catcut.net/qLVH
79.132.136.12302 Moved Temporarily 0 B IP 79.132.136.12:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /qLVH HTTP/1.1
Host: catcut.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.20.2
Date: Wed, 07 Dec 2022 08:45:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Location: http://exe.io/tRPP
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2983
Expires: Wed, 07 Dec 2022 09:34:55 GMT
Date: Wed, 07 Dec 2022 08:45:12 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 189
Cache-Control: max-age=92955
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:12 GMT
Etag: "638f19f6-1d7"
Expires: Thu, 08 Dec 2022 10:34:27 GMT
Last-Modified: Tue, 06 Dec 2022 10:31:18 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 08:18:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1586
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19088
Expires: Wed, 07 Dec 2022 14:03:20 GMT
Date: Wed, 07 Dec 2022 08:45:12 GMT
Connection: keep-alive
exe.io/tRPP
172.67.71.40301 Moved Permanently 0 B IP 172.67.71.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tRPP HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Dec 2022 08:45:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 07 Dec 2022 09:45:12 GMT
Location: https://exe.io/tRPP
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AizhW2SQt4NO01rMHGBtqRMoel0VeM6OSJxwespP%2B4ld7oY5mgItYusBrTvJ7A7wiN1oUjxfxnyAz7gssDBD%2BjcazPN%2BZP3n%2BfH%2FjSki8EN7ulyQPPcGSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775bfbd81d640b41-OSL
alt-svc: h2=":443"; ma=60
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ec0G7QHfUKCsWLZd/zZCGRWIW3hvGood4Jv7rEezLNG4spDI4kjrdARa+wYWl+7Ul27eUSHmEpE=
x-amz-request-id: 6FCAANFEA29Z9W96
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 07:49:17 GMT
age: 3355
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 08:45:12 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d35e79a7a87fd0861c569a4da50627a4
bd88c3c5fa7e04f223dfa3cdb5b76e845fbefafe
0182851b8ad326dccaaf6c8e52e43eef8f45c67a10f423f57181f9481ef1d96b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4304
Cache-Control: max-age=134844
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:12 GMT
Etag: "638fad84-117"
Expires: Thu, 08 Dec 2022 22:12:36 GMT
Last-Modified: Tue, 06 Dec 2022 21:00:52 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d35e79a7a87fd0861c569a4da50627a4
bd88c3c5fa7e04f223dfa3cdb5b76e845fbefafe
0182851b8ad326dccaaf6c8e52e43eef8f45c67a10f423f57181f9481ef1d96b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4304
Cache-Control: max-age=134844
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:12 GMT
Etag: "638fad84-117"
Expires: Thu, 08 Dec 2022 22:12:36 GMT
Last-Modified: Tue, 06 Dec 2022 21:00:52 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 156fef7f871b3232a2588e70fbc21c3d
1dc718b016e19ef28028df0a367e7ce9b4164059
dbbb8c3f7abad537a09adece5a4ab799f2594ab411f510ab75d4eea06490bbe0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "DBBB8C3F7ABAD537A09ADECE5A4AB799F2594AB411F510AB75D4EEA06490BBE0"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7955
Expires: Wed, 07 Dec 2022 10:57:47 GMT
Date: Wed, 07 Dec 2022 08:45:12 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 08:11:20 GMT
cache-control: public,max-age=3600
age: 2032
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 156fef7f871b3232a2588e70fbc21c3d
1dc718b016e19ef28028df0a367e7ce9b4164059
dbbb8c3f7abad537a09adece5a4ab799f2594ab411f510ab75d4eea06490bbe0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "DBBB8C3F7ABAD537A09ADECE5A4AB799F2594AB411F510AB75D4EEA06490BBE0"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7955
Expires: Wed, 07 Dec 2022 10:57:47 GMT
Date: Wed, 07 Dec 2022 08:45:12 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0f7dcaa590e32cfd1c075255188d5f06
d4bb4954fefdb3b59560b54adf500e806e252e39
195795c2511b31519134f5eb4442d8708918ecaff72f8e821a5473ad7c97c448
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 175
Cache-Control: max-age=87872
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:13 GMT
Etag: "638f062a-1d7"
Expires: Thu, 08 Dec 2022 09:09:45 GMT
Last-Modified: Tue, 06 Dec 2022 09:06:50 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 44 kB IP 216.58.211.3:0
Hash b832653df0f2ca3b32f50bd635a6034c
833bed8634022bde2deec316d7d019801161e6b4
cc9b1a0aaa409a34ccb2ac5a91ce66f8510ad10d3d52dbb8e68511a418f0ea8e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
142.250.74.40200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP 142.250.74.40:0
File type ASCII text, with very long lines (1921)
Hash 53cb0b9b2f2d6570972890e49af38842
4c336baac39ced8a52d36326ba7310c85a15d4f7
274ee6c4137c2f444008b9cf423a277b7df8d36d22ec9bb5172e6a8da2a2a4bc
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 07 Dec 2022 08:45:13 GMT
expires: Wed, 07 Dec 2022 08:45:13 GMT
cache-control: private, max-age=900
last-modified: Wed, 07 Dec 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43630
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.106200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.106:0
Hash 07fbfbba677197c2a3a46b37c6b5201d
4a45af428d32641a1a66f1fcb8d4d8c07673a057
5936a36b5ae61b4fafbc41050e98065954af3603e3dec2486b75f30a8cc0e6df
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Dec 2022 08:45:13 GMT
date: Wed, 07 Dec 2022 08:45:13 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 179140a2cc7d55227f906221e6b0a1c4
8ca0a8368547f64f6071b4928baf778c6a045fab
0f3444a832cd161eb132b81e2b2acceca7a52e15525ef503abc90b1ddc76dbf5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0F3444A832CD161EB132B81E2B2ACCECA7A52E15525EF503ABC90B1DDC76DBF5"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6421
Expires: Wed, 07 Dec 2022 10:32:14 GMT
Date: Wed, 07 Dec 2022 08:45:13 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 179140a2cc7d55227f906221e6b0a1c4
8ca0a8368547f64f6071b4928baf778c6a045fab
0f3444a832cd161eb132b81e2b2acceca7a52e15525ef503abc90b1ddc76dbf5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0F3444A832CD161EB132B81E2B2ACCECA7A52E15525EF503ABC90B1DDC76DBF5"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6421
Expires: Wed, 07 Dec 2022 10:32:14 GMT
Date: Wed, 07 Dec 2022 08:45:13 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e8cd01d9d6e104d71a9e6d5889255760
f417d3b68b3eb1f69f3e9e07235dbcfe9de14396
971ead92b25d771ff42e8cfbb2bbdc46bac0a80348a5eb4c1268def03a53bf8f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5602
Cache-Control: max-age=96897
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:13 GMT
Etag: "638f1438-117"
Expires: Thu, 08 Dec 2022 11:40:10 GMT
Last-Modified: Tue, 06 Dec 2022 10:06:48 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1574bf0b390f9314a777402dfc31a8cc
9002e47062e18e2d217b1897472c30fc9d4c327d
f247e830b54e51907a95f61149b70db884c2cee6413ca05209b45a0994cc5b48
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "F247E830B54E51907A95F61149B70DB884C2CEE6413CA05209B45A0994CC5B48"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16943
Expires: Wed, 07 Dec 2022 13:27:36 GMT
Date: Wed, 07 Dec 2022 08:45:13 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1574bf0b390f9314a777402dfc31a8cc
9002e47062e18e2d217b1897472c30fc9d4c327d
f247e830b54e51907a95f61149b70db884c2cee6413ca05209b45a0994cc5b48
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "F247E830B54E51907A95F61149B70DB884C2CEE6413CA05209B45A0994CC5B48"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16943
Expires: Wed, 07 Dec 2022 13:27:36 GMT
Date: Wed, 07 Dec 2022 08:45:13 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
uthecrimorew.com/utx?cb=XzvkAIvPxaqI&top=exee.app&tid=822524
143.204.55.37204 No Content 0 B URL HTTP/2 uthecrimorew.com/utx?cb=XzvkAIvPxaqI&top=exee.app&tid=822524
IP 143.204.55.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=XzvkAIvPxaqI&top=exee.app&tid=822524 HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 08:45:13 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 07 Dec 2022 08:46:13 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: q4T8T0aUvCWBQFW3fL8tzKiciJfwpv0q6IchY94JbFeUG5DfR3Fgng==
X-Firefox-Spdy: h2
uthecrimorew.com/VVBQYms0MjMPVDRtMkQeJzxtR1kTdWIkD2c6NxJTZD06FQwyKSJMCDk/JQYNJz8+FkU7NSRHWRMXMlIDGAE9MyYfKRkJPC0jOCkjbDMIOhtgMxYgIRw6aBYoPWlhKD8mHwAhUxoTKSNSHyc4UyAXCiUtLzIRBQwDJBw3NykZYxYJKgQVIgEzGxMUCxwgNmEgIQUUJxYvZBlnMhI+GhMLCDkcAjMpNzo7CDwEGT4sAiYZERsHJTMTKAoPPigMPTlpNy0SJhsTGwhiHQUkDzATGVA6A2FkBDMfGwhQWnBiFiMuEzQ1JhgnEzwOUzQIFQ84OyBoLQcfMjI6Rm0RATRaYQA6MCkNETxbCDkWEgcsAz4GDlMjGwMnOxQXYUdZFxIWOA0wCCgbPQNpZQMzFwUTMS5wYhIoHBwRHSUHIhk8V18wByg3OAFhKAEcczojDQUlbTkbAQY3EisvBz8UVScs
143.204.55.37200 OK 1.2 kB URL HTTP/2 uthecrimorew.com/VVBQYms0MjMPVDRtMkQeJzxtR1kTdWIkD2c6NxJTZD06FQwyKSJMCDk/JQYNJz8+FkU7NSRHWRMXMlIDGAE9MyYfKRkJPC0jOCkjbDMIOhtgMxYgIRw6aBYoPWlhKD8mHwAhUxoTKSNSHyc4UyAXCiUtLzIRBQwDJBw3NykZYxYJKgQVIgEzGxMUCxwgNmEgIQUUJxYvZBlnMhI+GhMLCDkcAjMpNzo7CDwEGT4sAiYZERsHJTMTKAoPPigMPTlpNy0SJhsTGwhiHQUkDzATGVA6A2FkBDMfGwhQWnBiFiMuEzQ1JhgnEzwOUzQIFQ84OyBoLQcfMjI6Rm0RATRaYQA6MCkNETxbCDkWEgcsAz4GDlMjGwMnOxQXYUdZFxIWOA0wCCgbPQNpZQMzFwUTMS5wYhIoHBwRHSUHIhk8V18wByg3OAFhKAEcczojDQUlbTkbAQY3EisvBz8UVScs
IP 143.204.55.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash 3c5db9e55a735c16ecf4f9d648aac6e5
6f920f77a521c4ef4e0faa1552ca8900d3601ac9
c6c0592a881afac0a2b4158664f76014271b4be9091ad64026db876079b953e2
GET /VVBQYms0MjMPVDRtMkQeJzxtR1kTdWIkD2c6NxJTZD06FQwyKSJMCDk/JQYNJz8+FkU7NSRHWRMXMlIDGAE9MyYfKRkJPC0jOCkjbDMIOhtgMxYgIRw6aBYoPWlhKD8mHwAhUxoTKSNSHyc4UyAXCiUtLzIRBQwDJBw3NykZYxYJKgQVIgEzGxMUCxwgNmEgIQUUJxYvZBlnMhI+GhMLCDkcAjMpNzo7CDwEGT4sAiYZERsHJTMTKAoPPigMPTlpNy0SJhsTGwhiHQUkDzATGVA6A2FkBDMfGwhQWnBiFiMuEzQ1JhgnEzwOUzQIFQ84OyBoLQcfMjI6Rm0RATRaYQA6MCkNETxbCDkWEgcsAz4GDlMjGwMnOxQXYUdZFxIWOA0wCCgbPQNpZQMzFwUTMS5wYhIoHBwRHSUHIhk8V18wByg3OAFhKAEcczojDQUlbTkbAQY3EisvBz8UVScs HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1198
date: Wed, 07 Dec 2022 08:45:13 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jRc7FJg6H_mPzNdOK_Gj_ofcxFkHmXhOLd8z_4XElgtCYizpancviA==
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:52:41 GMT
expires: Tue, 05 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 136352
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
uthecrimorew.com/RHdxbE8lFRIBcCVKE0o6NhtMSX0CUkMqK3YdFhx3dRobGygjDgNCLCgYBAgpNhgfGGEqEgVJfQJCEDt+HSRDAwQFHSgYGRZHNDwHHiQkOh03FB1ZHwYOAgcNBhsgJDgrDTM+LBUwJ10sDDQFGAcsOjs2FzA6Mz04djs3CB8HMygDGXUfPSMcfD4nKiNhRTM8NyswMwEacDAgJQ4UJCAoDSxHQw4dfD4kKBovMjAtDQo0ATwYPQMFNhk0OileJy4/IC0LFDQgCAgvHwAJOBUTIis/cyBAAAslMEQ2BHQfAAk3dDYwXnphRTc4fisBFzQjJTInGDwmGxoeHANaAVsIBk44DTg0FSY6J3YSQSICHEUWHwszGDYifXEuPV12KxIdHBUcMBlaG3UDFTwmDS41LTx3OkFVLQ9FHVsXdBMVCiVxLyYtaS4EHgI/eTAwNSM+PyNbejUE
143.204.55.37200 OK 1.2 kB URL HTTP/2 uthecrimorew.com/RHdxbE8lFRIBcCVKE0o6NhtMSX0CUkMqK3YdFhx3dRobGygjDgNCLCgYBAgpNhgfGGEqEgVJfQJCEDt+HSRDAwQFHSgYGRZHNDwHHiQkOh03FB1ZHwYOAgcNBhsgJDgrDTM+LBUwJ10sDDQFGAcsOjs2FzA6Mz04djs3CB8HMygDGXUfPSMcfD4nKiNhRTM8NyswMwEacDAgJQ4UJCAoDSxHQw4dfD4kKBovMjAtDQo0ATwYPQMFNhk0OileJy4/IC0LFDQgCAgvHwAJOBUTIis/cyBAAAslMEQ2BHQfAAk3dDYwXnphRTc4fisBFzQjJTInGDwmGxoeHANaAVsIBk44DTg0FSY6J3YSQSICHEUWHwszGDYifXEuPV12KxIdHBUcMBlaG3UDFTwmDS41LTx3OkFVLQ9FHVsXdBMVCiVxLyYtaS4EHgI/eTAwNSM+PyNbejUE
IP 143.204.55.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3040), with no line terminators
Hash 13609b18bcbd5213d26706f509d11f4a
20be21a31bda89460e5a47e85645f34fa9068e7d
053797988e3d84d60711ebe7c72c9b44af96ea4aced5cf858f37006a5eb8ed05
GET /RHdxbE8lFRIBcCVKE0o6NhtMSX0CUkMqK3YdFhx3dRobGygjDgNCLCgYBAgpNhgfGGEqEgVJfQJCEDt+HSRDAwQFHSgYGRZHNDwHHiQkOh03FB1ZHwYOAgcNBhsgJDgrDTM+LBUwJ10sDDQFGAcsOjs2FzA6Mz04djs3CB8HMygDGXUfPSMcfD4nKiNhRTM8NyswMwEacDAgJQ4UJCAoDSxHQw4dfD4kKBovMjAtDQo0ATwYPQMFNhk0OileJy4/IC0LFDQgCAgvHwAJOBUTIis/cyBAAAslMEQ2BHQfAAk3dDYwXnphRTc4fisBFzQjJTInGDwmGxoeHANaAVsIBk44DTg0FSY6J3YSQSICHEUWHwszGDYifXEuPV12KxIdHBUcMBlaG3UDFTwmDS41LTx3OkFVLQ9FHVsXdBMVCiVxLyYtaS4EHgI/eTAwNSM+PyNbejUE HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1191
date: Wed, 07 Dec 2022 08:45:13 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dSuaLBvXUKhmkAnpirHh9p_US9heZIg2LPrckNIONBjZqsiLe-iH1A==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e8cd01d9d6e104d71a9e6d5889255760
f417d3b68b3eb1f69f3e9e07235dbcfe9de14396
971ead92b25d771ff42e8cfbb2bbdc46bac0a80348a5eb4c1268def03a53bf8f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5602
Cache-Control: max-age=96897
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:13 GMT
Etag: "638f1438-117"
Expires: Thu, 08 Dec 2022 11:40:10 GMT
Last-Modified: Tue, 06 Dec 2022 10:06:48 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP 216.58.211.3:0
Hash a05d0c0d61ac3553a34ce8b44a9644a0
cfd06b7f326ba30aca89acd7d3b9013de12c3fc6
b6a962702e5478402a58933c6ecb6ee3f01c7ce2fbb50bd0b5ecb53b50610c5e
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
142.250.74.35200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:56:07 GMT
expires: Tue, 05 Dec 2023 18:56:07 GMT
cache-control: public, max-age=31536000
age: 136146
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
uthecrimorew.com/QVhFZ3kgOiYKRiBlJ0EMMzR4QksHfXchHXMyIhdBcDUvEB4mITdJGi03MAMfMzcrE1cvPTFCSwcZCCIzGDwdJS0NDBwzLXEJNzc8KREHLz8wCXUiLgobNgYxKhpgVT8HaBQuLzZtMCE9eA4MP00DGyk1XHMeJCE0Ig0WEFxzHhYhIxcUARMwEAocDSkDPAslPhAsAyJIJRQWLhoJHjINHxQ7dyUuOTcQIjAAOSxfGgk0FBM1NgITJhcIagQxLAI7KAs/GT8HCRg7PBMmFwguDSVNBjwrVj4MMBMQGABpAiU+JSoLViwCOywIPRcJCCMYFA4DLxcLIBAiMAASEUpJFh90XhcgMgskOAkWKjUsBBkmVEgJCQM+CwowBDAhOyh8NQMYGiYKSCMJBz5KGw0UQRMyNysXRA5pPQA1dzkKAho
143.204.55.37200 OK 1.2 kB URL HTTP/2 uthecrimorew.com/QVhFZ3kgOiYKRiBlJ0EMMzR4QksHfXchHXMyIhdBcDUvEB4mITdJGi03MAMfMzcrE1cvPTFCSwcZCCIzGDwdJS0NDBwzLXEJNzc8KREHLz8wCXUiLgobNgYxKhpgVT8HaBQuLzZtMCE9eA4MP00DGyk1XHMeJCE0Ig0WEFxzHhYhIxcUARMwEAocDSkDPAslPhAsAyJIJRQWLhoJHjINHxQ7dyUuOTcQIjAAOSxfGgk0FBM1NgITJhcIagQxLAI7KAs/GT8HCRg7PBMmFwguDSVNBjwrVj4MMBMQGABpAiU+JSoLViwCOywIPRcJCCMYFA4DLxcLIBAiMAASEUpJFh90XhcgMgskOAkWKjUsBBkmVEgJCQM+CwowBDAhOyh8NQMYGiYKSCMJBz5KGw0UQRMyNysXRA5pPQA1dzkKAho
IP 143.204.55.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3016), with no line terminators
Hash 4eabf804176f340c5c8e4b01ca0b812f
6ab6ecf5b293eb849f6a5381f35bf70c89e36807
dd669f948acbf1448da7e1d3ccae1fba69f4c1ee52684c2adb6d4cfff19331dc
GET /QVhFZ3kgOiYKRiBlJ0EMMzR4QksHfXchHXMyIhdBcDUvEB4mITdJGi03MAMfMzcrE1cvPTFCSwcZCCIzGDwdJS0NDBwzLXEJNzc8KREHLz8wCXUiLgobNgYxKhpgVT8HaBQuLzZtMCE9eA4MP00DGyk1XHMeJCE0Ig0WEFxzHhYhIxcUARMwEAocDSkDPAslPhAsAyJIJRQWLhoJHjINHxQ7dyUuOTcQIjAAOSxfGgk0FBM1NgITJhcIagQxLAI7KAs/GT8HCRg7PBMmFwguDSVNBjwrVj4MMBMQGABpAiU+JSoLViwCOywIPRcJCCMYFA4DLxcLIBAiMAASEUpJFh90XhcgMgskOAkWKjUsBBkmVEgJCQM+CwowBDAhOyh8NQMYGiYKSCMJBz5KGw0UQRMyNysXRA5pPQA1dzkKAho HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1170
date: Wed, 07 Dec 2022 08:45:13 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: rDIeC6ehNhD7tpQl8NMg_IJS4xuuCHOmH-lVyBzp_0KeH4hP9cIugA==
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.189.35.180101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.35.180:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lIXqMelfwyxN94Yc8c2MMA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: nyemuql1MilmUcQFPAzSe+lEISY=
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP 216.58.211.3:0
Hash a05d0c0d61ac3553a34ce8b44a9644a0
cfd06b7f326ba30aca89acd7d3b9013de12c3fc6
b6a962702e5478402a58933c6ecb6ee3f01c7ce2fbb50bd0b5ecb53b50610c5e
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP 216.58.211.3:0
Hash a05d0c0d61ac3553a34ce8b44a9644a0
cfd06b7f326ba30aca89acd7d3b9013de12c3fc6
b6a962702e5478402a58933c6ecb6ee3f01c7ce2fbb50bd0b5ecb53b50610c5e
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1574bf0b390f9314a777402dfc31a8cc
9002e47062e18e2d217b1897472c30fc9d4c327d
f247e830b54e51907a95f61149b70db884c2cee6413ca05209b45a0994cc5b48
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "F247E830B54E51907A95F61149B70DB884C2CEE6413CA05209B45A0994CC5B48"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16943
Expires: Wed, 07 Dec 2022 13:27:36 GMT
Date: Wed, 07 Dec 2022 08:45:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4a2e018f286e5dd8d86cdbdf66dc563f
68ad383cca447bd665f1a80efbe4133af27c8e90
2f0fc962375f141f9a5698f74abe953f97643e26ad1a91034b741ba00300291d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2F0FC962375F141F9A5698F74ABE953F97643E26AD1A91034B741BA00300291D"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20590
Expires: Wed, 07 Dec 2022 14:28:23 GMT
Date: Wed, 07 Dec 2022 08:45:13 GMT
Connection: keep-alive
thethesmahat.com/d3ZBeVhYSSIKZTogJRY8Gh0JIB4fMRYOMB4hcSsKNSEHGwlGQmcNMRNLeUtqQkR1XygeEnxIfgQCIA0tBEtwXzEZEC5EfgFLcFdrQ1hySHZGUDREaVECMRg/SkdnCSwDGnxIbkBGdUlqQEdzQGxC
172.67.159.65204 No Content 0 B URL HTTP/2 thethesmahat.com/d3ZBeVhYSSIKZTogJRY8Gh0JIB4fMRYOMB4hcSsKNSEHGwlGQmcNMRNLeUtqQkR1XygeEnxIfgQCIA0tBEtwXzEZEC5EfgFLcFdrQ1hySHZGUDREaVECMRg/SkdnCSwDGnxIbkBGdUlqQEdzQGxC
IP 172.67.159.65:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d3ZBeVhYSSIKZTogJRY8Gh0JIB4fMRYOMB4hcSsKNSEHGwlGQmcNMRNLeUtqQkR1XygeEnxIfgQCIA0tBEtwXzEZEC5EfgFLcFdrQ1hySHZGUDREaVECMRg/SkdnCSwDGnxIbkBGdUlqQEdzQGxC HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 08:45:13 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4mNbiMa%2BFJJWlFYG3IRcpYrwcIAWJp3cLOeZZ9E7gu1AvS9R2tVsJtVAi1GbggPBcCLWOSQ4EGAbVCjlnqaV1TYrSLSAv%2Be9zn6%2F5OC0IFf5rV4%2Bs6AzqMsbLfjzH0B95hNi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775bfbdf2c120b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9cc74b4277818ca5d2547c4bcbd06091
4213dd789af7b50d63ee5b14168cb91f92b34637
4fc8927779c7cf2dc113109bc435d4c59aa94a51eccd01b29bcc6ea19d1bf56e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FC8927779C7CF2DC113109BC435D4C59AA94A51ECCD01B29BCC6EA19D1BF56E"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4639
Expires: Wed, 07 Dec 2022 10:02:32 GMT
Date: Wed, 07 Dec 2022 08:45:13 GMT
Connection: keep-alive
thethesmahat.com/M3hXdVUcRzQGaH0tDgwAeyEfEyJxCAUkEwI5ZREadzAeNA9mKXEBPFdFb01sB0FjUyVaHGpEc0AMNgEgQEVmUzxdHjhIc0VFZltmB1ZkRHsCXiJIZBUMJxQyDklxBSFHFGpEYwRIY0VnBEllTGwB
172.67.159.65204 No Content 0 B URL HTTP/2 thethesmahat.com/M3hXdVUcRzQGaH0tDgwAeyEfEyJxCAUkEwI5ZREadzAeNA9mKXEBPFdFb01sB0FjUyVaHGpEc0AMNgEgQEVmUzxdHjhIc0VFZltmB1ZkRHsCXiJIZBUMJxQyDklxBSFHFGpEYwRIY0VnBEllTGwB
IP 172.67.159.65:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /M3hXdVUcRzQGaH0tDgwAeyEfEyJxCAUkEwI5ZREadzAeNA9mKXEBPFdFb01sB0FjUyVaHGpEc0AMNgEgQEVmUzxdHjhIc0VFZltmB1ZkRHsCXiJIZBUMJxQyDklxBSFHFGpEYwRIY0VnBEllTGwB HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 08:45:13 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ozT2V1TVC72hlETWEulEN%2BvDq9%2Bnhz9XF7NabrSXFrrjhpvrm%2BqYOsOKi%2Bs94KO4Ct1dOBMzNvtdnV%2FL%2BNjA7qBuQDsAomOWQyGbHwe%2FFf6C7PJOqDXRSUh86qaRUAG7H1Ve"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775bfbdf6c4c0b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thethesmahat.com/ajQzSk1FC1A5cA5sfT0pPlB3GH0Cc3chDy5lWAsOOF9HAhw7ZRU+JA4JC35+WAICbD0DUA57dUxHRys5H0cOe2sDWlUlcExCDntjWhoBZH9MQQ57ax5EUi1wWxJDPjkGCQJ8eloAA3h6WwcDens
172.67.159.65204 No Content 0 B URL HTTP/2 thethesmahat.com/ajQzSk1FC1A5cA5sfT0pPlB3GH0Cc3chDy5lWAsOOF9HAhw7ZRU+JA4JC35+WAICbD0DUA57dUxHRys5H0cOe2sDWlUlcExCDntjWhoBZH9MQQ57ax5EUi1wWxJDPjkGCQJ8eloAA3h6WwcDens
IP 172.67.159.65:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ajQzSk1FC1A5cA5sfT0pPlB3GH0Cc3chDy5lWAsOOF9HAhw7ZRU+JA4JC35+WAICbD0DUA57dUxHRys5H0cOe2sDWlUlcExCDntjWhoBZH9MQQ57ax5EUi1wWxJDPjkGCQJ8eloAA3h6WwcDens HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 08:45:13 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aUB2gSZh5DqSiXcFuUmWFf4FvaUb2WzErTvGtXgq6TxazPYTATE%2FRuT8VccTh%2B3kULu8Iy1HdTP4mKAMIx6emd%2B4at9zOE%2BmgdwuWK0PqfNIqF7zNqTIpeJ3hJKMexZTSbOu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775bfbdf7c560b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.104.3200 OK 473 B IP 172.64.104.3:0
Hash 54f5befaf505c3d1893f0b14546a6fd9
69a077e3086c85bf1a7afc97025e0257e028bb48
fbce4e93849758eb7485c4160c8e443ad0f56553faa13e0fd7329dc698b3ccde
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 123
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 08:45:13 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IBDVA6WLdJ8bI3mXdaqj%2BTLUoRcLlvX%2F2Yk5eWUU%2BsXHW0RG6GXJPnQ891%2FI6cDrQCPKSK9EvL0vSxubK2mQuxacPm8Nv7MKcj2y2YyPjM05I8u0l3FW3yAPbwEqI%2BpNyKJX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775bfbdf8fa4e620-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fn.deulspoorn.com/1clkn/29529
172.255.6.54200 OK 26 B URL HTTP/1.1 fn.deulspoorn.com/1clkn/29529
IP 172.255.6.54:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: fn.deulspoorn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 08:45:13 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Thu, 08-Dec-2022 08:45:13 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Thu, 08-Dec-2022 08:45:13 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
139.45.195.253200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 898
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 07 Dec 2022 08:45:13 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
d2jgp81mjwggyr.cloudfront.net/Gb0hMQmQMJyIkWxshKH9cXXp5cFBJIj8tCh91JTsOPC8OCyA9Jwh1KBZuODgAUnhqLgUBL3FkAQErcXNCDiwuf1BJPDwtD1I7PykJCiclLRQBbjkjWQInNisIAylpcCJaZnxnVl9gOysKCyc7MUFdeCI2QV14fXJKX21/AEFdeDsrCll8aXEmSnp8OlJbbX-8AQV14PjRBXAl9clFBeGVnVl8vKSEPAG1+BFZfeXxyVV95aXBUCSE+JwIAMGlwIl54eWxUST1xcw
143.204.42.124200 OK 519 B URL HTTP/2 d2jgp81mjwggyr.cloudfront.net/Gb0hMQmQMJyIkWxshKH9cXXp5cFBJIj8tCh91JTsOPC8OCyA9Jwh1KBZuODgAUnhqLgUBL3FkAQErcXNCDiwuf1BJPDwtD1I7PykJCiclLRQBbjkjWQInNisIAylpcCJaZnxnVl9gOysKCyc7MUFdeCI2QV14fXJKX21/AEFdeDsrCll8aXEmSnp8OlJbbX-8AQV14PjRBXAl9clFBeGVnVl8vKSEPAG1+BFZfeXxyVV95aXBUCSE+JwIAMGlwIl54eWxUST1xcw
IP 143.204.42.124:0
File type ASCII text, with very long lines (702), with no line terminators
Hash e003653bb0887cd9c26041f2cbe42530
aa276fca94467fdf1566520734f13952313daaf8
00b78ca9523caf3412346ad9ac116134342f4bde76b5aecb78f4d89f0fd2fafe
GET /Gb0hMQmQMJyIkWxshKH9cXXp5cFBJIj8tCh91JTsOPC8OCyA9Jwh1KBZuODgAUnhqLgUBL3FkAQErcXNCDiwuf1BJPDwtD1I7PykJCiclLRQBbjkjWQInNisIAylpcCJaZnxnVl9gOysKCyc7MUFdeCI2QV14fXJKX21/AEFdeDsrCll8aXEmSnp8OlJbbX-8AQV14PjRBXAl9clFBeGVnVl8vKSEPAG1+BFZfeXxyVV95aXBUCSE+JwIAMGlwIl54eWxUST1xcw HTTP/1.1
Host: d2jgp81mjwggyr.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uthecrimorew.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 519
date: Wed, 07 Dec 2022 08:45:13 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yjvpSaZlPvZY23_QB3iR-_tmqGBEG0fxIKN8ndujwYKUbBjWjqQTEg==
X-Firefox-Spdy: h2
d2jgp81mjwggyr.cloudfront.net/AMEJYdXBTLTYTT0QrPEhIBHFqQ0EWKCsaHkB/F0QIVw5uFD9VIX4BClR/aFMcUSw/SFZVLDtIQRYjPBdNBGQtFE1dLSIcHFwjfUc2BWxoUEIAai8cHlQtLwZVAnI2AVUCcmlFXgBnazdVAnIvHB4Gdn1GMhVwaA1GBGdrN1UCcioDVQMDaUVFHnJxUEIAJT-0WG19najNCAHNoRUEAc31HQFYrKhAWXzp9RzYBcm1bQBY3ZUQ
143.204.42.124200 OK 182 B URL HTTP/2 d2jgp81mjwggyr.cloudfront.net/AMEJYdXBTLTYTT0QrPEhIBHFqQ0EWKCsaHkB/F0QIVw5uFD9VIX4BClR/aFMcUSw/SFZVLDtIQRYjPBdNBGQtFE1dLSIcHFwjfUc2BWxoUEIAai8cHlQtLwZVAnI2AVUCcmlFXgBnazdVAnIvHB4Gdn1GMhVwaA1GBGdrN1UCcioDVQMDaUVFHnJxUEIAJT-0WG19najNCAHNoRUEAc31HQFYrKhAWXzp9RzYBcm1bQBY3ZUQ
IP 143.204.42.124:0
File type ASCII text, with no line terminators
Hash 844748ed7ac11486602237fb3dc17ad0
1dd07d57216a40891d5f014082fa0153b276f370
b226f8fb15c83c68b560414bd757631bf8d46882d0710d135397ad13dc73c0bd
GET /AMEJYdXBTLTYTT0QrPEhIBHFqQ0EWKCsaHkB/F0QIVw5uFD9VIX4BClR/aFMcUSw/SFZVLDtIQRYjPBdNBGQtFE1dLSIcHFwjfUc2BWxoUEIAai8cHlQtLwZVAnI2AVUCcmlFXgBnazdVAnIvHB4Gdn1GMhVwaA1GBGdrN1UCcioDVQMDaUVFHnJxUEIAJT-0WG19najNCAHNoRUEAc31HQFYrKhAWXzp9RzYBcm1bQBY3ZUQ HTTP/1.1
Host: d2jgp81mjwggyr.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uthecrimorew.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 182
date: Wed, 07 Dec 2022 08:45:13 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9Qc1Iy0c21q3VR53GDm0DiARUfyFCZZuUuDW-_1OB_GLRiofUth7zg==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP 216.58.211.3:0
Hash a05d0c0d61ac3553a34ce8b44a9644a0
cfd06b7f326ba30aca89acd7d3b9013de12c3fc6
b6a962702e5478402a58933c6ecb6ee3f01c7ce2fbb50bd0b5ecb53b50610c5e
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d2jgp81mjwggyr.cloudfront.net/5aW1YS2oKAjYtVR0EPHZSUVRscl5PByskBBlQHwozBRcQGV1cHCttHhMJZXtMBQw2LFdPCDYoV1hLOS8IVFl+PxoGBmU4GQIAPSQDBh02bR8IUDUkEAABNCpPWyttZVpMX2hjHQADPCQdGkhqewQdSGp7W1lDaG5ZK0hqex0AA25/T1ovfXlaEVtsblkrSG-p7GB9IawpbWVh2e0NMX2gsDwoGN25YL19oelpZXGh6T1tdPiIYDAs3M09bK2l7X0ddfj5XWA
143.204.42.124200 OK 615 B URL HTTP/2 d2jgp81mjwggyr.cloudfront.net/5aW1YS2oKAjYtVR0EPHZSUVRscl5PByskBBlQHwozBRcQGV1cHCttHhMJZXtMBQw2LFdPCDYoV1hLOS8IVFl+PxoGBmU4GQIAPSQDBh02bR8IUDUkEAABNCpPWyttZVpMX2hjHQADPCQdGkhqewQdSGp7W1lDaG5ZK0hqex0AA25/T1ovfXlaEVtsblkrSG-p7GB9IawpbWVh2e0NMX2gsDwoGN25YL19oelpZXGh6T1tdPiIYDAs3M09bK2l7X0ddfj5XWA
IP 143.204.42.124:0
File type ASCII text, with very long lines (867), with no line terminators
Hash 694d3186be3a9af067df5a46bee193e9
2eba417fb44b894641fff4d7746989200de16ecc
669af079f31443118487a80789beef080e458d5e431dcd32b1fc2f798882c792
GET /5aW1YS2oKAjYtVR0EPHZSUVRscl5PByskBBlQHwozBRcQGV1cHCttHhMJZXtMBQw2LFdPCDYoV1hLOS8IVFl+PxoGBmU4GQIAPSQDBh02bR8IUDUkEAABNCpPWyttZVpMX2hjHQADPCQdGkhqewQdSGp7W1lDaG5ZK0hqex0AA25/T1ovfXlaEVtsblkrSG-p7GB9IawpbWVh2e0NMX2gsDwoGN25YL19oelpZXGh6T1tdPiIYDAs3M09bK2l7X0ddfj5XWA HTTP/1.1
Host: d2jgp81mjwggyr.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uthecrimorew.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 615
date: Wed, 07 Dec 2022 08:45:13 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IUlSh7HouO6MAyT_L4edIZ1klp85n6ntIP3kdi34oUnLPU_9udZnYw==
X-Firefox-Spdy: h2
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
173.233.137.60200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP 173.233.137.60:0
File type ASCII text, with very long lines (37153), with no line terminators
Hash 48249f1145ee014f97d2a2c2b4669d63
c66cb8b9b07b8b793028729236019f696359e979
f1025df8b546d01dfcc772371bf3d8ae53f3a62ad23354e784bfa291e869bc8f
Analyzer Verdict Alert quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 08:45:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 16f145005ccd93c73eb03f9f27491a37
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
95.101.11.115200 OK 374 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash bed627bfd4afab90f6a65817c1499188
ab48109b34f27c324f9bda2ad0f7b8e7d946d7b4
33ab47da5f7d3278c050906ca5ffcab508ea19a3dec5c0ceb4474f09eb2f8dfb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "E123ED36A240C987E233BCBA017C41294E1CD01A88FDB68F99A1926049C0BB81"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15268
Expires: Wed, 07 Dec 2022 12:59:41 GMT
Date: Wed, 07 Dec 2022 08:45:13 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 975d829b6c1182baa9059ef46ba71c89
4cad25f5dc5997779e9bde153551bf7fa3481938
5a23467d164713da6a0ba9cff3d114780c255f12696ad50c3efc214c8895ee64
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 07 Dec 2022 08:45:13 GMT
Last-Modified: Wed, 07 Dec 2022 07:14:48 GMT
Server: ECS (nyb/1D27)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3p89FNWktvcpCtn1Sp0HDvB2Y4TaIPxYRJ0lniIEo2ZhAJnE_Un-dA==
Age: 5425
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 444455a049c5e6d50971434e4b39cb77
4e00a1df1e99d3b5a97edf06fa4c99336303e53e
a2fd8329f19574f85b3ac92abc18ae3751806f973999b34ca5a294278b3d8c0d
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 08:45:13 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=5d5beadb-f183-4223-a66c-82997f81b93b:2:1; expires=Sat, 04 Dec 2032 08:45:13 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FtRPP&tag=v-exee-app&domain=exee.app
172.64.105.3200 OK 2.2 kB URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FtRPP&tag=v-exee-app&domain=exee.app
IP 172.64.105.3:0
File type JSON data\012- , ASCII text, with very long lines (10757)
Hash 77b759c3c39df090122c14e7f291d36a
24e8f5e5d38d43c2c8b54918fcf617cfa8210f06
78501a98798f8579e903eeb0c05c94550656d39a46c8fe9a132b91e8eac19903
GET /allowed_url.php?type=json&url=exee.app%2FtRPP&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 08:45:13 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F4mnCpWOKNLzGKlARIti0xWzIzSD4%2Bxtn%2FzbjC1kVJ3dihCfI6xdRv5JkTtFCFGE9xviL9pWOGxiyTp%2B3XsDWCY2l4BU%2BdsEOPi5BR%2BgboIvyJ7cTxcj4LfsuxT2b1B30XrL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775bfbdf8bfc23ac-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 82cd1ce897294f8b6283690009066d4d
239c6d29c3574a2b4d591729f0ec5691875f1649
9141e07fa8daf3d95d50d43ad596b80e671693a4dd268f39cc83456cd07e93af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 82cd1ce897294f8b6283690009066d4d
239c6d29c3574a2b4d591729f0ec5691875f1649
9141e07fa8daf3d95d50d43ad596b80e671693a4dd268f39cc83456cd07e93af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 07 Dec 2022 08:41:08 GMT
expires: Wed, 07 Dec 2022 10:41:08 GMT
cache-control: public, max-age=7200
age: 246
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d44205a852cedc47da2373b3542f2ca0
884e5d2d7ef372a86e7edc3f8c1dc63a3b4fbe82
f2adb5b3e4b05ad953d43f483497243ae66c148f2af8f39473ddc6fcf2623bb9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6510
Cache-Control: max-age=107550
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:14 GMT
Etag: "638f3a4a-1d7"
Expires: Thu, 08 Dec 2022 14:37:44 GMT
Last-Modified: Tue, 06 Dec 2022 12:49:14 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
imasdk.googleapis.com/js/sdkloader/ima3.js
216.58.207.234200 OK 127 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/ima3.js
IP 216.58.207.234:0
File type ASCII text, with very long lines (2791)
Size 127 kB (126815 bytes)
Hash e6ce6730b0e7cfe4cc995926ca00e5b9
78a31d1c17bce48b0fc1ffe4580166fc9d21de25
263312f99ed53981d3f885c3af5e34d0b579f55718f8e8352f9431bc437fb225
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 126815
date: Wed, 07 Dec 2022 08:45:14 GMT
expires: Wed, 07 Dec 2022 08:45:14 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.77302 Found 388 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.77:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (378)
Hash 27fc6c75dac020c654752a5ef949f849
79c4c873631963dfe7a8f83053e96439e7bce2db
ac263b1fcc91053cce2a58841413d0b195d93e8be038f9a99ef9cedd14f5ed17
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Dec 2022 08:45:14 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1510530105%3A1670402714199265&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt8LA0HRiXwdCNdtQpYy2uR66cQwc7_xME3cAR3DAW-2X3l7qfpyUDKijlyXkp5Sr-X7MHb
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-bQnY85aqXMAJYXc9DGwF7g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 388
server: GSE
set-cookie: __Host-GAPS=1:wYisvUSjmEvv99beYEN7cDsPUGb61g:7__JThvFoLCruFb4;Path=/;Expires=Fri, 06-Dec-2024 08:45:14 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.77302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.77:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash b8a51d068c18d27ce1f383a490d579e1
87ed9af4ce444f60c415963ee2d6b333ea1e8e4c
40eedc53c4d74d08525d5ccd66372c7cf9cdc801eef62adce4de7f435ad79563
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Dec 2022 08:45:14 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1023295678%3A1670402714207002&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt04s8Ii-Fjob7Cy2_-WxIBJpmISUmi5I5MmGCc5YLpTwPkbpsrovmj4nN5czcWeFP1oMpa
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-9nBv352T19NZue9fvEjleA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:nCv_mfcmq7V7AFQCQrgOowKULFRpZw:iS7EXVJ8noO5XI5W;Path=/;Expires=Fri, 06-Dec-2024 08:45:14 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash cd6dabd083ee1c237c8ea3ba38cc48d5
bbe4420bf1c0fe0d5621336865563418d2f16f39
c9314cdac13bc2ea94505f473538ab4d5c0a940dfbc2f5447e6f22a5af580572
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3a8da4d46dd016ca11bc38d3837a34d8
e53e3f2d290563002db01d450f08cda335604165
848b7ed9fa33d2a4eaec3e984a73158543df5dac83dcf54cd131c4bd4ad1dd3b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "848B7ED9FA33D2A4EAEC3E984A73158543DF5DAC83DCF54CD131C4BD4AD1DD3B"
Last-Modified: Mon, 05 Dec 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7335
Expires: Wed, 07 Dec 2022 10:47:29 GMT
Date: Wed, 07 Dec 2022 08:45:14 GMT
Connection: keep-alive
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.247.35200 OK 28 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.247.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (30486)
Hash 84ddd626b15f49a34f7356d78de91062
efb5910948d2a6b90887aa00cba9d5743dfb1c64
7f553e6ca66f0a97ad493e7169e996835255bb34be001560f9e3aa51de051aa9
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 3qOADUXvHOEZAbbaSSjpUjLSQ90EQ7zFe/u3YGJjVfWQo4wCOC/dkZ4MOz6nwoP6gVeegtNK4faVC/keTP//ug==
date: Wed, 07 Dec 2022 08:45:14 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
stealcalmgenus.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
173.233.137.44200 OK 29 kB URL HTTP/1.1 stealcalmgenus.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
IP 173.233.137.44:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash d6e0d329bbfc79da8551ddaf749f4bc9
feb9e74ad2ceb1be24ecf142e6ea190ef447cd16
571ceafb81ea72b222cfdf6a18a94362d9e8ed8bf032a57e1586166ebb27aa5b
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/ed/da/e3edda287db626ee1ba52321f203a61e.js HTTP/1.1
Host: stealcalmgenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 08:45:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b21c851c78e6ffffd65d80141efb5259
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7000
Expires: Wed, 07 Dec 2022 10:41:54 GMT
Date: Wed, 07 Dec 2022 08:45:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7000
Expires: Wed, 07 Dec 2022 10:41:54 GMT
Date: Wed, 07 Dec 2022 08:45:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7000
Expires: Wed, 07 Dec 2022 10:41:54 GMT
Date: Wed, 07 Dec 2022 08:45:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7000
Expires: Wed, 07 Dec 2022 10:41:54 GMT
Date: Wed, 07 Dec 2022 08:45:14 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: va_vly0iX6rzm_aTWrryPRjoTWlI-_0m6rpS6VrTx-nsd71dk1cSZw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 08:32:51 GMT
age: 743
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd933687b-86e0-407a-9bff-2debb09d5167.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd933687b-86e0-407a-9bff-2debb09d5167.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 550ee57c325ce8d4892400deb24141d3
acece1761a7d4d3926500726c19d528bb204ef4c
7cc68e966362916947e7d6e24d3c001c64298fec2438a97538765d801fa7c92c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd933687b-86e0-407a-9bff-2debb09d5167.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10362
x-amzn-requestid: 7fdd2011-e283-467e-9f04-741946a834ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpl_1EsooAMFhvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d5065-0cddad1919d984065bd0b03e;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 01:59:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uhgTdyHGPZ1Ocp6wLQNVgcZ0z2CPyV0a_51MXD6Q04tsJ3RhgMY2Fw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:58:02 GMT
age: 38832
etag: "acece1761a7d4d3926500726c19d528bb204ef4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 20:49:34 GMT
age: 42940
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e484ee7-12d9-41dc-b674-890c51c30626.png
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e484ee7-12d9-41dc-b674-890c51c30626.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b079607b368263e3517dd30250f5f2af
a1b7863c70f1d501560a5b2fb4442f4835f94341
e7ed3ed2aca312d82fb017e06c6493fafffff9a603d1498c9c05355c08b444e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e484ee7-12d9-41dc-b674-890c51c30626.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5913
x-amzn-requestid: 355ca338-7d8e-4a60-a491-0509d0ff32d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlirF3DIAMF-vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb610-5bff7b5b3984102e1ef0e737;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RlnA4SSUIbIVtGBxqBtabKw58aXWE-jGIKLZ4DnoTiGzvH5bzBOUbA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:57:19 GMT
etag: "a1b7863c70f1d501560a5b2fb4442f4835f94341"
content-type: image/jpeg
age: 38875
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F849e6cc4-2b6a-4e78-ba2e-d46bfbadd6ba.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F849e6cc4-2b6a-4e78-ba2e-d46bfbadd6ba.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0a317faf49d8e057d1da40f9441b6c30
f01497a3eef693b70b18885156f63c9c7305ed7e
5687e273eefa9ba3733fabe234e52bc7db87b4ec6244d12077c5816ae7961576
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F849e6cc4-2b6a-4e78-ba2e-d46bfbadd6ba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12259
x-amzn-requestid: db1b424e-af8a-4a6f-92dc-27ccf3256d25
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: coKPCHc9oAMFygg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638cbd93-56c293d73368cab66819d31e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 15:32:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VsWEwb3ynI-AP3uWwVHM6I7aY3f0TBLvge2Znt7hNIXlNtMbvpKmBQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 08:00:53 GMT
age: 2661
etag: "f01497a3eef693b70b18885156f63c9c7305ed7e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
a.vdo.ai/core/v-exee-app/vdo.ai.js
172.64.104.3200 OK 14 kB URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP 172.64.104.3:0
File type ASCII text, with very long lines (10649)
Hash 901add325e57b2c59abd9590224d80d8
aa46f1bcd32bc223346e2e6990be9c45de0fd72d
a6d0f27d3ca7ca8b7cca4b3a15808b5f9bb11cf665191ef1cbf10108fcb7b436
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 08:45:13 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
vdo-server: Tag1
x-varnish: 7599884 8401844
age: 1002
via: 1.1 varnish-v4
x-cache: HIT
cache-control: max-age=1800
cf-cache-status: HIT
last-modified: Wed, 07 Dec 2022 08:28:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u0jP4Tp1sG%2BzQchUUWQpFdZovu9fmuDWeM%2BCDBVz%2FMjcfGz4mpqP6H93fxoXBpI29OBaLNDrqUO2ua%2FgbdcN2ZUOfg9rMXRwOlYVzW86Mt2rjbVgWof7qPfBOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775bfbde2b2d7731-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1023295678%3A1670402714207002&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt04s8Ii-Fjob7Cy2_-WxIBJpmISUmi5I5MmGCc5YLpTwPkbpsrovmj4nN5czcWeFP1oMpa
142.250.74.77403 Forbidden 5.1 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1023295678%3A1670402714207002&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt04s8Ii-Fjob7Cy2_-WxIBJpmISUmi5I5MmGCc5YLpTwPkbpsrovmj4nN5czcWeFP1oMpa
IP 142.250.74.77:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (7824), with no line terminators
Hash 873a42254e8e3f8cfaecdbac6187f138
3af2fe61694d977d96dd39d5deb34e7e28241b1c
b6598f6c6d3434244f70f2d0000f17109bf8e4ed12e45ec9df2aeab05c456f5f
GET /v3/signin/identifier?dsh=S-1023295678%3A1670402714207002&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt04s8Ii-Fjob7Cy2_-WxIBJpmISUmi5I5MmGCc5YLpTwPkbpsrovmj4nN5czcWeFP1oMpa HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Dec 2022 08:45:14 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-FQe4ZAH2tcJ9pzyNJLlnvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4572d87a1e0ec8c2d53b33a39b06f02a
f6d469af83db717e1a691532052868c7925b2fe0
546f530032e8c8cd6e51d1adb173e194cef6610ee425b44fa57bdd153aaab079
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "546F530032E8C8CD6E51D1ADB173E194CEF6610EE425B44FA57BDD153AAAB079"
Last-Modified: Tue, 06 Dec 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14066
Expires: Wed, 07 Dec 2022 12:39:41 GMT
Date: Wed, 07 Dec 2022 08:45:15 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
216.58.207.194200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP 216.58.207.194:0
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 08:04:29 GMT
expires: Wed, 07 Dec 2022 09:04:29 GMT
cache-control: public, max-age=3600
age: 2446
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
hygieneretorted.com/pixel/purst?dl=0&th=0&sc=0&rs=2520&rd=2520&fd=691&bv=22.10.v.10&tmpl=136
192.243.61.225200 OK 0 B URL HTTP/1.1 hygieneretorted.com/pixel/purst?dl=0&th=0&sc=0&rs=2520&rd=2520&fd=691&bv=22.10.v.10&tmpl=136
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=2520&rd=2520&fd=691&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: hygieneretorted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 08:45:15 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 04bfde221f24fac1f17ed062d1397758
abc136d36667451bfe7decf8d93fca1f6635e065
9b26177153f98f1154a61e37f44c5f9b8b6dd92b3dc72a9f241875a112b9d6b3
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 07 Dec 2022 08:45:15 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Dec 2022 04:00:18 GMT
Expires: Thu, 08 Dec 2022 04:00:18 GMT
ETag: "abc136d36667451bfe7decf8d93fca1f6635e065"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 04bfde221f24fac1f17ed062d1397758
abc136d36667451bfe7decf8d93fca1f6635e065
9b26177153f98f1154a61e37f44c5f9b8b6dd92b3dc72a9f241875a112b9d6b3
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 07 Dec 2022 08:45:15 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Dec 2022 04:00:18 GMT
Expires: Thu, 08 Dec 2022 04:00:18 GMT
ETag: "abc136d36667451bfe7decf8d93fca1f6635e065"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
51.79.72.196204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP 51.79.72.196:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.16.1
Date: Wed, 07 Dec 2022 08:45:15 GMT
Connection: keep-alive
Expires: Thu, 07 Dec 2023 08:45:15 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ea6d8022d3d0fcb1a655c111694efb3c
0565f1dae70afb9f7d231824a488de4f262218f0
198fc3e66c5d81029e6781d76d0eb5bf8a3c8ae92aa3aa6a7f0fda6d95658a76
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "198FC3E66C5D81029E6781D76D0EB5BF8A3C8AE92AA3AA6A7F0FDA6D95658A76"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10024
Expires: Wed, 07 Dec 2022 11:32:19 GMT
Date: Wed, 07 Dec 2022 08:45:15 GMT
Connection: keep-alive
stealcalmgenus.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9Nclv88tGJRsXYiMuFJ2e%2Bujq6UoWwTFGgjETJtEBN%2FK%2Bquc5r%2BsV71V19QwRBgOSjdCuFFc1p%2BcDYxDzBwjS40YGhLQLmYXjH%2BBSyFp6pqH1LureU%2Bcuzjn3fb5bnhIfJT25877ZVlrTpbjpN15bV5kwlWvcvtcI%2FKZ%2FtbGusnbramMw%2Fdj%2BlcCPm%2F7rjXcl3zRLoR%2F4fuAHjRvKytQMls5YqPxxEjQTv9kKm0HcwsD%2BF7vSg6MeRP%2BUvAAlJv%2Fb%2BOUJFB8j6%2F1wXbrNwuRvvtMrNS2MRV8cfpBtZqbK0JuPqfWQZoezbRg3IeTrBZjscOYApr83dQCmJsT7PQDLDmcywfr750qZhszAxCVU%2FTGkHkPRMbh5ACWeEoAL3F5F1ju4bWxFt85ZOmUn5OKzv6GqCbn4x2Vkve9XtBo07hpdFspkDoO0hhqMobpj5OURim0PqjoCLz6DEr%2BSpWe3kPX2Vp02UOLk1VjETFLBFtOgEy22wjBapO02X%2ByESbKcdgKWROwsIqXGUOkYWg5B3QJK56FUHsrUQ5l76ImTBo2T1PeXU5ZGUafFOY8izuNOW8QianVSHyWfehiiyIfgeghud5DbHWyqIWz5E9xGDSc8uIKgL2pUkqByBBUlqBRBVRBU%2FXpfaBe6%2BkBoV7Jg1sNZj%2BqRKbq7dN8UXZmR3fyUPD8Nznvu0WVsypNGGnfitB3zNm%2FHQRixJBbCT5iMwpaQEWNwqoZyC6DOw7aakAuf%2FoVcTcjCyhIYPYLTR%2BDqFdDyJdBqtBz6oBujVsfHdnYgB7KpDISpkRcXUWx5u%2FqUvHh2uiuX3oDkx9e%2B%2BmL1z6viI3BbI7c1PlE%2FE3T1w9GaqcjemqkcebKaF6qntun0rHcLWsgLj96TW5Wx4uZ1N%2Fz2LT4lpuPje9IVt2gmVNZ15LsVJYS0N4zlkvx4061Ldqd0Gyulzcr81p23b9zs5VY6p0w2BlVPP7wPribk%2F%2Fc%2FPnuwL3uAsmPYskavPCazgjJj8HwHLp%2Brd4bA6vkOyz1UZT2yIZv%2F1IpAyzmmrIb7F2bzedc9RNd6oMUDZL0afVujr2tQPYQrL4yK3B5f%2By06KzDtjZi23h7TVn95Hq1TJw0Zp34q%2FVCyNGHpMvVFkrYSRpNALrOYBijchA%2FXvvkHAAD%2F%2FwEAAP%2F%2F6P8DIogEAAA%3D
173.233.137.44200 OK 7 B URL HTTP/1.1 stealcalmgenus.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9Nclv88tGJRsXYiMuFJ2e%2Bujq6UoWwTFGgjETJtEBN%2FK%2Bquc5r%2BsV71V19QwRBgOSjdCuFFc1p%2BcDYxDzBwjS40YGhLQLmYXjH%2BBSyFp6pqH1LureU%2Bcuzjn3fb5bnhIfJT25877ZVlrTpbjpN15bV5kwlWvcvtcI%2FKZ%2FtbGusnbramMw%2Fdj%2BlcCPm%2F7rjXcl3zRLoR%2F4fuAHjRvKytQMls5YqPxxEjQTv9kKm0HcwsD%2BF7vSg6MeRP%2BUvAAlJv%2Fb%2BOUJFB8j6%2F1wXbrNwuRvvtMrNS2MRV8cfpBtZqbK0JuPqfWQZoezbRg3IeTrBZjscOYApr83dQCmJsT7PQDLDmcywfr750qZhszAxCVU%2FTGkHkPRMbh5ACWeEoAL3F5F1ju4bWxFt85ZOmUn5OKzv6GqCbn4x2Vkve9XtBo07hpdFspkDoO0hhqMobpj5OURim0PqjoCLz6DEr%2BSpWe3kPX2Vp02UOLk1VjETFLBFtOgEy22wjBapO02X%2ByESbKcdgKWROwsIqXGUOkYWg5B3QJK56FUHsrUQ5l76ImTBo2T1PeXU5ZGUafFOY8izuNOW8QianVSHyWfehiiyIfgeghud5DbHWyqIWz5E9xGDSc8uIKgL2pUkqByBBUlqBRBVRBU%2FXpfaBe6%2BkBoV7Jg1sNZj%2BqRKbq7dN8UXZmR3fyUPD8Nznvu0WVsypNGGnfitB3zNm%2FHQRixJBbCT5iMwpaQEWNwqoZyC6DOw7aakAuf%2FoVcTcjCyhIYPYLTR%2BDqFdDyJdBqtBz6oBujVsfHdnYgB7KpDISpkRcXUWx5u%2FqUvHh2uiuX3oDkx9e%2B%2BmL1z6viI3BbI7c1PlE%2FE3T1w9GaqcjemqkcebKaF6qntun0rHcLWsgLj96TW5Wx4uZ1N%2Fz2LT4lpuPje9IVt2gmVNZ15LsVJYS0N4zlkvx4061Ldqd0Gyulzcr81p23b9zs5VY6p0w2BlVPP7wPribk%2F%2Fc%2FPnuwL3uAsmPYskavPCazgjJj8HwHLp%2Brd4bA6vkOyz1UZT2yIZv%2F1IpAyzmmrIb7F2bzedc9RNd6oMUDZL0afVujr2tQPYQrL4yK3B5f%2By06KzDtjZi23h7TVn95Hq1TJw0Zp34q%2FVCyNGHpMvVFkrYSRpNALrOYBijchA%2FXvvkHAAD%2F%2FwEAAP%2F%2F6P8DIogEAAA%3D
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9Nclv88tGJRsXYiMuFJ2e%2Bujq6UoWwTFGgjETJtEBN%2FK%2Bquc5r%2BsV71V19QwRBgOSjdCuFFc1p%2BcDYxDzBwjS40YGhLQLmYXjH%2BBSyFp6pqH1LureU%2Bcuzjn3fb5bnhIfJT25877ZVlrTpbjpN15bV5kwlWvcvtcI%2FKZ%2FtbGusnbramMw%2Fdj%2BlcCPm%2F7rjXcl3zRLoR%2F4fuAHjRvKytQMls5YqPxxEjQTv9kKm0HcwsD%2BF7vSg6MeRP%2BUvAAlJv%2Fb%2BOUJFB8j6%2F1wXbrNwuRvvtMrNS2MRV8cfpBtZqbK0JuPqfWQZoezbRg3IeTrBZjscOYApr83dQCmJsT7PQDLDmcywfr750qZhszAxCVU%2FTGkHkPRMbh5ACWeEoAL3F5F1ju4bWxFt85ZOmUn5OKzv6GqCbn4x2Vkve9XtBo07hpdFspkDoO0hhqMobpj5OURim0PqjoCLz6DEr%2BSpWe3kPX2Vp02UOLk1VjETFLBFtOgEy22wjBapO02X%2ByESbKcdgKWROwsIqXGUOkYWg5B3QJK56FUHsrUQ5l76ImTBo2T1PeXU5ZGUafFOY8izuNOW8QianVSHyWfehiiyIfgeghud5DbHWyqIWz5E9xGDSc8uIKgL2pUkqByBBUlqBRBVRBU%2FXpfaBe6%2BkBoV7Jg1sNZj%2BqRKbq7dN8UXZmR3fyUPD8Nznvu0WVsypNGGnfitB3zNm%2FHQRixJBbCT5iMwpaQEWNwqoZyC6DOw7aakAuf%2FoVcTcjCyhIYPYLTR%2BDqFdDyJdBqtBz6oBujVsfHdnYgB7KpDISpkRcXUWx5u%2FqUvHh2uiuX3oDkx9e%2B%2BmL1z6viI3BbI7c1PlE%2FE3T1w9GaqcjemqkcebKaF6qntun0rHcLWsgLj96TW5Wx4uZ1N%2Fz2LT4lpuPje9IVt2gmVNZ15LsVJYS0N4zlkvx4061Ldqd0Gyulzcr81p23b9zs5VY6p0w2BlVPP7wPribk%2F%2Fc%2FPnuwL3uAsmPYskavPCazgjJj8HwHLp%2Brd4bA6vkOyz1UZT2yIZv%2F1IpAyzmmrIb7F2bzedc9RNd6oMUDZL0afVujr2tQPYQrL4yK3B5f%2By06KzDtjZi23h7TVn95Hq1TJw0Zp34q%2FVCyNGHpMvVFkrYSRpNALrOYBijchA%2FXvvkHAAD%2F%2FwEAAP%2F%2F6P8DIogEAAA%3D HTTP/1.1
Host: stealcalmgenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=5d5beadb-f183-4223-a66c-82997f81b93b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 08:45:15 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 91ef4149bd91e2d2f135698086da04f4
Strict-Transport-Security: max-age=0; includeSubdomains
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
51.79.72.196200 OK 7.6 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP 51.79.72.196:0
Hash 5d70884c81835f59111a011da36dae6e
cc0b761c8834859ea7bf4b1f82fe36f83f8a3654
4083f5e84f250641ddb576c6be05096b6ca62b52294df32b8d7f0829897057a9
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Wed, 07 Dec 2022 08:45:15 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d37-bf80"
Expires: Thu, 07 Dec 2023 08:45:15 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e2b76117e448228305ba7e8618948bef
800100603fcc24f32d8a5e8e323e8415afeab545
afcefd68e69b1d09a9cb50beacacbedab49263fc14dd08040c850451a6444830
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AFCEFD68E69B1D09A9CB50BEACACBEDAB49263FC14DD08040C850451A6444830"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20340
Expires: Wed, 07 Dec 2022 14:24:15 GMT
Date: Wed, 07 Dec 2022 08:45:15 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e2b76117e448228305ba7e8618948bef
800100603fcc24f32d8a5e8e323e8415afeab545
afcefd68e69b1d09a9cb50beacacbedab49263fc14dd08040c850451a6444830
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AFCEFD68E69B1D09A9CB50BEACACBEDAB49263FC14DD08040C850451A6444830"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20340
Expires: Wed, 07 Dec 2022 14:24:15 GMT
Date: Wed, 07 Dec 2022 08:45:15 GMT
Connection: keep-alive
stealcalmgenus.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=126
173.233.137.44200 OK 0 B URL HTTP/1.1 stealcalmgenus.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=126
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=126 HTTP/1.1
Host: stealcalmgenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=5d5beadb-f183-4223-a66c-82997f81b93b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 08:45:15 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
51.79.72.196204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP 51.79.72.196:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.16.1
Date: Wed, 07 Dec 2022 08:45:15 GMT
Connection: keep-alive
Expires: Thu, 07 Dec 2023 08:45:15 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png
172.64.108.13200 OK 4.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png
IP 172.64.108.13:0
File type PNG image data, 500 x 500, 8-bit gray+alpha, non-interlaced\012- data
Hash 23e9690b0e7ac26868363a6248f44467
d7ad0eae64e0c1e65b12eda0aa9d2b91996dd64f
f362c67320d739ccf3bea21f857b9620075bd20ceacda8c51261b9612fe28395
GET /sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 08:45:15 GMT
content-type: image/png
content-length: 4022
last-modified: Wed, 17 Feb 2021 11:46:53 GMT
etag: "602d022d-fb6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1882389
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GklcWcy4lTloHgC4iTqMEEFb4kkkBScZFBpWAH62HrnDEBTZwzwQVTGjXMmIss8xp5FktbTwCujhi%2FXD7CXtMdPV6MD%2FO3SzOyZpH537paACRlLGCSlByuMAIOaWAoUSj8nBffMXPMEl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775bfbed396d0662-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e2b76117e448228305ba7e8618948bef
800100603fcc24f32d8a5e8e323e8415afeab545
afcefd68e69b1d09a9cb50beacacbedab49263fc14dd08040c850451a6444830
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AFCEFD68E69B1D09A9CB50BEACACBEDAB49263FC14DD08040C850451A6444830"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20340
Expires: Wed, 07 Dec 2022 14:24:15 GMT
Date: Wed, 07 Dec 2022 08:45:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f371fd6cbe04abe5f0d8679af1f2a998
ac95c5a39304a338b963d591a374bd667c836143
bb563352d50a6732df1045dcf54d5242f7609753538c26735456fef24a4692e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB563352D50A6732DF1045DCF54D5242F7609753538C26735456FEF24A4692E9"
Last-Modified: Tue, 06 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8928
Expires: Wed, 07 Dec 2022 11:14:03 GMT
Date: Wed, 07 Dec 2022 08:45:15 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css
172.64.108.13200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css
IP 172.64.108.13:0
Hash 21eb7a65c17a2c22ba104a7ecbf1dc0f
ea8c53be54889c7489aed04e30e3eb83af64dec9
090bd9ceb9a58da038e5ed4a39dfbb63ece49ed4f4f0656ce35f7faa41a3b237
GET /sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 08:45:15 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:46:51 GMT
etag: W/"602d022b-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4301
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QV438wsg1eFzvpEvuNOrV0ouPJly0VEk%2F5rL0egUKX0qQuXcvJBnYeOUY6w20EocHLjs3diwXSFWRC8y2d2AtzzqIuCDyZ%2FpX%2BUZiSkk%2BRirETwp3PUnYpEuD4dwaEabQm%2FEO0WHA%2FYN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775bfbed395d0662-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/9f/03/9f/9f039f12c3a901981b39e44a7e2deb89/1667590110.png
45.133.44.10200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/si/9f/03/9f/9f039f12c3a901981b39e44a7e2deb89/1667590110.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 2cb2500acb00f247ef19403c3a0f89e1
7c57e8b84b2bb0003810ffae7a14e24869155464
7efcd5082673b787603d2a0b8d768fb26807cf2ab79771a69886a916d0cda3ce
GET /si/9f/03/9f/9f039f12c3a901981b39e44a7e2deb89/1667590110.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 08:45:15 GMT
content-type: image/png
content-length: 32763
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:28:39 GMT
etag: "636567e7-7ffb"
expires: Fri, 09 Dec 2022 08:45:15 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
stealcalmgenus.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=146
173.233.137.44200 OK 0 B URL HTTP/1.1 stealcalmgenus.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=146
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=146 HTTP/1.1
Host: stealcalmgenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=5d5beadb-f183-4223-a66c-82997f81b93b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 08:45:15 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
stealcalmgenus.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fcss%2Fstyle.css&l=5644&fd=151
173.233.137.44200 OK 0 B URL HTTP/1.1 stealcalmgenus.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fcss%2Fstyle.css&l=5644&fd=151
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fcss%2Fstyle.css&l=5644&fd=151 HTTP/1.1
Host: stealcalmgenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=5d5beadb-f183-4223-a66c-82997f81b93b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 08:45:15 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 565861
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
Hash 2467faa0c123b6f4035d36ce64fd4d26
4483844f3f09a9d055c11907e4ef4179f13a333d
ba1be561ec76e63c87a590b406e43003319eec56071814620ebccaa484103047
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 565882
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash cd6dabd083ee1c237c8ea3ba38cc48d5
bbe4420bf1c0fe0d5621336865563418d2f16f39
c9314cdac13bc2ea94505f473538ab4d5c0a940dfbc2f5447e6f22a5af580572
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.barscreative1.com/sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html
45.133.44.4200 OK 2.0 kB URL HTTP/2 cdn.barscreative1.com/sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Hash 1d29240caf677febe668eb3557accf00
753a38095c7a7f0bf30c43ffd35a69f4f23db469
21d7a487a523d0fd52a791efdbedfff9a786cfc29947a65fdb58607d63c2da9f
GET /sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 08:45:15 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:28 GMT
etag: W/"6275e5b8-4b9"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 07 Dec 2022 09:45:15 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
stealcalmgenus.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9lZnf5jcbldm4EBtxoWg69dHVHzOLwTiODI5JyIwG3Mj7qs4zr%2BsV71V1dcIIwQGZjdCuFFeV0%2FnAcRDnDxCk40YCwrQLycL4B7gUZi2dNLTeRd176tzFOee%2Bz%2FeKM%2BKjoKdr75sdpTVdiut%2B7bUNlQpTutrKvVrg1%2F3rtQ2VNhvXa4Ppx%2FavBX5c91%2BvvSv5llkK%2FcD3Az%2Bo3VJWJmawdM5CZY87Qb3j1xthPYgbGNj%2FYld4cNSD6J%2BRF6DE5H%2BbvzyB4mOkvR9uSreVm%2BzNd3qFprmx6IujD9Kt1JQpevMxsR6S9Gi2DeMmhHy9AJMezRzA9PenDsDUhHi%2FB2Dp0UwmWP%2FgQinTkCmYuIKyP4bUYyg6BjcPoMRTAnCBlVWkvcMVY0u6fcHSKTshl5%2F9DVVOyOU%2FriLtfb%2Bs1aB21%2BgiVyZ1GCQV1GAM1R0jK46R73hQ5TF4%2FhmU%2BJUsPbuDtLe%2F6rSBEqevxiJmkgq2mATtaLERhtEibTb5YjvsdFpJO2CdiJ1HpNQYKhlDyyGoW0DhPBTKQ5F4KDIPPXFao3En8f1WwpIoajc451HEedxuilhEjXbio%2BBTD0Pk2RBcD8HtLjK7iy01hC1%2Bgtus4IQHlxP0RYVSEpSOoKQEpSIoc4KyXx0I7UJXHQrtChbMejjrUTUyeXePHpi8K1Oyl52R56fBec89uooteVpL4nacNGPe5M04CCPWiYXwO0xGYUPIiDE4VUG5BVDnYUdNyKVP%2F0KmJmRheQmMHsPpY3D1CmjxEmg5aoU%2B6Oao0faxkx7KgawrA2EqZPll5Nvenj4jL56f7tqVNyD5yY2vvlj987r4CNxWyGyFT9TPBF39cLRuSrK%2FbkpHnqxmueqpHTo9692c5vLSo%2FfkdmmsuH3TDb99i0%2BJ6fj4nnT5HZoKlXYd%2BW5ZCSHtLWO5JD%2FedhuSrRVuc7mwaZHdWXv71u1eZqVzyqRjUPX0w%2FvgakL%2Bf%2F%2Fj8wf7sgcoO4YtKvSKEzIrKDMGz3bhsrl6Zwisnu%2BwzENZVCMbsvlPrQi0nGPKKrh%2FYTaf99xDdK0Hmj9A2qvQtxX6ugLVQ7ji0ijP7MmN36LzAtPeiGnr7TNt9ZcX0Tp1WouDhmyzdosLwSQXQSuM2pHvh0I0Wh0ZdJC7CR%2Buf%2FMPAAAA%2F%2F8BAAD%2F%2F%2Fz3jcSIBAAA
173.233.137.44200 OK 7 B URL HTTP/1.1 stealcalmgenus.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9lZnf5jcbldm4EBtxoWg69dHVHzOLwTiODI5JyIwG3Mj7qs4zr%2BsV71V1dcIIwQGZjdCuFFeV0%2FnAcRDnDxCk40YCwrQLycL4B7gUZi2dNLTeRd176tzFOee%2Bz%2FeKM%2BKjoKdr75sdpTVdiut%2B7bUNlQpTutrKvVrg1%2F3rtQ2VNhvXa4Ppx%2FavBX5c91%2BvvSv5llkK%2FcD3Az%2Bo3VJWJmawdM5CZY87Qb3j1xthPYgbGNj%2FYld4cNSD6J%2BRF6DE5H%2BbvzyB4mOkvR9uSreVm%2BzNd3qFprmx6IujD9Kt1JQpevMxsR6S9Gi2DeMmhHy9AJMezRzA9PenDsDUhHi%2FB2Dp0UwmWP%2FgQinTkCmYuIKyP4bUYyg6BjcPoMRTAnCBlVWkvcMVY0u6fcHSKTshl5%2F9DVVOyOU%2FriLtfb%2Bs1aB21%2BgiVyZ1GCQV1GAM1R0jK46R73hQ5TF4%2FhmU%2BJUsPbuDtLe%2F6rSBEqevxiJmkgq2mATtaLERhtEibTb5YjvsdFpJO2CdiJ1HpNQYKhlDyyGoW0DhPBTKQ5F4KDIPPXFao3En8f1WwpIoajc451HEedxuilhEjXbio%2BBTD0Pk2RBcD8HtLjK7iy01hC1%2Bgtus4IQHlxP0RYVSEpSOoKQEpSIoc4KyXx0I7UJXHQrtChbMejjrUTUyeXePHpi8K1Oyl52R56fBec89uooteVpL4nacNGPe5M04CCPWiYXwO0xGYUPIiDE4VUG5BVDnYUdNyKVP%2F0KmJmRheQmMHsPpY3D1CmjxEmg5aoU%2B6Oao0faxkx7KgawrA2EqZPll5Nvenj4jL56f7tqVNyD5yY2vvlj987r4CNxWyGyFT9TPBF39cLRuSrK%2FbkpHnqxmueqpHTo9692c5vLSo%2FfkdmmsuH3TDb99i0%2BJ6fj4nnT5HZoKlXYd%2BW5ZCSHtLWO5JD%2FedhuSrRVuc7mwaZHdWXv71u1eZqVzyqRjUPX0w%2FvgakL%2Bf%2F%2Fj8wf7sgcoO4YtKvSKEzIrKDMGz3bhsrl6Zwisnu%2BwzENZVCMbsvlPrQi0nGPKKrh%2FYTaf99xDdK0Hmj9A2qvQtxX6ugLVQ7ji0ijP7MmN36LzAtPeiGnr7TNt9ZcX0Tp1WouDhmyzdosLwSQXQSuM2pHvh0I0Wh0ZdJC7CR%2Buf%2FMPAAAA%2F%2F8BAAD%2F%2F%2Fz3jcSIBAAA
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9lZnf5jcbldm4EBtxoWg69dHVHzOLwTiODI5JyIwG3Mj7qs4zr%2BsV71V1dcIIwQGZjdCuFFeV0%2FnAcRDnDxCk40YCwrQLycL4B7gUZi2dNLTeRd176tzFOee%2Bz%2FeKM%2BKjoKdr75sdpTVdiut%2B7bUNlQpTutrKvVrg1%2F3rtQ2VNhvXa4Ppx%2FavBX5c91%2BvvSv5llkK%2FcD3Az%2Bo3VJWJmawdM5CZY87Qb3j1xthPYgbGNj%2FYld4cNSD6J%2BRF6DE5H%2BbvzyB4mOkvR9uSreVm%2BzNd3qFprmx6IujD9Kt1JQpevMxsR6S9Gi2DeMmhHy9AJMezRzA9PenDsDUhHi%2FB2Dp0UwmWP%2FgQinTkCmYuIKyP4bUYyg6BjcPoMRTAnCBlVWkvcMVY0u6fcHSKTshl5%2F9DVVOyOU%2FriLtfb%2Bs1aB21%2BgiVyZ1GCQV1GAM1R0jK46R73hQ5TF4%2FhmU%2BJUsPbuDtLe%2F6rSBEqevxiJmkgq2mATtaLERhtEibTb5YjvsdFpJO2CdiJ1HpNQYKhlDyyGoW0DhPBTKQ5F4KDIPPXFao3En8f1WwpIoajc451HEedxuilhEjXbio%2BBTD0Pk2RBcD8HtLjK7iy01hC1%2Bgtus4IQHlxP0RYVSEpSOoKQEpSIoc4KyXx0I7UJXHQrtChbMejjrUTUyeXePHpi8K1Oyl52R56fBec89uooteVpL4nacNGPe5M04CCPWiYXwO0xGYUPIiDE4VUG5BVDnYUdNyKVP%2F0KmJmRheQmMHsPpY3D1CmjxEmg5aoU%2B6Oao0faxkx7KgawrA2EqZPll5Nvenj4jL56f7tqVNyD5yY2vvlj987r4CNxWyGyFT9TPBF39cLRuSrK%2FbkpHnqxmueqpHTo9692c5vLSo%2FfkdmmsuH3TDb99i0%2BJ6fj4nnT5HZoKlXYd%2BW5ZCSHtLWO5JD%2FedhuSrRVuc7mwaZHdWXv71u1eZqVzyqRjUPX0w%2FvgakL%2Bf%2F%2Fj8wf7sgcoO4YtKvSKEzIrKDMGz3bhsrl6Zwisnu%2BwzENZVCMbsvlPrQi0nGPKKrh%2FYTaf99xDdK0Hmj9A2qvQtxX6ugLVQ7ji0ijP7MmN36LzAtPeiGnr7TNt9ZcX0Tp1WouDhmyzdosLwSQXQSuM2pHvh0I0Wh0ZdJC7CR%2Buf%2FMPAAAA%2F%2F8BAAD%2F%2F%2Fz3jcSIBAAA HTTP/1.1
Host: stealcalmgenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=5d5beadb-f183-4223-a66c-82997f81b93b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 08:45:16 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 88a8ff8bf3e759c3c0229b8804ca32a6
Strict-Transport-Security: max-age=0; includeSubdomains
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
51.79.72.196206 Partial Content 454 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP 51.79.72.196:0
Size 454 kB (453832 bytes)
Hash b2fa66eb6fbe5a86875597aafd72688e
3f3ffb07d91b34dcbaa886bbbb50c59ab33767c8
f2985ff1aa24da33cb50632ba0daed5632c90cd761f6a53c56084988c4ae4cc2
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-453831
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.16.1
Date: Wed, 07 Dec 2022 08:45:15 GMT
Content-Type: video/mp2t
Content-Length: 453832
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Connection: keep-alive
ETag: "62e47d37-cce09a8"
Expires: Thu, 07 Dec 2023 08:45:15 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-453831/214829480
adservice.google.com/adsid/integrator.js?domain=exee.app
216.58.207.194200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP 216.58.207.194:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 07 Dec 2022 08:45:16 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
51.79.72.196200 OK 58 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
IP 51.79.72.196:0
File type PNG image data, 320 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash cf8ffcaf217375cf9bb01c612300b25a
5d033771d013ab4364a83c6302b473c6f64ff722
2b14b918bb31b4672d92b0287ed00c91c74e5d315759da2deb6028b0b4e9f909
GET /media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Wed, 07 Dec 2022 08:45:16 GMT
Content-Type: image/png
Content-Length: 57775
Last-Modified: Fri, 01 Apr 2022 10:50:46 GMT
Connection: keep-alive
ETag: "6246d906-e1af"
Expires: Thu, 07 Dec 2023 08:45:16 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 22b16b48a77e37094b0b2c22afd6f31e
37c14b652a2b310fcb29d18268cf9f12058c2bac
e998f48327367ba5f9c4b41fe1c2e7d1f28260ba06d03ce8020bf1eefd8928cc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/instream/video/client.js
172.217.21.166200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP 172.217.21.166:0
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Wed, 07 Dec 2022 08:45:16 GMT
expires: Wed, 07 Dec 2022 08:45:16 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/ac058a09/www-widgetapi.vflset/www-widgetapi.js
142.250.74.110200 OK 54 kB URL HTTP/2 www.youtube.com/s/player/ac058a09/www-widgetapi.vflset/www-widgetapi.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (817)
Hash 412308866bc89dfdabc2f01da260060c
ff046fae7c14da6739ced00601c04a2f3c655682
8a3a845ac0ca1f24696f404c6ba38545517136e6b89410ac24db11dcac53758c
GET /s/player/ac058a09/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 53949
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 19:09:49 GMT
expires: Wed, 06 Dec 2023 19:09:49 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 05 Dec 2022 01:22:00 GMT
content-type: text/javascript
age: 48927
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/iframe_api
142.250.74.110200 OK 995 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.110:0
File type ASCII text, with very long lines (509)
Hash 71c2ab0ef4aa9c35b722f13e267a2606
918caf10e7756c0b1f082a98e506939069650ac9
d7deddba63bcc0ab15ffb675ba6f7e2de90f55b9abf78794f0d8ceede7c40c35
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Wed, 07 Dec 2022 08:45:16 GMT
date: Wed, 07 Dec 2022 08:45:16 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=omipJYbTyWI; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=DMWfUKscDHc; Domain=.youtube.com; Expires=Mon, 05-Jun-2023 08:45:16 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+764; expires=Fri, 06-Dec-2024 08:45:16 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FtRPP&tfcd=0&npa=0&correlator=2331044743753306&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FtRPP&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.548.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.548.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F9b4f6db8-b9a5-4a9b-b0c8-62f0f9dbdd29&sid=1621C73F-95EB-43AC-B12A-7DCC3BE0DF4D&nel=0&eid=44748969%2C44750822%2C44765701&dlt=1670402712686&idt=2291&dt=1670402716135&cookie_enabled=1&scor=2302287869453884&ged=ve4_td3_er0.0.0.0_vi0.0.939.1280_vp0_eb16488
142.250.74.162200 OK 113 B URL HTTP/2 pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FtRPP&tfcd=0&npa=0&correlator=2331044743753306&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FtRPP&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.548.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.548.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F9b4f6db8-b9a5-4a9b-b0c8-62f0f9dbdd29&sid=1621C73F-95EB-43AC-B12A-7DCC3BE0DF4D&nel=0&eid=44748969%2C44750822%2C44765701&dlt=1670402712686&idt=2291&dt=1670402716135&cookie_enabled=1&scor=2302287869453884&ged=ve4_td3_er0.0.0.0_vi0.0.939.1280_vp0_eb16488
IP 142.250.74.162:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash 9e5d36292a75aef07bdde5891b2e4a7b
8d69904b7df5e550f1884e06c139bd9661eb2917
92ffc3ec51e068750c23ae95041fd670aa4aa60ce3a5295ad27d2179d0780168
GET /gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FtRPP&tfcd=0&npa=0&correlator=2331044743753306&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FtRPP&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.548.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.548.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F9b4f6db8-b9a5-4a9b-b0c8-62f0f9dbdd29&sid=1621C73F-95EB-43AC-B12A-7DCC3BE0DF4D&nel=0&eid=44748969%2C44750822%2C44765701&dlt=1670402712686&idt=2291&dt=1670402716135&cookie_enabled=1&scor=2302287869453884&ged=ve4_td3_er0.0.0.0_vi0.0.939.1280_vp0_eb16488 HTTP/1.1
Host: pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://imasdk.googleapis.com
google-lineitem-id: -2
google-creative-id: -2
google-mediationgroup-id: -2
google-mediationtag-id: -2
date: Wed, 07 Dec 2022 08:45:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 113
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 07-Dec-2022 09:00:16 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 932c342bdac10955a7a4526b617b265e
f62040d987f22ab35fa2984e55ce26a78f91c6c0
30a223bb84e4f11a13a48b558f14b7721e0f9e2b029bc8be08e3a2d50ea92e89
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "30A223BB84E4F11A13A48B558F14B7721E0F9E2B029BC8BE08E3A2D50EA92E89"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15052
Expires: Wed, 07 Dec 2022 12:56:08 GMT
Date: Wed, 07 Dec 2022 08:45:16 GMT
Connection: keep-alive
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 04bfde221f24fac1f17ed062d1397758
abc136d36667451bfe7decf8d93fca1f6635e065
9b26177153f98f1154a61e37f44c5f9b8b6dd92b3dc72a9f241875a112b9d6b3
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 07 Dec 2022 08:45:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Dec 2022 04:00:18 GMT
Expires: Thu, 08 Dec 2022 04:00:18 GMT
ETag: "abc136d36667451bfe7decf8d93fca1f6635e065"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
unseenreport.com/pxf.gif?uuid=5d5beadb-f183-4223-a66c-82997f81b93b&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=5d5beadb-f183-4223-a66c-82997f81b93b&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=5d5beadb-f183-4223-a66c-82997f81b93b&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 08:45:17 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 13957cf592afe14ed1dc4b1793f6a0dd
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=5d5beadb-f183-4223-a66c-82997f81b93b&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=5d5beadb-f183-4223-a66c-82997f81b93b&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=5d5beadb-f183-4223-a66c-82997f81b93b&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 08:45:17 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2af1dd839dd87e8888e5de1381a61e8c
Strict-Transport-Security: max-age=0; includeSubdomains
googleads.g.doubleclick.net/pagead/interaction/?ai=Cx09GnVKQY7uYLa6TiM0P_qi_2AjHnMSZbYDS7bfDD7CQHxABIKzWiUZgw4SAgJgYoAHO3ufkAsgBBeACAKgDAZgEAKoEigJP0Ag_wO5oLRzNiSn0iiRNct2pZyaws42BH-FGYs-wgU_HXApxoFcMrdgKlJfwXPF-oVti-3dVJmpNPnrxuHByBMSybEW8dFEBSPSNO39ofKjnhj8CYclxUlaWM-c3SRurUNeAuGW41DJCKCiKnB9n4IaIEJKcelDV-c7hiVZvKqqVN_EHsLiZ-72Q-l6pPEeNtlRb77zQHnz8CqDXtj7gT-RKi7e5Ws2oxX2Ycjtsxp7MwNUhORQIUg1odOh3Ue5nEn8p3PGRxJ_kkORAjFFMSouDs8PlrX53qF1DJ7_YNNIAMoHrYjyJmnhbjehNisxynhnuiIurivbzQ2Yy9QGz9fGLSje1NeYNscAE_4Ojz-kD4AQBoAZUgAeaoZibAagHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHAagIAdIIEgiI4YAQEAEYHTIDqoIBOgKAQLEJ43EDfal0iZGACgOYCwHICwHQCw64DAGaDQEO2BMNiBQB0BUBmBYB4hYCCAH4FgGAFwE&sigh=Co3vbGaCQ7o&label=show_ad&sdkv=h.3.548.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUzMzQ5ODM5MDc4NDIMNTg5NDU2ODg1NDIwQKQCUiMQDyUAAOBCKAE6C05QRHgxRzVVSFZ3Qglnb29nbGVhZHNQABgB
142.250.74.34200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/interaction/?ai=Cx09GnVKQY7uYLa6TiM0P_qi_2AjHnMSZbYDS7bfDD7CQHxABIKzWiUZgw4SAgJgYoAHO3ufkAsgBBeACAKgDAZgEAKoEigJP0Ag_wO5oLRzNiSn0iiRNct2pZyaws42BH-FGYs-wgU_HXApxoFcMrdgKlJfwXPF-oVti-3dVJmpNPnrxuHByBMSybEW8dFEBSPSNO39ofKjnhj8CYclxUlaWM-c3SRurUNeAuGW41DJCKCiKnB9n4IaIEJKcelDV-c7hiVZvKqqVN_EHsLiZ-72Q-l6pPEeNtlRb77zQHnz8CqDXtj7gT-RKi7e5Ws2oxX2Ycjtsxp7MwNUhORQIUg1odOh3Ue5nEn8p3PGRxJ_kkORAjFFMSouDs8PlrX53qF1DJ7_YNNIAMoHrYjyJmnhbjehNisxynhnuiIurivbzQ2Yy9QGz9fGLSje1NeYNscAE_4Ojz-kD4AQBoAZUgAeaoZibAagHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHAagIAdIIEgiI4YAQEAEYHTIDqoIBOgKAQLEJ43EDfal0iZGACgOYCwHICwHQCw64DAGaDQEO2BMNiBQB0BUBmBYB4hYCCAH4FgGAFwE&sigh=Co3vbGaCQ7o&label=show_ad&sdkv=h.3.548.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUzMzQ5ODM5MDc4NDIMNTg5NDU2ODg1NDIwQKQCUiMQDyUAAOBCKAE6C05QRHgxRzVVSFZ3Qglnb29nbGVhZHNQABgB
IP 142.250.74.34:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/interaction/?ai=Cx09GnVKQY7uYLa6TiM0P_qi_2AjHnMSZbYDS7bfDD7CQHxABIKzWiUZgw4SAgJgYoAHO3ufkAsgBBeACAKgDAZgEAKoEigJP0Ag_wO5oLRzNiSn0iiRNct2pZyaws42BH-FGYs-wgU_HXApxoFcMrdgKlJfwXPF-oVti-3dVJmpNPnrxuHByBMSybEW8dFEBSPSNO39ofKjnhj8CYclxUlaWM-c3SRurUNeAuGW41DJCKCiKnB9n4IaIEJKcelDV-c7hiVZvKqqVN_EHsLiZ-72Q-l6pPEeNtlRb77zQHnz8CqDXtj7gT-RKi7e5Ws2oxX2Ycjtsxp7MwNUhORQIUg1odOh3Ue5nEn8p3PGRxJ_kkORAjFFMSouDs8PlrX53qF1DJ7_YNNIAMoHrYjyJmnhbjehNisxynhnuiIurivbzQ2Yy9QGz9fGLSje1NeYNscAE_4Ojz-kD4AQBoAZUgAeaoZibAagHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHAagIAdIIEgiI4YAQEAEYHTIDqoIBOgKAQLEJ43EDfal0iZGACgOYCwHICwHQCw64DAGaDQEO2BMNiBQB0BUBmBYB4hYCCAH4FgGAFwE&sigh=Co3vbGaCQ7o&label=show_ad&sdkv=h.3.548.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUzMzQ5ODM5MDc4NDIMNTg5NDU2ODg1NDIwQKQCUiMQDyUAAOBCKAE6C05QRHgxRzVVSFZ3Qglnb29nbGVhZHNQABgB HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 08:45:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
access-control-allow-origin: *
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 07-Dec-2022 09:00:18 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 4808876cfd727e5f220568c0d82e90fd
9d217d8f2aa94544ba80b006ac4291c4bc9c0312
8edec2d89259e801da93aedcd326b6388d117655655d6580f1fdff9a6833adf7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 4808876cfd727e5f220568c0d82e90fd
9d217d8f2aa94544ba80b006ac4291c4bc9c0312
8edec2d89259e801da93aedcd326b6388d117655655d6580f1fdff9a6833adf7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 08:45:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1670431517&ei=nVKQY9fnN-2W7ATd9oiIBA&ip=91.90.42.154&id=34f0f1d46e541d5c&itag=22&source=youtube&requiressl=yes&mh=fT&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=2&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=112.129&lmt=1648252136919659&mt=1670402241&txp=4532434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgS6f0J83jcfmore-8omjpq9uXHlZ49K9u-44quysU3uMCIQDeb4ACUP9wLxDfUXC5AjUOEWEkPuTe7UhZ9qv9gEurgw==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAKO3vhHDRV4j7zZrxHy8hal5e5jKpn1DYATRq6IUZoOOAiEA66PxoFcgATJluxyjWXOQfL3waIKAMsKteIx1PpTAEIQ=&cpn=eqtHeTUO9dO4wFMI
91.90.45.173206 Partial Content 348 kB URL HTTP/1.1 rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1670431517&ei=nVKQY9fnN-2W7ATd9oiIBA&ip=91.90.42.154&id=34f0f1d46e541d5c&itag=22&source=youtube&requiressl=yes&mh=fT&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=2&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=112.129&lmt=1648252136919659&mt=1670402241&txp=4532434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgS6f0J83jcfmore-8omjpq9uXHlZ49K9u-44quysU3uMCIQDeb4ACUP9wLxDfUXC5AjUOEWEkPuTe7UhZ9qv9gEurgw==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAKO3vhHDRV4j7zZrxHy8hal5e5jKpn1DYATRq6IUZoOOAiEA66PxoFcgATJluxyjWXOQfL3waIKAMsKteIx1PpTAEIQ=&cpn=eqtHeTUO9dO4wFMI
IP 91.90.45.173:0
ASN #50304 Blix Solutions AS
File type ISO Media, MP4 v2 [ISO 14496-14]\012- data
Size 348 kB (347795 bytes)
Hash 4945720c84cf0cddd0056a145ad49451
7a255dc65142bdf8b44720c263f827c0e87389dd
f38db946c734d2fd0d8d5c61e5598dc7cf2f00dbacf41fbfbdf7657c90ffd292
GET /videoplayback?expire=1670431517&ei=nVKQY9fnN-2W7ATd9oiIBA&ip=91.90.42.154&id=34f0f1d46e541d5c&itag=22&source=youtube&requiressl=yes&mh=fT&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=2&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=112.129&lmt=1648252136919659&mt=1670402241&txp=4532434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgS6f0J83jcfmore-8omjpq9uXHlZ49K9u-44quysU3uMCIQDeb4ACUP9wLxDfUXC5AjUOEWEkPuTe7UhZ9qv9gEurgw==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAKO3vhHDRV4j7zZrxHy8hal5e5jKpn1DYATRq6IUZoOOAiEA66PxoFcgATJluxyjWXOQfL3waIKAMsKteIx1PpTAEIQ=&cpn=eqtHeTUO9dO4wFMI HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Last-Modified: Fri, 25 Mar 2022 23:48:56 GMT
Content-Type: video/mp4
Date: Wed, 07 Dec 2022 08:45:18 GMT
Expires: Wed, 07 Dec 2022 08:45:18 GMT
Cache-Control: private, max-age=28499
Content-Range: bytes 0-16318632/16318633
Accept-Ranges: bytes
Content-Length: 16318633
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
csi.gstatic.com/csi?v=2&s=ima&puid=1~lbdenbqv&c=2138372348307&slotId=1069186174153.5&qqid=CPva_YSP5_sCFa4JogMdftQPiw&gqid=nVKQY4rCK5LHYvKMnrgE&fb=ima_html5-lima&sdkv=h.3.548.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44750822%2C44765701&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&met.4=ghmsh_s.lbdendvt~ghmsh_s.lbdendvw&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=eqtHeTUO9dO4wFMI
142.251.35.3204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&puid=1~lbdenbqv&c=2138372348307&slotId=1069186174153.5&qqid=CPva_YSP5_sCFa4JogMdftQPiw&gqid=nVKQY4rCK5LHYvKMnrgE&fb=ima_html5-lima&sdkv=h.3.548.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44750822%2C44765701&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&met.4=ghmsh_s.lbdendvt~ghmsh_s.lbdendvw&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=eqtHeTUO9dO4wFMI
IP 142.251.35.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&puid=1~lbdenbqv&c=2138372348307&slotId=1069186174153.5&qqid=CPva_YSP5_sCFa4JogMdftQPiw&gqid=nVKQY4rCK5LHYvKMnrgE&fb=ima_html5-lima&sdkv=h.3.548.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44750822%2C44765701&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&met.4=ghmsh_s.lbdendvt~ghmsh_s.lbdendvw&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=eqtHeTUO9dO4wFMI HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Wed, 07 Dec 2022 08:45:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lbdenb1i&c=2138372348307&slotId=1069186174153.5&eee=missing-element&bi=missing-id
142.251.35.3204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lbdenb1i&c=2138372348307&slotId=1069186174153.5&eee=missing-element&bi=missing-id
IP 142.251.35.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&top=1&puid=1~lbdenb1i&c=2138372348307&slotId=1069186174153.5&eee=missing-element&bi=missing-id HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Wed, 07 Dec 2022 08:45:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js
IP 172.64.108.13:0
GET /sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 08:45:15 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:46:52 GMT
etag: W/"602d022c-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4301
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JRwVw1J0qWJkwXLWKd21zGBqbQi%2FnpxXbI0EqsyZI%2FXTbaW4JCFD%2B8J8DXLgb5sjXasJ%2BSKrUoaNEueORF6n9NabapQ0aWRSRuHOt%2Bt5usCtie6RWgk9G5cgjbJ4kwywQU4PkdjugI4E"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775bfbed39650662-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 Dec 2022 08:45:13 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4164
last-modified: Wed, 07 Dec 2022 07:35:49 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l5hF5uLkQrZd%2FC8yYYBnH%2BGPIyuIVwtObZKiydSam26vG31k4kC36mRRPCXgZJ2A106tyDwh%2FxTdugXzodzBwgyyTr5Iye8kP8NCx9JrlOB3pwNuDiy6rIj0YIb7GY0f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775bfbdf183d73f7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exee.app/tRPP
104.21.48.127200 OK 0 B IP 104.21.48.127:0
GET /tRPP HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 07 Dec 2022 08:45:12 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=d636769636263520e45d83e68e4a6bd5; path=/; HttpOnly
csrfToken=2fe596c6ab9ee9a00db928890150598901b6f3338f1d07bbb2c0004d2ad6fd357a36a6679d2171948704166ef7f8a60763627f1daac5a1cfc9949ad766ebb591; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KSe1NbnIy4dGhdeD2rGSv%2FLvO7iP%2FC%2BFFnjWh%2FZpyOaY%2FzwDLvrC%2FCWdlqnzGd1ivd9IKCjL%2FdTcuwMSRq0UQ4rE242XdAjRMORVUxH78aYC3OamYasATecJnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775bfbdaea68b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
104.21.29.183200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP 104.21.29.183:0
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 08:45:13 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1334
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NM4Y83XGuYdhT99bwLg%2FjKEnMl0JOv9K4N5vjJ9heFD1URTE%2Fg65mBZiX4VxwFqC%2FEMEVH4Lii2Zu5vi2Bg8t5q7TNz43Hkn1NG1wmKQb%2B0zWZuO3J8vk6Wdhx6JiYKizw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775bfbdd9c01b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 08:45:13 GMT
content-type: text/plain
set-cookie: csu=912526243430997@1@1670402713; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VdZdnpOst%2FVs%2BIct06hPgORWFYeGWCj3PzqF%2BUPn0dTnfx8BsuX9yOEpdwcQuQLC1RmHPszUqJ65SiRDRiJUBavMBR3nWEUmAGkuIPv1GwLSikaZG0kQGXSG3UQn2vVy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775bfbdef82173f7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1510530105%3A1670402714199265&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt8LA0HRiXwdCNdtQpYy2uR66cQwc7_xME3cAR3DAW-2X3l7qfpyUDKijlyXkp5Sr-X7MHb
142.250.74.77403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1510530105%3A1670402714199265&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt8LA0HRiXwdCNdtQpYy2uR66cQwc7_xME3cAR3DAW-2X3l7qfpyUDKijlyXkp5Sr-X7MHb
IP 142.250.74.77:0
GET /v3/signin/identifier?dsh=S1510530105%3A1670402714199265&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt8LA0HRiXwdCNdtQpYy2uR66cQwc7_xME3cAR3DAW-2X3l7qfpyUDKijlyXkp5Sr-X7MHb HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Dec 2022 08:45:14 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-wmP4Dps5bhNRuW0HW1V-cQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.163.31200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.163.31:0
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 08:45:13 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 1965685c566f59e567d9984c1ed32e30
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 07 Dec 2022 08:45:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DagSrmicIKS0h3QuEjFRGsqRT4af4uqFjrI%2BsrhOXlKAwBwMerpS14pBGx4yiFlvnGCltZLdsh%2BIiL9wS6Taz7AqO9XcQf5%2FbP2837SIaGWhRorJIPWSiSw6E06HlIMaNFsZonI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775bfbe1d9d0d170-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exe.io/tRPP
104.26.2.103302 Found 0 B IP 104.26.2.103:0
GET /tRPP HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Wed, 07 Dec 2022 08:45:12 GMT
content-type: text/html; charset=UTF-8
location: https://exee.app/tRPP
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=0350cfd5fd63e4d197267a38074b0f58; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zesyFUMgwIGrqElTo0EQFqc7IHOOL%2B7bC5yVz0ztl5douKjID6oYpICP0bCf%2BLRN%2FABjwf2dC3m5ebiBdEL72fA%2B4FAFrPR%2BJNBrgVKMTXoqFeYI2Y4ZSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775bfbd8f9b0b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2