exe.io/st?api=f7c1724294337686fddc64d196d06fbbaeed080f&url=ouo.io/qs/irsDdjT0?s=https://www.fireload.com/d7c6a032f64ec6ff/24.0.1.112.X64.part1.rar
172.67.71.40301 Moved Permanently 0 B URL HTTP/1.1 exe.io/st?api=f7c1724294337686fddc64d196d06fbbaeed080f&url=ouo.io/qs/irsDdjT0?s=https://www.fireload.com/d7c6a032f64ec6ff/24.0.1.112.X64.part1.rar
IP 172.67.71.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?api=f7c1724294337686fddc64d196d06fbbaeed080f&url=ouo.io/qs/irsDdjT0?s=https://www.fireload.com/d7c6a032f64ec6ff/24.0.1.112.X64.part1.rar HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 30 Nov 2022 20:59:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 30 Nov 2022 21:59:04 GMT
Location: https://exe.io/st?api=f7c1724294337686fddc64d196d06fbbaeed080f&url=ouo.io/qs/irsDdjT0?s=https://www.fireload.com/d7c6a032f64ec6ff/24.0.1.112.X64.part1.rar
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LZNDVdZO0jmyjORpZfXRRPpIIGupxDq4R2W%2FRjdHrXr7dDjhywxA%2FdmCtxHF1JPJquLpOE1OjtrxDKkS0cFi%2BF2v%2FrRocWmY0ErDw0et7V2uuZjan0asDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7726813bab9db4f7-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10275
Expires: Wed, 30 Nov 2022 23:50:20 GMT
Date: Wed, 30 Nov 2022 20:59:05 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f3cf023c797da81728c0ac84c8759331
fa07c5e39e4b0741ea484101cccb2202acea9d9c
5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 430
Cache-Control: max-age=135564
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:05 GMT
Etag: "638730f7-1d7"
Expires: Fri, 02 Dec 2022 10:38:29 GMT
Last-Modified: Wed, 30 Nov 2022 10:31:19 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 20:19:43 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2362
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 0d8583e2c4ab7282a085c4ded44e57f7
94f970057f5155e8cfbefebcea7638da68518bce
12ad46bdae898050b5a495c47f0bccbf961207e6ca889441f5c8bc43aeaac605
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5795
Cache-Control: max-age=92334
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:05 GMT
Etag: "63867324-118"
Expires: Thu, 01 Dec 2022 22:37:59 GMT
Last-Modified: Tue, 29 Nov 2022 21:01:24 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8910
Expires: Wed, 30 Nov 2022 23:27:35 GMT
Date: Wed, 30 Nov 2022 20:59:05 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: GwEVMpD4fXdmhfvqHAhvYyerY9q1+YHv1wGECXbWggP6UcFSalBomHhfKQNXtvXTUJDQa+krXDc=
x-amz-request-id: RS6FK81DMRGWDDFW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 20:46:00 GMT
age: 785
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:59:05 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 0d8583e2c4ab7282a085c4ded44e57f7
94f970057f5155e8cfbefebcea7638da68518bce
12ad46bdae898050b5a495c47f0bccbf961207e6ca889441f5c8bc43aeaac605
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5795
Cache-Control: max-age=92334
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:05 GMT
Etag: "63867324-118"
Expires: Thu, 01 Dec 2022 22:37:59 GMT
Last-Modified: Tue, 29 Nov 2022 21:01:24 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 20:11:14 GMT
cache-control: public,max-age=3600
age: 2871
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1934a261f7e042e1bd80f832c3aa0243
330b9d8f9a3ef1b32a8b788895a31e13aa09b39f
66a647639cf87ed0633d0a9b58779e5989a2aed1881804dceb3cf97c11459824
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "66A647639CF87ED0633D0A9B58779E5989A2AED1881804DCEB3CF97C11459824"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19232
Expires: Thu, 01 Dec 2022 02:19:38 GMT
Date: Wed, 30 Nov 2022 20:59:06 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cfdd00e67ee6ca21712b867eb5288ab6
b61d5d6ec3b7ad71619e13e32c87f2d01871b88a
f740cac6dfedc1bf0f82efb10dac4f6ffb22f9bb5d4a9b68a4cd971dd2f65793
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 461
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:06 GMT
Last-Modified: Wed, 30 Nov 2022 20:51:25 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1934a261f7e042e1bd80f832c3aa0243
330b9d8f9a3ef1b32a8b788895a31e13aa09b39f
66a647639cf87ed0633d0a9b58779e5989a2aed1881804dceb3cf97c11459824
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "66A647639CF87ED0633D0A9B58779E5989A2AED1881804DCEB3CF97C11459824"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19232
Expires: Thu, 01 Dec 2022 02:19:38 GMT
Date: Wed, 30 Nov 2022 20:59:06 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 146dac10a93604a686550631e14eefb9
b4af601ce6d515d9ec124938ce626060e0d43099
bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 33f732b4dfbd5fb3ed7345eba2896fe6
2652f214cf7127302cc65b1d4e42f48a80907d5d
904ce722469d356f8ec20c14bd51ca3ce459012ea0869f7d14821a963310a494
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4db6adb68d974d4a5343eda081abb131
542d171f9aefecdd8b6b4eb8070f4a063ee90a62
5822f506962c5b9c376cd4da49a074f37740776b4871bb6745c4453c359e27f3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5822F506962C5B9C376CD4DA49A074F37740776B4871BB6745C4453C359E27F3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12685
Expires: Thu, 01 Dec 2022 00:30:31 GMT
Date: Wed, 30 Nov 2022 20:59:06 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 44 kB IP 142.250.74.131:0
Hash af08f15c7d8d26da5966a3be24a2ed0a
416cef59fb8c0a1262ca56086c0ea3432f836fbf
917bae169d996329918ca0bab025688e515e563728502261b0a23b389f45b1db
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
142.250.74.40200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP 142.250.74.40:0
File type ASCII text, with very long lines (1921)
Hash a98eaaa8cd98325b2d6b16809d84c6a7
74610cc69bcd0b55c0d19d1247ea9a55d9243a0c
94c8ebbc8b3213d29d81e383ee85e74a335ae80cd658ab50e2df2ca7e15d69cc
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 30 Nov 2022 20:59:06 GMT
expires: Wed, 30 Nov 2022 20:59:06 GMT
cache-control: private, max-age=900
last-modified: Wed, 30 Nov 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43582
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4db6adb68d974d4a5343eda081abb131
542d171f9aefecdd8b6b4eb8070f4a063ee90a62
5822f506962c5b9c376cd4da49a074f37740776b4871bb6745c4453c359e27f3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5822F506962C5B9C376CD4DA49A074F37740776B4871BB6745C4453C359E27F3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12685
Expires: Thu, 01 Dec 2022 00:30:31 GMT
Date: Wed, 30 Nov 2022 20:59:06 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 33f732b4dfbd5fb3ed7345eba2896fe6
2652f214cf7127302cc65b1d4e42f48a80907d5d
904ce722469d356f8ec20c14bd51ca3ce459012ea0869f7d14821a963310a494
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c0fe3ea3107148f5b0eb2714d6980799
637361c3605324a34d270bec2f66c575f9a9fd3e
2e0e575bf950a0e4a55cbfb8c17840142f12cfdd8645a97943950ef8e9b40b4a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5884
Cache-Control: max-age=139549
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:06 GMT
Etag: "63872b3b-117"
Expires: Fri, 02 Dec 2022 11:44:55 GMT
Last-Modified: Wed, 30 Nov 2022 10:06:51 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
push.services.mozilla.com/
52.42.234.253101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.234.253:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2AAlCDBwIlwRYzwKyDY6eg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: E9tFqmzzCX+OBnjaTA6XnDMVtTE=
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 72ab5ab4e6412a632523b1978a2b57f7
00e035cd3b789b399acf422415cbbb97380cd20a
3f20c462cabbacb6ff10b65faac69b0e9123c00f55e1dc201aca795e0fb911dc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3F20C462CABBACB6FF10B65FAAC69B0E9123C00F55E1DC201ACA795E0FB911DC"
Last-Modified: Wed, 30 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17887
Expires: Thu, 01 Dec 2022 01:57:13 GMT
Date: Wed, 30 Nov 2022 20:59:06 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 40ce48359a1c3a5f1a0347a5e1aa6cbe
50e7a1e47058334ce76d640feca3cfd616e69c18
f72a564ba72dccd6b3b12d077276ed88cf244d8439c1980eecefef9c2948baec
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F72A564BA72DCCD6B3B12D077276ED88CF244D8439C1980EECEFEF9C2948BAEC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2110
Expires: Wed, 30 Nov 2022 21:34:16 GMT
Date: Wed, 30 Nov 2022 20:59:06 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 72ab5ab4e6412a632523b1978a2b57f7
00e035cd3b789b399acf422415cbbb97380cd20a
3f20c462cabbacb6ff10b65faac69b0e9123c00f55e1dc201aca795e0fb911dc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3F20C462CABBACB6FF10B65FAAC69B0E9123C00F55E1DC201ACA795E0FB911DC"
Last-Modified: Wed, 30 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17887
Expires: Thu, 01 Dec 2022 01:57:13 GMT
Date: Wed, 30 Nov 2022 20:59:06 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 40ce48359a1c3a5f1a0347a5e1aa6cbe
50e7a1e47058334ce76d640feca3cfd616e69c18
f72a564ba72dccd6b3b12d077276ed88cf244d8439c1980eecefef9c2948baec
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F72A564BA72DCCD6B3B12D077276ED88CF244D8439C1980EECEFEF9C2948BAEC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2110
Expires: Wed, 30 Nov 2022 21:34:16 GMT
Date: Wed, 30 Nov 2022 20:59:06 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 72ab5ab4e6412a632523b1978a2b57f7
00e035cd3b789b399acf422415cbbb97380cd20a
3f20c462cabbacb6ff10b65faac69b0e9123c00f55e1dc201aca795e0fb911dc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3F20C462CABBACB6FF10B65FAAC69B0E9123C00F55E1DC201ACA795E0FB911DC"
Last-Modified: Wed, 30 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17887
Expires: Thu, 01 Dec 2022 01:57:13 GMT
Date: Wed, 30 Nov 2022 20:59:06 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 608e4d04a251ebcd51660e801f388303
fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d
cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 608e4d04a251ebcd51660e801f388303
fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d
cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:52:41 GMT
expires: Tue, 28 Nov 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 180385
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
142.250.74.35200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:56:05 GMT
expires: Tue, 28 Nov 2023 18:56:05 GMT
cache-control: public, max-age=31536000
age: 180181
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c0fe3ea3107148f5b0eb2714d6980799
637361c3605324a34d270bec2f66c575f9a9fd3e
2e0e575bf950a0e4a55cbfb8c17840142f12cfdd8645a97943950ef8e9b40b4a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5884
Cache-Control: max-age=139549
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:06 GMT
Etag: "63872b3b-117"
Expires: Fri, 02 Dec 2022 11:44:55 GMT
Last-Modified: Wed, 30 Nov 2022 10:06:51 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
cdntechone.com/stattag.js
172.67.149.153200 OK 5.2 kB URL HTTP/2 cdntechone.com/stattag.js
IP 172.67.149.153:0
File type ASCII text, with very long lines (12932), with no line terminators
Hash f95c022a04e2db37f1c70a2aaa22b40e
51a3a1c1478758643f5d7640d4e47aaa7ca2706e
abae49d4662d898deb06ea45753842e4b4288b67107574b0ed74a99d44e2a136
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:06 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2418
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hBpILuT%2FIKTACgAFwMVen74PZq9wqDfco4bX3p4pNZrPcyXppEsmcZoX8d9SYNoKev9oRfB3D0GXfHDaTd2U%2Fbz0OPNPImP5gQ%2BI6%2BVz9BgzUovAtrwXkB3fGCbbCanUyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77268144ad61b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
terialnevitiesini.com/bnRpMkUPFgpfeg9JCxQwHBhUF3coUVt0IV0AUQUqARtZBHxZBFEcJgIbHFYjHBsHRmsAER0Xdyg8JmYEFC0/aCQ2RVl6JDtFM2R0FgEoYy4mIy57IzkfKH0KKx8nZSwdDT13D1o5DnASLzModCYrRSJkdBYZIQM9PTATdwAoGDBiCz8lK3QULw0+RXUmJhB4DzZFAVEPBUUuZSIJAj1nLQ8xWnAIOyVdfwo7OjNqMl5HIXMPXyIhVQ8oJS9gIwVBM2oUO0E9WQg5IVtoHTw2M2YfCRMoehMoDipcDDkhW2gKOSJYahwGAy1REDwfKmciKCIxfw4NHERoETQfHXUDAj0xcQQvMz0AHD8yOHQXIyIRZhIvQRNxdjc2PGUmJDUoeBc0DB5xBBkXTAADPUU/ZAEHQApzKzglM1UyCzVZUS8sNSwULx0bB0J4Bz4NRzclJz9ddT0Q
54.230.111.63200 OK 1.2 kB URL HTTP/2 terialnevitiesini.com/bnRpMkUPFgpfeg9JCxQwHBhUF3coUVt0IV0AUQUqARtZBHxZBFEcJgIbHFYjHBsHRmsAER0Xdyg8JmYEFC0/aCQ2RVl6JDtFM2R0FgEoYy4mIy57IzkfKH0KKx8nZSwdDT13D1o5DnASLzModCYrRSJkdBYZIQM9PTATdwAoGDBiCz8lK3QULw0+RXUmJhB4DzZFAVEPBUUuZSIJAj1nLQ8xWnAIOyVdfwo7OjNqMl5HIXMPXyIhVQ8oJS9gIwVBM2oUO0E9WQg5IVtoHTw2M2YfCRMoehMoDipcDDkhW2gKOSJYahwGAy1REDwfKmciKCIxfw4NHERoETQfHXUDAj0xcQQvMz0AHD8yOHQXIyIRZhIvQRNxdjc2PGUmJDUoeBc0DB5xBBkXTAADPUU/ZAEHQApzKzglM1UyCzVZUS8sNSwULx0bB0J4Bz4NRzclJz9ddT0Q
IP 54.230.111.63:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3042), with no line terminators
Hash 7ec32171218dbcf3720da15e1c43b8d6
7162177bc1601353a7a060af73292dc23c756173
91b2981d3149f38599c86efef2386a31dcd2222e1e0b4c30097717c5525fbd89
GET /bnRpMkUPFgpfeg9JCxQwHBhUF3coUVt0IV0AUQUqARtZBHxZBFEcJgIbHFYjHBsHRmsAER0Xdyg8JmYEFC0/aCQ2RVl6JDtFM2R0FgEoYy4mIy57IzkfKH0KKx8nZSwdDT13D1o5DnASLzModCYrRSJkdBYZIQM9PTATdwAoGDBiCz8lK3QULw0+RXUmJhB4DzZFAVEPBUUuZSIJAj1nLQ8xWnAIOyVdfwo7OjNqMl5HIXMPXyIhVQ8oJS9gIwVBM2oUO0E9WQg5IVtoHTw2M2YfCRMoehMoDipcDDkhW2gKOSJYahwGAy1REDwfKmciKCIxfw4NHERoETQfHXUDAj0xcQQvMz0AHD8yOHQXIyIRZhIvQRNxdjc2PGUmJDUoeBc0DB5xBBkXTAADPUU/ZAEHQApzKzglM1UyCzVZUS8sNSwULx0bB0J4Bz4NRzclJz9ddT0Q HTTP/1.1
Host: terialnevitiesini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1191
date: Wed, 30 Nov 2022 20:59:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Uy_31kMxUTVgtAThC5rWOpM6yD3B9-5Sxa4YWfriR8Y3y3tVv_dEgQ==
X-Firefox-Spdy: h2
terialnevitiesini.com/utx?cb=6oETyF3fv0ts&top=exee.app&tid=889494
54.230.111.63204 No Content 0 B URL HTTP/2 terialnevitiesini.com/utx?cb=6oETyF3fv0ts&top=exee.app&tid=889494
IP 54.230.111.63:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=6oETyF3fv0ts&top=exee.app&tid=889494 HTTP/1.1
Host: terialnevitiesini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 30 Nov 2022 20:59:06 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 30 Nov 2022 21:00:06 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: E8AA-JUJrGqHj8w6C_aW7DPIGZZ2wChHGJfExuhgrDDIaTAy5nvJKw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 608e4d04a251ebcd51660e801f388303
fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d
cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
terialnevitiesini.com/Vmw1V1Q3DlY6azdRV3EhJAAIcmYQSQcRMGUYDWA7OQMFYW1hHA15NzoDQDMyJANbI3o4CUFyZhA0YgBkZQhiBmIXAF4DAy9ccAJkPg9UZmwVPgQVcWQqd2cFNy9cOwUPFAEgHCE6UhI9Zi5iAgICKXYaHhUHYxQaBxRvEjg6SQcRFxAHYgADPiBjPxERNnM8Bhc+ZGUWMQNzEhduKW0wIwclZAUSAxRwYwEQA1QfPhcuYi8GFA1MJBcBXWdvDCEIURIuFyhgLzsCJ14wEgQ9WiMHFzpzAQM6KHdmFg4rBTASBD54IBUhKncGAzkacDwwAyVjJBADKlY1BxdBYxESP1V8FRAEOlQBMww+YGZsDhtWBBUCA3IAEhQ7fWZsHj5zBSQOLVESBQEYUQIGITtlFiAPKGARJh0bbxEBDghREgUUNlQWcjwfWjkkazheAxI+O1IeDGIe
54.230.111.63200 OK 1.2 kB URL HTTP/2 terialnevitiesini.com/Vmw1V1Q3DlY6azdRV3EhJAAIcmYQSQcRMGUYDWA7OQMFYW1hHA15NzoDQDMyJANbI3o4CUFyZhA0YgBkZQhiBmIXAF4DAy9ccAJkPg9UZmwVPgQVcWQqd2cFNy9cOwUPFAEgHCE6UhI9Zi5iAgICKXYaHhUHYxQaBxRvEjg6SQcRFxAHYgADPiBjPxERNnM8Bhc+ZGUWMQNzEhduKW0wIwclZAUSAxRwYwEQA1QfPhcuYi8GFA1MJBcBXWdvDCEIURIuFyhgLzsCJ14wEgQ9WiMHFzpzAQM6KHdmFg4rBTASBD54IBUhKncGAzkacDwwAyVjJBADKlY1BxdBYxESP1V8FRAEOlQBMww+YGZsDhtWBBUCA3IAEhQ7fWZsHj5zBSQOLVESBQEYUQIGITtlFiAPKGARJh0bbxEBDghREgUUNlQWcjwfWjkkazheAxI+O1IeDGIe
IP 54.230.111.63:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3040), with no line terminators
Hash 381e6a268d6b5676c034fe3550c89667
cf965012805552f2a5033814da382323b176be79
4e0e8fa0134a379089fa0f1a7462f8c2a298a006e3e8b842a6e12fb6c3bdbee3
GET /Vmw1V1Q3DlY6azdRV3EhJAAIcmYQSQcRMGUYDWA7OQMFYW1hHA15NzoDQDMyJANbI3o4CUFyZhA0YgBkZQhiBmIXAF4DAy9ccAJkPg9UZmwVPgQVcWQqd2cFNy9cOwUPFAEgHCE6UhI9Zi5iAgICKXYaHhUHYxQaBxRvEjg6SQcRFxAHYgADPiBjPxERNnM8Bhc+ZGUWMQNzEhduKW0wIwclZAUSAxRwYwEQA1QfPhcuYi8GFA1MJBcBXWdvDCEIURIuFyhgLzsCJ14wEgQ9WiMHFzpzAQM6KHdmFg4rBTASBD54IBUhKncGAzkacDwwAyVjJBADKlY1BxdBYxESP1V8FRAEOlQBMww+YGZsDhtWBBUCA3IAEhQ7fWZsHj5zBSQOLVESBQEYUQIGITtlFiAPKGARJh0bbxEBDghREgUUNlQWcjwfWjkkazheAxI+O1IeDGIe HTTP/1.1
Host: terialnevitiesini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1187
date: Wed, 30 Nov 2022 20:59:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MnzKIR8TjGcUSUFHZsVpkcrJXsnuIL-EiLmpcpmOlTiaoYDkWPjIOQ==
X-Firefox-Spdy: h2
terialnevitiesini.com/Z2FVNWgGAzZYVwZcNxMdFQ1oEFohRGdzDFQVbQIHCA5lA1FQEW0bCwsOIFEOFQ47QUYJBCEQWiEJAwctEDMNcFgjDWFfPA4sHGMgDysMBCEkAmV3ECRRGEQgHgU2bRFTNR1xDC8pB3sCKzkQZiIkUWdUPyonGWQ9KQUDVl8mJ2FcPC8kEG0BPSwPXgw1KAd7GTEzDEItIA4YbRJfOBpCWTU4EHg6MSNgBD4gNwdyLC44GmQ+ASwyfxEyFhRHKj8rAXQgNSMwYy0xBT97ETIWFEwvIw0Ndy8lIhNgOSQFBFkAMTMDByVUKwF0LAQpNlkiHwUQcwEzFnh3GzEmA2c+HiAGZSlTNzFPDAs0BHNZNjYPZykwIxFvHwM7G005HyU+XQ82GRNkKS8jM29YAycwcClBCyZaBhdcOl4KLDcibQpTLRRiPR02DA
54.230.111.63200 OK 1.2 kB URL HTTP/2 terialnevitiesini.com/Z2FVNWgGAzZYVwZcNxMdFQ1oEFohRGdzDFQVbQIHCA5lA1FQEW0bCwsOIFEOFQ47QUYJBCEQWiEJAwctEDMNcFgjDWFfPA4sHGMgDysMBCEkAmV3ECRRGEQgHgU2bRFTNR1xDC8pB3sCKzkQZiIkUWdUPyonGWQ9KQUDVl8mJ2FcPC8kEG0BPSwPXgw1KAd7GTEzDEItIA4YbRJfOBpCWTU4EHg6MSNgBD4gNwdyLC44GmQ+ASwyfxEyFhRHKj8rAXQgNSMwYy0xBT97ETIWFEwvIw0Ndy8lIhNgOSQFBFkAMTMDByVUKwF0LAQpNlkiHwUQcwEzFnh3GzEmA2c+HiAGZSlTNzFPDAs0BHNZNjYPZykwIxFvHwM7G005HyU+XQ82GRNkKS8jM29YAycwcClBCyZaBhdcOl4KLDcibQpTLRRiPR02DA
IP 54.230.111.63:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3030), with no line terminators
Hash 5f121918f5772c209808e93633aaa511
204ee7470060515fef625749ac60df03df64473a
76fc846dff2602ebf64dadd466d730bcb5787cf750bd84a138ef844d3097168a
GET /Z2FVNWgGAzZYVwZcNxMdFQ1oEFohRGdzDFQVbQIHCA5lA1FQEW0bCwsOIFEOFQ47QUYJBCEQWiEJAwctEDMNcFgjDWFfPA4sHGMgDysMBCEkAmV3ECRRGEQgHgU2bRFTNR1xDC8pB3sCKzkQZiIkUWdUPyonGWQ9KQUDVl8mJ2FcPC8kEG0BPSwPXgw1KAd7GTEzDEItIA4YbRJfOBpCWTU4EHg6MSNgBD4gNwdyLC44GmQ+ASwyfxEyFhRHKj8rAXQgNSMwYy0xBT97ETIWFEwvIw0Ndy8lIhNgOSQFBFkAMTMDByVUKwF0LAQpNlkiHwUQcwEzFnh3GzEmA2c+HiAGZSlTNzFPDAs0BHNZNjYPZykwIxFvHwM7G005HyU+XQ82GRNkKS8jM29YAycwcClBCyZaBhdcOl4KLDcibQpTLRRiPR02DA HTTP/1.1
Host: terialnevitiesini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1183
date: Wed, 30 Nov 2022 20:59:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ER1_rentIuRqVa10G_hOGjj-hpIkGyy0B-amAWqch3jOBBN0MDc5tQ==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8c46da6bfb7c44896d7fd5eb8e8e1f00
6023f44329436f9b6942b31ad02c805c4001b3c3
a14f4d068457340a839d1988a3f11faefe54909aaba87a98633a001e53819d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A14F4D068457340A839D1988A3F11FAEFE54909AABA87A98633A001E53819D49"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2287
Expires: Wed, 30 Nov 2022 21:37:13 GMT
Date: Wed, 30 Nov 2022 20:59:06 GMT
Connection: keep-alive
labortiontrifee.com/eXJ5WVFWTRoqbCwlLzgCMTgRDAYNBSs0FywTMRsWICQrLDc8J18tOB1PQWtjTEBNfyEQFkRodwoGGC0kCk9IfzgXFBZkdw9PSHdiTVxKaH9IVAxkYF8GCTg2RENfKSUNHkRoZ09LQW1gQEZMaGFO
172.67.217.19204 No Content 0 B URL HTTP/2 labortiontrifee.com/eXJ5WVFWTRoqbCwlLzgCMTgRDAYNBSs0FywTMRsWICQrLDc8J18tOB1PQWtjTEBNfyEQFkRodwoGGC0kCk9IfzgXFBZkdw9PSHdiTVxKaH9IVAxkYF8GCTg2RENfKSUNHkRoZ09LQW1gQEZMaGFO
IP 172.67.217.19:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eXJ5WVFWTRoqbCwlLzgCMTgRDAYNBSs0FywTMRsWICQrLDc8J18tOB1PQWtjTEBNfyEQFkRodwoGGC0kCk9IfzgXFBZkdw9PSHdiTVxKaH9IVAxkYF8GCTg2RENfKSUNHkRoZ09LQW1gQEZMaGFO HTTP/1.1
Host: labortiontrifee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 30 Nov 2022 20:59:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9NtI5U2d%2FBOA9bTUnDIrR0OkXoKw9sEIjqz8iW4W4kXPudDuUAJbg3q%2FuWg2IHwkrgY7N2uKQaHizubi3MOO5u%2Bfj%2Fh%2Fh8MCh39h0MZxplTmDcamPTOdDgqF8Oq9pdybq8ehfcgw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772681459be1b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1941107888656c44ed84e98b515dd264
ea75e4a99ec553cf0539ab866b8174b9d01b91e4
1304be24714e48fb3996f6229bfbf0188ac7ad2292ecb5ebca5600005dffab1d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1304BE24714E48FB3996F6229BFBF0188AC7AD2292ECB5EBCA5600005DFFAB1D"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16770
Expires: Thu, 01 Dec 2022 01:38:36 GMT
Date: Wed, 30 Nov 2022 20:59:06 GMT
Connection: keep-alive
labortiontrifee.com/a2ExQVpEXlIyZz8NfxEAWTcIGDQTMGcZLgwHZwc5DgxndwwtURc1Mw9cCXljX1gFZyoCBQxwfBgVUDUvGFwAZzMFB158fB1cAG9pX08CcHRaR0R8a00VQSA9VlAXMS4fDQxwbF1YCXVrUlUEcG9f
172.67.217.19204 No Content 0 B URL HTTP/2 labortiontrifee.com/a2ExQVpEXlIyZz8NfxEAWTcIGDQTMGcZLgwHZwc5DgxndwwtURc1Mw9cCXljX1gFZyoCBQxwfBgVUDUvGFwAZzMFB158fB1cAG9pX08CcHRaR0R8a00VQSA9VlAXMS4fDQxwbF1YCXVrUlUEcG9f
IP 172.67.217.19:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a2ExQVpEXlIyZz8NfxEAWTcIGDQTMGcZLgwHZwc5DgxndwwtURc1Mw9cCXljX1gFZyoCBQxwfBgVUDUvGFwAZzMFB158fB1cAG9pX08CcHRaR0R8a00VQSA9VlAXMS4fDQxwbF1YCXVrUlUEcG9f HTTP/1.1
Host: labortiontrifee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 30 Nov 2022 20:59:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ViNWU%2BQNyMjytkD0EhpxcTUhKYeBLxCyaztafdmeSyVTCKKRLiOrViDCrc5R%2BXM7KV8lpHF3%2B8RZSinFADFsTNKte2ELqUQO6qten5AAVfbFI0%2BZO6M8cizZg%2BdGyHhEyry%2B1b7G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77268145ac02b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
labortiontrifee.com/VWp0NGN6VRdHXjEiBAE1OTwzZVM5AS5xNRo5RlAEBD8MfzoSCVJACjFXTABQZ1xFEhM8DkkFW3MZAFUXIBlJBUU8BBJbXnMcSQVNZURGGlFzH0kFRSEaFVNeZEwEQBc5V0UCVWxSQAVaYV9FAls
172.67.217.19204 No Content 0 B URL HTTP/2 labortiontrifee.com/VWp0NGN6VRdHXjEiBAE1OTwzZVM5AS5xNRo5RlAEBD8MfzoSCVJACjFXTABQZ1xFEhM8DkkFW3MZAFUXIBlJBUU8BBJbXnMcSQVNZURGGlFzH0kFRSEaFVNeZEwEQBc5V0UCVWxSQAVaYV9FAls
IP 172.67.217.19:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VWp0NGN6VRdHXjEiBAE1OTwzZVM5AS5xNRo5RlAEBD8MfzoSCVJACjFXTABQZ1xFEhM8DkkFW3MZAFUXIBlJBUU8BBJbXnMcSQVNZURGGlFzH0kFRSEaFVNeZEwEQBc5V0UCVWxSQAVaYV9FAls HTTP/1.1
Host: labortiontrifee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 30 Nov 2022 20:59:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=luANaE%2FmNX84CCdt4gJHMLw0esNmDMKFZtXWASD7P2pNIO8uDET5l5DwNyffGUfS3vihY4fzNqAbUutLxTqPsjkTBtG12T5RKT3u7TjGoV%2B7hia8b8aXje8co1h0QcM22Hdfvti0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77268145bc0eb4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 72ab5ab4e6412a632523b1978a2b57f7
00e035cd3b789b399acf422415cbbb97380cd20a
3f20c462cabbacb6ff10b65faac69b0e9123c00f55e1dc201aca795e0fb911dc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3F20C462CABBACB6FF10B65FAAC69B0E9123C00F55E1DC201ACA795E0FB911DC"
Last-Modified: Wed, 30 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17887
Expires: Thu, 01 Dec 2022 01:57:13 GMT
Date: Wed, 30 Nov 2022 20:59:06 GMT
Connection: keep-alive
fn.deulspoorn.com/1clkn/29529
23.109.87.55200 OK 26 B URL HTTP/1.1 fn.deulspoorn.com/1clkn/29529
IP 23.109.87.55:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: fn.deulspoorn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 20:59:06 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Thu, 01-Dec-2022 20:59:06 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Thu, 01-Dec-2022 20:59:06 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
d3t87ooo0697p8.cloudfront.net/HOTAzYVZaX10HaU1ZV1xuAQkHWGIfWkAOOEkNWisyTEJ4MgBWAGAFcE1KV1xmH1xSDzEEFlYPNQQBFQAyWw0HRyJJX1hcJk1GWggvTUhaE3BMUQ4MOUNZXw03HAJ1VHgJFQFRfk5ZXQU5TkMWU2ZXRBZTZggAHVFzCnIWU2ZOWV1XYhwDcURkCUgFVXMKch-ZTZktGFlIXCAAGT2YQFQFRMVxTWA5zC3YBUWcJAAJRZxwCAwc/S1VVDi4cAnVQZgweA0cjBAE
108.157.232.46200 OK 635 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/HOTAzYVZaX10HaU1ZV1xuAQkHWGIfWkAOOEkNWisyTEJ4MgBWAGAFcE1KV1xmH1xSDzEEFlYPNQQBFQAyWw0HRyJJX1hcJk1GWggvTUhaE3BMUQ4MOUNZXw03HAJ1VHgJFQFRfk5ZXQU5TkMWU2ZXRBZTZggAHVFzCnIWU2ZOWV1XYhwDcURkCUgFVXMKch-ZTZktGFlIXCAAGT2YQFQFRMVxTWA5zC3YBUWcJAAJRZxwCAwc/S1VVDi4cAnVQZgweA0cjBAE
IP 108.157.232.46:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 3f2cd7f4907b136a77a648d01e21b905
364f5ea0fef19f13ad2866be0da1d67c18ab05c0
477b3341fc8f40a27260d63fe890e7385c573de3823fa6201e02f68a6728e5cf
GET /HOTAzYVZaX10HaU1ZV1xuAQkHWGIfWkAOOEkNWisyTEJ4MgBWAGAFcE1KV1xmH1xSDzEEFlYPNQQBFQAyWw0HRyJJX1hcJk1GWggvTUhaE3BMUQ4MOUNZXw03HAJ1VHgJFQFRfk5ZXQU5TkMWU2ZXRBZTZggAHVFzCnIWU2ZOWV1XYhwDcURkCUgFVXMKch-ZTZktGFlIXCAAGT2YQFQFRMVxTWA5zC3YBUWcJAAJRZxwCAwc/S1VVDi4cAnVQZgweA0cjBAE HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://terialnevitiesini.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 635
date: Wed, 30 Nov 2022 20:59:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 17c1b187a3afe016510e55151109cc30.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: DNiGhCiCEs40lfuUdKEE3LZg7liax-zQFdFCJ-BFzmSqRHkTHjOQIQ==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/hV2EwRXE0Dl4jTiMIVHhJY1ICc0BxC0MqHydcXy4THDdHHRNjLXESJC02aWMFLQUNdVc7AF4iTHEEXiZMZkdRIRNqVRYwEGoMXz8YOw1RYEMRVB51VGVRGDIYOQVfMgJyUwArBXJTAHRBeVEVdjNyUwAyGDlXBGBCFUQCdQlhVRV2M3JTADcHclJxdEFiTw-BsVGVRVyASPA4VdzdlUQF1QWZRAWBDZwdZNxQxDkhgQxFQAHBfZ0dFeEA
108.157.232.46200 OK 200 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/hV2EwRXE0Dl4jTiMIVHhJY1ICc0BxC0MqHydcXy4THDdHHRNjLXESJC02aWMFLQUNdVc7AF4iTHEEXiZMZkdRIRNqVRYwEGoMXz8YOw1RYEMRVB51VGVRGDIYOQVfMgJyUwArBXJTAHRBeVEVdjNyUwAyGDlXBGBCFUQCdQlhVRV2M3JTADcHclJxdEFiTw-BsVGVRVyASPA4VdzdlUQF1QWZRAWBDZwdZNxQxDkhgQxFQAHBfZ0dFeEA
IP 108.157.232.46:0
File type ASCII text, with no line terminators
Hash cd5605a08ae38fa3ae31da5f973b2187
528e052a82368747c0106ca7b21e12e6521387fb
0504777eced7dbddfe3b0bc21fb8cc93846ac8e98398ee95b2a9b06a5765a378
GET /hV2EwRXE0Dl4jTiMIVHhJY1ICc0BxC0MqHydcXy4THDdHHRNjLXESJC02aWMFLQUNdVc7AF4iTHEEXiZMZkdRIRNqVRYwEGoMXz8YOw1RYEMRVB51VGVRGDIYOQVfMgJyUwArBXJTAHRBeVEVdjNyUwAyGDlXBGBCFUQCdQlhVRV2M3JTADcHclJxdEFiTw-BsVGVRVyASPA4VdzdlUQF1QWZRAWBDZwdZNxQxDkhgQxFQAHBfZ0dFeEA HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://terialnevitiesini.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 200
date: Wed, 30 Nov 2022 20:59:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 17c1b187a3afe016510e55151109cc30.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: CTMB1mH2V8zB94LRDd0l2lpVydORn4TJnPKzsGhXuATgLgpEzgLzJg==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/XWW03dWQ6AlkTWy0EU0hca18CR1B/B0QaCilQYx4wHwVgEi0BWUVTECMJCkVCNQxZEll/CFkWWWhLVhEGZFkRARQ2BgoFEC8EXgwQIQRFUxE4UFoaHjABWxRBaysCW1R8XwddEzADUxoTKkgFRQotSAVFVWlDB1BXG0gFRRMwAwFBQWovEkdUIVsDUFcbSA-VFFi9IBDRVaVgZRU18XwcSAToGWFBWH18HRFRpXAdEQWtdURwWPAtYDUFrKwZFUXddEQBZaA
108.157.232.46200 OK 509 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/XWW03dWQ6AlkTWy0EU0hca18CR1B/B0QaCilQYx4wHwVgEi0BWUVTECMJCkVCNQxZEll/CFkWWWhLVhEGZFkRARQ2BgoFEC8EXgwQIQRFUxE4UFoaHjABWxRBaysCW1R8XwddEzADUxoTKkgFRQotSAVFVWlDB1BXG0gFRRMwAwFBQWovEkdUIVsDUFcbSA-VFFi9IBDRVaVgZRU18XwcSAToGWFBWH18HRFRpXAdEQWtdURwWPAtYDUFrKwZFUXddEQBZaA
IP 108.157.232.46:0
File type ASCII text, with very long lines (715), with no line terminators
Hash df97fe63f998d411019e599a028c672e
1fe42711840f2ba207573ac888ae98e7c4db115d
ab18f87e2e86d7e106d96e7c7dfd9ef4bbe8fee656495de1ea05b42db5efce70
GET /XWW03dWQ6AlkTWy0EU0hca18CR1B/B0QaCilQYx4wHwVgEi0BWUVTECMJCkVCNQxZEll/CFkWWWhLVhEGZFkRARQ2BgoFEC8EXgwQIQRFUxE4UFoaHjABWxRBaysCW1R8XwddEzADUxoTKkgFRQotSAVFVWlDB1BXG0gFRRMwAwFBQWovEkdUIVsDUFcbSA-VFFi9IBDRVaVgZRU18XwcSAToGWFBWH18HRFRpXAdEQWtdURwWPAtYDUFrKwZFUXddEQBZaA HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://terialnevitiesini.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 509
date: Wed, 30 Nov 2022 20:59:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 17c1b187a3afe016510e55151109cc30.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: jYpICfSdw61-Y2o5tlPDfJv8-zq0PisKg25Sek7AfDZ1ar9wQ6MKUA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4fadc3debd5f5de20f763d29e2b84196
4bdc95e8b50718b858dfe94e28f8071402f53e06
6917aedc9d16cc4dea35ed5fffff8a28bf5e75118f7444f350076773b58e9b4e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6917AEDC9D16CC4DEA35ED5FFFFF8A28BF5E75118F7444F350076773B58E9B4E"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10603
Expires: Wed, 30 Nov 2022 23:55:49 GMT
Date: Wed, 30 Nov 2022 20:59:06 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 1d7846e2a7294173c85271c0da130678
102a56df28bfb864653439cf703e0d8ca45f23cf
2774004fdfb065b1b02763317038c875bbadcf79fb05b6979c220c1a129ed04c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:59:06 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 04:52:36 GMT
Expires: Mon, 05 Dec 2022 04:52:35 GMT
Etag: "102a56df28bfb864653439cf703e0d8ca45f23cf"
Cache-Control: max-age=373408,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772681477eccb524-OSL
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
37.48.68.71200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 915
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 30 Nov 2022 20:59:06 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
exee.app/h8Kkk
104.21.48.127200 OK 181 kB IP 104.21.48.127:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61735)
Size 181 kB (181043 bytes)
Hash 262e91225ece403ad518cab786aa5e29
489e7e0606b0c0a2adc695288a6daadc0b304d1b
68ce9b474077d0059744ed38b70d443f480b58bcb5853b76ea2ac652e1b84738
GET /h8Kkk HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exe.io/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:06 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=8142b0b6d2a311514254598e7f19c8bc; path=/; HttpOnly
csrfToken=46fdb00ad5ec0cb98958b94cf0f76f2ad3e8cf12b8bb07ac7d801601977c391a9fefa3e9ec40e388a778617c91a6604e9ecc5303f484de22e8069948413d47b5; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A16uUK2C8uwkuA6X%2Bm6J46%2BfMhODypfEiiMdszY9tzpgrEX1QrCWkDH2lRSAnmYrfvTtSuIJk%2Fe%2BF3JdjEpQG0cP50anXYQdQrkXzaN%2FoSJsFpMoAgjK9YVkWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77268142acb2b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 635eba2ec841f80118a858a94bb84ff5
591895548f1f166a16c790740656cb194d0f7760
d2e62fd34b70872cb8f68cd1fdae7f1476019968f63accab24e4d822933c07ff
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5497
Expires: Wed, 30 Nov 2022 22:30:44 GMT
Date: Wed, 30 Nov 2022 20:59:07 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 819f953b0edd066d30cf5847c5564d3c
12f3ea06c2a617db03caa556e37c1cb106d44f93
9794d926ccf993a8cd760c76077cf94f5b270633aff450e45934a5c8fd52d62d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=146264
Date: Wed, 30 Nov 2022 20:59:07 GMT
Etag: "63875b15-1d7"
Expires: Fri, 02 Dec 2022 13:36:51 GMT
Last-Modified: Wed, 30 Nov 2022 13:31:01 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: SCE-6-fbMEiJhD_poebsUMbiQVLbjqREtm1hGNvViGiVyFsXSIQcbA==
Age: 350
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 554bc4ceac35a34f7b926c7058f351b1
47f2197ea71769d186d7890e35bdcb2b5095f21a
f02e47cc27a9b80694104b078bffbfb21395b880cd78c7bbb7b32ab90cd35152
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:07 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=1f6a249e-b639-4722-b93b-f5631fdb8eb4:3:1; expires=Sat, 27 Nov 2032 20:59:07 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 635eba2ec841f80118a858a94bb84ff5
591895548f1f166a16c790740656cb194d0f7760
d2e62fd34b70872cb8f68cd1fdae7f1476019968f63accab24e4d822933c07ff
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5497
Expires: Wed, 30 Nov 2022 22:30:44 GMT
Date: Wed, 30 Nov 2022 20:59:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13191
Expires: Thu, 01 Dec 2022 00:38:58 GMT
Date: Wed, 30 Nov 2022 20:59:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13191
Expires: Thu, 01 Dec 2022 00:38:58 GMT
Date: Wed, 30 Nov 2022 20:59:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c269b8c-3d4d-44ba-8e91-4a2a42d194b9.png
34.120.237.76200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c269b8c-3d4d-44ba-8e91-4a2a42d194b9.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 89e1a735e16f55c78fa75ae434294029
6c56f4015305eff04a99cec9758cd40bf4e5f704
26e8b042c0bbef2c7f93f77451563cf6e12af282251ef864652574be2b2c5b15
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c269b8c-3d4d-44ba-8e91-4a2a42d194b9.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3711
x-amzn-requestid: 502d7eed-f24a-49e8-b14e-759778b717ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbWQSFNnIAMFpxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63879d9b-5eb88e757ff3eeaa26dd7de2;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 18:14:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hrGJk_aF0hgdEXNUAqj74wYkXby2ptGRqWKFi4sxlvs_QN9WhC6vOw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:25:55 GMT
age: 9192
etag: "6c56f4015305eff04a99cec9758cd40bf4e5f704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cb2a22599d585be93ea1d1e449800061
b57e93b303cd37260717332e610ac014cdb453bc
ab32fa8b35515e3a0e75ed4d43faedc88b450ef2d07581b2aa7f26dd5985c828
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AB32FA8B35515E3A0E75ED4D43FAEDC88B450EF2D07581B2AA7F26DD5985C828"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4866
Expires: Wed, 30 Nov 2022 22:20:13 GMT
Date: Wed, 30 Nov 2022 20:59:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: 768fc69c-e91b-4dd9-8add-63634762b2d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpbgEFOIAMF71A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bc49-21756db31c4714af0553f21b;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:12:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jS-AS3x8V3XacXRNkU63UJjBxA6unvBer5WcxUYseR5p4eZPK64o2g==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 04:55:46 GMT
age: 57801
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e00769bd1391b8f4f5b8ab128a825355
e4ddf955e8ac1986045ed55880c43c69e588a021
81ca4d20c28fed8fd3135515daadc1fdbfb4198535d7c46021b418b8b98e59a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7298
x-amzn-requestid: 381e55bb-876b-46ad-84b6-1ddf9f876f56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDcE3poAMFaAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-7c12394600900afc7281e858;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8heT2eN5oLbO14R9qLq78Vma_TkteufTyKM5i3K2XoJYXfWNwLMEwQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:56:25 GMT
age: 82962
etag: "e4ddf955e8ac1986045ed55880c43c69e588a021"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59baec8db5ced0210ab766ea5636a5fd
f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b
33ff55891f18c22970804f1b8b2ba6821ddfd7426b01486410bd43f2b4295a8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5785
x-amzn-requestid: ee77265b-8e90-4035-8ef1-92a2d26aaefa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaHdWoAMFqmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-0d10d74030e7aee74804b654;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QhUrNKIJUxXTYFTgfCwizAd9L4PdLMVLbqv1sHmmnrWya0xz1MTSiw==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:08:46 GMT
etag: "f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b"
content-type: image/jpeg
age: 82221
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a67f152254e0a2cfaf6ba5e5e51d9ae4
6ddc5ee596d0469d4d5f0bbcd1918677019337b4
d786acd565665c5d7c3c43e1ec737a20f8ed2a2467bff7758cc9cbb199e602d5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a67f152254e0a2cfaf6ba5e5e51d9ae4
6ddc5ee596d0469d4d5f0bbcd1918677019337b4
d786acd565665c5d7c3c43e1ec737a20f8ed2a2467bff7758cc9cbb199e602d5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 777ce44582c70bf01a31da4cab366f36
57e1d34f146d5ccd9943aa97bcc3158f7103bb07
fbdc8f65ae74dc13b7aafec464f08fdc9902af519946200ec52432ac3ca55982
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10958
x-amzn-requestid: abfea5b0-58f5-49e1-b78e-7cf456d03cb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgFHF9oIAMF5lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a20-5ab719292d440d083b07a478;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gCt9oHpZ68tLCYHIYpI1XLtADkScxwf12kDFnU0o5WoQIVSzWlqozw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:16:52 GMT
etag: "57e1d34f146d5ccd9943aa97bcc3158f7103bb07"
content-type: image/jpeg
age: 81735
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1601a7c8a96ebe5b2af6fe1abcb6b90b
fb19f5121052f37c9cef4640791964583618560c
893364204eb010f01c891762b80db20df137be75ecb85fa4e22dbc68143b53fb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 917
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:07 GMT
Last-Modified: Wed, 30 Nov 2022 20:43:50 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:51 GMT
age: 83176
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
exe.io/st?api=f7c1724294337686fddc64d196d06fbbaeed080f&url=ouo.io/qs/irsDdjT0?s=https://www.fireload.com/d7c6a032f64ec6ff/24.0.1.112.X64.part1.rar
172.67.71.40200 OK 21 kB URL HTTP/2 exe.io/st?api=f7c1724294337686fddc64d196d06fbbaeed080f&url=ouo.io/qs/irsDdjT0?s=https://www.fireload.com/d7c6a032f64ec6ff/24.0.1.112.X64.part1.rar
IP 172.67.71.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1216)
Hash 4d194b97b47e83dcb086703c87ffab39
1412d1548b9c813f14c8926d609ec4e9c498d679
b927bb4893ab9123c72ed74223f44b4a2a6dff880c457a7fc189a2c0cb7695a8
GET /st?api=f7c1724294337686fddc64d196d06fbbaeed080f&url=ouo.io/qs/irsDdjT0?s=https://www.fireload.com/d7c6a032f64ec6ff/24.0.1.112.X64.part1.rar HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:05 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=ec58f061a39f7ac7f0d36f0fd286bb38; path=/; HttpOnly
csrfToken=ab3bb49b557f693cfc2f446d9acb8a75d0d98af17f634b8556b1edba7be652d134563d2ad84f3ef02ecd83df5669b2c147e9499b1064d61d51e658c93348e8d8; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s9SAkjdwoez68joqnXc2Wp%2BjWTVeYlp2UqIEHY9lfdQSMdVcAWXhx%2BJ1DJspa0JGUfOjP9Q7x36hp2H%2BZ1hypZ2LwWz4K0pjl8gsaeS7Rcv69bFM7JxLVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726813d9e40fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
imasdk.googleapis.com/js/sdkloader/ima3.js
216.58.207.234200 OK 127 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/ima3.js
IP 216.58.207.234:0
File type ASCII text, with very long lines (2791)
Size 127 kB (126620 bytes)
Hash f641dae66d812e803cbfc91d689e2ea8
96372a7ba661528d13bc774536d04ab3e03b82d6
e78b718ac77697fbb92e88ac394141adc4e016830eb04d53279238cbcd65435b
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 126620
date: Wed, 30 Nov 2022 20:59:07 GMT
expires: Wed, 30 Nov 2022 20:59:07 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.105.3200 OK 396 B IP 172.64.105.3:0
Hash 1a8c52334c8877526ef9d86b1fd00f07
163fb5a628e35ec27b7728ab18d97f128fe1ad65
a9f2bbac6ccf173530ebb41cdca58807e618ed4d9446b248acd7c549dc58ed6f
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 124
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:06 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZnSZptNExTt7o0Ox8qw0aQYwJCtW7Lk5BE0nBX6HWZ6rx7Sn8scMocChqFbkQgmgAIRCVybLmeGt%2BG9xQ52Jo37pgWpcbiMS6MX5W%2FCWt8tUBsx14yciJNTMLiYTqXOWdZhn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772681461ede8e27-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cd528f6c2c45e38c52095a73a9cd8c68
dca2df874a830edac932136d474453c18d933024
4c7e75aaccb4b74e227ada3b56829f52cb7f14ad05454f7bd6eccf3e94185218
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pogothere.xyz/asd100.bin
172.64.198.35200 OK 103 kB IP 172.64.198.35:0
Size 103 kB (102796 bytes)
Hash dbc038aa56bd8b8d6616da65288eb602
21c470dc281a44e31086f4fed3580471de78b005
9ba1157a9f0a34395541ed10f695013ef4996709675dfbe3a661be00424a936f
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:06 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1845
last-modified: Wed, 30 Nov 2022 20:28:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=varb6sQMvsAuJ19Do7M3BBElreeReowVtd8JI0NN5p6%2FFl3fGP7CCRzlCSbBQu8VDdv%2BVG%2BNA72o3HqqXl86m3w3yBLuSy%2BBOIgCYy%2Bl%2BlCXvQg98hiRh24dtik2cgE7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772681459a0e8e14-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1601a7c8a96ebe5b2af6fe1abcb6b90b
fb19f5121052f37c9cef4640791964583618560c
893364204eb010f01c891762b80db20df137be75ecb85fa4e22dbc68143b53fb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 917
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:07 GMT
Last-Modified: Wed, 30 Nov 2022 20:43:50 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
specialistinsensitive.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
192.243.61.227200 OK 29 kB URL HTTP/1.1 specialistinsensitive.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 6a3a86422ba6a14ff687e1ed44cd17fd
a2e530ac882d3e941b76307528ddcb02f4b7aa11
6da8465899e777d7202782d705c2cea60e7daf1392941b7fbfc9d02c8e080017
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/ed/da/e3edda287db626ee1ba52321f203a61e.js HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 20:59:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e733c469a36c3497c804de62dab93cce
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
specialistinsensitive.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=1f6a249e-b639-4722-b93b-f5631fdb8eb4%3A3%3A1
192.243.61.227200 OK 4.3 kB URL HTTP/1.1 specialistinsensitive.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=1f6a249e-b639-4722-b93b-f5631fdb8eb4%3A3%3A1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (6027), with no line terminators
Hash 40761bb43559c7141c211684b4ada2db
95711697a2e4ef6a414c047d97d26468eeb51824
3305a4f69c807aca68663db375c2057c246fa2bf6826f01c226cf769288751b4
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=1f6a249e-b639-4722-b93b-f5631fdb8eb4%3A3%3A1 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 20:59:08 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://exee.app
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Thu, 01 Dec 2022 20:59:07 GMT; secure; SameSite=None
uid_id2=1f6a249e-b639-4722-b93b-f5631fdb8eb4:3:1; expires=Wed, 07 Dec 2022 20:59:07 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 01 Dec 2022 20:59:08 GMT; secure; SameSite=None
uncs=1; expires=Thu, 01 Dec 2022 20:59:08 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 01 Dec 2022 20:59:08 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 01 Dec 2022 20:59:08 GMT; secure; SameSite=None
slecf585f65c6c65123b95dd09be324de3bb=[3789938]; expires=Wed, 30 Nov 2022 20:59:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d50c88e2cc516a595666b919be25fa2f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1f14eb894f1cf354b1825d0f04732f98
f72dd175495052a4246f731fbb25e6a762b6c5dc
bb74dd1099c874ae2477c154d95bee8e26cd39729ddffcdd69995e12110f3491
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB74DD1099C874AE2477C154D95BEE8E26CD39729DDFFCDD69995E12110F3491"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5084
Expires: Wed, 30 Nov 2022 22:23:52 GMT
Date: Wed, 30 Nov 2022 20:59:08 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5d950b70d3b1532276ed817249b72618
dca7faf727b8afdd481c8f8bcc3e9129fdadadc3
afe3fbe5f269179e18a66ca806664b7f96b903150b364129e2f2b30087198e34
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
142.250.74.34200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP 142.250.74.34:0
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 20:43:07 GMT
expires: Wed, 30 Nov 2022 21:43:07 GMT
cache-control: public, max-age=3600
age: 961
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash c293782ee526b758e5396e5ffb0d2baa
312ddfa231f0286925abb517757254b2f17c643c
cdc9a1b46ae384ceeeb9f11bbc8a5523d22a92239f275be7fd7223cb55d94049
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 30 Nov 2022 20:59:09 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 30 Nov 2022 18:24:23 GMT
Expires: Thu, 01 Dec 2022 18:24:23 GMT
ETag: "312ddfa231f0286925abb517757254b2f17c643c"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5d950b70d3b1532276ed817249b72618
dca7faf727b8afdd481c8f8bcc3e9129fdadadc3
afe3fbe5f269179e18a66ca806664b7f96b903150b364129e2f2b30087198e34
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
whiskerssituationdisturb.com/pixel/purst?dl=0&th=0&sc=0&rs=2281&rd=2281&fd=758&bv=22.10.v.10&tmpl=136
192.243.59.20200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/purst?dl=0&th=0&sc=0&rs=2281&rd=2281&fd=758&bv=22.10.v.10&tmpl=136
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2281&rd=2281&fd=758&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 30 Nov 2022 20:59:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
15.235.85.92204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP 15.235.85.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Wed, 30 Nov 2022 20:59:08 GMT
Connection: keep-alive
Expires: Thu, 30 Nov 2023 20:59:08 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
specialistinsensitive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTvZ3%2BXlRyUVQGUVEiTvbH9Oz0%2BYQsyaRaL5IIrla1VU9W251V1PVPT1ZEIKBNcfJzWPvM%2FuBMUhy8SaR2VxkQMgY0EXcf0AEMZCbIrM7sPge6n2rnufwPs9Ta%2BvlHnFR0t3LF%2FSqVIouhE238dZ1mXFd2cbFaw3PbbonGtdl1m6daPSnh%2Bm967lh03278YGIV%2FSC73qu67le46w0ItH9hX0UMr8Xec3Ibbb8phe20Df%2FvdvSgaUOeG%2BPvAjJJ%2F9b%2FuEBZDxClt4%2FLexKofN3zqSlooU26PHtj7OVTFcZ0sMxMQ6SbHvGhrYTQr48Ap1tzxRA9zamCsDkhDg%2Fe2DZ9mxNsN7mwaZMQWRg%2FDlUvRGEGkHSEWJ9C5I%2FJkDMcfESsnTrojYVvXGA0ik6IXPPnkJWEzL32zFk6TdLSvYbV7UqC6kzi35SQ%2FZHkN0R8nIHxaoDWe0gLj6H5D%2BShWfnkaUbl6zSkHz3DS9pU78ViXnWDqL51qLvz7MoYPNJ2A68hLOOYK19i6QcQSYjKDEAtUdRWgeldFAmDsrcQcp3GzSMEtddTFgSBJ1WHMdBEMdhp81DHrQ6iYsynmoYoMgHiNUAsbmJ3NzEihzAlN%2FDLtew3IEtCHq8RiUIKktQUYJKElQFQdWrN7myvq23uLIl82bdn%2FWgHuqiu043ddEVGVnP98gLU%2BOc5%2B8ew4rYbSRhJ0zaYdyO26HnBywKOXcjJgK%2FxUXAGKysIe0RUOtgVU7I0c9%2BRy4n5MjSAhjdgVU7iOXroOUroNVw0XdBl4etjovVbEv0RVNqcF0jL%2BZQ3HDW1R55aT%2B66ImBiMfvHf%2FjzrK5%2FxpiUyM3NT6Vjwi66vbwiq7IxhVdWfLgUl7IVK7SaaxXC1qIubsfiRuVNvzcaTv46lQ8BabjvWvCFudpxmXWteTrJcm5MGe1iQX57py9Ltjl0i4vlSYr8%2FOX3z97Ls2NsFbqbAQqH3%2FyELGckP%2Bna%2Fsf9tVf1yDNCKaskZZjMitIvYM4vwmbj0%2F%2B8uTvp9%2BeAawmMOqQw3IHVVkPjc8OH5WckODNv6DE%2BOT2qQ8vHD%2F%2BDyirYcWhDUyMH%2F55wF%2B3t9E1DmhxC1lao2dq9FQNqgaw5dFhkZvxyZ%2BC%2FQJTzpAp42wwZdSdA3ut3G2IMHET4fqCJRFLFqnLo6QVMRp5YpGF1ENhJ%2FEXj17%2BFwAA%2F%2F8BAAD%2F%2F3by6HGMBAAA
192.243.61.227200 OK 7 B URL HTTP/1.1 specialistinsensitive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTvZ3%2BXlRyUVQGUVEiTvbH9Oz0%2BYQsyaRaL5IIrla1VU9W251V1PVPT1ZEIKBNcfJzWPvM%2FuBMUhy8SaR2VxkQMgY0EXcf0AEMZCbIrM7sPge6n2rnufwPs9Ta%2BvlHnFR0t3LF%2FSqVIouhE238dZ1mXFd2cbFaw3PbbonGtdl1m6daPSnh%2Bm967lh03278YGIV%2FSC73qu67le46w0ItH9hX0UMr8Xec3Ibbb8phe20Df%2FvdvSgaUOeG%2BPvAjJJ%2F9b%2FuEBZDxClt4%2FLexKofN3zqSlooU26PHtj7OVTFcZ0sMxMQ6SbHvGhrYTQr48Ap1tzxRA9zamCsDkhDg%2Fe2DZ9mxNsN7mwaZMQWRg%2FDlUvRGEGkHSEWJ9C5I%2FJkDMcfESsnTrojYVvXGA0ik6IXPPnkJWEzL32zFk6TdLSvYbV7UqC6kzi35SQ%2FZHkN0R8nIHxaoDWe0gLj6H5D%2BShWfnkaUbl6zSkHz3DS9pU78ViXnWDqL51qLvz7MoYPNJ2A68hLOOYK19i6QcQSYjKDEAtUdRWgeldFAmDsrcQcp3GzSMEtddTFgSBJ1WHMdBEMdhp81DHrQ6iYsynmoYoMgHiNUAsbmJ3NzEihzAlN%2FDLtew3IEtCHq8RiUIKktQUYJKElQFQdWrN7myvq23uLIl82bdn%2FWgHuqiu043ddEVGVnP98gLU%2BOc5%2B8ew4rYbSRhJ0zaYdyO26HnBywKOXcjJgK%2FxUXAGKysIe0RUOtgVU7I0c9%2BRy4n5MjSAhjdgVU7iOXroOUroNVw0XdBl4etjovVbEv0RVNqcF0jL%2BZQ3HDW1R55aT%2B66ImBiMfvHf%2FjzrK5%2FxpiUyM3NT6Vjwi66vbwiq7IxhVdWfLgUl7IVK7SaaxXC1qIubsfiRuVNvzcaTv46lQ8BabjvWvCFudpxmXWteTrJcm5MGe1iQX57py9Ltjl0i4vlSYr8%2FOX3z97Ls2NsFbqbAQqH3%2FyELGckP%2Bna%2Fsf9tVf1yDNCKaskZZjMitIvYM4vwmbj0%2F%2B8uTvp9%2BeAawmMOqQw3IHVVkPjc8OH5WckODNv6DE%2BOT2qQ8vHD%2F%2BDyirYcWhDUyMH%2F55wF%2B3t9E1DmhxC1lao2dq9FQNqgaw5dFhkZvxyZ%2BC%2FQJTzpAp42wwZdSdA3ut3G2IMHET4fqCJRFLFqnLo6QVMRp5YpGF1ENhJ%2FEXj17%2BFwAA%2F%2F8BAAD%2F%2F3by6HGMBAAA
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTvZ3%2BXlRyUVQGUVEiTvbH9Oz0%2BYQsyaRaL5IIrla1VU9W251V1PVPT1ZEIKBNcfJzWPvM%2FuBMUhy8SaR2VxkQMgY0EXcf0AEMZCbIrM7sPge6n2rnufwPs9Ta%2BvlHnFR0t3LF%2FSqVIouhE238dZ1mXFd2cbFaw3PbbonGtdl1m6daPSnh%2Bm967lh03278YGIV%2FSC73qu67le46w0ItH9hX0UMr8Xec3Ibbb8phe20Df%2FvdvSgaUOeG%2BPvAjJJ%2F9b%2FuEBZDxClt4%2FLexKofN3zqSlooU26PHtj7OVTFcZ0sMxMQ6SbHvGhrYTQr48Ap1tzxRA9zamCsDkhDg%2Fe2DZ9mxNsN7mwaZMQWRg%2FDlUvRGEGkHSEWJ9C5I%2FJkDMcfESsnTrojYVvXGA0ik6IXPPnkJWEzL32zFk6TdLSvYbV7UqC6kzi35SQ%2FZHkN0R8nIHxaoDWe0gLj6H5D%2BShWfnkaUbl6zSkHz3DS9pU78ViXnWDqL51qLvz7MoYPNJ2A68hLOOYK19i6QcQSYjKDEAtUdRWgeldFAmDsrcQcp3GzSMEtddTFgSBJ1WHMdBEMdhp81DHrQ6iYsynmoYoMgHiNUAsbmJ3NzEihzAlN%2FDLtew3IEtCHq8RiUIKktQUYJKElQFQdWrN7myvq23uLIl82bdn%2FWgHuqiu043ddEVGVnP98gLU%2BOc5%2B8ew4rYbSRhJ0zaYdyO26HnBywKOXcjJgK%2FxUXAGKysIe0RUOtgVU7I0c9%2BRy4n5MjSAhjdgVU7iOXroOUroNVw0XdBl4etjovVbEv0RVNqcF0jL%2BZQ3HDW1R55aT%2B66ImBiMfvHf%2FjzrK5%2FxpiUyM3NT6Vjwi66vbwiq7IxhVdWfLgUl7IVK7SaaxXC1qIubsfiRuVNvzcaTv46lQ8BabjvWvCFudpxmXWteTrJcm5MGe1iQX57py9Ltjl0i4vlSYr8%2FOX3z97Ls2NsFbqbAQqH3%2FyELGckP%2Bna%2Fsf9tVf1yDNCKaskZZjMitIvYM4vwmbj0%2F%2B8uTvp9%2BeAawmMOqQw3IHVVkPjc8OH5WckODNv6DE%2BOT2qQ8vHD%2F%2BDyirYcWhDUyMH%2F55wF%2B3t9E1DmhxC1lao2dq9FQNqgaw5dFhkZvxyZ%2BC%2FQJTzpAp42wwZdSdA3ut3G2IMHET4fqCJRFLFqnLo6QVMRp5YpGF1ENhJ%2FEXj17%2BFwAA%2F%2F8BAAD%2F%2F3by6HGMBAAA HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=1f6a249e-b639-4722-b93b-f5631fdb8eb4:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 20:59:08 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7ea5b259d1903ec2095a3d1a76c16848
Strict-Transport-Security: max-age=0; includeSubdomains
h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
15.235.85.92200 OK 190 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
IP 15.235.85.92:0
Size 190 kB (190415 bytes)
Hash ca11d0833714d6c765622a44d4426cd7
22a0ee3da0a7abbdc85a5a233faf77d753d2875e
00c08bc624c9b2838a8705e3cc4e163839543655b43a220f6163bb7fc6ac963f
GET /media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 30 Nov 2022 20:59:08 GMT
Content-Type: image/png
Content-Length: 57775
Last-Modified: Fri, 01 Apr 2022 10:50:46 GMT
Connection: keep-alive
ETag: "6246d906-e1af"
Expires: Thu, 30 Nov 2023 20:59:08 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
15.235.85.92200 OK 7.6 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP 15.235.85.92:0
Hash 328c6e3376b5f6a768ef9e2e60edc0c7
f8d239b58fe8c4674b2a74d17b0eeb7adbda5128
5326fa8f8372b7cd25ad24264f49a19cc9807b39113af68b63a30188b02778db
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 30 Nov 2022 20:59:08 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d37-bf80"
Expires: Thu, 30 Nov 2023 20:59:08 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
15.235.85.92204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP 15.235.85.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Wed, 30 Nov 2022 20:59:08 GMT
Connection: keep-alive
Expires: Thu, 30 Nov 2023 20:59:08 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 38bb14620de55e1982559251c0ebeac9
2a0778a21ec60d9f3cfdf4d5772123a4149729d1
ada2027e8be54e2bb79d0a88473871db54ba9f329a0034cac5413d80d80af1a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADA2027E8BE54E2BB79D0A88473871DB54BA9F329A0034CAC5413D80D80AF1A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2444
Expires: Wed, 30 Nov 2022 21:39:53 GMT
Date: Wed, 30 Nov 2022 20:59:09 GMT
Connection: keep-alive
analytics.vdo.ai/logger
172.64.105.3200 OK 36 B IP 172.64.105.3:0
Hash 8dec466e6e1e645dd15540750bad4166
da0e92c43a485b6bc23a7fddaf08d813979b4874
00de493647476f63fcd50025565bfe88a05e325b1dc084469c3d69013836ada2
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 179
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:08 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1sGZYwt1k36eQDHtWiddnbbuPH2bWyaOrBckSD16UkclR7W1Rwb29C7DtkfPWg69APxh%2BXrv%2F2dJkoj7DUNafuWKpbIcCzseTrX0DpWizDX4uHjpUawOQPBP5PhM3eLkqRoG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77268151a8088e27-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4b470d898d2b9f278b6ec072b3f336cf
1570b2d97beb377b0a424044be2075ec0a262851
b73f51f344b0c221e7bcc239083809a5a1030f9893db5b9ddb7741df1bde495b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cd528f6c2c45e38c52095a73a9cd8c68
dca2df874a830edac932136d474453c18d933024
4c7e75aaccb4b74e227ada3b56829f52cb7f14ad05454f7bd6eccf3e94185218
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/instream/video/client.js
172.217.21.166200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP 172.217.21.166:0
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Wed, 30 Nov 2022 20:59:09 GMT
expires: Wed, 30 Nov 2022 20:59:09 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4b470d898d2b9f278b6ec072b3f336cf
1570b2d97beb377b0a424044be2075ec0a262851
b73f51f344b0c221e7bcc239083809a5a1030f9893db5b9ddb7741df1bde495b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3c22f6742a681063615a548ae5fbc532
631eaaad4049c5b6f54eb2b4e127b77240868636
a8e170fec241ad3ec9acc075fa8d7ce2184d129bf69f5ace3e7229aa3bfd59c7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A8E170FEC241AD3EC9ACC075FA8D7CE2184D129BF69F5ACE3E7229AA3BFD59C7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18903
Expires: Thu, 01 Dec 2022 02:14:12 GMT
Date: Wed, 30 Nov 2022 20:59:09 GMT
Connection: keep-alive
specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=490
192.243.61.227200 OK 184 kB URL HTTP/1.1 specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=490
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Size 184 kB (183779 bytes)
Hash 54313e223b12e4bbc70fcaf7d37ab994
5164e644da49dd40906603a44e8d4b19fd03a3e3
fbcc7cfbf4b61dc6c61db9c4e1b09a528c298e055ccce5001763d7e87466d246
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=490 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=1f6a249e-b639-4722-b93b-f5631fdb8eb4:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 20:59:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
www.youtube.com/iframe_api
172.217.21.174200 OK 33 kB URL HTTP/2 www.youtube.com/iframe_api
IP 172.217.21.174:0
File type ASCII text, with very long lines (509)
Hash 1ee0961725b3c6d5b3df15750c957190
43a4179b8af7ce7b2f07ea5483d9dc2724bba7c5
46677a8f9a36dc98fb4a0fb1a39a8933f1cc17c58e9e28e76552471b50d98ca4
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Wed, 30 Nov 2022 20:59:09 GMT
date: Wed, 30 Nov 2022 20:59:09 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
content-security-policy-report-only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';script-src 'nonce-huNim4pgyYMZwnWPXUZpsQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline';report-uri /cspreport
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=V4vMiFniiYM; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=qRAFjSk1_nM; Domain=.youtube.com; Expires=Mon, 29-May-2023 20:59:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+700; expires=Fri, 29-Nov-2024 20:59:09 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
172.64.108.13200 OK 322 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
IP 172.64.108.13:0
File type PNG image data, 729 x 331, 8-bit/color RGBA, non-interlaced\012- data
Size 322 kB (322399 bytes)
Hash 47b7ae41a98644de6d46d58a0e51a793
b0f736609af3c0b3214ee52cc9f0798dcc972df6
b2ad5bf8fc066203168fbceb53b7df6012e8897be344b240e94105af1b4ba0f2
GET /sb/notifications/games/nutaku/multi/2/img/girls.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:09 GMT
content-type: image/png
content-length: 322399
last-modified: Wed, 07 Sep 2022 14:37:32 GMT
etag: "6318acac-4eb5f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1321528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vAXmBsj%2BVYKe7%2ByrkinyqtMXTY3Cv1FiSK2UxFF0kb%2F51Vu2EuFrkQtFvxroQ6wmelgfaAZ8vIQCC2XMzcZe34bUxW8EwMT8nrusFRQNhaQh8iF4hVFn9Wy8tE8KPOSDeFGoOF7dgsY2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772681570d0d71a5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
172.64.108.13200 OK 56 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
IP 172.64.108.13:0
Hash 0b8eac7eecbc171214b908d6bdfcdf32
92e203c33855413993bf013f5220cd3be9b9336e
7c5acb4bd9a85b2cb30964cc78fddf4e2ac73627b52e78dc33a334b94db25258
GET /sb/notifications/games/nutaku/multi/2/css/styles.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:09 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 08:03:32 GMT
etag: W/"632ac554-2c89"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 689184
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RSvwlzVEFqOvWGQWrQr3ow8zggt%2BXtrrVG%2FBxqEKJZ0ZQOeIWi5OxFORxeheZEBFYcqhtokWua5TWcU4%2BU9%2BvwdD7XaaTLXJ1uKgiR2kmG%2FLRfx6d%2BZKwTb86NPagiAWViz15GiBNbkg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77268156dc8f71a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
15.235.85.92206 Partial Content 454 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP 15.235.85.92:0
Size 454 kB (453832 bytes)
Hash b2fa66eb6fbe5a86875597aafd72688e
3f3ffb07d91b34dcbaa886bbbb50c59ab33767c8
f2985ff1aa24da33cb50632ba0daed5632c90cd761f6a53c56084988c4ae4cc2
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-453831
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.20.1
Date: Wed, 30 Nov 2022 20:59:09 GMT
Content-Type: video/mp2t
Content-Length: 453832
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Connection: keep-alive
ETag: "62e47d37-cce09a8"
Expires: Thu, 30 Nov 2023 20:59:09 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-453831/214829480
adservice.google.com/adsid/integrator.js?domain=exee.app
142.250.74.2200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP 142.250.74.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 30 Nov 2022 20:59:09 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/main.js
172.64.108.13200 OK 4.1 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/main.js
IP 172.64.108.13:0
Hash 4d35d2bc8d8e06a426e274716da2afa3
f96bc0fbfedfe4e6e03c5e6a6274e589c5a91e9f
30822752beb7c9938b81b1cacbcffe0a74096422f6132d2d67354ea3e133664f
GET /sb/notifications/games/nutaku/multi/2/js/main.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:09 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:29:33 GMT
etag: W/"632abd5d-20ea"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 805443
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iVzycgY1s4QmdRYinj0msgSNzp97oFvRuvgYU84r0wFaDj1krlFXYK3UJJ4Tstme8jYPwm5d32wKPWC1mv8k8lgmNxUsPTgfoFY%2BdAT9Do1xTBEx3m00ZXpaMkFUXJk4N2gwOEUiM99W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77268157ce8971a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=138
192.243.61.227200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=138
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=138 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=1f6a249e-b639-4722-b93b-f5631fdb8eb4:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 20:59:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
172.64.108.13200 OK 12 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
IP 172.64.108.13:0
Hash 6713cc38e6f122261e706c92d073b73c
14990e6b1943db537d0e46e499604912f5fcc5c0
fc1cad4aebf081b2687ae3225bd6a8801150ffa78b1db5ce6ed94470efa3448b
GET /sb/notifications/games/nutaku/multi/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:09 GMT
content-type: text/css
last-modified: Thu, 15 Sep 2022 10:38:28 GMT
etag: W/"632300a4-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 799015
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KVT%2FgHBVQO3NjXR54e%2BfmFrhDcbQ4bmP8BjAgiWbze7naOYIqNAxTrwBgm%2BwjG7vC8Z9gwu%2FuvR65clJXlovRKwVRKOGqEmiwQM%2Fo9sYtPwV51vge0cf7ZcWyFOzYaANd%2FLvCT8MoP3%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77268156ec9471a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=38
192.243.61.227200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=38
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=38 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=1f6a249e-b639-4722-b93b-f5631fdb8eb4:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 20:59:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
specialistinsensitive.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWtc1Rs%2Bt81v83Oj0o2gMoqIUjO5n5MZu6iNbaXaL9pKt56vmxxz7j2Xc%2B6dOw0IxULtcrpzefNMmmAt0m7cSWXSjQSEjgUNYv4BEcRCd4pMEgi%2Bi%2FO%2B5zzP4n2e59xcrXaIj4puXzxnVpTWdC5p%2B623rqpcmNq1zl9pBX7bP9a6qvJOfKw1mB62%2F27gJ23%2F7dYHki%2BbudAPfD%2Fwg9ZpZWVqBnO7KFRxrxe0e347DttBEmNg%2F3t3lQdHPYj%2BDnkRSkz%2Bt%2FTDAyg%2BRp7dPyndcmmKd05llaalseiLjY%2Fz5dzUObKDMbUe0nxjnw3jJoR8eQgm39hXANNfmyoAUxPi%2FRyA5Rv7a4L17%2BxtyjRkDiaeQ90fQ%2BoxFB2DmxtQ4jEBuMD5C8iz9fPG1vTaHkqn6ITMPHsKVU%2FIzG9HkGffLGg1aF02uiqVyR0GaQM1GEMtjlFUmyhXPKh6E7z8HEr8SOaenUWerV1w2kCJ7TeCtEPDuCdnWSfqzcbzYTjLehGbTZNOFKSCdSWLdy1SagyVjqHlENQdRuU8VMpDlXqoCg%2BZ2G7RpJf6%2FnzK0ijqxpzzKOI86XZEIqK4m%2Fqo%2BFTDEGUxBNdDcHsdhb2OZTWErb6HW2rghAdXEvRFg1oS1I6gpgS1IqhLgrrf3BHaha5ZF9pVLNjv4X6PmpEpF1fpHVMuypysFjvkhalx3vN3j2BZbrfSpJuknYR3eCcJwoj1EiH8HpNRGAsZMQanGih3CNR5WFETcviz31GoCTm0MAdGN%2BH0Jrh6HbR6BbQezYc%2B6NIo7vpYydflQLaVgTANinIG5TVvVe%2BQl3aj6z2xkHzrvaN%2F3F6y918Dtw0K2%2BBT9YhgUd8aXTI1WbtkakceXChKlakVOo31cklLOXP3I3mtNlacOemGX53gU2A63rsiXXmW5kLli458vaCEkPa0sVyS7864q5JdrNzSQmXzqjh78f3TZ7LCSueUyceg6vEnD8HVhPw%2Fu7n7YV%2F99SaUHcNWDbJqi%2BwXlNkEL67DFVvHf3ny99NvTwHOEFh9wGGFh7pqRjZkB49aTUj05l%2FQcuv4xokPzx09%2Bg8oa%2BDkgQ1Mbj38c4%2B%2F6m5h0Xqg5Q3kWYO%2BbdDXDagewlWHR2Vht47%2FFO0WmPZGTFtvjWmrb%2B%2FZ69R2Kwli2WXdeS4Ek1wE82HUjXw%2FFCKe78mgh9JN%2BBePXv4XAAD%2F%2FwEAAP%2F%2FYvpml4wEAAA%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 specialistinsensitive.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWtc1Rs%2Bt81v83Oj0o2gMoqIUjO5n5MZu6iNbaXaL9pKt56vmxxz7j2Xc%2B6dOw0IxULtcrpzefNMmmAt0m7cSWXSjQSEjgUNYv4BEcRCd4pMEgi%2Bi%2FO%2B5zzP4n2e59xcrXaIj4puXzxnVpTWdC5p%2B623rqpcmNq1zl9pBX7bP9a6qvJOfKw1mB62%2F27gJ23%2F7dYHki%2BbudAPfD%2Fwg9ZpZWVqBnO7KFRxrxe0e347DttBEmNg%2F3t3lQdHPYj%2BDnkRSkz%2Bt%2FTDAyg%2BRp7dPyndcmmKd05llaalseiLjY%2Fz5dzUObKDMbUe0nxjnw3jJoR8eQgm39hXANNfmyoAUxPi%2FRyA5Rv7a4L17%2BxtyjRkDiaeQ90fQ%2BoxFB2DmxtQ4jEBuMD5C8iz9fPG1vTaHkqn6ITMPHsKVU%2FIzG9HkGffLGg1aF02uiqVyR0GaQM1GEMtjlFUmyhXPKh6E7z8HEr8SOaenUWerV1w2kCJ7TeCtEPDuCdnWSfqzcbzYTjLehGbTZNOFKSCdSWLdy1SagyVjqHlENQdRuU8VMpDlXqoCg%2BZ2G7RpJf6%2FnzK0ijqxpzzKOI86XZEIqK4m%2Fqo%2BFTDEGUxBNdDcHsdhb2OZTWErb6HW2rghAdXEvRFg1oS1I6gpgS1IqhLgrrf3BHaha5ZF9pVLNjv4X6PmpEpF1fpHVMuypysFjvkhalx3vN3j2BZbrfSpJuknYR3eCcJwoj1EiH8HpNRGAsZMQanGih3CNR5WFETcviz31GoCTm0MAdGN%2BH0Jrh6HbR6BbQezYc%2B6NIo7vpYydflQLaVgTANinIG5TVvVe%2BQl3aj6z2xkHzrvaN%2F3F6y918Dtw0K2%2BBT9YhgUd8aXTI1WbtkakceXChKlakVOo31cklLOXP3I3mtNlacOemGX53gU2A63rsiXXmW5kLli458vaCEkPa0sVyS7864q5JdrNzSQmXzqjh78f3TZ7LCSueUyceg6vEnD8HVhPw%2Fu7n7YV%2F99SaUHcNWDbJqi%2BwXlNkEL67DFVvHf3ny99NvTwHOEFh9wGGFh7pqRjZkB49aTUj05l%2FQcuv4xokPzx09%2Bg8oa%2BDkgQ1Mbj38c4%2B%2F6m5h0Xqg5Q3kWYO%2BbdDXDagewlWHR2Vht47%2FFO0WmPZGTFtvjWmrb%2B%2FZ69R2Kwli2WXdeS4Ek1wE82HUjXw%2FFCKe78mgh9JN%2BBePXv4XAAD%2F%2FwEAAP%2F%2FYvpml4wEAAA%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzWtc1Rs%2Bt81v83Oj0o2gMoqIUjO5n5MZu6iNbaXaL9pKt56vmxxz7j2Xc%2B6dOw0IxULtcrpzefNMmmAt0m7cSWXSjQSEjgUNYv4BEcRCd4pMEgi%2Bi%2FO%2B5zzP4n2e59xcrXaIj4puXzxnVpTWdC5p%2B623rqpcmNq1zl9pBX7bP9a6qvJOfKw1mB62%2F27gJ23%2F7dYHki%2BbudAPfD%2Fwg9ZpZWVqBnO7KFRxrxe0e347DttBEmNg%2F3t3lQdHPYj%2BDnkRSkz%2Bt%2FTDAyg%2BRp7dPyndcmmKd05llaalseiLjY%2Fz5dzUObKDMbUe0nxjnw3jJoR8eQgm39hXANNfmyoAUxPi%2FRyA5Rv7a4L17%2BxtyjRkDiaeQ90fQ%2BoxFB2DmxtQ4jEBuMD5C8iz9fPG1vTaHkqn6ITMPHsKVU%2FIzG9HkGffLGg1aF02uiqVyR0GaQM1GEMtjlFUmyhXPKh6E7z8HEr8SOaenUWerV1w2kCJ7TeCtEPDuCdnWSfqzcbzYTjLehGbTZNOFKSCdSWLdy1SagyVjqHlENQdRuU8VMpDlXqoCg%2BZ2G7RpJf6%2FnzK0ijqxpzzKOI86XZEIqK4m%2Fqo%2BFTDEGUxBNdDcHsdhb2OZTWErb6HW2rghAdXEvRFg1oS1I6gpgS1IqhLgrrf3BHaha5ZF9pVLNjv4X6PmpEpF1fpHVMuypysFjvkhalx3vN3j2BZbrfSpJuknYR3eCcJwoj1EiH8HpNRGAsZMQanGih3CNR5WFETcviz31GoCTm0MAdGN%2BH0Jrh6HbR6BbQezYc%2B6NIo7vpYydflQLaVgTANinIG5TVvVe%2BQl3aj6z2xkHzrvaN%2F3F6y918Dtw0K2%2BBT9YhgUd8aXTI1WbtkakceXChKlakVOo31cklLOXP3I3mtNlacOemGX53gU2A63rsiXXmW5kLli458vaCEkPa0sVyS7864q5JdrNzSQmXzqjh78f3TZ7LCSueUyceg6vEnD8HVhPw%2Fu7n7YV%2F99SaUHcNWDbJqi%2BwXlNkEL67DFVvHf3ny99NvTwHOEFh9wGGFh7pqRjZkB49aTUj05l%2FQcuv4xokPzx09%2Bg8oa%2BDkgQ1Mbj38c4%2B%2F6m5h0Xqg5Q3kWYO%2BbdDXDagewlWHR2Vht47%2FFO0WmPZGTFtvjWmrb%2B%2FZ69R2Kwli2WXdeS4Ek1wE82HUjXw%2FFCKe78mgh9JN%2BBePXv4XAAD%2F%2FwEAAP%2F%2FYvpml4wEAAA%3D HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=1f6a249e-b639-4722-b93b-f5631fdb8eb4:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 20:59:09 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ddc9238705a3b6fd309a3c410549d609
Strict-Transport-Security: max-age=0; includeSubdomains
specialistinsensitive.com/pixel/sbs?c=1
192.243.61.227200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbs?c=1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=1f6a249e-b639-4722-b93b-f5631fdb8eb4:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 20:59:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2Fh8Kkk&tfcd=0&npa=0&correlator=4099955880306211&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2Fh8Kkk&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F3b7867cd-d260-496e-af5a-fd4068a21fdd&sid=E4CCF8D1-12EB-4065-A461-00DE72C0AEC6&nel=0&eid=44748969%2C44765701&ref=https%3A%2F%2Fexe.io%2F&dlt=1669841944895&idt=2378&dt=1669841948376&cookie_enabled=1&scor=394397938633762&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
142.250.74.162200 OK 113 B URL HTTP/2 pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2Fh8Kkk&tfcd=0&npa=0&correlator=4099955880306211&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2Fh8Kkk&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F3b7867cd-d260-496e-af5a-fd4068a21fdd&sid=E4CCF8D1-12EB-4065-A461-00DE72C0AEC6&nel=0&eid=44748969%2C44765701&ref=https%3A%2F%2Fexe.io%2F&dlt=1669841944895&idt=2378&dt=1669841948376&cookie_enabled=1&scor=394397938633762&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
IP 142.250.74.162:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash 9e5d36292a75aef07bdde5891b2e4a7b
8d69904b7df5e550f1884e06c139bd9661eb2917
92ffc3ec51e068750c23ae95041fd670aa4aa60ce3a5295ad27d2179d0780168
GET /gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2Fh8Kkk&tfcd=0&npa=0&correlator=4099955880306211&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2Fh8Kkk&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F3b7867cd-d260-496e-af5a-fd4068a21fdd&sid=E4CCF8D1-12EB-4065-A461-00DE72C0AEC6&nel=0&eid=44748969%2C44765701&ref=https%3A%2F%2Fexe.io%2F&dlt=1669841944895&idt=2378&dt=1669841948376&cookie_enabled=1&scor=394397938633762&ged=ve4_td3_tt0_pd3_la3000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491 HTTP/1.1
Host: pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://imasdk.googleapis.com
google-lineitem-id: -2
google-creative-id: -2
google-mediationgroup-id: -2
google-mediationtag-id: -2
date: Wed, 30 Nov 2022 20:59:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 113
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 30-Nov-2022 21:14:09 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dd71cb59bfd5e31191d61da63fec244a
998886e4743fc393838dbee7a6632d392e268e73
54672c525e2462ddbb2e84b80945daede2e13469b8817d636dc12d5bb0b3bc47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54672C525E2462DDBB2E84B80945DAEDE2E13469B8817D636DC12D5BB0B3BC47"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10264
Expires: Wed, 30 Nov 2022 23:50:14 GMT
Date: Wed, 30 Nov 2022 20:59:10 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=1f6a249e-b639-4722-b93b-f5631fdb8eb4&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=1f6a249e-b639-4722-b93b-f5631fdb8eb4&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=1f6a249e-b639-4722-b93b-f5631fdb8eb4&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 30 Nov 2022 20:59:10 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7b3c3112f9c729c2a48c8f30b8a29e60
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=1f6a249e-b639-4722-b93b-f5631fdb8eb4&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=1f6a249e-b639-4722-b93b-f5631fdb8eb4&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=1f6a249e-b639-4722-b93b-f5631fdb8eb4&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 30 Nov 2022 20:59:10 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 978468243f5a8b098d3abca963ca11e3
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8d5f53eac27302554bb029ae36aa283c
2d71b909d1a1bbe2e81269d0c6200ba807fcd4aa
a4644d46e0e2b270572d06530145486bac01335dada14ccd6079bd9543e710d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AMLnZu963zs2x_vazA_wLB3o0dpVXT4JQPjg6w2qdhuS=s48-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 960 B URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu963zs2x_vazA_wLB3o0dpVXT4JQPjg6w2qdhuS=s48-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 48x48, components 3\012- data
Hash d26eca81b01efbe736095b17b8248c2f
105548850de3ab6765b7fafe6f0e2f26ad6a9498
67cc72a2e9d70732211ff30a5c1decb892810b431774b5d16a5e650d487d6d11
GET /ytc/AMLnZu963zs2x_vazA_wLB3o0dpVXT4JQPjg6w2qdhuS=s48-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 960
x-xss-protection: 0
date: Wed, 30 Nov 2022 20:59:10 GMT
expires: Tue, 29 Nov 2022 13:53:57 GMT
cache-control: public, max-age=86400, no-transform
etag: "v11"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/interaction/?ai=CAwerHsSHY5-OF8Xq6wSYzIiwB-vNmttt89in5doQ_bSK56ALEAEgrNaJRmDDhICAmBigAaD71ZooyAEFqQIp7d_kwJclPuACAKgDAZgEAKoEpgJP0M_yc5NmqgV4WImS6705Aad2tdw8XuZArKHM5MwflK8sSzA88TVtJ95JETeza2Dw70GTsGuSnipi6btiuCdWijU17NcW3hDW38dFhHBasdHkcrteNT9Ys4RHPO30rn47M0VPxmNr8CVa-cjSI0k_sWXMHUpr7cWgNUWWpAMe2dGUv27UWh-TV9g5OhWLP4dEgjs4QpOFCTL8LHROLoz_eyGGzIb9wsietR1bVML-Y4Zb9M8DJMFAaJV6OiVw1OMEBf4kCPzYgTSUxSqPeJgMsGRXIJp1yS8SAqhnP3WMoNTGYN4cXpeq7_g-TbPHHuKWjkRnlG9Ex0GaIyGLLRr4ud1VFQXgAFIDHUCxqlkRcjAurysB2Wx1rGjDKkQoRKghgADkswDABL7z_OmMBOAEAaAGVIAHoLOm-gKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwGoCAHSCBIIiOGAEBABGB0yA6qCAToCgECxCQMbbZgPLCemgAoDmAsByAsB0AsPuAwBmg0BD9gTAtAVAfgWAYAXAQ&sigh=TVRp2LbOisY&label=show_ad&sdkv=h.3.547.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDU3NDEyNzQ2NzYzNTIMNjM1NTIzODQ5MzAyQPkBUiMQDyUAAHdDKAE6C01oNE51Mk1IUTJVQglnb29nbGVhZHNQABgB
216.58.207.226200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/interaction/?ai=CAwerHsSHY5-OF8Xq6wSYzIiwB-vNmttt89in5doQ_bSK56ALEAEgrNaJRmDDhICAmBigAaD71ZooyAEFqQIp7d_kwJclPuACAKgDAZgEAKoEpgJP0M_yc5NmqgV4WImS6705Aad2tdw8XuZArKHM5MwflK8sSzA88TVtJ95JETeza2Dw70GTsGuSnipi6btiuCdWijU17NcW3hDW38dFhHBasdHkcrteNT9Ys4RHPO30rn47M0VPxmNr8CVa-cjSI0k_sWXMHUpr7cWgNUWWpAMe2dGUv27UWh-TV9g5OhWLP4dEgjs4QpOFCTL8LHROLoz_eyGGzIb9wsietR1bVML-Y4Zb9M8DJMFAaJV6OiVw1OMEBf4kCPzYgTSUxSqPeJgMsGRXIJp1yS8SAqhnP3WMoNTGYN4cXpeq7_g-TbPHHuKWjkRnlG9Ex0GaIyGLLRr4ud1VFQXgAFIDHUCxqlkRcjAurysB2Wx1rGjDKkQoRKghgADkswDABL7z_OmMBOAEAaAGVIAHoLOm-gKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwGoCAHSCBIIiOGAEBABGB0yA6qCAToCgECxCQMbbZgPLCemgAoDmAsByAsB0AsPuAwBmg0BD9gTAtAVAfgWAYAXAQ&sigh=TVRp2LbOisY&label=show_ad&sdkv=h.3.547.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDU3NDEyNzQ2NzYzNTIMNjM1NTIzODQ5MzAyQPkBUiMQDyUAAHdDKAE6C01oNE51Mk1IUTJVQglnb29nbGVhZHNQABgB
IP 216.58.207.226:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/interaction/?ai=CAwerHsSHY5-OF8Xq6wSYzIiwB-vNmttt89in5doQ_bSK56ALEAEgrNaJRmDDhICAmBigAaD71ZooyAEFqQIp7d_kwJclPuACAKgDAZgEAKoEpgJP0M_yc5NmqgV4WImS6705Aad2tdw8XuZArKHM5MwflK8sSzA88TVtJ95JETeza2Dw70GTsGuSnipi6btiuCdWijU17NcW3hDW38dFhHBasdHkcrteNT9Ys4RHPO30rn47M0VPxmNr8CVa-cjSI0k_sWXMHUpr7cWgNUWWpAMe2dGUv27UWh-TV9g5OhWLP4dEgjs4QpOFCTL8LHROLoz_eyGGzIb9wsietR1bVML-Y4Zb9M8DJMFAaJV6OiVw1OMEBf4kCPzYgTSUxSqPeJgMsGRXIJp1yS8SAqhnP3WMoNTGYN4cXpeq7_g-TbPHHuKWjkRnlG9Ex0GaIyGLLRr4ud1VFQXgAFIDHUCxqlkRcjAurysB2Wx1rGjDKkQoRKghgADkswDABL7z_OmMBOAEAaAGVIAHoLOm-gKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwGoCAHSCBIIiOGAEBABGB0yA6qCAToCgECxCQMbbZgPLCemgAoDmAsByAsB0AsPuAwBmg0BD9gTAtAVAfgWAYAXAQ&sigh=TVRp2LbOisY&label=show_ad&sdkv=h.3.547.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDU3NDEyNzQ2NzYzNTIMNjM1NTIzODQ5MzAyQPkBUiMQDyUAAHdDKAE6C01oNE51Mk1IUTJVQglnb29nbGVhZHNQABgB HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Nov 2022 20:59:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
access-control-allow-origin: *
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 30-Nov-2022 21:14:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 382c1733f9497b7791c18c60dc8537c6
a2be98ceda31a9968404e1f6b0dfea709fd3dbdb
a3f13b45c77ccbe6478de1a0e363f67d0b914b42492cb8a851da4a2d3e9d4955
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8d5f53eac27302554bb029ae36aa283c
2d71b909d1a1bbe2e81269d0c6200ba807fcd4aa
a4644d46e0e2b270572d06530145486bac01335dada14ccd6079bd9543e710d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 382c1733f9497b7791c18c60dc8537c6
a2be98ceda31a9968404e1f6b0dfea709fd3dbdb
a3f13b45c77ccbe6478de1a0e363f67d0b914b42492cb8a851da4a2d3e9d4955
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:59:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr1---sn-capm-vnae.googlevideo.com/videoplayback?expire=1669870750&ei=HsSHY_SuIK6Sv_IP9_WQmAg&ip=91.90.42.154&id=321e0dbb63074365&itag=22&source=youtube&requiressl=yes&mh=4d&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=247.338&lmt=1669716927964888&mt=1669841623&txp=5532434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhAK-MgJgtUb56IgrFT3zslQvogWg-2jvj7CpMDpkWph6hAiAEDscyQ4bar5164F81r1NDKFBJxLwYzKgkonInp7tftQ==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhANcGC5U50_Inh7Y1SUPJVpwaj51NSK-qJw62fhNWqQc7AiEA8yZfWa8hhhQmW-mYJqJaUPk7AwsbMaiYCQdXLx1Qc9k=&cpn=P8wpFBAOWrOVwZ8N
91.90.45.172206 Partial Content 72 kB URL HTTP/1.1 rr1---sn-capm-vnae.googlevideo.com/videoplayback?expire=1669870750&ei=HsSHY_SuIK6Sv_IP9_WQmAg&ip=91.90.42.154&id=321e0dbb63074365&itag=22&source=youtube&requiressl=yes&mh=4d&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=247.338&lmt=1669716927964888&mt=1669841623&txp=5532434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhAK-MgJgtUb56IgrFT3zslQvogWg-2jvj7CpMDpkWph6hAiAEDscyQ4bar5164F81r1NDKFBJxLwYzKgkonInp7tftQ==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhANcGC5U50_Inh7Y1SUPJVpwaj51NSK-qJw62fhNWqQc7AiEA8yZfWa8hhhQmW-mYJqJaUPk7AwsbMaiYCQdXLx1Qc9k=&cpn=P8wpFBAOWrOVwZ8N
IP 91.90.45.172:0
ASN #50304 Blix Solutions AS
File type ISO Media, MP4 v2 [ISO 14496-14]\012- data
Hash 4189f5fd11c6ecbc18e88f14ecbc0e5a
b15a1e47f4d0cb106a78311b740d474a1fa5918a
b9842eb9a5dd3ae87aef8688d4a67c4a439e3eca56fca933ae9eba07dc96e372
GET /videoplayback?expire=1669870750&ei=HsSHY_SuIK6Sv_IP9_WQmAg&ip=91.90.42.154&id=321e0dbb63074365&itag=22&source=youtube&requiressl=yes&mh=4d&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=247.338&lmt=1669716927964888&mt=1669841623&txp=5532434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhAK-MgJgtUb56IgrFT3zslQvogWg-2jvj7CpMDpkWph6hAiAEDscyQ4bar5164F81r1NDKFBJxLwYzKgkonInp7tftQ==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhANcGC5U50_Inh7Y1SUPJVpwaj51NSK-qJw62fhNWqQc7AiEA8yZfWa8hhhQmW-mYJqJaUPk7AwsbMaiYCQdXLx1Qc9k=&cpn=P8wpFBAOWrOVwZ8N HTTP/1.1
Host: rr1---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Last-Modified: Tue, 29 Nov 2022 10:15:27 GMT
Content-Type: video/mp4
Date: Wed, 30 Nov 2022 20:59:10 GMT
Expires: Wed, 30 Nov 2022 20:59:10 GMT
Cache-Control: private, max-age=28500
Content-Range: bytes 0-34221847/34221848
Accept-Ranges: bytes
Content-Length: 34221848
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lb44s3zs&c=7203153600185&slotId=3601576800092.5&eee=missing-element&bi=missing-id
172.217.17.227204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lb44s3zs&c=7203153600185&slotId=3601576800092.5&eee=missing-element&bi=missing-id
IP 172.217.17.227:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&top=1&puid=1~lb44s3zs&c=7203153600185&slotId=3601576800092.5&eee=missing-element&bi=missing-id HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Wed, 30 Nov 2022 20:59:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=ima&top=1&puid=2~lb44s6bv&c=7203153600185&slotId=3601576800092.5&met.4=hvd_lc.lb44s6bv~hvd_ad.lb44s6bv~hvd_mad.lb44s6bv~hvd_admu.lb44s6bv~hvd_src.lb44s6bv
172.217.17.227204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&top=1&puid=2~lb44s6bv&c=7203153600185&slotId=3601576800092.5&met.4=hvd_lc.lb44s6bv~hvd_ad.lb44s6bv~hvd_mad.lb44s6bv~hvd_admu.lb44s6bv~hvd_src.lb44s6bv
IP 172.217.17.227:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&top=1&puid=2~lb44s6bv&c=7203153600185&slotId=3601576800092.5&met.4=hvd_lc.lb44s6bv~hvd_ad.lb44s6bv~hvd_mad.lb44s6bv~hvd_admu.lb44s6bv~hvd_src.lb44s6bv HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: *
date: Wed, 30 Nov 2022 20:59:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/games/nutaku/multi/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:09 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 15 Sep 2022 10:38:26 GMT
etag: W/"632300a2-514"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 30 Nov 2022 21:59:09 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.198.35200 OK 0 B IP 172.64.198.35:0
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:06 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1845
last-modified: Wed, 30 Nov 2022 20:28:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HX0AWJuWkg5HcLwlEia2J1obw%2Fh6tj4n9JFw4KQdc8o9WMG%2B2yByRLigLSq1D0dM5k4sKYJLuUDFM7eudJQaVnmkm8k0w%2FfrabxOKZMG0OzBGileitu%2Fs7gc5z1MekEu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77268145ca5a8e14-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.vdo.ai/core/v-exee-app/vdo.ai.js
172.64.104.3200 OK 0 B URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP 172.64.104.3:0
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:06 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.2.30
vdo-server: Tag3
x-varnish: 898755 1050198
age: 3413
via: 1.1 varnish-v4
x-cache: HIT
cache-control: max-age=1800
cf-cache-status: HIT
last-modified: Wed, 30 Nov 2022 20:02:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hGjZ%2Bc9qA9uinaQNvDT1XGHQz8NF1xldqFaHs97VAssSNSjdXIwwmGR%2F1ccYi3jtaLJo6fY5guc26bKBuTAPcKNwF16zp541RsJhZugh6DQkRnDJGw3aDt8EPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772681455af70089-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.105.3200 OK 0 B IP 172.64.105.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 178
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:08 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sn4jjpe75cwm1t0EfO34XXXa4WLaTuPhKsUVlJ7yxLqoUCxWpaV4EdfnooC37FxJdQsbc970fk21ZRePsZ1bqM1QYSWz86uqNIFQKaM0yhvaQqrsLLH6mvojHrYO2uCDW7b2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772681518fd88e27-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.105.3200 OK 0 B IP 172.64.105.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 177
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:07 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=osSG4Ka5TABcb9hoHsm%2FMGEbERprseEGcr1NUnmZY8VnhfF7mAMT5hcDdGkcE8snGFAVh3cbciprR558UsDonBXnQObqd1%2BNphlhFyjihni3JH3oHV7%2FwrW4ZUMedmCI0EGf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726814d7a0f8e27-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.105.3200 OK 0 B IP 172.64.105.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 186
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:08 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RnVJ3xNWfYncISjCbEtmgNXPjIKXcBel%2FP8EcPpprEB7PbYGPe9eBvhMqcGNdYbndEAzwl%2Fio9QewVmsyNX2Y1eBg%2FTXJGkQGvCHChUK7uxpuAfcsXCuulOnjNeeHBdw3eXH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772681518fe38e27-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.105.3200 OK 0 B IP 172.64.105.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 180
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:08 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KkA5hxsOe%2FFXOdQaKzx3mfALKXeveBcta7AhH7Do5T98De7GbTiTvpUu7%2Fg45553e5I9y7e1fx4gj9KtsAE7pXOetgmcNhxNlJPKbsNWy6iAVR2hYgCZ9bcOUoZe5kg5pb91"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77268151a8058e27-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: gT06QFYb1I/6wbJ0Hdqdx1AEtnp90z4dE+xvvV+kM3G8gMmxlnKBerXH+CttjZvKOcYrkqpdohqA1724wf2MpQ==
date: Wed, 30 Nov 2022 20:59:07 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.106:0
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 30 Nov 2022 20:59:06 GMT
date: Wed, 30 Nov 2022 20:59:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.198.35200 OK 0 B IP 172.64.198.35:0
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:06 GMT
content-type: text/plain
set-cookie: csu=615783861361417@1@1669841946; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PuqtHDDzcrmJOxsqFZ6UHdSG3wkKUqUu8JI2CXciFSoyVnv0AISZEDVM7EyvLX1hn9tBA7To23HOFMtcAGikT5bIpN8nc42uPedWK4oPzBdsrYGXiB7yqm8sBzpu%2BA0W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77268145ba4c8e14-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
IP 172.64.108.13:0
GET /sb/notifications/games/nutaku/multi/2/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:09 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Aug 2022 08:55:17 GMT
etag: W/"62fdfe75-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1321528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BPsmKIavZm9b84L8k48KR2DJPZ6CsPniUvrJNp77BOni0QAFh9BWZbH7K8rjeart3g514qyNRa0EcIGMmTFwpbFQD61P0PF8oD4sXxT1JrVfkbbtVRTEjLOW5OgkjXNc1wlSaeSpIuXF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772681570d0971a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2Fh8Kkk&tag=v-exee-app&domain=exee.app
172.64.105.3200 OK 0 B URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2Fh8Kkk&tag=v-exee-app&domain=exee.app
IP 172.64.105.3:0
GET /allowed_url.php?type=json&url=exee.app%2Fh8Kkk&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:59:06 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k1oRcv1wrLF%2F9UdO00sYtER4mKfS8aAHr%2B21fiWowpU1zTrrY%2FFAQ3u9bkcbl0RYK059HgU%2BcgzS%2B1wtQIMSjFbiFHJXRnEKUo2Ro%2FSC0niYlGSLIN1elac2O36FUH6enCf0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772681463ef98e27-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2