exey.io/bwmu7gg
188.114.96.1301 Moved Permanently 0 B IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /bwmu7gg HTTP/1.1
Host: exey.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 02 Dec 2022 20:55:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 02 Dec 2022 21:55:08 GMT
Location: https://exey.io/bwmu7gg
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z76eyxrFqeaBBKhaGEaqt5UUq2ez8y2ZaQ3jwDVyXi4WjzKW3Nnit1Z1dikdaHTh%2F%2Fuz5yb1TxLgy0EV0jgNoSHo8GeJCcWk8jEUHbYKqAoUE7kZ0XyHFmdi"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7736f637ffd5b4fd-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13436
Expires: Sat, 03 Dec 2022 00:39:05 GMT
Date: Fri, 02 Dec 2022 20:55:09 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1387
Cache-Control: max-age=136753
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:09 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 10:54:22 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11060
Expires: Fri, 02 Dec 2022 23:59:29 GMT
Date: Fri, 02 Dec 2022 20:55:09 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 20:19:57 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2112
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SxSqd15e5pWSg4eUrepHoNAwqPUC86ix0znRDCfWxjkdJc+OXaUjS79CLO+86LNan6DelLT6PTE=
x-amz-request-id: 6YXD1FQQVP6FA075
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 20:46:15 GMT
age: 534
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/mgs8GbNel0g
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/mgs8GbNel0g
IP 142.250.74.131:0
Hash 7496ec7e89e97254e1f774059d994557
b5533d6a040ff70914e30aa10aab8029c30c76bb
2b1c3faeb2bd7aac98289b27021b33acaab0ef01b760e5619cb2f7dfebcef5d1
POST /s/gts1p5/mgs8GbNel0g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 20:55:09 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/mgs8GbNel0g
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/mgs8GbNel0g
IP 142.250.74.131:0
Hash 7496ec7e89e97254e1f774059d994557
b5533d6a040ff70914e30aa10aab8029c30c76bb
2b1c3faeb2bd7aac98289b27021b33acaab0ef01b760e5619cb2f7dfebcef5d1
POST /s/gts1p5/mgs8GbNel0g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4506652cf61d7778652f0a76a61494ba
41c953d3db39407685a841ffe8e23d80362e170d
9a9605bf0dbb67e3b4d6bdeea89e9efa97763e9f22fd46de185c6677d766f188
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9A9605BF0DBB67E3B4D6BDEEA89E9EFA97763E9F22FD46DE185C6677D766F188"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1637
Expires: Fri, 02 Dec 2022 21:22:26 GMT
Date: Fri, 02 Dec 2022 20:55:09 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4506652cf61d7778652f0a76a61494ba
41c953d3db39407685a841ffe8e23d80362e170d
9a9605bf0dbb67e3b4d6bdeea89e9efa97763e9f22fd46de185c6677d766f188
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9A9605BF0DBB67E3B4D6BDEEA89E9EFA97763E9F22FD46DE185C6677D766F188"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10127
Expires: Fri, 02 Dec 2022 23:43:56 GMT
Date: Fri, 02 Dec 2022 20:55:09 GMT
Connection: keep-alive
exey.io/bwmu7gg
188.114.97.1302 Found 168 kB IP 188.114.97.1:0
Size 168 kB (167880 bytes)
Hash 547eafddbe24fb204b7039c563fab855
dc970209e7dce2d20290c2a4bb1e34e57eba08c3
e56b51bdde090876b8e309228481d27950c4bdbf41b5a448b0c5df6c5e5b7d76
Analyzer Verdict Alert fortinet Malware
GET /bwmu7gg HTTP/1.1
Host: exey.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Fri, 02 Dec 2022 20:55:09 GMT
content-type: text/html; charset=UTF-8
location: https://exee.app/bwmu7gg
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=26d4d22daa032581db11b48ede068640; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pwe9Kr%2Fy6zhOynZITJZxjDq7ZOAwkqWlbq0rNgpCaX%2F7GE5TagL9CZj%2BLht7Iio9r9RccszCFWwrkRgSiIH0RfRELlS3aAgz%2Fr79Mp7Kk6cOLG01mjF4vvW%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7736f639cca4b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
172.217.21.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP 172.217.21.168:0
File type ASCII text, with very long lines (1921)
Hash 8c9bd1929b8b11ef727996cc7ef4e9eb
689207968469f25992232ac283fab4f63c96aa0b
b7ea5416f6d90013ac123aa706012ed4fafa51b1a393b75261bd8e09d6569154
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 20:55:09 GMT
expires: Fri, 02 Dec 2022 20:55:09 GMT
cache-control: private, max-age=900
last-modified: Fri, 02 Dec 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43578
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 05917f7542a781275c12d43562be1507
1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3
2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 20:11:16 GMT
cache-control: public,max-age=3600
age: 2633
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 23edbcea34e45cbb27ca66ccb29838f2
c9ad8390b99324c28d1beb84b4d0ed9fb9b18d48
185ac350702b58b7350b9ada6d16e4d551dcd126d19b4ea4e6545ec8471358cf
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "185AC350702B58B7350B9ADA6D16E4D551DCD126D19B4EA4E6545EC8471358CF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=933
Expires: Fri, 02 Dec 2022 21:10:42 GMT
Date: Fri, 02 Dec 2022 20:55:09 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1383
Cache-Control: max-age=131688
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:09 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 09:29:57 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 83f78237b2463eaa7e40bd8329e16248
6de41d0061152b0a8bb92703f96eef56372fbeeb
8a4690f056756af9a44ba39c8bddb79a1e1d1c87ea92c158a6414a82fd24ba86
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5454
Cache-Control: max-age=139353
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:09 GMT
Etag: "6389ce38-117"
Expires: Sun, 04 Dec 2022 11:37:42 GMT
Last-Modified: Fri, 02 Dec 2022 10:06:48 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9a8c9646e35a2a7b3f12b22f9819b891
90d247bd3e1d3c57e49eccf6271c58f9c57e4b29
9658e8ded15174a6f5de101c65fd485f8f12723713683dfe58ebf2213d118f9c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9658E8DED15174A6F5DE101C65FD485F8F12723713683DFE58EBF2213D118F9C"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20360
Expires: Sat, 03 Dec 2022 02:34:29 GMT
Date: Fri, 02 Dec 2022 20:55:09 GMT
Connection: keep-alive
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:52:41 GMT
expires: Tue, 28 Nov 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 352948
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/rwhsVIQts8w
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/rwhsVIQts8w
IP 142.250.74.131:0
Hash 6fbd6c392b04f319191b3f1322daa769
c2e946297be984fd55435c23e0a911669601bf12
3718bc0c6b6a3a0f838c104433990c3ca7d3a88dc3b87b34d20ad059afc0533f
POST /s/gts1p5/rwhsVIQts8w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e667a2ef09b074335a72154b467b817
23bbe0ae105e2f7c68da2dc8b9f97aa2615a6f95
228f93b50ce9a919708078d7be6bee880bb4ba71acff797fda87421ec4f0b60f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "228F93B50CE9A919708078D7BE6BEE880BB4BA71ACFF797FDA87421EC4F0B60F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2458
Expires: Fri, 02 Dec 2022 21:36:07 GMT
Date: Fri, 02 Dec 2022 20:55:09 GMT
Connection: keep-alive
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
142.250.74.35200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:56:05 GMT
expires: Tue, 28 Nov 2023 18:56:05 GMT
cache-control: public, max-age=31536000
age: 352744
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e667a2ef09b074335a72154b467b817
23bbe0ae105e2f7c68da2dc8b9f97aa2615a6f95
228f93b50ce9a919708078d7be6bee880bb4ba71acff797fda87421ec4f0b60f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "228F93B50CE9A919708078D7BE6BEE880BB4BA71ACFF797FDA87421EC4F0B60F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2458
Expires: Fri, 02 Dec 2022 21:36:07 GMT
Date: Fri, 02 Dec 2022 20:55:09 GMT
Connection: keep-alive
airsanguages.com/Y3NiVWcCEQE4WAJOAHMSER9fcFUlVlATA1AHWmIIDBxSY15UA1p7BA8cFzEBERwMIUkNFhZwVSUfLBI9KCcJYD8gIDM6BDYyMhkJLUEjEzFXFiptNCc3CT0uJiEAEQAySgEHJho9CGRCUTUmFyVVNxocNC4wEi8lJjIPGR4hJzVnEBE6JDEFBkEFIzIiIVEwCgsxIGYECTo3YTcpGisjIjUiLzBVIjYzZg9GQSAPDC4jKBYICyIaAxEFO1c0Ig5KWjMANSQ4HVIRMRsHEQU7VxEjGiFWMA8lJSESE1sxIGBfBh4RHS0kSlozDDoiAGZXMzE0D0JRNTsdUwciUXgPRkEgHjEmNSsGIRExCxdTBR1aEDENB0dnJQULJAACChQMBwAuACsBPjElIy1CUTUEMiEqFg8yUCAlAXMNEBwMJVonOREQERsLER4NOUcj
108.157.214.4200 OK 1.2 kB URL HTTP/2 airsanguages.com/Y3NiVWcCEQE4WAJOAHMSER9fcFUlVlATA1AHWmIIDBxSY15UA1p7BA8cFzEBERwMIUkNFhZwVSUfLBI9KCcJYD8gIDM6BDYyMhkJLUEjEzFXFiptNCc3CT0uJiEAEQAySgEHJho9CGRCUTUmFyVVNxocNC4wEi8lJjIPGR4hJzVnEBE6JDEFBkEFIzIiIVEwCgsxIGYECTo3YTcpGisjIjUiLzBVIjYzZg9GQSAPDC4jKBYICyIaAxEFO1c0Ig5KWjMANSQ4HVIRMRsHEQU7VxEjGiFWMA8lJSESE1sxIGBfBh4RHS0kSlozDDoiAGZXMzE0D0JRNTsdUwciUXgPRkEgHjEmNSsGIRExCxdTBR1aEDENB0dnJQULJAACChQMBwAuACsBPjElIy1CUTUEMiEqFg8yUCAlAXMNEBwMJVonOREQERsLER4NOUcj
IP 108.157.214.4:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3023), with no line terminators
Hash cc6d28f49c4b8603dbf7e5ae2262d7c4
2938bb1f4b7ef795856b88e32b4902fc8b0e53e5
7795e30b415d68cc7f33edadf57b2acba7260c577d27c63913a4bb4d8858dbbd
GET /Y3NiVWcCEQE4WAJOAHMSER9fcFUlVlATA1AHWmIIDBxSY15UA1p7BA8cFzEBERwMIUkNFhZwVSUfLBI9KCcJYD8gIDM6BDYyMhkJLUEjEzFXFiptNCc3CT0uJiEAEQAySgEHJho9CGRCUTUmFyVVNxocNC4wEi8lJjIPGR4hJzVnEBE6JDEFBkEFIzIiIVEwCgsxIGYECTo3YTcpGisjIjUiLzBVIjYzZg9GQSAPDC4jKBYICyIaAxEFO1c0Ig5KWjMANSQ4HVIRMRsHEQU7VxEjGiFWMA8lJSESE1sxIGBfBh4RHS0kSlozDDoiAGZXMzE0D0JRNTsdUwciUXgPRkEgHjEmNSsGIRExCxdTBR1aEDENB0dnJQULJAACChQMBwAuACsBPjElIy1CUTUEMiEqFg8yUCAlAXMNEBwMJVonOREQERsLER4NOUcj HTTP/1.1
Host: airsanguages.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1179
date: Fri, 02 Dec 2022 20:55:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 301faf3f65621d2ccd9fad88788c128a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: cFNR5EKGzMi1cByf2aGQIhfZrVNZFt101If1sB8Qkuc1UOrk1uvObw==
X-Firefox-Spdy: h2
airsanguages.com/cWJIRDAQACspDxBfKmJFAw51YQI3R3oCVEIWcHNfHg14cglGEnBqUx0NPSBWAw0mMB4fBzxhAjcoEShYAi8iDXI/FQIRdCM7MAdxSSkfKXYoIT8edTwKcSBoMygkD2gVUQ8pcSs3PwV4ORUkAXYzOyEHcUkhGgBhPzoOElYXBSQnZSdbOBdcPzUJA2YoJA0dYz8VKxRmFjdtdnY2DiAGdzUzERFiIDoHEnYXOhojSDAkfRBiQw05BkgJMS4SBDIlIBFIMA4SIHYiFgIFcTgvBAFbMCMkCl8gBQEcZSMSAgVxODQFFXk0ICMgQj0KKwVlGCApBlgVMA8vHRojCSxxBDEZAkokUCAeeDAoBCJmRSEeFVNGIHl0aCQgfSFxFiwbJXZBIQl0VAA6DhZSNCZ4D2gkEgAlWR4mCShUQzoKFngpUCNiWgINJjQNNCcNPAgEA3ohdxQU
108.157.214.4200 OK 1.2 kB URL HTTP/2 airsanguages.com/cWJIRDAQACspDxBfKmJFAw51YQI3R3oCVEIWcHNfHg14cglGEnBqUx0NPSBWAw0mMB4fBzxhAjcoEShYAi8iDXI/FQIRdCM7MAdxSSkfKXYoIT8edTwKcSBoMygkD2gVUQ8pcSs3PwV4ORUkAXYzOyEHcUkhGgBhPzoOElYXBSQnZSdbOBdcPzUJA2YoJA0dYz8VKxRmFjdtdnY2DiAGdzUzERFiIDoHEnYXOhojSDAkfRBiQw05BkgJMS4SBDIlIBFIMA4SIHYiFgIFcTgvBAFbMCMkCl8gBQEcZSMSAgVxODQFFXk0ICMgQj0KKwVlGCApBlgVMA8vHRojCSxxBDEZAkokUCAeeDAoBCJmRSEeFVNGIHl0aCQgfSFxFiwbJXZBIQl0VAA6DhZSNCZ4D2gkEgAlWR4mCShUQzoKFngpUCNiWgINJjQNNCcNPAgEA3ohdxQU
IP 108.157.214.4:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3042), with no line terminators
Hash 55e420012701c059cf3c424d7456e838
348cd88c5c22fa53c563ffde31238565aafcb037
1bacb838e9c90695128a21cba0662dd4892335700b3e9c5cf94f90f52f4a652e
GET /cWJIRDAQACspDxBfKmJFAw51YQI3R3oCVEIWcHNfHg14cglGEnBqUx0NPSBWAw0mMB4fBzxhAjcoEShYAi8iDXI/FQIRdCM7MAdxSSkfKXYoIT8edTwKcSBoMygkD2gVUQ8pcSs3PwV4ORUkAXYzOyEHcUkhGgBhPzoOElYXBSQnZSdbOBdcPzUJA2YoJA0dYz8VKxRmFjdtdnY2DiAGdzUzERFiIDoHEnYXOhojSDAkfRBiQw05BkgJMS4SBDIlIBFIMA4SIHYiFgIFcTgvBAFbMCMkCl8gBQEcZSMSAgVxODQFFXk0ICMgQj0KKwVlGCApBlgVMA8vHRojCSxxBDEZAkokUCAeeDAoBCJmRSEeFVNGIHl0aCQgfSFxFiwbJXZBIQl0VAA6DhZSNCZ4D2gkEgAlWR4mCShUQzoKFngpUCNiWgINJjQNNCcNPAgEA3ohdxQU HTTP/1.1
Host: airsanguages.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1192
date: Fri, 02 Dec 2022 20:55:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 301faf3f65621d2ccd9fad88788c128a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: mo3cCNr6Ty6qr-yk7gEJ2aXDLZu26lnP6thbVEknq26o2iftO83RhA==
X-Firefox-Spdy: h2
airsanguages.com/aFZHcXEJNCQcTglrJVcEGjp6VEMuc3U3FVsif0YeBzl3R0hfJn9fEgQ5MhUXGjkpBV8GMzNUQy5iFR07XgECRR04BBZUQyo1EzhGIDsRQxUvFBcQHxgxCDAaWx8DKwcjLywrOCo1djwGPRIjMEUBHSkFGDASFgc6LAAPFxgbOQokFRg3BBJDLxERRygrDww/CD5hCRlBTWQBPjIfPgY1IF4cHyAhJw4KAyE5Fz84GAcsH0MeITV0CToODj9DFA9mPzgyIW8DIgUaMgA4JCQRM0EoAyIoKDkyZRQjARoyADg/JQUFBisEbzU1NiYxFBgzXDUpFTsvOzNBKA97IAQQWwMTIkMAYSY2OzwwHwlDJgR/Rjs7OnQiM11uIxw/IzcPSEMxZ34AFwEXcDI1WDkMIgEONyAZQjE9fkMXBRcpI0MDcC0CHgYmeiAAPzACPhojEw
108.157.214.4200 OK 1.2 kB URL HTTP/2 airsanguages.com/aFZHcXEJNCQcTglrJVcEGjp6VEMuc3U3FVsif0YeBzl3R0hfJn9fEgQ5MhUXGjkpBV8GMzNUQy5iFR07XgECRR04BBZUQyo1EzhGIDsRQxUvFBcQHxgxCDAaWx8DKwcjLywrOCo1djwGPRIjMEUBHSkFGDASFgc6LAAPFxgbOQokFRg3BBJDLxERRygrDww/CD5hCRlBTWQBPjIfPgY1IF4cHyAhJw4KAyE5Fz84GAcsH0MeITV0CToODj9DFA9mPzgyIW8DIgUaMgA4JCQRM0EoAyIoKDkyZRQjARoyADg/JQUFBisEbzU1NiYxFBgzXDUpFTsvOzNBKA97IAQQWwMTIkMAYSY2OzwwHwlDJgR/Rjs7OnQiM11uIxw/IzcPSEMxZ34AFwEXcDI1WDkMIgEONyAZQjE9fkMXBRcpI0MDcC0CHgYmeiAAPzACPhojEw
IP 108.157.214.4:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 536c19474940c567b2a456be40a417ec
10c4c94e10aa4c02e841d3e90ab87ac457836992
e6fa9cd08ab32a46b4b83b13c97a0a1779f1e00a5f8df31d255c292538414f86
GET /aFZHcXEJNCQcTglrJVcEGjp6VEMuc3U3FVsif0YeBzl3R0hfJn9fEgQ5MhUXGjkpBV8GMzNUQy5iFR07XgECRR04BBZUQyo1EzhGIDsRQxUvFBcQHxgxCDAaWx8DKwcjLywrOCo1djwGPRIjMEUBHSkFGDASFgc6LAAPFxgbOQokFRg3BBJDLxERRygrDww/CD5hCRlBTWQBPjIfPgY1IF4cHyAhJw4KAyE5Fz84GAcsH0MeITV0CToODj9DFA9mPzgyIW8DIgUaMgA4JCQRM0EoAyIoKDkyZRQjARoyADg/JQUFBisEbzU1NiYxFBgzXDUpFTsvOzNBKA97IAQQWwMTIkMAYSY2OzwwHwlDJgR/Rjs7OnQiM11uIxw/IzcPSEMxZ34AFwEXcDI1WDkMIgEONyAZQjE9fkMXBRcpI0MDcC0CHgYmeiAAPzACPhojEw HTTP/1.1
Host: airsanguages.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1186
date: Fri, 02 Dec 2022 20:55:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 301faf3f65621d2ccd9fad88788c128a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: SRUgpqzE8t5h6oGYdpi3m9S-RD_FI56iOTDyjlTUxqSdSqbqNeiAEQ==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5a19d930c828616d43d93ac504b357d0
657339f85db8a6570283afb2134a4b9aa02add6e
f65b4f3aee717503ccca895f8d574c984e56e2df15fc799346fbfb8218f4ddaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F65B4F3AEE717503CCCA895F8D574C984E56E2DF15FC799346FBFB8218F4DDAF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20100
Expires: Sat, 03 Dec 2022 02:30:09 GMT
Date: Fri, 02 Dec 2022 20:55:09 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/rwhsVIQts8w
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/rwhsVIQts8w
IP 142.250.74.131:0
Hash 6fbd6c392b04f319191b3f1322daa769
c2e946297be984fd55435c23e0a911669601bf12
3718bc0c6b6a3a0f838c104433990c3ca7d3a88dc3b87b34d20ad059afc0533f
POST /s/gts1p5/rwhsVIQts8w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 83f78237b2463eaa7e40bd8329e16248
6de41d0061152b0a8bb92703f96eef56372fbeeb
8a4690f056756af9a44ba39c8bddb79a1e1d1c87ea92c158a6414a82fd24ba86
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5454
Cache-Control: max-age=139353
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:09 GMT
Etag: "6389ce38-117"
Expires: Sun, 04 Dec 2022 11:37:42 GMT
Last-Modified: Fri, 02 Dec 2022 10:06:48 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279
airsanguages.com/utx?cb=5aTTWcE4qed8&top=exee.app&tid=822524
108.157.214.4204 No Content 0 B URL HTTP/2 airsanguages.com/utx?cb=5aTTWcE4qed8&top=exee.app&tid=822524
IP 108.157.214.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=5aTTWcE4qed8&top=exee.app&tid=822524 HTTP/1.1
Host: airsanguages.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 20:55:09 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 02 Dec 2022 20:56:09 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 301faf3f65621d2ccd9fad88788c128a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: dFae8oHyM_3hCrfqZeTMz-UT-hWlEFEG6ZDR3pIPO4E5BcwzU9hBQA==
X-Firefox-Spdy: h2
airsanguages.com/utx?cb=2aS2PDD8LS1G&top=exee.app&tid=889494
108.157.214.4204 No Content 0 B URL HTTP/2 airsanguages.com/utx?cb=2aS2PDD8LS1G&top=exee.app&tid=889494
IP 108.157.214.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=2aS2PDD8LS1G&top=exee.app&tid=889494 HTTP/1.1
Host: airsanguages.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 20:55:09 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 02 Dec 2022 20:56:09 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 301faf3f65621d2ccd9fad88788c128a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: FkKuGc9_YAcqkHaee5p5wxuB-2I_tUvfKjBv5wQCt1JlFdwejEhydQ==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fn.deulspoorn.com/1clkn/29529
172.255.6.113200 OK 26 B URL HTTP/1.1 fn.deulspoorn.com/1clkn/29529
IP 172.255.6.113:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: fn.deulspoorn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 20:55:10 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sat, 03-Dec-2022 20:55:10 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sat, 03-Dec-2022 20:55:10 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/s/gts1p5/rwhsVIQts8w
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/rwhsVIQts8w
IP 142.250.74.131:0
Hash 6fbd6c392b04f319191b3f1322daa769
c2e946297be984fd55435c23e0a911669601bf12
3718bc0c6b6a3a0f838c104433990c3ca7d3a88dc3b87b34d20ad059afc0533f
POST /s/gts1p5/rwhsVIQts8w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
waitingpresen.com/MHpuSVAfRQ06bVEWNCYDACgKEwZIQgofOFotJngpZz1bGDZeN0g9OVRHVnFpBENabyBZHlN4dkMODz0lQ0dfbzleHAF0dkZHX2djBFRdeH4BXBt0YRYOHig3DUtIOSREFlN4ZgdKXnhkBUpZcGMD
188.114.97.1204 No Content 0 B URL HTTP/2 waitingpresen.com/MHpuSVAfRQ06bVEWNCYDACgKEwZIQgofOFotJngpZz1bGDZeN0g9OVRHVnFpBENabyBZHlN4dkMODz0lQ0dfbzleHAF0dkZHX2djBFRdeH4BXBt0YRYOHig3DUtIOSREFlN4ZgdKXnhkBUpZcGMD
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MHpuSVAfRQ06bVEWNCYDACgKEwZIQgofOFotJngpZz1bGDZeN0g9OVRHVnFpBENabyBZHlN4dkMODz0lQ0dfbzleHAF0dkZHX2djBFRdeH4BXBt0YRYOHig3DUtIOSREFlN4ZgdKXnhkBUpZcGMD HTTP/1.1
Host: waitingpresen.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 20:55:10 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HxGTCm5%2B6PmlkPESDZR5OUFc5UzFwAylbP%2BlhODVKnO%2Fg8jqaYdY6yao1fBIy9ylYQfEGVZGGwaAgg5kn0ETbgZ1jZ%2FHa%2BAYYgNPd7Mbn2uZ%2BeuT18yoqfeIbzqL3fegSvZcLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7736f63f0f3eb4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e667a2ef09b074335a72154b467b817
23bbe0ae105e2f7c68da2dc8b9f97aa2615a6f95
228f93b50ce9a919708078d7be6bee880bb4ba71acff797fda87421ec4f0b60f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "228F93B50CE9A919708078D7BE6BEE880BB4BA71ACFF797FDA87421EC4F0B60F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2457
Expires: Fri, 02 Dec 2022 21:36:07 GMT
Date: Fri, 02 Dec 2022 20:55:10 GMT
Connection: keep-alive
push.services.mozilla.com/
52.39.96.8101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.96.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LsSk7ltQtRu8j0+CFS8nqg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: m05V58QAHulg7lU+a+iRzi+rhak=
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.106200 OK 851 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.106:0
Hash 1fc8c155de3940013afad60aa4a3ae01
eb4d901334c58605b6e24f24327fa8e3a3696bcc
2e9fcfcd09b9ac22031a79809a918c92f48ae2561dddd3dd21860fecadf50392
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 02 Dec 2022 20:55:09 GMT
date: Fri, 02 Dec 2022 20:55:09 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7355c762f64563188d049c306cecc4ec
8304a032dde4c8c9a1f930ec70aafc364a66f43d
ac1aea318eac25515262eed4e62a89adfbf2187a5ce41bdbab51bed86357be71
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC1AEA318EAC25515262EED4E62A89ADFBF2187A5CE41BDBAB51BED86357BE71"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1545
Expires: Fri, 02 Dec 2022 21:20:55 GMT
Date: Fri, 02 Dec 2022 20:55:10 GMT
Connection: keep-alive
waitingpresen.com/RzZ5cHpoCRoDRxBzHTosEXQNFkkFWyAdFjBVLkEKJn4jRSMqUV8EEyMLQURJdQBIVgouUkRBQmFFDREOMkVEQVwuWB8fR2FAREFUdxhLXkhhQ0RBXDNGGBdHdhAJBA4rC0hGTXcGSERPdwFARUg
188.114.97.1204 No Content 0 B URL HTTP/2 waitingpresen.com/RzZ5cHpoCRoDRxBzHTosEXQNFkkFWyAdFjBVLkEKJn4jRSMqUV8EEyMLQURJdQBIVgouUkRBQmFFDREOMkVEQVwuWB8fR2FAREFUdxhLXkhhQ0RBXDNGGBdHdhAJBA4rC0hGTXcGSERPdwFARUg
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RzZ5cHpoCRoDRxBzHTosEXQNFkkFWyAdFjBVLkEKJn4jRSMqUV8EEyMLQURJdQBIVgouUkRBQmFFDREOMkVEQVwuWB8fR2FAREFUdxhLXkhhQ0RBXDNGGBdHdhAJBA4rC0hGTXcGSERPdwFARUg HTTP/1.1
Host: waitingpresen.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 20:55:10 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HzUHRMdpNWUN8VZNQ671qvrbJHpd8K%2Bbk2l3ajY4mlrirzu4il5H0i%2B6xu8tN1hnL%2FoUZh2OQAa4fklQRm%2BxHSMCmsy%2BpBIqNrv3AvHd1iOc6BO6BUY%2FWsqxt7ea66bTODnCGw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7736f63fc88ab4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash e2ef0ef17169d7b35a7dd72be93b8a73
6aa14bfc09ce48513aafcf5a600ceffd2d35733d
2485f4e261456c25948ee0bb6665b448b63b08296692e629b8de26376bedd34e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 20:55:10 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 16:52:38 GMT
Expires: Thu, 08 Dec 2022 16:52:37 GMT
Etag: "6aa14bfc09ce48513aafcf5a600ceffd2d35733d"
Cache-Control: max-age=503246,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7736f640b97cb517-OSL
ocsp.pki.goog/s/gts1p5/rwhsVIQts8w
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/rwhsVIQts8w
IP 142.250.74.131:0
Hash 6fbd6c392b04f319191b3f1322daa769
c2e946297be984fd55435c23e0a911669601bf12
3718bc0c6b6a3a0f838c104433990c3ca7d3a88dc3b87b34d20ad059afc0533f
POST /s/gts1p5/rwhsVIQts8w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
139.45.195.253200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 904
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 02 Dec 2022 20:55:10 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
d3t87ooo0697p8.cloudfront.net/lNGZKTk5XCSQocUAPLnN2AFV4eH8SDDkhIERbDgQ9cRAyNj1/DBB6DxISMCpzBEAmLyBTW2wrIFdbe2gvUAR3emhBB3cjIU4PJiIvEVQMe2AEQ3h+ZkMPJCohQxVvfH5aEm98fgVWZH5rByRvfH5DDyR4ehFVCGt8BB58emsHJG98fkYQb30PBVZ/YH4dQ3-h+KVEFISFrBiB4fn8EVnt+fxFUeignRgMsITYRVAx/fgFIemg7CVc
143.204.42.204200 OK 190 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/lNGZKTk5XCSQocUAPLnN2AFV4eH8SDDkhIERbDgQ9cRAyNj1/DBB6DxISMCpzBEAmLyBTW2wrIFdbe2gvUAR3emhBB3cjIU4PJiIvEVQMe2AEQ3h+ZkMPJCohQxVvfH5aEm98fgVWZH5rByRvfH5DDyR4ehFVCGt8BB58emsHJG98fkYQb30PBVZ/YH4dQ3-h+KVEFISFrBiB4fn8EVnt+fxFUeignRgMsITYRVAx/fgFIemg7CVc
IP 143.204.42.204:0
File type ASCII text, with no line terminators
Hash 262617f683ef8d3435665b32f732bb8b
1c4d227895cff7908e280dce7acd72095ff64de8
7424bd2f6d945a970a3478446f96c2e9dae366981be268aeaa71e1f1f2f5c78b
GET /lNGZKTk5XCSQocUAPLnN2AFV4eH8SDDkhIERbDgQ9cRAyNj1/DBB6DxISMCpzBEAmLyBTW2wrIFdbe2gvUAR3emhBB3cjIU4PJiIvEVQMe2AEQ3h+ZkMPJCohQxVvfH5aEm98fgVWZH5rByRvfH5DDyR4ehFVCGt8BB58emsHJG98fkYQb30PBVZ/YH4dQ3-h+KVEFISFrBiB4fn8EVnt+fxFUeignRgMsITYRVAx/fgFIemg7CVc HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://airsanguages.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 190
date: Fri, 02 Dec 2022 20:55:10 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: PDoZqVPVK__8nLghpvEI_E0KAG5RacOVg7g5qIK4loXqR-2U6hTa8w==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/JYlhsMjIBNwJUDRYxCA8KWmFYCwZEMh9dXBJlKXd3GmAZUwAHHwlEFBYiCA8CRDQNXFVffglcUV9pSlNWAGVYFEYSNwcPVgU/GlhBGDQYURQXOVFfXRgxAF5TR2oqBxxSfV4CGhUxAlZdFStJAAIMLEkAAlNoQgIXURpJAAIVMQIEBkdrLhcAUiBaBhdRGk-kAAhAuSQFzU2hZHAJLfV4CVQc7B10XUB5eAgNSaF0CA0dqXFRbED0KXUpHaioDAld2XBRHX2k
143.204.42.204200 OK 604 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/JYlhsMjIBNwJUDRYxCA8KWmFYCwZEMh9dXBJlKXd3GmAZUwAHHwlEFBYiCA8CRDQNXFVffglcUV9pSlNWAGVYFEYSNwcPVgU/GlhBGDQYURQXOVFfXRgxAF5TR2oqBxxSfV4CGhUxAlZdFStJAAIMLEkAAlNoQgIXURpJAAIVMQIEBkdrLhcAUiBaBhdRGk-kAAhAuSQFzU2hZHAJLfV4CVQc7B10XUB5eAgNSaF0CA0dqXFRbED0KXUpHaioDAld2XBRHX2k
IP 143.204.42.204:0
File type ASCII text, with very long lines (868), with no line terminators
Hash d537cc1260fe0e191adb9cc55cd45e09
85a3075fbe91bc4a05ebbe4bcd0630872611f5ab
946589fe48fd9813fc7bf2378624504b8c7c8c0ade69f559f8d3b5afff336662
GET /JYlhsMjIBNwJUDRYxCA8KWmFYCwZEMh9dXBJlKXd3GmAZUwAHHwlEFBYiCA8CRDQNXFVffglcUV9pSlNWAGVYFEYSNwcPVgU/GlhBGDQYURQXOVFfXRgxAF5TR2oqBxxSfV4CGhUxAlZdFStJAAIMLEkAAlNoQgIXURpJAAIVMQIEBkdrLhcAUiBaBhdRGk-kAAhAuSQFzU2hZHAJLfV4CVQc7B10XUB5eAgNSaF0CA0dqXFRbED0KXUpHaioDAld2XBRHX2k HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://airsanguages.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 604
date: Fri, 02 Dec 2022 20:55:10 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: MOXY_Go6l6dxs0L8DKC7Hc7y_nNVwZJTR3DUEmiFP9n3l8XIRP3g6A==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/4RlJ6WE4lPRQ+cTI7HmV2dGBPanpgOAk3IDZvKykZIBc1MwUDdA4iKntiXDQvKDVHfisoMUdpaCc2GGV6YCYKNyV7Nh0/OCwhADQ6JXQPOXMrPQAxIiozX2oIc3xKfXx2eg0xICI9DStrdGIULGt0YktoYHZ3SRprdGINMSBwZl9rDGNgSiB4cndJGmt0Yg-gua3UTS2h7aGJTfXx2NR87JSl3SB58dmNKaH92Y19qfiA7CD0oKSpfagh3Yk92fmAnR2k
143.204.42.204200 OK 509 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/4RlJ6WE4lPRQ+cTI7HmV2dGBPanpgOAk3IDZvKykZIBc1MwUDdA4iKntiXDQvKDVHfisoMUdpaCc2GGV6YCYKNyV7Nh0/OCwhADQ6JXQPOXMrPQAxIiozX2oIc3xKfXx2eg0xICI9DStrdGIULGt0YktoYHZ3SRprdGINMSBwZl9rDGNgSiB4cndJGmt0Yg-gua3UTS2h7aGJTfXx2NR87JSl3SB58dmNKaH92Y19qfiA7CD0oKSpfagh3Yk92fmAnR2k
IP 143.204.42.204:0
File type ASCII text, with very long lines (697), with no line terminators
Hash 3b9c536c1dd81dad0b2065f247c2ee21
e8d4a9573ab326ee3bfc616b68abb3a5188d2305
2f7cf7d4085adc4e7337547fea1e6765dca295d2e539689f8f124baf1de453eb
GET /4RlJ6WE4lPRQ+cTI7HmV2dGBPanpgOAk3IDZvKykZIBc1MwUDdA4iKntiXDQvKDVHfisoMUdpaCc2GGV6YCYKNyV7Nh0/OCwhADQ6JXQPOXMrPQAxIiozX2oIc3xKfXx2eg0xICI9DStrdGIULGt0YktoYHZ3SRprdGINMSBwZl9rDGNgSiB4cndJGmt0Yg-gua3UTS2h7aGJTfXx2NR87JSl3SB58dmNKaH92Y19qfiA7CD0oKSpfagh3Yk92fmAnR2k HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://airsanguages.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 509
date: Fri, 02 Dec 2022 20:55:10 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 43-8I6JaEO8gEje0EDZNYk9tGCmRM2wdr5IauiJ8tcUEvbQzjzYbGQ==
X-Firefox-Spdy: h2
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
192.243.59.12200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37174), with no line terminators
Hash 643abe7a5449d38e54d0fd3ffbdd2934
5be0f076595d4a55390412c2eab049b43fadfde8
9caabf17e654f64ec032319309f33a2c2450970259afd15f568fc414ca33748a
Analyzer Verdict Alert quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 20:55:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7fc091a2d6fc11a3660dccdd366960a3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1f1beac7928ab3d37cedfb7e9db6de8c
dbec1313a709861142ee3b08c1031e4c297435d0
25faaa716072ce2493633a4252fde0606c5da842936e6f4874eb461c180367de
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "25FAAA716072CE2493633A4252FDE0606C5DA842936E6F4874EB461C180367DE"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5105
Expires: Fri, 02 Dec 2022 22:20:15 GMT
Date: Fri, 02 Dec 2022 20:55:10 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
108.157.217.47200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 108.157.217.47:0
Hash 8be4570a1d9d09c7b793e97ee1f6edaf
cb101195afa0dbb473bcd5050ee2ab4a25af825f
b69ece6aab66eec92b6b3bd8c8e6febd027c8dac1a86faaed1b217dec8e784b1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=147161
Date: Fri, 02 Dec 2022 20:55:10 GMT
Etag: "6389fe18-1d7"
Expires: Sun, 04 Dec 2022 13:47:51 GMT
Last-Modified: Fri, 02 Dec 2022 13:31:04 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 4ded1750dc7e0bef188a5520fb9fef28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P1
X-Amz-Cf-Id: aVfDT4EI0NjcsCG4nDEnmjVmbIbfnqMoFHvKfbCkGeD0cFzJo_cOBA==
Age: 1007
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash becbcbed84eac7aee982c343719b7f39
11d8536cf5b0f8e9983e1aa9d813d918312e2c73
8ba28ec0ed6d95aeae8c2939e0f6c51a2ec2fd27332b111af209940594421c44
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:10 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8:3:1; expires=Mon, 29 Nov 2032 20:55:10 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1c7d618ecce974f73c9254d9c7fecdb
db238571b457e37e0a4e1dc3d4cc965c361bad19
e152522f74ddf35ae04067c339896f8ec106bdeab0a179482cb010ff545ba679
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E152522F74DDF35AE04067C339896F8EC106BDEAB0A179482CB010FF545BA679"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9953
Expires: Fri, 02 Dec 2022 23:41:03 GMT
Date: Fri, 02 Dec 2022 20:55:10 GMT
Connection: keep-alive
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2Fbwmu7gg&tag=v-exee-app&domain=exee.app
172.64.105.3200 OK 2.0 kB URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2Fbwmu7gg&tag=v-exee-app&domain=exee.app
IP 172.64.105.3:0
File type JSON data\012- , ASCII text, with very long lines (8589)
Hash 5e99e70fa29e3da16cb368487f8c80f5
636c628aaeb3d8f24ae1957b244809f7ba884136
6a67b9e1651e8b8ad8d6b60a217c85895794bc2cf04885632904040863ad7938
GET /allowed_url.php?type=json&url=exee.app%2Fbwmu7gg&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:10 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zk04Dy4PZyHGk%2FmpPWzc%2BKJeR4DRqm2s3VLThhYbTeHYVBT1VsNXzATvXm20PKnd%2FrcVwPRkxtABbRSWaCh%2FLj60Umynv%2FFTKMDq2BpMbulGBtbw%2BFrDOUrE2ArKC9tX8xby"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7736f63f7ec4f41f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.14200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 02 Dec 2022 20:46:55 GMT
expires: Fri, 02 Dec 2022 22:46:55 GMT
cache-control: public, max-age=7200
age: 495
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a26afaaadb2a0ed8f3adf3ba46f076b0
fd5066cc90bd627ab0cf7f2463ae71b26f7ebf38
0ef7ce87cf40f2eabf3daab6d1336bfd51f0539f6d174a5f66afdd898acd1d06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pogothere.xyz/asd100.bin
172.64.172.27200 OK 103 kB IP 172.64.172.27:0
Size 103 kB (102871 bytes)
Hash bfd5d9f8b155eb4596ca1a168863816c
ac730befb9ab8ba7c6914a7682cb0fc3084d460f
b8ee0b481f72579b4419953f1ac2c16a8495f1e0de8fc11a2d83a304fd7e3b85
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:09 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1141
last-modified: Fri, 02 Dec 2022 20:36:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qdwuwIMh0NolbHJ9NpVIGSpn3qGmb4ehDhZzl%2FH72UVMlBH2ucsxs7OuYswq8a%2B52nFOVP8ZzJiD6SnK0U968OGfQ6Vp4WHigV%2FElGPjbLelhmxbWzUvChaQf8ODWBRe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736f63f3cde776b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6acc582e88a49b8d0a4c05705f9c6af2
7cd445187fc02c97202cde41ee450d0c078cfd9c
41dc74b2ddf000db6ff024819614df835bb6092f78bba04e409b11f05e645348
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5498
Cache-Control: max-age=117095
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:10 GMT
Etag: "6389771b-1d7"
Expires: Sun, 04 Dec 2022 05:26:45 GMT
Last-Modified: Fri, 02 Dec 2022 03:55:07 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.211.13302 Found 387 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.211.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash 14dc17a5a091c9b3b52535a2bd3055ae
c4c86dfe954104e27b5c452f6507e82483784ed3
47e9676b17f68914a6a2fe2a92bad452a9449b93a85e4344bb41f68d842e6ed4
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 02 Dec 2022 20:55:10 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S872669788%3A1670014510993398&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsek6I--39ekBEYvyvwVwOpSyC_f40fL-c-etblgkvLYnt7cizGDvWMMfe3LvlTFIFRK-rnKg
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-Df10fC9rsqDCxXS3F7pEjA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 387
server: GSE
set-cookie: __Host-GAPS=1:co9vRlVL_ENTRUBIMYWvQ2WjXjJTDw:0pyIxv2ChBfwGBzP;Path=/;Expires=Sun, 01-Dec-2024 20:55:10 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a6ad57d839c4b452d7118cf2052f9d35
50afdbe46f04c7611c1a0111bce3a76775e50272
4c5c20573601bde0f5c3567e02d02d74ab22d4ffe12f632e1def1b87dc86ad3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.211.13302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.211.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash fde8822f7d1dd194f6dd7926fc15f85c
046caa39bbdedaff82b70962ebce5f5d8bf726e2
3e755338accabb089c36c0efb309be2dd5f6f01273ce029809a46aff0b542159
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 02 Dec 2022 20:55:11 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S134972978%3A1670014511049071&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvQ3IyE3alqKOAk9hACD5H-VwltrfoQMMk9nsdXRDO1WBvPll5_Xa1LeL-5K9I3umDzoH_Q
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-CHpD-EwCw2ljtM44izNlrA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:SlREEsTd3CgXIa-WXaNsCZV83ev42A:zY7j_l1fGWNv2EgS;Path=/;Expires=Sun, 01-Dec-2024 20:55:11 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
specialistinsensitive.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
192.243.61.227200 OK 29 kB URL HTTP/1.1 specialistinsensitive.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 4faa30697e6d39b970be5364f2d2b6f2
f56200e1a1aa2340df0b59d3b0f4e1b83ab15e6c
0f2c46a75dcb976c7b2c274297445c15327aad76d70538fcb96b9022ce6e3511
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/ed/da/e3edda287db626ee1ba52321f203a61e.js HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 20:55:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 069c2bd722d0034ae7c477a16ae4ca74
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6acc582e88a49b8d0a4c05705f9c6af2
7cd445187fc02c97202cde41ee450d0c078cfd9c
41dc74b2ddf000db6ff024819614df835bb6092f78bba04e409b11f05e645348
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5499
Cache-Control: max-age=117095
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:11 GMT
Etag: "6389771b-1d7"
Expires: Sun, 04 Dec 2022 05:26:46 GMT
Last-Modified: Fri, 02 Dec 2022 03:55:07 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8238
Expires: Fri, 02 Dec 2022 23:12:29 GMT
Date: Fri, 02 Dec 2022 20:55:11 GMT
Connection: keep-alive
specialistinsensitive.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8%3A3%3A1
192.243.61.227200 OK 4.3 kB URL HTTP/1.1 specialistinsensitive.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8%3A3%3A1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5977), with no line terminators
Hash 1441c6b202e96217b902282234dac1ed
d407bad9b33915541357b3ad586306e184021136
ae17c79316801dca5efb14ccae7957123bad045768780cf147b34548a3f568b3
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8%3A3%3A1 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 20:55:11 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://exee.app
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Sat, 03 Dec 2022 20:55:11 GMT; secure; SameSite=None
uid_id2=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8:3:1; expires=Fri, 09 Dec 2022 20:55:11 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 03 Dec 2022 20:55:11 GMT; secure; SameSite=None
uncs=1; expires=Sat, 03 Dec 2022 20:55:11 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 03 Dec 2022 20:55:11 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 03 Dec 2022 20:55:11 GMT; secure; SameSite=None
slecf585f65c6c65123b95dd09be324de3bb=[3789938]; expires=Fri, 02 Dec 2022 20:55:16 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b68986972cd8a506af8f957ae2617b84
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8238
Expires: Fri, 02 Dec 2022 23:12:29 GMT
Date: Fri, 02 Dec 2022 20:55:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8238
Expires: Fri, 02 Dec 2022 23:12:29 GMT
Date: Fri, 02 Dec 2022 20:55:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8238
Expires: Fri, 02 Dec 2022 23:12:29 GMT
Date: Fri, 02 Dec 2022 20:55:11 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cgj3fw3lpngosMNOK7cZUZO94T__4RTy_p7wa6rI62OOvhI5E9wMSw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 13:09:50 GMT
age: 27921
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8238
Expires: Fri, 02 Dec 2022 23:12:29 GMT
Date: Fri, 02 Dec 2022 20:55:11 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 291127b670135b42b6e9687aa2a13237
99b5ef2d6a4d1a1251a06d9d9f989b01d089a8d1
49b082a738bcd15a0bb4e9f96a180797ffcfa368977ac1927df882a0343664d3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10437
x-amzn-requestid: 2a8183c4-47ec-42bb-8e67-3e742dc3750c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb0YpEeooAMFfvg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cdd0-2014fd4d49dcd4087bf1db4d;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:40:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wQc8gdA6brp46QVd0ee9cBtnmA9q1j3nUO2ou9MDIhecNINtmphq0Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:15:09 GMT
age: 81602
etag: "99b5ef2d6a4d1a1251a06d9d9f989b01d089a8d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 4.8 kB IP 172.64.172.27:0
File type ASCII text, with no line terminators
Hash 33fed98d45109de6ba5e1b808117d0be
cdcf62fb1930eb45391097426ff443d4135149ca
d657f80393da9fb8e89d051a9239d444da97a2fc6c466116d8642ccacf9fc22a
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:10 GMT
content-type: text/plain
set-cookie: csu=970353061621142@1@1670014510; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wgLK5qMkp9GKviIg0dgHlZyzRaaPSukvNQ%2Flti%2BJhtX1nDcrVkHYzbeOnImdUE2p1wx%2FyLg%2FdgXjvK5S12CsfPaE0F4ltSADP0Z735cS1%2FCfJ6xlQicHbYYF2MLcoiH7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7736f63f4cfe776b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1c80b8025242ddfcc816ec612456b99e
aa944d10fe4a44b790b01ef62edc0f85a6d558e3
a9f060bc15738a3fe257e0c81a29e4611a89c273bcbb2765ce856d4e854a5f1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11402
x-amzn-requestid: 20c2c359-1e43-40c0-885d-1c90e76ea12b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGzJHu-IAMFbYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e7a-1d89722e767daa014b174a39;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OJBnbjJB_kvPuJcePGnno3zI0CTWAzV-Osb2L1hPZZhlNYhFHWmLsA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:51:33 GMT
etag: "aa944d10fe4a44b790b01ef62edc0f85a6d558e3"
content-type: image/jpeg
age: 83018
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d147ccb10bda82b153a596c3c967cd6a
ffd0763f997e71a8c1458523fc17cafe8849dfdf
1cfeb90a4ba027195f903d938d4a0aac418a1c2f0b52215ec023263f15905971
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7591
x-amzn-requestid: e179862e-f840-4e50-a9dc-09f325479b9a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGgMFRZIAMFl7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e01-676a1571459f2d83488f2765;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oB5K_ZCWWwCltMx8FQSjDdXRMzSTSyRLSYSLAooQXuCrUxadLUiWkA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:08:56 GMT
etag: "ffd0763f997e71a8c1458523fc17cafe8849dfdf"
content-type: image/jpeg
age: 81975
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 00:54:54 GMT
age: 72017
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 5.7 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
Hash 17ecbc254329e507654d2afe82cee41d
f471485e8c9b657dca5d7f9ed6f97f7bddc910ce
ceae8b0ccb7e56e986b7f32454d270995bd8b30b1a8cd084f72ad750f4d482c2
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: P1YT+2QXH0AxVY3nIBfPrkZOClR1oEks8raxC1db7siB6rSZ4QDXb2fiahMWf91RyjGGOeP129lRnTDPmS47mQ==
date: Fri, 02 Dec 2022 20:55:11 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a6ad57d839c4b452d7118cf2052f9d35
50afdbe46f04c7611c1a0111bce3a76775e50272
4c5c20573601bde0f5c3567e02d02d74ab22d4ffe12f632e1def1b87dc86ad3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/iframe_api
142.250.74.78200 OK 994 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.78:0
File type ASCII text, with very long lines (509)
Hash 7cdb0ac420ecaea99d348b9ab39f5ba2
f72dbe9f0fd7b911ec9fa87e73bfd428dd746383
f379b42932e7a1afd87f9ec61b47ad75d68ae936073fb7b58ede98e42e341f19
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Fri, 02 Dec 2022 20:55:11 GMT
date: Fri, 02 Dec 2022 20:55:11 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=JYIcVsBtXnw; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=jCQD2Zgb4Fo; Domain=.youtube.com; Expires=Wed, 31-May-2023 20:55:11 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+512; expires=Sun, 01-Dec-2024 20:55:11 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
142.250.74.162200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP 142.250.74.162:0
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 20:04:29 GMT
expires: Fri, 02 Dec 2022 21:04:29 GMT
cache-control: public, max-age=3600
age: 3042
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49a9684674e0f1b3974c6427c5354fe4
c201e61bcda9cc91369f0c57f8236fcdd3db26c6
27b8d50242836a45aca1fcd0cb58e7f685011c1f93b57d0e3ea9a02400f8d801
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.22200 OK 2.4 kB IP 192.124.249.22:0
Hash 432b55f6fcde59ad9f2bbd00ba3ca4e9
c9fda0b7a0eb1133f13145e5728117bf70e73fe4
545f69f3b68afea535b61c8eeab80556f9651894df3839a07a78e36b155026fa
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 20:55:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 02 Dec 2022 18:27:19 GMT
Expires: Sat, 03 Dec 2022 18:27:19 GMT
ETag: "5d5ce77892a0cba0b49a9f882ad4a5e93109f344"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash fccc019c3c61476f4bd06573b15a1de4
5d5ce77892a0cba0b49a9f882ad4a5e93109f344
6b7bf3afc4af3b0676896650ff90478f6c7e640de094d1ded2da1dd1805ed8da
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 20:55:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 02 Dec 2022 18:27:19 GMT
Expires: Sat, 03 Dec 2022 18:27:19 GMT
ETag: "5d5ce77892a0cba0b49a9f882ad4a5e93109f344"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash fccc019c3c61476f4bd06573b15a1de4
5d5ce77892a0cba0b49a9f882ad4a5e93109f344
6b7bf3afc4af3b0676896650ff90478f6c7e640de094d1ded2da1dd1805ed8da
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 20:55:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 02 Dec 2022 18:27:19 GMT
Expires: Sat, 03 Dec 2022 18:27:19 GMT
ETag: "5d5ce77892a0cba0b49a9f882ad4a5e93109f344"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9abc24f39564dc848d6bcdefbcdafc7b
b8c7e8e03ebea34dc55cb1edc5821875ef3b8ced
746046171e16c754f1385bee917d0d771988a6cc69bfef15b30af8d773cad83f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "746046171E16C754F1385BEE917D0D771988A6CC69BFEF15B30AF8D773CAD83F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6263
Expires: Fri, 02 Dec 2022 22:39:35 GMT
Date: Fri, 02 Dec 2022 20:55:12 GMT
Connection: keep-alive
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
15.235.85.92204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
IP 15.235.85.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 20:55:12 GMT
Connection: keep-alive
Expires: Sat, 02 Dec 2023 20:55:12 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
specialistinsensitive.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSzWskVRfGb83kfRe6URkXLpRGZqFguqu6u9LdzmI0jiPBmITJSLber%2Bpcc6tucW9VVycgRAfC4KrdCW4qT%2BcDx0GcP0BGOrORgDCtIEEmCC7dCMLgUjppCJ5FnXPqdxbnec7d2c1PiY%2Bcnqx8YLaU1rQWVv3Ka2sqEaZwlaXblcCv%2BtcqayqZa16r9Ccf23sz8MOq%2F3rlPck3TK3uB74f%2BEHlprIyMv3aGYVK73eCasevNuvVIGyib%2F%2Fbu9yDox5E75S8ACXG%2F1v%2F8QEUHyGJv7sh3UZm0jfejXNNM2PRE4cfJhuJKRLEF2VkPUTJ4XQaxo0J%2BfISTHI4VQDT25soAFNj4v0agCWH0zXBevvnmzINmYCJZ1H0RpB6BEVH4OYOlHhMAC6wtIwkPlgytqCb55RO6JjMPP0bqhiTmSdXkMTfzmvVr6wanWfKJA79qITqj6C6I6T5EbItD6o4As8%2BgxI%2FkdrTRSTx3rLTBkqcXA2D0BeMRrOhL1qzTdoIZ9th1J5tN7mUbenTFm%2BfWaTUCCoaQcsBqLuM3HnIlYc88pCnHmJxUqFhJ%2FL9VsSiRqPd5Jw3GpyH7TkRikazHfnI%2BUTDAFk6ANcDcLuN1G5jQw1g8x%2Fg1ks44cFlBD1RopAEhSMoKEGhCIqMoOiV%2B0K7uisPhHY5C6a5Ps2Ncmiy7i7dN1lXJmQ3PSXPT4zznrt3BRvypBKF7TCaC%2FkcnwuDeoN1QiH8DpONelPIBmNwqoRyl0Cdhy01Jpc%2F%2BROpGpNL8zUwegSnj8DVq6D5y6DFsFX3QdeHzbaPreRA9mVVGQhTIs1mkG16u%2FqUvHR2us4vFpIfv3X1xU%2F%2Ff%2FVJDdyWSG2Jj9Ujgq6%2BO7xlCrJ3yxSOPFhOMxWrLTo562pGMzlz7325WRgrFm64wddv8wmYlPdvS5ct0kSopOvIN%2FNKCGlvGssl%2BX7BrUm2krv1%2Bdwmebq48s7NhTi10jllkhGoevzRQ3A1Js%2FEO2cP9pXfdqDsCDYvEefHZBpQ5gg83YZLj6%2F%2F%2Fuir%2FT9W%2F4EzBFZfzLDUQ5GXQ1tnFz%2B1ItDyoqeshJMXFjB5%2FPCvc7br7qJrPdDsDpK4RM%2BW6OkSVA%2Fg8svDLLXH139unAWY9oZMW2%2BPaau%2FOLfWqZOKDCM%2Fkn5dsqjDohb1RSdqdhjtBLLFQhogc2P%2BeVT7FwAA%2F%2F8BAAD%2F%2F%2B3WiqeIBAAA
192.243.61.227200 OK 8 B URL HTTP/1.1 specialistinsensitive.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSzWskVRfGb83kfRe6URkXLpRGZqFguqu6u9LdzmI0jiPBmITJSLber%2Bpcc6tucW9VVycgRAfC4KrdCW4qT%2BcDx0GcP0BGOrORgDCtIEEmCC7dCMLgUjppCJ5FnXPqdxbnec7d2c1PiY%2Bcnqx8YLaU1rQWVv3Ka2sqEaZwlaXblcCv%2BtcqayqZa16r9Ccf23sz8MOq%2F3rlPck3TK3uB74f%2BEHlprIyMv3aGYVK73eCasevNuvVIGyib%2F%2Fbu9yDox5E75S8ACXG%2F1v%2F8QEUHyGJv7sh3UZm0jfejXNNM2PRE4cfJhuJKRLEF2VkPUTJ4XQaxo0J%2BfISTHI4VQDT25soAFNj4v0agCWH0zXBevvnmzINmYCJZ1H0RpB6BEVH4OYOlHhMAC6wtIwkPlgytqCb55RO6JjMPP0bqhiTmSdXkMTfzmvVr6wanWfKJA79qITqj6C6I6T5EbItD6o4As8%2BgxI%2FkdrTRSTx3rLTBkqcXA2D0BeMRrOhL1qzTdoIZ9th1J5tN7mUbenTFm%2BfWaTUCCoaQcsBqLuM3HnIlYc88pCnHmJxUqFhJ%2FL9VsSiRqPd5Jw3GpyH7TkRikazHfnI%2BUTDAFk6ANcDcLuN1G5jQw1g8x%2Fg1ks44cFlBD1RopAEhSMoKEGhCIqMoOiV%2B0K7uisPhHY5C6a5Ps2Ncmiy7i7dN1lXJmQ3PSXPT4zznrt3BRvypBKF7TCaC%2FkcnwuDeoN1QiH8DpONelPIBmNwqoRyl0Cdhy01Jpc%2F%2BROpGpNL8zUwegSnj8DVq6D5y6DFsFX3QdeHzbaPreRA9mVVGQhTIs1mkG16u%2FqUvHR2us4vFpIfv3X1xU%2F%2Ff%2FVJDdyWSG2Jj9Ujgq6%2BO7xlCrJ3yxSOPFhOMxWrLTo562pGMzlz7325WRgrFm64wddv8wmYlPdvS5ct0kSopOvIN%2FNKCGlvGssl%2BX7BrUm2krv1%2Bdwmebq48s7NhTi10jllkhGoevzRQ3A1Js%2FEO2cP9pXfdqDsCDYvEefHZBpQ5gg83YZLj6%2F%2F%2Fuir%2FT9W%2F4EzBFZfzLDUQ5GXQ1tnFz%2B1ItDyoqeshJMXFjB5%2FPCvc7br7qJrPdDsDpK4RM%2BW6OkSVA%2Fg8svDLLXH139unAWY9oZMW2%2BPaau%2FOLfWqZOKDCM%2Fkn5dsqjDohb1RSdqdhjtBLLFQhogc2P%2BeVT7FwAA%2F%2F8BAAD%2F%2F%2B3WiqeIBAAA
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 3906cd80742de180e89653ddef72bca2
0e87a2f73be3c8ce3f316065a79017c20ad8f09c
3f57726bc10fc28cad1488d3a34f23ef3d0ef64fee7074493308205868b2c8e5
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSzWskVRfGb83kfRe6URkXLpRGZqFguqu6u9LdzmI0jiPBmITJSLber%2Bpcc6tucW9VVycgRAfC4KrdCW4qT%2BcDx0GcP0BGOrORgDCtIEEmCC7dCMLgUjppCJ5FnXPqdxbnec7d2c1PiY%2Bcnqx8YLaU1rQWVv3Ka2sqEaZwlaXblcCv%2BtcqayqZa16r9Ccf23sz8MOq%2F3rlPck3TK3uB74f%2BEHlprIyMv3aGYVK73eCasevNuvVIGyib%2F%2Fbu9yDox5E75S8ACXG%2F1v%2F8QEUHyGJv7sh3UZm0jfejXNNM2PRE4cfJhuJKRLEF2VkPUTJ4XQaxo0J%2BfISTHI4VQDT25soAFNj4v0agCWH0zXBevvnmzINmYCJZ1H0RpB6BEVH4OYOlHhMAC6wtIwkPlgytqCb55RO6JjMPP0bqhiTmSdXkMTfzmvVr6wanWfKJA79qITqj6C6I6T5EbItD6o4As8%2BgxI%2FkdrTRSTx3rLTBkqcXA2D0BeMRrOhL1qzTdoIZ9th1J5tN7mUbenTFm%2BfWaTUCCoaQcsBqLuM3HnIlYc88pCnHmJxUqFhJ%2FL9VsSiRqPd5Jw3GpyH7TkRikazHfnI%2BUTDAFk6ANcDcLuN1G5jQw1g8x%2Fg1ks44cFlBD1RopAEhSMoKEGhCIqMoOiV%2B0K7uisPhHY5C6a5Ps2Ncmiy7i7dN1lXJmQ3PSXPT4zznrt3BRvypBKF7TCaC%2FkcnwuDeoN1QiH8DpONelPIBmNwqoRyl0Cdhy01Jpc%2F%2BROpGpNL8zUwegSnj8DVq6D5y6DFsFX3QdeHzbaPreRA9mVVGQhTIs1mkG16u%2FqUvHR2us4vFpIfv3X1xU%2F%2Ff%2FVJDdyWSG2Jj9Ujgq6%2BO7xlCrJ3yxSOPFhOMxWrLTo562pGMzlz7325WRgrFm64wddv8wmYlPdvS5ct0kSopOvIN%2FNKCGlvGssl%2BX7BrUm2krv1%2Bdwmebq48s7NhTi10jllkhGoevzRQ3A1Js%2FEO2cP9pXfdqDsCDYvEefHZBpQ5gg83YZLj6%2F%2F%2Fuir%2FT9W%2F4EzBFZfzLDUQ5GXQ1tnFz%2B1ItDyoqeshJMXFjB5%2FPCvc7br7qJrPdDsDpK4RM%2BW6OkSVA%2Fg8svDLLXH139unAWY9oZMW2%2BPaau%2FOLfWqZOKDCM%2Fkn5dsqjDohb1RSdqdhjtBLLFQhogc2P%2BeVT7FwAA%2F%2F8BAAD%2F%2F%2B3WiqeIBAAA HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 20:55:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7126e01b7f8294cf86ef674acbd480b3
Strict-Transport-Security: max-age=0; includeSubdomains
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
15.235.85.92200 OK 8.5 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8
IP 15.235.85.92:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1651)
Hash 9859cb92cde776d1ba3b197254d3bb2d
d9b9ed78180657d7fa785fb49d56a4f09270744b
57cdb646c30f23e028814883da2964e7bb2623bad638e81ab96575c52f1ded59
GET /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 20:55:12 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d3b-bf8c"
Expires: Sat, 02 Dec 2023 20:55:12 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/16494291789562504aba5f866.png
15.235.85.92200 OK 69 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/16494291789562504aba5f866.png
IP 15.235.85.92:0
File type PNG image data, 320 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash b49d6e91482e1db917958f2a32a0b1bc
38c5ad2beec3f2cd782da2ee1a9f300a57a5115e
4ef36c7fb595d9e325c5d15b8143c03774407dc5da6c9a77ff9160580136a46d
GET /media_file/v-exee-app/source/uploads/thumbnails/16494291789562504aba5f866.png HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 20:55:11 GMT
Content-Type: image/png
Content-Length: 69290
Last-Modified: Fri, 08 Apr 2022 14:46:21 GMT
Connection: keep-alive
ETag: "62504abd-10eaa"
Expires: Sat, 02 Dec 2023 20:55:11 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da32e4b24f4f95e4e807cff2459f54c3
02db1c6d628b2f51fa0b46fcb79a71178780bc47
4d6ff368a64dc83f4a637fbf44b2256523ca7c43b824022f8f6428de6cfae368
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/instream/video/client.js
142.250.74.70200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP 142.250.74.70:0
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Fri, 02 Dec 2022 20:55:12 GMT
expires: Fri, 02 Dec 2022 20:55:12 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da32e4b24f4f95e4e807cff2459f54c3
02db1c6d628b2f51fa0b46fcb79a71178780bc47
4d6ff368a64dc83f4a637fbf44b2256523ca7c43b824022f8f6428de6cfae368
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
15.235.85.92204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
IP 15.235.85.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 20:55:12 GMT
Connection: keep-alive
Expires: Sat, 02 Dec 2023 20:55:12 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0f3fa70c4b85f9af8be81db15f2473b6
e5dadf573bde48707d00993b7a0301f7303f1a73
ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5474
Expires: Fri, 02 Dec 2022 22:26:26 GMT
Date: Fri, 02 Dec 2022 20:55:12 GMT
Connection: keep-alive
specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=96
192.243.61.227200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=96
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=96 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 20:55:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0f3fa70c4b85f9af8be81db15f2473b6
e5dadf573bde48707d00993b7a0301f7303f1a73
ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5474
Expires: Fri, 02 Dec 2022 22:26:26 GMT
Date: Fri, 02 Dec 2022 20:55:12 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0f3fa70c4b85f9af8be81db15f2473b6
e5dadf573bde48707d00993b7a0301f7303f1a73
ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5474
Expires: Fri, 02 Dec 2022 22:26:26 GMT
Date: Fri, 02 Dec 2022 20:55:12 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
172.64.108.13200 OK 322 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
IP 172.64.108.13:0
File type PNG image data, 729 x 331, 8-bit/color RGBA, non-interlaced\012- data
Size 322 kB (322399 bytes)
Hash 47b7ae41a98644de6d46d58a0e51a793
b0f736609af3c0b3214ee52cc9f0798dcc972df6
b2ad5bf8fc066203168fbceb53b7df6012e8897be344b240e94105af1b4ba0f2
GET /sb/notifications/games/nutaku/multi/2/img/girls.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:12 GMT
content-type: image/png
content-length: 322399
last-modified: Wed, 07 Sep 2022 14:37:32 GMT
etag: "6318acac-4eb5f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1494119
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bviXNIgfspKe2IdxCZHsYnofW1y0N20xyN00%2F4acQi%2BjevRRRGqDtixz%2FFUj4imcrN9swUmsyhqjyyINHLFl8OyTr78nyCCLryCnBQY8LH6rvtfSwP9Q4hWcK22zN%2F369vhdLrDfKk2J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736f64f4af875cc-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=183
192.243.61.227200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=183
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=183 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 20:55:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=183
192.243.61.227200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=183
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=183 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 20:55:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/fonts/Mister-London-Sans.woff2
172.64.108.13200 OK 7.7 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/fonts/Mister-London-Sans.woff2
IP 172.64.108.13:0
File type Web Open Font Format (Version 2), TrueType, length 7664, version 1.0\012- data
Hash e41b02c342b94148fdd5e14fb41dcb4a
9d8415fc8df42aa67fa5a6d15d07f58265535cc0
d857f01d0c6fd46a16bf82acf8f6f76e7710524972ef7f88a926a0d97cadca0b
GET /sb/notifications/games/nutaku/multi/2/fonts/Mister-London-Sans.woff2 HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:12 GMT
content-type: application/octet-stream
content-length: 7664
last-modified: Thu, 15 Sep 2022 10:33:29 GMT
etag: "6322ff79-1df0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 979292
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fzgv%2Fsertw2bnnXJXfE0Rb7lwgPyx4w5lEslK0l4%2BFvalng0cxly%2FIsfGVlJ953oeF0qzX%2B5Sp7jTc3frhB3TAVycn3lUukh%2F0Pqlzcd1Jtlbe9xSdFyS8aG6WsqqnqpmrIcAHIEywYU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736f6518b8b7705-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=54
192.243.61.227200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=54
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=54 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 20:55:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
specialistinsensitive.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq3fz%2FR70orIePCiD7EHBzHRPT2d63MNqXFeCMQmblVytrqqelKnuaqq6pycBIboQFk%2FjTfDSeSY%2FcF3E%2FQNkZbIXCQg7ChJkg%2BDRiyAsHmWSgeB76Pd9%2B%2FMe3ud5a2e3OCUuCnqy8oHekkrRRlB3a6%2BtyZTr0taWbtc8t%2B5eq63JdK51rdaffEzvTc8N6u7rtfcE29CNpuu5rud6tZvSiFj3G2cUMrvf8eodt95q1r2ghb75b28LB5Y64L1T8gIkH%2F9v%2FccHkGyENPnuhrAbuc7eeDcpFM21QY8ffphupLpMkVyUsXEQp4fTaWg7JuTLS9Dp4VQBdG9vogCRHBPnVw9RejhdE1Fv%2F3zTSEGkiPizKHsjCDWCpCMwfQeSPyYA41haRpocLGlT0s1zSid0TGae%2Fg1ZjsnMkytIk2%2FnlezXVrUqcqlTi35cQfZHkN0RsuII%2BZYDWR6B5Z9B8p9I4%2Bki0mRv2SoNyU%2BuBl7g8ojGs4HL27Mt6gezYRCHs2GLCREKl7ZZeGaRlCPIeAQlBqD2MgrroJAOithBkTlI%2BEmNBp3YddtxFPt%2B2GKM%2BT5jQTjHA%2B63wthFwSYaBsizAZgagJltZGYbG3IAU%2FwAu17Bcgc2J%2BjxCqUgKC1BSQlKSVDmBGWv2ufKNm11wJUtIm%2Bam9PsV0Odd3fpvs67IiW72Sl5fmKc89y9K9gQJ7U4CIN4LmBzbC7wmn7UCTh3O5Hwmy0u%2FCiClRWkvQRqHWzJMbn8yZ%2FI5Jhcmm8gokew6ghMvgpavAxaDttNF3R92ApdbKUHoi%2FqUoPrClk%2Bg3zT2VWn5KWz03V%2BMRDs%2BK2rL376%2F6tPGmCmQmYqfCwfEXTV3eEtXZK9W7q05MFylstEbtHJWVdzmouZe%2B%2BLzVIbvnDDDr5%2Bm03ApLx%2FW9h8kaZcpl1LvpmXnAtzUxsmyPcLdk1EK4Vdny9MWmSLK%2B%2FcXEgyI6yVOh2ByscfPQSTY%2FJMsnP2YF%2F5bQfSjGCKCklxTKYBqY%2FAsm3Y7Pj674%2B%2B2v9j9R9YTWDUxUyUOSiLamia0cVPJQmUuOhpVMGKCwsicfzwr3O2a%2B%2BiaxzQ%2FA7SpELPVOipClQNYIvLwzwzx9d%2F9s8CkXKGkTLOXqSM%2BuLcWitPaoHXEmEUthnnkWDcazf90HfdJuetdkd4HeR2zD6PG%2F8CAAD%2F%2FwEAAP%2F%2F%2Bd4EQYgEAAA%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 specialistinsensitive.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq3fz%2FR70orIePCiD7EHBzHRPT2d63MNqXFeCMQmblVytrqqelKnuaqq6pycBIboQFk%2FjTfDSeSY%2FcF3E%2FQNkZbIXCQg7ChJkg%2BDRiyAsHmWSgeB76Pd9%2B%2FMe3ud5a2e3OCUuCnqy8oHekkrRRlB3a6%2BtyZTr0taWbtc8t%2B5eq63JdK51rdaffEzvTc8N6u7rtfcE29CNpuu5rud6tZvSiFj3G2cUMrvf8eodt95q1r2ghb75b28LB5Y64L1T8gIkH%2F9v%2FccHkGyENPnuhrAbuc7eeDcpFM21QY8ffphupLpMkVyUsXEQp4fTaWg7JuTLS9Dp4VQBdG9vogCRHBPnVw9RejhdE1Fv%2F3zTSEGkiPizKHsjCDWCpCMwfQeSPyYA41haRpocLGlT0s1zSid0TGae%2Fg1ZjsnMkytIk2%2FnlezXVrUqcqlTi35cQfZHkN0RsuII%2BZYDWR6B5Z9B8p9I4%2Bki0mRv2SoNyU%2BuBl7g8ojGs4HL27Mt6gezYRCHs2GLCREKl7ZZeGaRlCPIeAQlBqD2MgrroJAOithBkTlI%2BEmNBp3YddtxFPt%2B2GKM%2BT5jQTjHA%2B63wthFwSYaBsizAZgagJltZGYbG3IAU%2FwAu17Bcgc2J%2BjxCqUgKC1BSQlKSVDmBGWv2ufKNm11wJUtIm%2Bam9PsV0Odd3fpvs67IiW72Sl5fmKc89y9K9gQJ7U4CIN4LmBzbC7wmn7UCTh3O5Hwmy0u%2FCiClRWkvQRqHWzJMbn8yZ%2FI5Jhcmm8gokew6ghMvgpavAxaDttNF3R92ApdbKUHoi%2FqUoPrClk%2Bg3zT2VWn5KWz03V%2BMRDs%2BK2rL376%2F6tPGmCmQmYqfCwfEXTV3eEtXZK9W7q05MFylstEbtHJWVdzmouZe%2B%2BLzVIbvnDDDr5%2Bm03ApLx%2FW9h8kaZcpl1LvpmXnAtzUxsmyPcLdk1EK4Vdny9MWmSLK%2B%2FcXEgyI6yVOh2ByscfPQSTY%2FJMsnP2YF%2F5bQfSjGCKCklxTKYBqY%2FAsm3Y7Pj674%2B%2B2v9j9R9YTWDUxUyUOSiLamia0cVPJQmUuOhpVMGKCwsicfzwr3O2a%2B%2BiaxzQ%2FA7SpELPVOipClQNYIvLwzwzx9d%2F9s8CkXKGkTLOXqSM%2BuLcWitPaoHXEmEUthnnkWDcazf90HfdJuetdkd4HeR2zD6PG%2F8CAAD%2F%2FwEAAP%2F%2F%2Bd4EQYgEAAA%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq3fz%2FR70orIePCiD7EHBzHRPT2d63MNqXFeCMQmblVytrqqelKnuaqq6pycBIboQFk%2FjTfDSeSY%2FcF3E%2FQNkZbIXCQg7ChJkg%2BDRiyAsHmWSgeB76Pd9%2B%2FMe3ud5a2e3OCUuCnqy8oHekkrRRlB3a6%2BtyZTr0taWbtc8t%2B5eq63JdK51rdaffEzvTc8N6u7rtfcE29CNpuu5rud6tZvSiFj3G2cUMrvf8eodt95q1r2ghb75b28LB5Y64L1T8gIkH%2F9v%2FccHkGyENPnuhrAbuc7eeDcpFM21QY8ffphupLpMkVyUsXEQp4fTaWg7JuTLS9Dp4VQBdG9vogCRHBPnVw9RejhdE1Fv%2F3zTSEGkiPizKHsjCDWCpCMwfQeSPyYA41haRpocLGlT0s1zSid0TGae%2Fg1ZjsnMkytIk2%2FnlezXVrUqcqlTi35cQfZHkN0RsuII%2BZYDWR6B5Z9B8p9I4%2Bki0mRv2SoNyU%2BuBl7g8ojGs4HL27Mt6gezYRCHs2GLCREKl7ZZeGaRlCPIeAQlBqD2MgrroJAOithBkTlI%2BEmNBp3YddtxFPt%2B2GKM%2BT5jQTjHA%2B63wthFwSYaBsizAZgagJltZGYbG3IAU%2FwAu17Bcgc2J%2BjxCqUgKC1BSQlKSVDmBGWv2ufKNm11wJUtIm%2Bam9PsV0Odd3fpvs67IiW72Sl5fmKc89y9K9gQJ7U4CIN4LmBzbC7wmn7UCTh3O5Hwmy0u%2FCiClRWkvQRqHWzJMbn8yZ%2FI5Jhcmm8gokew6ghMvgpavAxaDttNF3R92ApdbKUHoi%2FqUoPrClk%2Bg3zT2VWn5KWz03V%2BMRDs%2BK2rL376%2F6tPGmCmQmYqfCwfEXTV3eEtXZK9W7q05MFylstEbtHJWVdzmouZe%2B%2BLzVIbvnDDDr5%2Bm03ApLx%2FW9h8kaZcpl1LvpmXnAtzUxsmyPcLdk1EK4Vdny9MWmSLK%2B%2FcXEgyI6yVOh2ByscfPQSTY%2FJMsnP2YF%2F5bQfSjGCKCklxTKYBqY%2FAsm3Y7Pj674%2B%2B2v9j9R9YTWDUxUyUOSiLamia0cVPJQmUuOhpVMGKCwsicfzwr3O2a%2B%2BiaxzQ%2FA7SpELPVOipClQNYIvLwzwzx9d%2F9s8CkXKGkTLOXqSM%2BuLcWitPaoHXEmEUthnnkWDcazf90HfdJuetdkd4HeR2zD6PG%2F8CAAD%2F%2FwEAAP%2F%2F%2Bd4EQYgEAAA%3D HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 20:55:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 86a2c9c33062a9646cadb8799dd70a97
Strict-Transport-Security: max-age=0; includeSubdomains
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
15.235.85.92206 Partial Content 391 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts
IP 15.235.85.92:0
Size 391 kB (391040 bytes)
Hash 1b12fa9a67b15135ee51bd1adfdd5831
6803487aeb9c8614bcb7d5173fd5c8e8d99e8cbd
6c90bfc07e47febe7dd92eb1bc86b7f67d54a6cbad30577c9efe629eeeb24a22
GET /media_file/v-exee-app/source/uploads/videos/16494291789562504aba5f866.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-391039
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 20:55:12 GMT
Content-Type: video/mp2t
Content-Length: 391040
Last-Modified: Sat, 30 Jul 2022 00:37:15 GMT
Connection: keep-alive
ETag: "62e47d3b-113cda88"
Expires: Sat, 02 Dec 2023 20:55:12 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-391039/289200776
adservice.google.com/adsid/integrator.js?domain=exee.app
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 02 Dec 2022 20:55:13 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
specialistinsensitive.com/pixel/sbs?c=1
192.243.61.227200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbs?c=1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 20:55:13 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 77a6b6638e0ee5ec4eeb988d3d3af050
219272781fc7a6ac331496b257c7976daa7b62de
d3092d8548c448fab08751eb00cce0ffb883786084d77320da1e0a858b70c5cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3092D8548C448FAB08751EB00CCE0FFB883786084D77320DA1E0A858B70C5CB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7986
Expires: Fri, 02 Dec 2022 23:08:19 GMT
Date: Fri, 02 Dec 2022 20:55:13 GMT
Connection: keep-alive
bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DWvSsIIaGs4flRJTjUXUMZI6l1WMvHJBB_Wp38spDUO93kJdSlw-OmaQN3ghGG0GqjRZZivuIOs2FCqReBXRP5oFCs8g&cry=1&dbm_d=AKAmf-CJlsiG_iaWM4Muw49g0oBh5HPu4GnL6cqwr8Bux4iBg8zfz8zalFJ68YlPs4Cuygx97ag0ZTN7vRnDixrpsCAXcAbXJuZnXBPCN6S2gY-R7L3Xs54BXF_zy7a7msVE2Sqb5JyCTmhMWI0rfLQ3b46kVcLEfeMykbrQFxc0suL3bt89rgrPTFFF1pvwDmgVjOi-Cv6PnS6eCv4LsC4AGzvUjcwZBYIh8Br_BUzQ5U1a7Wutbbp61ODUo48-u5mZT0BYEMS2nyUTMsOu3DGOAqMj1qkLBtDpGPQ5FbJUO7-eLqeLDtytdpZhgsApujvSCXBzpd6pvjVfDiZZ7wznzXakXUSNjjXvRye71C-60PeXehF7pJE5KrFDRttR4tVQ7Oqvw7fPttjrIYl5a7fLtD4JBj4U4Uxz5KlF8K-w-W1u_YkCagdGjHi7hV-IHz1njSuR-YjcSJtg8lV6uAAFzFO8NukB2gHhveTh3hrcy9OajN88kKy-AAwJMYUWTiUjahq-avz1SSwvWw-lJp13BD8Lefte3uPdy1iyfbXaJzk9QbPpx-YIsjqWug4q6_Y6H6ep4Msj50PtngSJAk6zG3lKL8li7j9unRaoR917lPHl5FNw-SmDNDTzJ3fHAiCisp4sOpRaGP-WQSvNf5HKeKaF_7J3TumToGTKEaxY6WmA6Pc_JPCHA9FS5MSkiFZdnXDRff7S170DRJjFD5lbbgWFuuFOip87Jv-Tqc3cLBP_UkKLaiTzp20eWZB2WU6Xe8B_REP5YeQbywxEAsW-q6r_Yk_FyCmw-DQcw9rqSMPOAI9whjgcna-P9epGlkTz9y2JffwlfGLp4upTD6D8bdG_14uKFIpS6OsbJi5tgE8-15c_--y23852mSwQs03ae9HH6YBzhJEzOG3qB3x2yYOOsKy9frXVMkIgTrb_BdP8-_RJ9Od7Zuj2TpCWRKOv4nEj9RRfha6D5T_GsrZ28XRD7TMZsVqdaqCE3lTKWpkGqxecY2iW7IyhSztvXwSfCsJHg8A0-V6C5GChshbgDADJdsA68aZtxxTmEB9CjYj--rv0SNMX0mt5RRHz9bGWoJFqlhC7SXSVTbM3K_bdoNixzIVh0EPSkv5qWYiwf9Z-2tUJaKL6F2qdOyafeu1A4zpabDW9RS74M7ONbQSzjhAQITjmDarcc_qSStyAmafJK93gdKhMeIn6bd__jbBAnSWZbiAyxWEcVa-dy9ywbgmzMKzyLfb3RSgyj9XdwCGOrwbbSyD6db_EaCtBnk_ttDWKyNczhdrppGMXtJVMrQ9Z7fU85algHf2PA3uFAA_l6NUNUd_BSbHYZi6mjSz2pYuAyujy3sjXptnS5WdSHWygSH81Svb430QczUOEsIq7E84dUfsUnmvTnfhXqE1_PB5YDuGgpSX_v5gY5xc5Q4RczLHyVTk6hMXYLB76CioHwCkehmptfALDfgQ0ocRk4bZ-_ciBhkUbck4Uqu4vt3a7vkH4P8U2Os1bksLGfGlBsB9OvkC7umKb8ZOKyCeL6BA9BXb0BJA2Pa3JY0YxLNB1idp7fBnWWO21KMjKAjdronI6mKn4hm9zswObA3g_UxjlmsmIvj7jwVkf3AWgHSWacncM3z9HLDBqP9rqf9I4PoBhKrn9n54uohSZtZADXLOGkFG0rW0IbG4LfiRZop3PnSCR-FXe6kmSpMXGWjNwkE3goJ1iFvTqtvv14MddcHGIrOKtiQTOH_HQbIxp5DRiVCheCvCj9I3ZWck0OH0D7Gii2x7lEUlV4bHtFbs7Z0xE2dw4eKUfJvH4D7AKUU9n7pl9xU2nJ0xHX7YWcz00LdMEwSKMrg2082mH1iYnSy096bzrH7zWGsSg9PrMKdlX6sAEWmaj9yJTLTuOO4s1Wz9ED2Xx2JavCOan59W1emnA7e795e6iAalwt2Lg_YM-qe87eeKubgPVxBgkaq375E8JEJEHeCwj6_MDYxXbEcsqAQZgw7UhFBfuaN8C096nPAu15BbQVwa7VBF6qfk8b1m3iL-JQXs6KipTTeRY4fzJkB5qc81MzqL28R3PbG98wZrx_x7CALjjB10W4rfoZClQn4ucqZ5Wp7pcvABhSLRcrGWaSVGQZr3gDVkSbww1xvJWfV-oqzAPGlMItxihVX7iGU_cHpyjABBRSLSz1c1VynLIDQudy4wJJEDhBEmtTl1iSl-BrIRU01bKy7B8GXTECHNe7O4GjEL36aWWQY0ycankCSgWF0kXZKW2bRRn_WGHm9QJhuaJgAYWLgJlG7InrN9jXM6Gu9GepgRBgiFL1lQUpgxFGRrw2UjMT2OE_YF5YMaFyB1uJpO7RjCJSC6KpkRWDuHhzbbG3pFAenetyFQkCG3NAYar_w2UCAUQNS-M6u-JOefA7Gw59mneQs_zQr4BPgn6dGH8QsaYrUnPTSQ97Zxdn2dBq_7S6hrO07uytjXUVjiUizHVNGgRMDXGiEi7IrREQ9_F8NOBUqpBH9S0nl68Yd_NDgLAJ8pfeKj5xxUySypRN543UbfdBxBqXnlgopNn6SqFjoVDoABINMslxi31eAxfSMwcesPKVVDVAMxucepZILo7nmiXy-f93QufgeOieILwk73VQsR0XgipJqdvVBIAkbAHSq2km2RNm7sfVPV_iomnN-6sMeDzuNYRZoyfAavd1w-u3cuNOfcJwZy3OMagJByVrjuBLhjcWbKTGa0l4psXQ3-WUUeE9Mc3tAMu2zcA4UVvv-QOLjrLKDIcEDhxbM49X8nNz9Bo6_S-3iMxB8GuUbuUBtFfMBjr2aNM2zTuvg7mNYNYfrETWjPpzoXt31e8Yruq4932y8uKl5EaQbpYZcMWlYxfwlekfJrekXIUFAEozg2FcKNt8yp9uUnm4HUe6iJD1wLhPEF_VWaRe9LeZHdFG5NF8f7qO6nrWo_Dz-RvbIfM4pOBYJK_K3nI3Oc6ecb4yRWWddQq3xTcjb1Bc5ziEATPv2hZUA6dESAy7hlGLGOsDFUPoMR2H-u_898wx_7aWjh-FxZ_zWzj6_r-lFDcpPbYuiqryV9aDuxWO0uqFffip5RlFpo3wu8TriYFKMu9KTZSr-cNrgHLNyGp8K0iP-hZERUTzIozTtwVg3SfVydjohG5ZIs4_q3J-dOF7DL3DZofDECzTvRg0KyjvTu02tjlGzKLFZY99F5I0T98YU5X_rygqGD0XugM6c0_KX7_2FleNDdQ0dn6t-mJy_QcoUMlV8Vuo00j-DNt6LRHS3S8djVGWvqNv-T1BCjkkHK0bxmt_yL0To2rLOlaFPDZBdQdKdaojnyERX13sF9VwU3kSqFR57QIWYOrHClX7VcqseDE6AfNYQGAGCTddYNxjZ6jzzFvT2Ny0wcjmRFRrfpoHEvCgj79LVuljuxSI3GrJggtddyoYAxWyPeqqxU0yJw0_fdkBBU7Rmu4RIqgvXa-o4H1S6QRKG9HjNgIt_Opp99h1BQ-kSPDqmkWhicX4jyAdnA_AJj0UI5LqYHtLaljXrgOpI5s8T6b54YGtpFCtcH-pBJ5oEFtj4aCvoFsBarw8nKiu1pzwibS5t7RV8UFi0PWNh8WJB4kkyJXJ44gxCRS1p1ry6xU78PJ25COLD2gG1qYDS_slc2Se2pEgGE54PLLqaZ1jVQERM44_b3EBFZpKOq3KJZ2qasI4EJR2zfcnurEMZhm2cdjAOGKoiJTHvVK&cid=CAQSPgDq26N9KR7WzrAFrNY4uSPeMa62lAti61UCOvzscybGJmS-YmehVfC-Y0o2sTzEwAnLDyn9v5_HDTJJRltCGAEgEw&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F468810a3-a619-477f-85f9-f99ccd82b209&sid=503F3BA0-EE9A-4847-9921-94B24168D3D6&nel=0&eid=44748969%2C44750822%2C44752711%2C44765701&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=https%3A%2F%2Fexee.app%2Fbwmu7gg&dlt=1670014507603&idt=2437&dt=1670014511663&ged=ve4_td4_tt2_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_ts1_eb16491
173.194.220.157200 OK 4.9 kB URL HTTP/2 bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DWvSsIIaGs4flRJTjUXUMZI6l1WMvHJBB_Wp38spDUO93kJdSlw-OmaQN3ghGG0GqjRZZivuIOs2FCqReBXRP5oFCs8g&cry=1&dbm_d=AKAmf-CJlsiG_iaWM4Muw49g0oBh5HPu4GnL6cqwr8Bux4iBg8zfz8zalFJ68YlPs4Cuygx97ag0ZTN7vRnDixrpsCAXcAbXJuZnXBPCN6S2gY-R7L3Xs54BXF_zy7a7msVE2Sqb5JyCTmhMWI0rfLQ3b46kVcLEfeMykbrQFxc0suL3bt89rgrPTFFF1pvwDmgVjOi-Cv6PnS6eCv4LsC4AGzvUjcwZBYIh8Br_BUzQ5U1a7Wutbbp61ODUo48-u5mZT0BYEMS2nyUTMsOu3DGOAqMj1qkLBtDpGPQ5FbJUO7-eLqeLDtytdpZhgsApujvSCXBzpd6pvjVfDiZZ7wznzXakXUSNjjXvRye71C-60PeXehF7pJE5KrFDRttR4tVQ7Oqvw7fPttjrIYl5a7fLtD4JBj4U4Uxz5KlF8K-w-W1u_YkCagdGjHi7hV-IHz1njSuR-YjcSJtg8lV6uAAFzFO8NukB2gHhveTh3hrcy9OajN88kKy-AAwJMYUWTiUjahq-avz1SSwvWw-lJp13BD8Lefte3uPdy1iyfbXaJzk9QbPpx-YIsjqWug4q6_Y6H6ep4Msj50PtngSJAk6zG3lKL8li7j9unRaoR917lPHl5FNw-SmDNDTzJ3fHAiCisp4sOpRaGP-WQSvNf5HKeKaF_7J3TumToGTKEaxY6WmA6Pc_JPCHA9FS5MSkiFZdnXDRff7S170DRJjFD5lbbgWFuuFOip87Jv-Tqc3cLBP_UkKLaiTzp20eWZB2WU6Xe8B_REP5YeQbywxEAsW-q6r_Yk_FyCmw-DQcw9rqSMPOAI9whjgcna-P9epGlkTz9y2JffwlfGLp4upTD6D8bdG_14uKFIpS6OsbJi5tgE8-15c_--y23852mSwQs03ae9HH6YBzhJEzOG3qB3x2yYOOsKy9frXVMkIgTrb_BdP8-_RJ9Od7Zuj2TpCWRKOv4nEj9RRfha6D5T_GsrZ28XRD7TMZsVqdaqCE3lTKWpkGqxecY2iW7IyhSztvXwSfCsJHg8A0-V6C5GChshbgDADJdsA68aZtxxTmEB9CjYj--rv0SNMX0mt5RRHz9bGWoJFqlhC7SXSVTbM3K_bdoNixzIVh0EPSkv5qWYiwf9Z-2tUJaKL6F2qdOyafeu1A4zpabDW9RS74M7ONbQSzjhAQITjmDarcc_qSStyAmafJK93gdKhMeIn6bd__jbBAnSWZbiAyxWEcVa-dy9ywbgmzMKzyLfb3RSgyj9XdwCGOrwbbSyD6db_EaCtBnk_ttDWKyNczhdrppGMXtJVMrQ9Z7fU85algHf2PA3uFAA_l6NUNUd_BSbHYZi6mjSz2pYuAyujy3sjXptnS5WdSHWygSH81Svb430QczUOEsIq7E84dUfsUnmvTnfhXqE1_PB5YDuGgpSX_v5gY5xc5Q4RczLHyVTk6hMXYLB76CioHwCkehmptfALDfgQ0ocRk4bZ-_ciBhkUbck4Uqu4vt3a7vkH4P8U2Os1bksLGfGlBsB9OvkC7umKb8ZOKyCeL6BA9BXb0BJA2Pa3JY0YxLNB1idp7fBnWWO21KMjKAjdronI6mKn4hm9zswObA3g_UxjlmsmIvj7jwVkf3AWgHSWacncM3z9HLDBqP9rqf9I4PoBhKrn9n54uohSZtZADXLOGkFG0rW0IbG4LfiRZop3PnSCR-FXe6kmSpMXGWjNwkE3goJ1iFvTqtvv14MddcHGIrOKtiQTOH_HQbIxp5DRiVCheCvCj9I3ZWck0OH0D7Gii2x7lEUlV4bHtFbs7Z0xE2dw4eKUfJvH4D7AKUU9n7pl9xU2nJ0xHX7YWcz00LdMEwSKMrg2082mH1iYnSy096bzrH7zWGsSg9PrMKdlX6sAEWmaj9yJTLTuOO4s1Wz9ED2Xx2JavCOan59W1emnA7e795e6iAalwt2Lg_YM-qe87eeKubgPVxBgkaq375E8JEJEHeCwj6_MDYxXbEcsqAQZgw7UhFBfuaN8C096nPAu15BbQVwa7VBF6qfk8b1m3iL-JQXs6KipTTeRY4fzJkB5qc81MzqL28R3PbG98wZrx_x7CALjjB10W4rfoZClQn4ucqZ5Wp7pcvABhSLRcrGWaSVGQZr3gDVkSbww1xvJWfV-oqzAPGlMItxihVX7iGU_cHpyjABBRSLSz1c1VynLIDQudy4wJJEDhBEmtTl1iSl-BrIRU01bKy7B8GXTECHNe7O4GjEL36aWWQY0ycankCSgWF0kXZKW2bRRn_WGHm9QJhuaJgAYWLgJlG7InrN9jXM6Gu9GepgRBgiFL1lQUpgxFGRrw2UjMT2OE_YF5YMaFyB1uJpO7RjCJSC6KpkRWDuHhzbbG3pFAenetyFQkCG3NAYar_w2UCAUQNS-M6u-JOefA7Gw59mneQs_zQr4BPgn6dGH8QsaYrUnPTSQ97Zxdn2dBq_7S6hrO07uytjXUVjiUizHVNGgRMDXGiEi7IrREQ9_F8NOBUqpBH9S0nl68Yd_NDgLAJ8pfeKj5xxUySypRN543UbfdBxBqXnlgopNn6SqFjoVDoABINMslxi31eAxfSMwcesPKVVDVAMxucepZILo7nmiXy-f93QufgeOieILwk73VQsR0XgipJqdvVBIAkbAHSq2km2RNm7sfVPV_iomnN-6sMeDzuNYRZoyfAavd1w-u3cuNOfcJwZy3OMagJByVrjuBLhjcWbKTGa0l4psXQ3-WUUeE9Mc3tAMu2zcA4UVvv-QOLjrLKDIcEDhxbM49X8nNz9Bo6_S-3iMxB8GuUbuUBtFfMBjr2aNM2zTuvg7mNYNYfrETWjPpzoXt31e8Yruq4932y8uKl5EaQbpYZcMWlYxfwlekfJrekXIUFAEozg2FcKNt8yp9uUnm4HUe6iJD1wLhPEF_VWaRe9LeZHdFG5NF8f7qO6nrWo_Dz-RvbIfM4pOBYJK_K3nI3Oc6ecb4yRWWddQq3xTcjb1Bc5ziEATPv2hZUA6dESAy7hlGLGOsDFUPoMR2H-u_898wx_7aWjh-FxZ_zWzj6_r-lFDcpPbYuiqryV9aDuxWO0uqFffip5RlFpo3wu8TriYFKMu9KTZSr-cNrgHLNyGp8K0iP-hZERUTzIozTtwVg3SfVydjohG5ZIs4_q3J-dOF7DL3DZofDECzTvRg0KyjvTu02tjlGzKLFZY99F5I0T98YU5X_rygqGD0XugM6c0_KX7_2FleNDdQ0dn6t-mJy_QcoUMlV8Vuo00j-DNt6LRHS3S8djVGWvqNv-T1BCjkkHK0bxmt_yL0To2rLOlaFPDZBdQdKdaojnyERX13sF9VwU3kSqFR57QIWYOrHClX7VcqseDE6AfNYQGAGCTddYNxjZ6jzzFvT2Ny0wcjmRFRrfpoHEvCgj79LVuljuxSI3GrJggtddyoYAxWyPeqqxU0yJw0_fdkBBU7Rmu4RIqgvXa-o4H1S6QRKG9HjNgIt_Opp99h1BQ-kSPDqmkWhicX4jyAdnA_AJj0UI5LqYHtLaljXrgOpI5s8T6b54YGtpFCtcH-pBJ5oEFtj4aCvoFsBarw8nKiu1pzwibS5t7RV8UFi0PWNh8WJB4kkyJXJ44gxCRS1p1ry6xU78PJ25COLD2gG1qYDS_slc2Se2pEgGE54PLLqaZ1jVQERM44_b3EBFZpKOq3KJZ2qasI4EJR2zfcnurEMZhm2cdjAOGKoiJTHvVK&cid=CAQSPgDq26N9KR7WzrAFrNY4uSPeMa62lAti61UCOvzscybGJmS-YmehVfC-Y0o2sTzEwAnLDyn9v5_HDTJJRltCGAEgEw&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F468810a3-a619-477f-85f9-f99ccd82b209&sid=503F3BA0-EE9A-4847-9921-94B24168D3D6&nel=0&eid=44748969%2C44750822%2C44752711%2C44765701&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=https%3A%2F%2Fexee.app%2Fbwmu7gg&dlt=1670014507603&idt=2437&dt=1670014511663&ged=ve4_td4_tt2_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_ts1_eb16491
IP 173.194.220.157:0
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1805)
Hash 19d1e54e52e765cf9da7f0ee1b716cb6
64c2da81826a10f7fe30767691c81d03acd5c9d2
e6ae2d4e1b7aa922da2d8fe853b41529a46392508dcb3c1a5b2c30e7e2ce2e9a
GET /dbm/vast?dbm_c=AKAmf-DWvSsIIaGs4flRJTjUXUMZI6l1WMvHJBB_Wp38spDUO93kJdSlw-OmaQN3ghGG0GqjRZZivuIOs2FCqReBXRP5oFCs8g&cry=1&dbm_d=AKAmf-CJlsiG_iaWM4Muw49g0oBh5HPu4GnL6cqwr8Bux4iBg8zfz8zalFJ68YlPs4Cuygx97ag0ZTN7vRnDixrpsCAXcAbXJuZnXBPCN6S2gY-R7L3Xs54BXF_zy7a7msVE2Sqb5JyCTmhMWI0rfLQ3b46kVcLEfeMykbrQFxc0suL3bt89rgrPTFFF1pvwDmgVjOi-Cv6PnS6eCv4LsC4AGzvUjcwZBYIh8Br_BUzQ5U1a7Wutbbp61ODUo48-u5mZT0BYEMS2nyUTMsOu3DGOAqMj1qkLBtDpGPQ5FbJUO7-eLqeLDtytdpZhgsApujvSCXBzpd6pvjVfDiZZ7wznzXakXUSNjjXvRye71C-60PeXehF7pJE5KrFDRttR4tVQ7Oqvw7fPttjrIYl5a7fLtD4JBj4U4Uxz5KlF8K-w-W1u_YkCagdGjHi7hV-IHz1njSuR-YjcSJtg8lV6uAAFzFO8NukB2gHhveTh3hrcy9OajN88kKy-AAwJMYUWTiUjahq-avz1SSwvWw-lJp13BD8Lefte3uPdy1iyfbXaJzk9QbPpx-YIsjqWug4q6_Y6H6ep4Msj50PtngSJAk6zG3lKL8li7j9unRaoR917lPHl5FNw-SmDNDTzJ3fHAiCisp4sOpRaGP-WQSvNf5HKeKaF_7J3TumToGTKEaxY6WmA6Pc_JPCHA9FS5MSkiFZdnXDRff7S170DRJjFD5lbbgWFuuFOip87Jv-Tqc3cLBP_UkKLaiTzp20eWZB2WU6Xe8B_REP5YeQbywxEAsW-q6r_Yk_FyCmw-DQcw9rqSMPOAI9whjgcna-P9epGlkTz9y2JffwlfGLp4upTD6D8bdG_14uKFIpS6OsbJi5tgE8-15c_--y23852mSwQs03ae9HH6YBzhJEzOG3qB3x2yYOOsKy9frXVMkIgTrb_BdP8-_RJ9Od7Zuj2TpCWRKOv4nEj9RRfha6D5T_GsrZ28XRD7TMZsVqdaqCE3lTKWpkGqxecY2iW7IyhSztvXwSfCsJHg8A0-V6C5GChshbgDADJdsA68aZtxxTmEB9CjYj--rv0SNMX0mt5RRHz9bGWoJFqlhC7SXSVTbM3K_bdoNixzIVh0EPSkv5qWYiwf9Z-2tUJaKL6F2qdOyafeu1A4zpabDW9RS74M7ONbQSzjhAQITjmDarcc_qSStyAmafJK93gdKhMeIn6bd__jbBAnSWZbiAyxWEcVa-dy9ywbgmzMKzyLfb3RSgyj9XdwCGOrwbbSyD6db_EaCtBnk_ttDWKyNczhdrppGMXtJVMrQ9Z7fU85algHf2PA3uFAA_l6NUNUd_BSbHYZi6mjSz2pYuAyujy3sjXptnS5WdSHWygSH81Svb430QczUOEsIq7E84dUfsUnmvTnfhXqE1_PB5YDuGgpSX_v5gY5xc5Q4RczLHyVTk6hMXYLB76CioHwCkehmptfALDfgQ0ocRk4bZ-_ciBhkUbck4Uqu4vt3a7vkH4P8U2Os1bksLGfGlBsB9OvkC7umKb8ZOKyCeL6BA9BXb0BJA2Pa3JY0YxLNB1idp7fBnWWO21KMjKAjdronI6mKn4hm9zswObA3g_UxjlmsmIvj7jwVkf3AWgHSWacncM3z9HLDBqP9rqf9I4PoBhKrn9n54uohSZtZADXLOGkFG0rW0IbG4LfiRZop3PnSCR-FXe6kmSpMXGWjNwkE3goJ1iFvTqtvv14MddcHGIrOKtiQTOH_HQbIxp5DRiVCheCvCj9I3ZWck0OH0D7Gii2x7lEUlV4bHtFbs7Z0xE2dw4eKUfJvH4D7AKUU9n7pl9xU2nJ0xHX7YWcz00LdMEwSKMrg2082mH1iYnSy096bzrH7zWGsSg9PrMKdlX6sAEWmaj9yJTLTuOO4s1Wz9ED2Xx2JavCOan59W1emnA7e795e6iAalwt2Lg_YM-qe87eeKubgPVxBgkaq375E8JEJEHeCwj6_MDYxXbEcsqAQZgw7UhFBfuaN8C096nPAu15BbQVwa7VBF6qfk8b1m3iL-JQXs6KipTTeRY4fzJkB5qc81MzqL28R3PbG98wZrx_x7CALjjB10W4rfoZClQn4ucqZ5Wp7pcvABhSLRcrGWaSVGQZr3gDVkSbww1xvJWfV-oqzAPGlMItxihVX7iGU_cHpyjABBRSLSz1c1VynLIDQudy4wJJEDhBEmtTl1iSl-BrIRU01bKy7B8GXTECHNe7O4GjEL36aWWQY0ycankCSgWF0kXZKW2bRRn_WGHm9QJhuaJgAYWLgJlG7InrN9jXM6Gu9GepgRBgiFL1lQUpgxFGRrw2UjMT2OE_YF5YMaFyB1uJpO7RjCJSC6KpkRWDuHhzbbG3pFAenetyFQkCG3NAYar_w2UCAUQNS-M6u-JOefA7Gw59mneQs_zQr4BPgn6dGH8QsaYrUnPTSQ97Zxdn2dBq_7S6hrO07uytjXUVjiUizHVNGgRMDXGiEi7IrREQ9_F8NOBUqpBH9S0nl68Yd_NDgLAJ8pfeKj5xxUySypRN543UbfdBxBqXnlgopNn6SqFjoVDoABINMslxi31eAxfSMwcesPKVVDVAMxucepZILo7nmiXy-f93QufgeOieILwk73VQsR0XgipJqdvVBIAkbAHSq2km2RNm7sfVPV_iomnN-6sMeDzuNYRZoyfAavd1w-u3cuNOfcJwZy3OMagJByVrjuBLhjcWbKTGa0l4psXQ3-WUUeE9Mc3tAMu2zcA4UVvv-QOLjrLKDIcEDhxbM49X8nNz9Bo6_S-3iMxB8GuUbuUBtFfMBjr2aNM2zTuvg7mNYNYfrETWjPpzoXt31e8Yruq4932y8uKl5EaQbpYZcMWlYxfwlekfJrekXIUFAEozg2FcKNt8yp9uUnm4HUe6iJD1wLhPEF_VWaRe9LeZHdFG5NF8f7qO6nrWo_Dz-RvbIfM4pOBYJK_K3nI3Oc6ecb4yRWWddQq3xTcjb1Bc5ziEATPv2hZUA6dESAy7hlGLGOsDFUPoMR2H-u_898wx_7aWjh-FxZ_zWzj6_r-lFDcpPbYuiqryV9aDuxWO0uqFffip5RlFpo3wu8TriYFKMu9KTZSr-cNrgHLNyGp8K0iP-hZERUTzIozTtwVg3SfVydjohG5ZIs4_q3J-dOF7DL3DZofDECzTvRg0KyjvTu02tjlGzKLFZY99F5I0T98YU5X_rygqGD0XugM6c0_KX7_2FleNDdQ0dn6t-mJy_QcoUMlV8Vuo00j-DNt6LRHS3S8djVGWvqNv-T1BCjkkHK0bxmt_yL0To2rLOlaFPDZBdQdKdaojnyERX13sF9VwU3kSqFR57QIWYOrHClX7VcqseDE6AfNYQGAGCTddYNxjZ6jzzFvT2Ny0wcjmRFRrfpoHEvCgj79LVuljuxSI3GrJggtddyoYAxWyPeqqxU0yJw0_fdkBBU7Rmu4RIqgvXa-o4H1S6QRKG9HjNgIt_Opp99h1BQ-kSPDqmkWhicX4jyAdnA_AJj0UI5LqYHtLaljXrgOpI5s8T6b54YGtpFCtcH-pBJ5oEFtj4aCvoFsBarw8nKiu1pzwibS5t7RV8UFi0PWNh8WJB4kkyJXJ44gxCRS1p1ry6xU78PJ25COLD2gG1qYDS_slc2Se2pEgGE54PLLqaZ1jVQERM44_b3EBFZpKOq3KJZ2qasI4EJR2zfcnurEMZhm2cdjAOGKoiJTHvVK&cid=CAQSPgDq26N9KR7WzrAFrNY4uSPeMa62lAti61UCOvzscybGJmS-YmehVfC-Y0o2sTzEwAnLDyn9v5_HDTJJRltCGAEgEw&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F468810a3-a619-477f-85f9-f99ccd82b209&sid=503F3BA0-EE9A-4847-9921-94B24168D3D6&nel=0&eid=44748969%2C44750822%2C44752711%2C44765701&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&url=https%3A%2F%2Fexee.app%2Fbwmu7gg&dlt=1670014507603&idt=2437&dt=1670014511663&ged=ve4_td4_tt2_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_ts1_eb16491 HTTP/1.1
Host: bid.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 20:55:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://imasdk.googleapis.com
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4860
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 21:10:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 20:55:13 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 66f46e3e8115b59a4d4741c5e9f9afd3
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=5150dbaf-50d7-4a35-85f8-84cee8e0a7c8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 20:55:13 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b9532af6973f63569aeb29f83309d3ac
Strict-Transport-Security: max-age=0; includeSubdomains
gcdn.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/id,itag,source,ctier,ip,ipbits,expire/signature/F4B2070B25D477C06E7AADDF93E4942BA756A8.1E3BA2433E7A33B54EAE60E2316297D8E931344D/key/ck2/file/file.mp3?cpn=GoC_TjNt9dS413vy
142.250.74.110302 Found 652 B URL HTTP/2 gcdn.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/id,itag,source,ctier,ip,ipbits,expire/signature/F4B2070B25D477C06E7AADDF93E4942BA756A8.1E3BA2433E7A33B54EAE60E2316297D8E931344D/key/ck2/file/file.mp3?cpn=GoC_TjNt9dS413vy
IP 142.250.74.110:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (475), with CRLF, LF line terminators
Hash d783f5964e360be16f151029ce86d16c
a5f077cb11b52637e4de3bc0804bdea3a6d1904d
b0b4cd129f2bd3c0fb40caa4f50ea93f9b4701ba57e778af905bafdffac6bd05
GET /videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/id,itag,source,ctier,ip,ipbits,expire/signature/F4B2070B25D477C06E7AADDF93E4942BA756A8.1E3BA2433E7A33B54EAE60E2316297D8E931344D/key/ck2/file/file.mp3?cpn=GoC_TjNt9dS413vy HTTP/1.1
Host: gcdn.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 02 Dec 2022 20:55:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
location: https://r5---sn-5go7ynlk.c.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/25FB7E1C5E171BE756A697BEF6A6C8130A14063B.280F1EA2D388244CBAD818B1E6D774F90213E5B0/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5go7ynlk/ms/onc/mt/1670013666/mv/u/mvi/5/pl/21?cpn=GoC_TjNt9dS413vy&file=file.mp3
content-type: text/html; charset=UTF-8
server: ClientMapServer
content-length: 652
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 80fa6008da81e8712c6249d056d603ec
2a77b2e3f9933bee4d2080dcda82be0347e81a74
7cb2ab90b82e5be95929b5803de045ad9faabaab9bba6fa032d5fd0263f956a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 80fa6008da81e8712c6249d056d603ec
2a77b2e3f9933bee4d2080dcda82be0347e81a74
7cb2ab90b82e5be95929b5803de045ad9faabaab9bba6fa032d5fd0263f956a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 20:55:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r5---sn-5go7ynlk.c.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/25FB7E1C5E171BE756A697BEF6A6C8130A14063B.280F1EA2D388244CBAD818B1E6D774F90213E5B0/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5go7ynlk/ms/onc/mt/1670013666/mv/u/mvi/5/pl/21?cpn=GoC_TjNt9dS413vy&file=file.mp3
173.194.6.10206 Partial Content 1.2 MB URL HTTP/1.1 r5---sn-5go7ynlk.c.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/25FB7E1C5E171BE756A697BEF6A6C8130A14063B.280F1EA2D388244CBAD818B1E6D774F90213E5B0/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5go7ynlk/ms/onc/mt/1670013666/mv/u/mvi/5/pl/21?cpn=GoC_TjNt9dS413vy&file=file.mp3
IP 173.194.6.10:0
File type MPEG ADTS, layer III, v1, 320 kbps, 44.1 kHz, Stereo\012- data
Size 1.2 MB (1204766 bytes)
Hash 4f1ca5415b4e51bad24263dc7d382b11
046e74e914f65a9f702c4b166f76f1c1a3940a2a
892ae392d580de00e186369e2fc995d7144385e18474223be3c2ff82fff9512d
GET /videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/25FB7E1C5E171BE756A697BEF6A6C8130A14063B.280F1EA2D388244CBAD818B1E6D774F90213E5B0/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5go7ynlk/ms/onc/mt/1670013666/mv/u/mvi/5/pl/21?cpn=GoC_TjNt9dS413vy&file=file.mp3 HTTP/1.1
Host: r5---sn-5go7ynlk.c.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Last-Modified: Tue, 29 Nov 2022 14:20:57 GMT
Content-Type: audio/mpeg
Date: Fri, 02 Dec 2022 20:55:13 GMT
Expires: Fri, 02 Dec 2022 20:55:13 GMT
Cache-Control: private, max-age=86400
Content-Range: bytes 0-1204765/1204766
Accept-Ranges: bytes
Content-Length: 1204766
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Vary: Origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvX-TpSFL6KfU1c-V7vWqNJR3J-KWpwX-crq22JqXhA6301QpI8CQiKWXRXWsIASvretbiHyWxEDZBks_vjZmZZzpbtNtg4DUtcAh4-CA-LZIqj7cI6GmL6JihaP_ejHE1SP_zswNkiGY4Nd6M24pydNloEtWmHbWpre81ZEexN_jOxiEEHGb0WJhHcuWe7Iv3i1p_7wWZL-hcxUhDs4lvdlbpevUqD2CO4OKGtyWS9YeiVFTDR5mEmvvZIQy7GDwC3vXNqEbBNqzbiXIM4WCHggtusiZVebi_V89R-22ERtsxlrhodePkGQ0SgWVYgMjkmkEtPJacqQSbcIuk8jwe_fZG03uaHygqOUG3SEZSTCDv58GWEjynFaxX3ycRK2OeaYFM5p0Yqe38WoCeiSKRYWsVeYuUdLze3rysLeH9ulcR1MYRDi3fEfl5yZbfmwvwTOHjiArPJc_LuaoaINGe3gBTuFKDzmXjx_7jKtLitCUPl_6NNNuaWrPv3FyerAOX8yFK63et8pAC5-plVkd_Y8kgoaTZKNm6L4vrZqaqrd9YQux7ITT-pztT_aH3d6FZCOW2X3zUGHBG17y10DSRU7vrl8SbqUInVqQ6x3mZPbLGoiC64oD5Onu9zFBOjtmyI49ytKrHXVAJzMIUSXISoTKO2jhlkKoWsFPKOvMDAQcPQQVL7Gn5rELkB8IFoiylY9SVRzl3XqTTHC0MgiGX6m4uMEJ_JZ1DWAY-JJGR9MojtumLEMEiS2hcwedNy1QCBFy5VipWnohQbytSWnvsr31iLtdsNViAfYSjTnFgfegWPsgy3DjyMKwTncomY-MyGUzvgnW12EJV2RGGuorCDPMzFiD0vni3w5FlV9qgCi9cq12zee19vZefv5RewXV56THfD_qQ9S-WGO4Bbi_OPbdmrFa05TTkc6L_p26g7MV7PjFDN_aU1wmOeGTGIZdmrOe57HayJt66mcNNu_GE_MKm5fiQhl7h4uWTY9j4rn3ul_2CGkOe-6V-S-JHHIAna6xh6jrrB8wlHb7AZkp5MgMUo0VyEFi6qsDA7A-T3IqRo8g_o7y6VBbTAIhGjjjStQLVq1Nf7huN9Grm3A6B6X_tDzUqzuVNczb8Cb59YpNMIgwkYqrJ_mCI2zPC2vGKOS-NrLVtF61lMIGqoG9PlbogxX_m_UKNKLPfWksEyp0Y4_NCKj2N-9VxRSYDrdZ1guVPzHlBKC_BP1MsS-TM0iSI8LLuob4ZXckaKOuZb&sai=AMfl-YQRAQ0YqY_rsQoJjZDNbyS3smQWOEqPkkByVjdtI5J84be_A_8yFEKMAq7RqKiizPWd8VcDjkDFcurvGdJp3M-2Tj-UnDjPrHgjkJpz9FQXq_2GWZXokq2IRkOZPWc54cPdc_82ihpDn_YShz2J1rdf9eIpoxbNPdQgKeYot1xuDPnHAKbqYVmmuES0GdLYy4Cj-rqa1S20laxfxaUFD_WUE6sbB278SAT1RU8XXXQp8oyRKVDYp9P888F50SdJMn0tZrhu_qs7cXP2MJ7G&sig=Cg0ArKJSzKHsG1xClPG9EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&sdkv=h.3.547.0&adurl=
142.250.74.66200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvX-TpSFL6KfU1c-V7vWqNJR3J-KWpwX-crq22JqXhA6301QpI8CQiKWXRXWsIASvretbiHyWxEDZBks_vjZmZZzpbtNtg4DUtcAh4-CA-LZIqj7cI6GmL6JihaP_ejHE1SP_zswNkiGY4Nd6M24pydNloEtWmHbWpre81ZEexN_jOxiEEHGb0WJhHcuWe7Iv3i1p_7wWZL-hcxUhDs4lvdlbpevUqD2CO4OKGtyWS9YeiVFTDR5mEmvvZIQy7GDwC3vXNqEbBNqzbiXIM4WCHggtusiZVebi_V89R-22ERtsxlrhodePkGQ0SgWVYgMjkmkEtPJacqQSbcIuk8jwe_fZG03uaHygqOUG3SEZSTCDv58GWEjynFaxX3ycRK2OeaYFM5p0Yqe38WoCeiSKRYWsVeYuUdLze3rysLeH9ulcR1MYRDi3fEfl5yZbfmwvwTOHjiArPJc_LuaoaINGe3gBTuFKDzmXjx_7jKtLitCUPl_6NNNuaWrPv3FyerAOX8yFK63et8pAC5-plVkd_Y8kgoaTZKNm6L4vrZqaqrd9YQux7ITT-pztT_aH3d6FZCOW2X3zUGHBG17y10DSRU7vrl8SbqUInVqQ6x3mZPbLGoiC64oD5Onu9zFBOjtmyI49ytKrHXVAJzMIUSXISoTKO2jhlkKoWsFPKOvMDAQcPQQVL7Gn5rELkB8IFoiylY9SVRzl3XqTTHC0MgiGX6m4uMEJ_JZ1DWAY-JJGR9MojtumLEMEiS2hcwedNy1QCBFy5VipWnohQbytSWnvsr31iLtdsNViAfYSjTnFgfegWPsgy3DjyMKwTncomY-MyGUzvgnW12EJV2RGGuorCDPMzFiD0vni3w5FlV9qgCi9cq12zee19vZefv5RewXV56THfD_qQ9S-WGO4Bbi_OPbdmrFa05TTkc6L_p26g7MV7PjFDN_aU1wmOeGTGIZdmrOe57HayJt66mcNNu_GE_MKm5fiQhl7h4uWTY9j4rn3ul_2CGkOe-6V-S-JHHIAna6xh6jrrB8wlHb7AZkp5MgMUo0VyEFi6qsDA7A-T3IqRo8g_o7y6VBbTAIhGjjjStQLVq1Nf7huN9Grm3A6B6X_tDzUqzuVNczb8Cb59YpNMIgwkYqrJ_mCI2zPC2vGKOS-NrLVtF61lMIGqoG9PlbogxX_m_UKNKLPfWksEyp0Y4_NCKj2N-9VxRSYDrdZ1guVPzHlBKC_BP1MsS-TM0iSI8LLuob4ZXckaKOuZb&sai=AMfl-YQRAQ0YqY_rsQoJjZDNbyS3smQWOEqPkkByVjdtI5J84be_A_8yFEKMAq7RqKiizPWd8VcDjkDFcurvGdJp3M-2Tj-UnDjPrHgjkJpz9FQXq_2GWZXokq2IRkOZPWc54cPdc_82ihpDn_YShz2J1rdf9eIpoxbNPdQgKeYot1xuDPnHAKbqYVmmuES0GdLYy4Cj-rqa1S20laxfxaUFD_WUE6sbB278SAT1RU8XXXQp8oyRKVDYp9P888F50SdJMn0tZrhu_qs7cXP2MJ7G&sig=Cg0ArKJSzKHsG1xClPG9EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&sdkv=h.3.547.0&adurl=
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsvX-TpSFL6KfU1c-V7vWqNJR3J-KWpwX-crq22JqXhA6301QpI8CQiKWXRXWsIASvretbiHyWxEDZBks_vjZmZZzpbtNtg4DUtcAh4-CA-LZIqj7cI6GmL6JihaP_ejHE1SP_zswNkiGY4Nd6M24pydNloEtWmHbWpre81ZEexN_jOxiEEHGb0WJhHcuWe7Iv3i1p_7wWZL-hcxUhDs4lvdlbpevUqD2CO4OKGtyWS9YeiVFTDR5mEmvvZIQy7GDwC3vXNqEbBNqzbiXIM4WCHggtusiZVebi_V89R-22ERtsxlrhodePkGQ0SgWVYgMjkmkEtPJacqQSbcIuk8jwe_fZG03uaHygqOUG3SEZSTCDv58GWEjynFaxX3ycRK2OeaYFM5p0Yqe38WoCeiSKRYWsVeYuUdLze3rysLeH9ulcR1MYRDi3fEfl5yZbfmwvwTOHjiArPJc_LuaoaINGe3gBTuFKDzmXjx_7jKtLitCUPl_6NNNuaWrPv3FyerAOX8yFK63et8pAC5-plVkd_Y8kgoaTZKNm6L4vrZqaqrd9YQux7ITT-pztT_aH3d6FZCOW2X3zUGHBG17y10DSRU7vrl8SbqUInVqQ6x3mZPbLGoiC64oD5Onu9zFBOjtmyI49ytKrHXVAJzMIUSXISoTKO2jhlkKoWsFPKOvMDAQcPQQVL7Gn5rELkB8IFoiylY9SVRzl3XqTTHC0MgiGX6m4uMEJ_JZ1DWAY-JJGR9MojtumLEMEiS2hcwedNy1QCBFy5VipWnohQbytSWnvsr31iLtdsNViAfYSjTnFgfegWPsgy3DjyMKwTncomY-MyGUzvgnW12EJV2RGGuorCDPMzFiD0vni3w5FlV9qgCi9cq12zee19vZefv5RewXV56THfD_qQ9S-WGO4Bbi_OPbdmrFa05TTkc6L_p26g7MV7PjFDN_aU1wmOeGTGIZdmrOe57HayJt66mcNNu_GE_MKm5fiQhl7h4uWTY9j4rn3ul_2CGkOe-6V-S-JHHIAna6xh6jrrB8wlHb7AZkp5MgMUo0VyEFi6qsDA7A-T3IqRo8g_o7y6VBbTAIhGjjjStQLVq1Nf7huN9Grm3A6B6X_tDzUqzuVNczb8Cb59YpNMIgwkYqrJ_mCI2zPC2vGKOS-NrLVtF61lMIGqoG9PlbogxX_m_UKNKLPfWksEyp0Y4_NCKj2N-9VxRSYDrdZ1guVPzHlBKC_BP1MsS-TM0iSI8LLuob4ZXckaKOuZb&sai=AMfl-YQRAQ0YqY_rsQoJjZDNbyS3smQWOEqPkkByVjdtI5J84be_A_8yFEKMAq7RqKiizPWd8VcDjkDFcurvGdJp3M-2Tj-UnDjPrHgjkJpz9FQXq_2GWZXokq2IRkOZPWc54cPdc_82ihpDn_YShz2J1rdf9eIpoxbNPdQgKeYot1xuDPnHAKbqYVmmuES0GdLYy4Cj-rqa1S20laxfxaUFD_WUE6sbB278SAT1RU8XXXQp8oyRKVDYp9P888F50SdJMn0tZrhu_qs7cXP2MJ7G&sig=Cg0ArKJSzKHsG1xClPG9EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&sdkv=h.3.547.0&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Fri, 02 Dec 2022 20:55:14 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 21:10:14 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 02 Dec 2022 20:55:14 GMT
X-Firefox-Spdy: h2
ad.doubleclick.net/ddm/trackimp/N468401.3446421DISPLAY360/B22920954.353495029;dc_trk_aid=544408964;dc_trk_cid=183216483;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
142.250.74.166200 OK 42 B URL HTTP/2 ad.doubleclick.net/ddm/trackimp/N468401.3446421DISPLAY360/B22920954.353495029;dc_trk_aid=544408964;dc_trk_cid=183216483;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
IP 142.250.74.166:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ddm/trackimp/N468401.3446421DISPLAY360/B22920954.353495029;dc_trk_aid=544408964;dc_trk_cid=183216483;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 20:55:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 21:10:14 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
15.235.85.92204 No Content 1 B URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
IP 15.235.85.92:0
File type very short file (no magic)
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
OPTIONS /uploads/videos/16552732563362a977286fb00.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 20:55:14 GMT
Connection: keep-alive
Expires: Sat, 02 Dec 2023 20:55:14 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
15.235.85.92200 OK 1.3 kB URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
IP 15.235.85.92:0
Hash e4fa2d0ca2740699f072678c596e61bf
e93ebc97eae0ed2e360d06189cdc6b7fb0eb74cd
52d0c8c1a160dd54f991f9e88520769e0476ba00c6f19d9767ce5d11936f1e0f
GET /uploads/videos/16552732563362a977286fb00.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 20:55:14 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Fri, 29 Jul 2022 23:17:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e46a6c-25b6"
Expires: Sat, 02 Dec 2023 20:55:14 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
csi.gstatic.com/csi?v=2&s=ima&puid=1~lb6ziqwr&c=1932371246244&slotId=966185623122&qqid=CLPl1e7o2_sCFd5AHgId54oK9g&gqid=MWaKY6ugD8vKZcXEmcgD&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&wta=1&ghmsh_eids=44748969%2C44750822%2C44752711%2C44765701&vmfc=3&vhc=0&ccc=1&ccrh=0&ccri=0&ccrs=1&ccru=0&ccrhc=false
108.177.119.94204 No Content 1 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&puid=1~lb6ziqwr&c=1932371246244&slotId=966185623122&qqid=CLPl1e7o2_sCFd5AHgId54oK9g&gqid=MWaKY6ugD8vKZcXEmcgD&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&wta=1&ghmsh_eids=44748969%2C44750822%2C44752711%2C44765701&vmfc=3&vhc=0&ccc=1&ccrh=0&ccri=0&ccrs=1&ccru=0&ccrhc=false
IP 108.177.119.94:0
File type very short file (no magic)
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
POST /csi?v=2&s=ima&puid=1~lb6ziqwr&c=1932371246244&slotId=966185623122&qqid=CLPl1e7o2_sCFd5AHgId54oK9g&gqid=MWaKY6ugD8vKZcXEmcgD&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&wta=1&ghmsh_eids=44748969%2C44750822%2C44752711%2C44765701&vmfc=3&vhc=0&ccc=1&ccrh=0&ccri=0&ccrs=1&ccru=0&ccrhc=false HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Fri, 02 Dec 2022 20:55:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lb6ziq99&c=1932371246244&slotId=966185623122&eee=missing-element&bi=missing-id
108.177.119.94204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lb6ziq99&c=1932371246244&slotId=966185623122&eee=missing-element&bi=missing-id
IP 108.177.119.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&top=1&puid=1~lb6ziq99&c=1932371246244&slotId=966185623122&eee=missing-element&bi=missing-id HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: *
date: Fri, 02 Dec 2022 20:55:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
15.235.85.92204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
IP 15.235.85.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /uploads/videos/16552732563362a977286fb00.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 20:55:14 GMT
Connection: keep-alive
Expires: Sat, 02 Dec 2023 20:55:14 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
15.235.85.92206 Partial Content 259 kB URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
IP 15.235.85.92:0
Size 259 kB (258688 bytes)
Hash 83788bd4cc603c61f79c652266ad1647
71e8aee6ef1aa1b667796c87d267187a7b3a136f
565960ae5ab4cb3ddd2eb5f29e1be7eba68ef345f09fca29b40bb6b248334ef4
GET /uploads/videos/16552732563362a977286fb00.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-258687
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 20:55:14 GMT
Content-Type: video/mp2t
Content-Length: 258688
Last-Modified: Fri, 29 Jul 2022 23:17:00 GMT
Connection: keep-alive
ETag: "62e46a6c-17b6408"
Expires: Sat, 02 Dec 2023 20:55:14 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-258687/24863752
cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/games/nutaku/multi/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:12 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 15 Sep 2022 10:38:26 GMT
etag: W/"632300a2-514"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 02 Dec 2022 21:55:12 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
IP 172.64.108.13:0
GET /sb/notifications/games/nutaku/multi/2/css/styles.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:12 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 08:03:32 GMT
etag: W/"632ac554-2c89"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 979293
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OVRoWf%2FwLQlSYt2u0ov40AFZY%2BidZy1IZR%2BqzcodTtMmMLlR6434m5wnTaGKolIyA4UMikwztFhTPa877J6%2B4jiRRv0pbxcdf%2BmYub4iz7YflbMbPqJHa8mk0ciKKVDGNon1ur1I7NXO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736f64efdca7705-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.104.3200 OK 0 B IP 172.64.104.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 126
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:10 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=18v7tQ%2BSCtQTrkUXS4DOMt%2Fjb50IHFIdvTrJtx3PZJQp86877%2BCY4PoGxQxuC%2FMZ1e%2FytjEfb8Nh9GoD%2BvKdACmfDyM2Kv0MeVxR2tFFChKnaBQbUiTT9Pgl7UlfkPqVsH2C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7736f63f9d38d188-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
104.21.234.92200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 104.21.234.92:0
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:10 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 521203f4d1300ac5ffd36920a746cf4b
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 02 Dec 2022 20:55:10 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1bfuqHF3UjE44HGmahLaZuZSNRuqRZnAx0QjyrEH5fvl5vSJB5OLWjXAt0C%2B6gpYIFNTFMD1UzCLz1E7gxhaD3h5IuZr2M3%2FudwVJdhLp4LNoLe0OQY2BZ51IyUyoSg2Npgmqss%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736f6434c58bc9d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
IP 172.64.108.13:0
GET /sb/notifications/games/nutaku/multi/2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:12 GMT
content-type: application/javascript
last-modified: Thu, 18 Aug 2022 08:55:27 GMT
etag: W/"62fdfe7f-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1494119
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vJMuO2Tz8C7LzfO%2BPrfTX0Z7iaaACyqTcCuCsbEMQ%2B63UPmkFPphCMrZALl1%2B8eQ1KBR25yg821WzJv44voKuRO64ymLW1B56zGUsztaeini5z01bqFjZXadbHnn58HFHg33W8wmUm5I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736f64f3ad075cc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
IP 172.64.108.13:0
GET /sb/notifications/games/nutaku/multi/2/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:12 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Aug 2022 08:55:17 GMT
etag: W/"62fdfe75-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1494119
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NCU70WD0q6%2F1%2FhR0FbefqBb4PI3wT3yNiiGuE1rZEQ1IHUiMjipo1FxThUzq8HfLu8KvLpsUqJW5pJMq2TV34oNWjnGkP1nzzeReiHJtKLygHChibyMHjSomw0CsJIzoXbY5D3rYC5pb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736f64f6b0875cc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
IP 172.64.108.13:0
GET /sb/notifications/games/nutaku/multi/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:12 GMT
content-type: text/css
last-modified: Thu, 15 Sep 2022 10:38:28 GMT
etag: W/"632300a4-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 979293
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uHDwM1ekGFhpfh5ZsWmfoaaYY3HFfQw%2BMRf0vPZ%2FxDcI6A7FqqIdrtQTO72f3Gn%2BWNijcRzwheZHNsKBLxR1PQ44UAzme18Wd5LcoJNE3Ot8is2%2BLfvzF1EWmgqrgRNa%2BDhD05MaM%2FVl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736f64f0def7705-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
188.114.96.1200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP 188.114.96.1:0
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:09 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2097
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tkfACMICqVbT1sg8ZNGo%2FY8mmf%2B5X0CjZYFo%2FCc8eU5Ebj65JZfYqrbAjbWx0XeaJmVJMRTBGfHRdPYEfDC%2FWp%2Bc%2FDa9RGobcaHpKyVY1gtNUpE6LnJnVcTFEfMaGPZgUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736f63e1a53fac8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.vdo.ai/core/v-exee-app/vdo.ai.js
172.64.104.3200 OK 0 B URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP 172.64.104.3:0
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:09 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.2.30
vdo-server: Tag3
x-varnish: 1470530 2015136
age: 138
via: 1.1 varnish-v4
x-cache: HIT
cache-control: max-age=1800
cf-cache-status: HIT
last-modified: Fri, 02 Dec 2022 20:52:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rF7A1wQUFO%2B7eTZAYW%2F%2FnD1XMGPnOoeHTYdR0ZSInoyAEm7mu1KOhJlis6O0vyQR114y%2BW0XKJBG04yL56DPtadKYHyYwFB9yDLOJD2itRqmZsL2gR4wcZYy6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7736f63e7cff8880-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:09 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1141
last-modified: Fri, 02 Dec 2022 20:36:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tSkzJW5sUo9NGJq5EjUQ2q6OJ8lanGweYmjlq90efraoR3sHDZ36OHBsNNQXHIMNuWEGdJ6dkqS0cp8WP392EX5pfrP2KflpLlKpT9Ka4lg5kxZM0rsMaKKxOXDHlisZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736f63f4cfb776b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/main.js
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/main.js
IP 172.64.108.13:0
GET /sb/notifications/games/nutaku/multi/2/js/main.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 20:55:12 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:29:33 GMT
etag: W/"632abd5d-20ea"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 979293
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=saU671rqA2gh4ASabPCceItRIyQEJ2teK7TBty1WdIYpim6cNghtmNMvF58jPVfi%2FMA4nKKFKk00RkLFTdlzrRRAqAJhoa4kzKYOvMxpPqGsUjvQlhxlPtTDPhJhs9rRsDbKzRYuGd%2Bd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7736f64fcfdf7705-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2