcy9VDmHrpit0HjJPX9dsrSKOq0OOdRxHncWRCxiFqd1EfJJxoGKPIBuB6A23Xkdh2ragBbfgu3UsMJD64g6IkalSSoHEFFCSpFUBUEVa%2B%2BKbQLXX1LaFeyYNrDaY%2FqoSmWN%2BhNUyzLjGzke%2BSJiXHe47ePYlXuNtK4E6cLMV%2FgC3EQRiyJhfATJqOwJWTEGJyqodwMqPOwpsbkyFu%2FI1djMrM0D0a34fQ2uHoWtHwatBq2Qx90Zdjq%2BFjLbsm%2BbCoDYWrkxSyKq96G3iNP7UeX8DYk31n849%2Ff9DvHPwS3NXJb4031HcGyvjG8aCqyedFUjtw9nxeqq9boJNZLBS3k7O3T8mplrDh1wg0%2BfZVPgMl457J0xRmaCZUtO%2FLZkhJC2pPGcknunXJXJLtQupWl0mZlfubC8ZOnurmVzimTjUDVg%2FYH4GpMHj27vv9hn3n3PpQdwZY1uuUOmRaU2QbP1%2BHyncVf26e%2F3%2FrzEzhDYPUhh%2BUeqrIe2pAdPmo1JtHz%2F0DLncUvP%2Fpx9d7Xr4CyGk4e2sDkzjd%2FHfA33A0sWw%2B0uIasW6Nna%2FR0DaoHcOWRYZHbncWfov0C096QaettMm31%2Bwf2OrXbkHHqp9IPJUsTlrapL5K0lTCaBLLNYhqgcGN%2B%2Fb2v%2FgMAAP%2F%2FAQAA%2F%2F%2FcL6msjAQAAA%3D%3D HTTP/1.1 
Host: integrityprinciplesthorough.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=92a1792a-85e3-43e2-8387-fac79980e445:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.12
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.6
Date: Tue, 29 Nov 2022 23:03:15 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8fac6204c8e11275a4e26646412b730b
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8 HTTP/1.1 
Host: h5.vdo.ai
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         51.79.81.36
HTTP/1.1 200 OK
Content-Type: application/vnd.apple.mpegurl
                                        
Server: nginx/1.16.1
Date: Tue, 29 Nov 2022 23:03:15 GMT
Last-Modified: Sat, 30 Jul 2022 00:37:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d3b-bf8c"
Expires: Wed, 29 Nov 2023 23:03:15 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  M3U playlist, ASCII text
Size:   7725
Md5:    928d1e1d2c8615e123add5e629634f60
Sha1:   222ab4d2b2ea090da583b3dc356f0979f4d6801c
Sha256: 9be36bbf2e0af17b45c5347c4917a457db6165f11070bf0d9410961268a6ae23
                                        
                                            GET /media_file/v-exee-app/source/uploads/thumbnails/16494291789562504aba5f866.png HTTP/1.1 
Host: h5.vdo.ai
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         51.79.81.36
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.16.1
Date: Tue, 29 Nov 2022 23:03:15 GMT
Content-Length: 69290
Last-Modified: Fri, 08 Apr 2022 14:46:21 GMT
Connection: keep-alive
ETag: "62504abd-10eaa"
Expires: Wed, 29 Nov 2023 23:03:15 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 320 x 180, 8-bit/color RGB, non-interlaced\012- data
Size:   69290
Md5:    b49d6e91482e1db917958f2a32a0b1bc
Sha1:   38c5ad2beec3f2cd782da2ee1a9f300a57a5115e
Sha256: 4ef36c7fb595d9e325c5d15b8143c03774407dc5da6c9a77ff9160580136a46d
                                        
                                            GET /sb/notifications/software/multi/browsers/ff/3/index.html HTTP/1.1 
Host: cdn.yourwebbars.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.26.6.19
HTTP/2 200 OK
content-type: text/html
                                        
date: Tue, 29 Nov 2022 23:03:15 GMT
last-modified: Thu, 08 Sep 2022 07:49:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 626649
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ebxEveS9lMmSWKnqNmfVHvXxcZRUeXIMSVJ4XhP5iN6idvwlU78Zp5vKPfH6sTqvTA47vbNrEp8UEWisKotlGRrlKMOSLBVmludfuBmgkvEsjezSwS9JzWN4ycNR3k6KR9JyFnA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771ef9c2d9ebb52d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text
Size:   534
Md5:    56a9e692a075709dd859083bdee1e5d6
Sha1:   f4eaf39f1e9acba0a3a97154ca35d8335cfa631e
Sha256: 98b5de38ea41d0c58dbbb6380628691c404964a1607ed9c1dc59364b7d3c4468
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /instream/video/client.js HTTP/1.1 
Host: s0.2mdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.70
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Tue, 29 Nov 2022 23:03:15 GMT
expires: Tue, 29 Nov 2022 23:03:15 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2156)
Size:   16746
Md5:    49295de6ccd23cf80b6418a2d209868f
Sha1:   42a955b4560bb22cb9b5b39577f7a691ea345018
Sha256: d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 23:03:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "D8B439484D97223421026FBF662741696BB6E573273BFD2CFF066B1C1E08E871"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6643
Expires: Wed, 30 Nov 2022 00:53:58 GMT
Date: Tue, 29 Nov 2022 23:03:15 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1017
Md5:    19866eed5cfa1ded32910d56ebbb67eb
Sha1:   30d50e22b374ceae1756976b7af4ddddfb4404c7
Sha256: e6fe738d40e9981bfca2755bf62c1cef1edc8cd7b4ddcdbe767ad8f0c58b65e4
                                        
                                            OPTIONS /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts HTTP/1.1 
Host: h5.vdo.ai
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         51.79.81.36
HTTP/1.1 204 No Content
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.16.1
Date: Tue, 29 Nov 2022 23:03:15 GMT
Connection: keep-alive
Expires: Wed, 29 Nov 2023 23:03:15 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Length: 0

                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Findex.html&l=1525&fd=76 HTTP/1.1 
Host: integrityprinciplesthorough.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=92a1792a-85e3-43e2-8387-fac79980e445:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.12
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.6
Date: Tue, 29 Nov 2022 23:03:15 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sb/notifications/software/multi/browsers/ff/3/img/close.png HTTP/1.1 
Host: cdn.creative-bars1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.109.13
HTTP/2 200 OK
content-type: image/png
                                        
date: Tue, 29 Nov 2022 23:03:15 GMT
content-length: 5982
last-modified: Thu, 08 Sep 2022 07:49:57 GMT
etag: "63199ea5-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5706
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ovMZM%2Be0BMQwcQ4WDXKeDxVL9LZEKLFtNEHLHcTmVGHuadyxP8U%2B%2Fudr19ClAQbcoXDox6F47g6AR6nA6k2NGAieX3Ow%2FXRvhyCkJYflcKPB11zkV0lzQNArS433nAMUsDCztOJ6BweG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771ef9c4ca9e741f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Size:   5982
Md5:    c489ce2c491a22ee37a55e26a92dfd73
Sha1:   2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
Sha256: 1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "D8B439484D97223421026FBF662741696BB6E573273BFD2CFF066B1C1E08E871"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6642
Expires: Wed, 30 Nov 2022 00:53:58 GMT
Date: Tue, 29 Nov 2022 23:03:16 GMT
Connection: keep-alive

                                        
                                            GET /sb/notifications/software/multi/browsers/ff/3/img/update-icon.png HTTP/1.1 
Host: cdn.creative-bars1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.109.13
HTTP/2 200 OK
content-type: image/png
                                        
date: Tue, 29 Nov 2022 23:03:15 GMT
content-length: 174730
last-modified: Thu, 08 Sep 2022 07:49:58 GMT
etag: "63199ea6-2aa8a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5707
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iJa9KIdfeNg5XfKEUAGHkdn8yQlos73jDnpXucy%2FvdZaVGLFizM0RXCipJ5XARShWWIKrclmHoITxRx8WUDaEpJmnBh9n65%2F7o4aOXgj1oI2qSvVH7crnMG3dpHyem85WC8nuaNqqAdi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771ef9c4caa3741f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 452 x 453, 8-bit/color RGBA, non-interlaced\012- data
Size:   174730
Md5:    85bc2f8a287afa33ac84c90178055d00
Sha1:   c98e7ebd06397a77a20607f55fe4ebf1b57ca334
Sha256: 85d20d101efc753f9b0619a33901e1689d1e0c11a46bf6d6d657c1393542cc30
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fstyle.css&l=3735&fd=103 HTTP/1.1 
Host: integrityprinciplesthorough.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=92a1792a-85e3-43e2-8387-fac79980e445:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.12
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.6
Date: Tue, 29 Nov 2022 23:03:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fjs%2Fscript.js&l=8814&fd=29 HTTP/1.1 
Host: integrityprinciplesthorough.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=92a1792a-85e3-43e2-8387-fac79980e445:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.12
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.6
Date: Tue, 29 Nov 2022 23:03:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fmagic.css&l=45250&fd=116 HTTP/1.1 
Host: integrityprinciplesthorough.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=92a1792a-85e3-43e2-8387-fac79980e445:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.12
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.6
Date: Tue, 29 Nov 2022 23:03:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /logger HTTP/1.1 
Host: analytics.vdo.ai
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 178
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.105.3
HTTP/2 200 OK
content-type: text/html
                                        
date: Tue, 29 Nov 2022 23:03:15 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AOiKttmcxMyA3CUCwO77Dfpx8LOLs6r%2B7ssfBGPDMWzXurmvppMZroXHCw%2BVKyhquhg35YKJYLG4FQcF9Xrx8pfEW6bfGza13HqERyUVe%2BxzUHj9%2BWug%2FCXvYq%2B8mzQ5hIC4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ef9c1a98e71ec-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   46406
Md5:    fb82bec594c82a0514e90af0994449be
Sha1:   d5d3618280c51cb6f9be8a3de719ef807f6c7d6e
Sha256: 6c39e03fa82fc38ae425a9e7333c6d71f31cdbd88886d61970e609863cf6004e
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:15 GMT
expires: Thu, 23 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 530941
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size:   15860
Md5:    e9f5aaf547f165386cd313b995dddd8e
Sha1:   acdef5603c2387b0e5bffd744b679a24a8bc1968
Sha256: f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
                                        
                                            GET /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts HTTP/1.1 
Host: h5.vdo.ai
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-391039
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         51.79.81.36
HTTP/1.1 206 Partial Content
Content-Type: video/mp2t
                                        
Server: nginx/1.16.1
Date: Tue, 29 Nov 2022 23:03:15 GMT
Content-Length: 391040
Last-Modified: Sat, 30 Jul 2022 00:37:15 GMT
Connection: keep-alive
ETag: "62e47d3b-113cda88"
Expires: Wed, 29 Nov 2023 23:03:15 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-391039/289200776


--- Additional Info ---
Magic:  data
Size:   391040
Md5:    1b12fa9a67b15135ee51bd1adfdd5831
Sha1:   6803487aeb9c8614bcb7d5173fd5c8e8d99e8cbd
Sha256: 6c90bfc07e47febe7dd92eb1bc86b7f67d54a6cbad30577c9efe629eeeb24a22
                                        
                                            GET /pixel/sbs?c=1 HTTP/1.1 
Host: integrityprinciplesthorough.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=92a1792a-85e3-43e2-8387-fac79980e445:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.12
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.6
Date: Tue, 29 Nov 2022 23:03:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRit3qwXvajk4kEZRETBne3fnW4jLG5iJOSXJJJzdVX1brk1XU1V9%2FRkQVgMhICCI4J6kt43myzGIEbPUZkVISyIGQ%2ByBxc8eRBREHPxIrM7sPgd6vuq3jt87726vlHtERcV3b1wVq9Jpeh81HZbL1yROde1bZ273PLctnusdUXmC%2BGxVn9ymN7Lnhu13Rdbrwu2qud913Ndz%2FVaJ6URme7P76OQxZ3EayduO%2FTbXhSib%2F5%2Ft5UDSx3w3h55EpKPH1m5fxeSjZB3vzgh7Gqpi5de61aKltqgx7feyFdzXefoHo6ZcZDlW1M2tB0T8vEMdL41VQDd25woQCrHxPnZQ5pvTddE2rt5sGmqIHKk%2FDHUvRGEGkHSEZi%2BBskfEIBxnDuPvHvrnDY1vXqA0gk6JrMP%2F4asx2T2l6PIu58vKdlvXdKqKqXOLfpZA9kfQS6PUFTbKNccyHobrHwbkv9A5h%2BeQd7dPG%2BVhuS7zyU%2B9TqJT%2BfiSARzYSD8uTiIO3MZZZ0kiV0RhtG%2BRVKOILMRlBiA2hlU1kElHVSZg6pw0OW7LRolmet2sjQLgjhkjAUBY1G8wCMehHHmomITDQOUxQBMDcDMOgqzjlU5gKm%2BhV1pYLkDWxL0eINaENSWoKYEtSSoS4K619zkyvq2ucWVrVJv2v1pD5qhLpc36E1dLoucbBR75ImJcc7jt49iVey2siiOsoWILbCFyPODNIk4d5NUBH7IRZCmsLKBtDOg1sGaHJMjb%2F2OQo7JzNI8UroNq7bB5LOg1dOg9bDju6ArwzB2sZbfEn3RlhpcNyjKWZRXnQ21R57ajy5hHQi2s%2FjHv7%2Bpd45%2FCGYaFKbBm%2FI7gmV1Y3hR12Tzoq4tuXu%2BKGVXrtFJrJdKWorZ26fF1VobfuqEHXz6KpsAk%2FHOZWHLMzTnMl%2B25LMlybkwJ7Vhgtw7Za%2BI9EJlV5Yqk1fFmQvHT57qFkZYK3U%2BApUPOh%2BAyTF59Oz6%2Fod95t37kGYEUzXoVjtkWpB6G6xYhy12Fn%2FtnP5%2B689PYDWBUYectHBQV83Q%2BOnho5JjEjz%2FD5TYWfzyox9X7339CmjawIpDG1Kx881fB%2FwNewPLxgEtryHvNuiZBj3VgKoBbHVkWBZmZ%2FGnYL%2BQKmeYKuNspsqo9w%2FstXK3FXmhiNO4wzhPBeNexw%2FiwHV9zsNOIrwEpR2z6%2B999R8AAAD%2F%2FwEAAP%2F%2FyCcnSowEAAA%3D HTTP/1.1 
Host: integrityprinciplesthorough.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=92a1792a-85e3-43e2-8387-fac79980e445:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.12
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.6
Date: Tue, 29 Nov 2022 23:03:16 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1d750c09d6b375e4cf4dceecce8d999c
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /adsid/integrator.js?domain=exee.app HTTP/1.1 
Host: adservice.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.217.21.162
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 29 Nov 2022 23:03:16 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   100
Md5:    917951a58be8c6c6f3680159550ba3c2
Sha1:   21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
Sha256: cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
                                        
                                            POST /logger HTTP/1.1 
Host: analytics.vdo.ai
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 180
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.105.3
HTTP/2 200 OK
content-type: text/html
                                        
date: Tue, 29 Nov 2022 23:03:15 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hkkB43Z1QVbtEskpsIlwAkbRyugEuTcDLdXLrwHh0P6QXyvkye%2FqLf5lEHqTJ86xhzTc6vDeKAks0DFnsC8IJXMpp7U0fSncm9lS1ISwkVWcFThbz09tteHMBBs4jE8byfNs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ef9c1b9c071ec-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "54672C525E2462DDBB2E84B80945DAEDE2E13469B8817D636DC12D5BB0B3BC47"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6051
Expires: Wed, 30 Nov 2022 00:44:08 GMT
Date: Tue, 29 Nov 2022 23:03:17 GMT
Connection: keep-alive

                                        
                                            GET /pxf.gif?uuid=92a1792a-85e3-43e2-8387-fac79980e445&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.9
Date: Tue, 29 Nov 2022 23:03:17 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5a5ebda83709105859dda19f5163fa37
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /logger HTTP/1.1 
Host: analytics.vdo.ai
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 177
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.105.3
HTTP/2 200 OK
content-type: text/html
                                        
date: Tue, 29 Nov 2022 23:03:14 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ro3P3q52JgprcVFiK0D8mRrp4zo8O1vPFBcrYQoowNthrns0DNLjpwdC6MHXwarqfJzKjAZ3IQipSXWZAq%2Buaepb12lYbPzm%2BR6ceMjx92lWFjKFoGuR%2BhpIW%2FVQQd9FtTMc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ef9bcb9d571ec-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /logger HTTP/1.1 
Host: analytics.vdo.ai
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 186
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.105.3
HTTP/2 200 OK
content-type: text/html
                                        
date: Tue, 29 Nov 2022 23:03:15 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=weK8mToz2u8HiV3%2F8mkFxFh%2BCH9vjCshbgUdzaEzJJGyPbf2W5VEm6NX%2BAZOdUFckR22E4vc%2FNGPm2Kv6rPPTwievFOlunkq4He%2B1jMZ51Qqd12PNVfuX8E3WH7TfYFcE0Lu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ef9c1a9af71ec-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /iframe_api HTTP/1.1 
Host: www.youtube.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.217.21.174
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
x-content-type-options: nosniff
expires: Tue, 29 Nov 2022 23:03:15 GMT
date: Tue, 29 Nov 2022 23:03:15 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=RR-MaDV6GkU; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=GTfyzvz18aI; Domain=.youtube.com; Expires=Sun, 28-May-2023 23:03:15 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+127; expires=Thu, 28-Nov-2024 23:03:15 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sb/notifications/software/multi/browsers/ff/3/css/magic.css HTTP/1.1 
Host: cdn.creative-bars1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         172.64.109.13
HTTP/2 200 OK
content-type: text/css
                                        
date: Tue, 29 Nov 2022 23:03:15 GMT
last-modified: Thu, 08 Sep 2022 07:49:55 GMT
etag: W/"63199ea3-b0c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5707
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v6pKBPxhoADjLATxO0PRbVZ4KqNYLeetMhrT%2BtVGR4NWb%2Bcv3gPXaMGYfT3gEAZv%2B%2Bup48gzV3%2BITz%2FKMrlA%2BQ5J8vVl2CgxqRgq%2BEWx5EGamT8xh9IJ72ptj6uamugELurKiP2OEe8Z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771ef9c48a09741f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sb/notifications/software/multi/browsers/ff/3/js/script.js HTTP/1.1 
Host: cdn.creative-bars1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.109.13
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 29 Nov 2022 23:03:16 GMT
last-modified: Thu, 08 Sep 2022 07:49:59 GMT
etag: W/"63199ea7-2ae2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5707
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wRSOXevrk2XZr2g6tJOuJV0TbO9X6W8rjLYZFwkXluompmXBiHg%2FVx%2Bv%2B7jAxQvJ5L%2FzSQRecFC%2BEPKhB4nO3EYLV3sKfIjGkzYbb1i365bRI2Jf0QcOh0bg7%2BQTM908UXpojAE81naP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771ef9c55b69741f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /p6VLL HTTP/1.1 
Host: exe.io
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         104.26.2.103
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Tue, 29 Nov 2022 23:03:12 GMT
location: https://exee.app/p6VLL
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=a7116d239bbf1765f2b2dd74ec529953; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1TnHWQEKqsl%2BLyqvxl4J4FaQJ1LscxQxYHOYXMkY2g81y4S2KFXEKwvEkmQOw4MmB9Tzm%2F0SJQCmfeCQWzDmi1NAjF6NkJ0TRsms9XRCes3GKWW23NJ90A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ef9af7cf50b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sfp.js HTTP/1.1 
Host: friendshipmale.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.64.203.23
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 29 Nov 2022 23:03:14 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 674903893a1d97389755a672a5057338
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 29 Nov 2022 23:03:14 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SNPEXcKhU4Su3WwB14brI%2FJ%2Bk1aqk4fdHElC8FNlBKVvE%2BFcLbftlHvBuucuxc%2BT104oaKNgLi%2FdWX%2BQLWv3dm7NFtrN1IRkvceqneZ683WBoCatxJ0XIzE8VQWr2OfBY6RZ4jQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771ef9b9ee50004a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         31.13.72.36
HTTP/2 200 OK
content-type: text/html; charset="utf-8"
                                        
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-fb-debug: m522kAiKUbOnUWOzApPWEm9fnDJiq7zXWa/3FqL+ixYd2Vk37Zqf9g8PvKNQgeQyWta5EjYLUhUUFFeuofcVOQ==
date: Tue, 29 Nov 2022 23:03:14 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 29 Nov 2022 23:03:13 GMT
date: Tue, 29 Nov 2022 23:03:13 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /stattag.js HTTP/1.1 
Host: cdntechone.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.29.183
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 29 Nov 2022 23:03:13 GMT
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2705
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=izXoOY3YacvgHhgjzYEgopJQaQkRyPgLHSTdCFh6Ni4MDZwFpqIBSPi%2BKhHNv6jkLNPTb0pVDv61mR2jwr1iDK4M6hMgS3qBHLDCcdB7ZFIRRrhxrYtPFwsF4l5gsABzZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771ef9b38ca3fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /asd100.bin HTTP/1.1 
Host: pogothere.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.198.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
date: Tue, 29 Nov 2022 23:03:13 GMT
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3650
last-modified: Tue, 29 Nov 2022 22:02:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P3F4fNEDp8%2BhAG4jat8zEp6Ci2jCB%2F3RkJiBIKoDEffexvCPf70d8HP70Wf9e1aOnsKeeLHr%2FW%2F2Ey7ay2tx6yqrrmwJl2Tm%2B92sneaaa1AY0dBhWXjkUHc1DaWaYmCJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771ef9b478f7745b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /logger HTTP/1.1 
Host: analytics.vdo.ai
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 179
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.105.3
HTTP/2 200 OK
content-type: text/html
                                        
date: Tue, 29 Nov 2022 23:03:15 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=maB9sEiYMIvNmehNKDyiIYaq2TIvzXZnrla%2FG%2BRJdaJUnhgz6pi33wZIU4irUgXZ%2FT8gurcaNFBWuBBio%2Fj8KrCpx08IoQqbdyHLfGqhzBEC2y%2Fv7Hz0d8Enm5LRWqowZRT8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ef9c1b9cb71ec-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---