exe.app/gvBDalS
172.67.136.149301 Moved Permanently 0 B IP 172.67.136.149:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /gvBDalS HTTP/1.1
Host: exe.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 12 Sep 2022 20:52:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Sep 2022 21:52:35 GMT
Location: https://exe.app/gvBDalS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OeSUI5SUeJiyghXCtnqGDsiEWedo1M5YlYft5fSUUYFm4BlQYX0AjYNMVqZPMaks6qcGpW7WkphwsTLc1AmvgFSciwWOUmGlGfagknUVTVtX8dZumZ4MRa9B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 749b8719da1db50c-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14111
Expires: Tue, 13 Sep 2022 00:47:46 GMT
Date: Mon, 12 Sep 2022 20:52:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 12 Sep 2022 20:08:19 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FT-aZwv4UMiSTTpXIBoy3W03q_5l-5YveTSQ77-gXCPiill9M-QX4A==
Age: 2656
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: FgDv4dNMiS7zs4T_WoPhSzewndlPNDOFEM6fzvoIAW_jM4AEcWUO9w==
age: 48923
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 20:52:35 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6526c70eb74c821b7a95487ad9a4e13d
0b8c610a7755437ab815b845f52cbb27e6c95008
059d15ca6ac7cb1830286ae635731e03b56c01d7d050291dabe2b3f3db866c9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ec7a5bb8e310f5c9c992cf85832d5445
e32b8e200a79da9008985e8e6c272f35b02581c5
6391e4c68631e272509ade559b8f568b03dd88be1956906332ae584f9faee00a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (1615)
Hash 98149f56dc5403affc8bc52d36e543d7
aaabb6e4de8dd9bd4816cf135086488dd2284eff
a6420e773ebd6e3f4b75a7046fe112aef5feb5ac40179dc197a04cc28b3d83b3
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 12 Sep 2022 20:52:36 GMT
expires: Mon, 12 Sep 2022 20:52:36 GMT
cache-control: private, max-age=900
last-modified: Mon, 12 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41968
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.10200 OK 1.4 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.10:0
Hash 15b43b9b9439c5462d0ec9fc79d67341
b70c1f6a5a4acbf9ed8eace975307f170f59ec8a
d7d65ca3d6898d58bc59f96d168cd1ce6eec0c8e9dbf96938f2c5de8720015a0
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 12 Sep 2022 20:52:36 GMT
date: Mon, 12 Sep 2022 20:52:36 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6526c70eb74c821b7a95487ad9a4e13d
0b8c610a7755437ab815b845f52cbb27e6c95008
059d15ca6ac7cb1830286ae635731e03b56c01d7d050291dabe2b3f3db866c9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ec7a5bb8e310f5c9c992cf85832d5445
e32b8e200a79da9008985e8e6c272f35b02581c5
6391e4c68631e272509ade559b8f568b03dd88be1956906332ae584f9faee00a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nh.eugeniecor.com/1clkn/29529
172.255.6.231200 OK 26 B URL HTTP/1.1 nh.eugeniecor.com/1clkn/29529
IP 172.255.6.231:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: nh.eugeniecor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:52:36 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Tue, 13-Sep-2022 20:52:36 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Tue, 13-Sep-2022 20:52:36 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fc25454d8e834e5629e19af9c11eaec4
567b16c5bbfea8ba4badf8d2538faa3b9718f548
77cd47c7b4171cf0275f1d97afc42f8bd84bc6661b5239b596d66b0e76ef21e5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "77CD47C7B4171CF0275F1D97AFC42F8BD84BC6661B5239B596D66B0E76EF21E5"
Last-Modified: Mon, 12 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6657
Expires: Mon, 12 Sep 2022 22:43:33 GMT
Date: Mon, 12 Sep 2022 20:52:36 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fc25454d8e834e5629e19af9c11eaec4
567b16c5bbfea8ba4badf8d2538faa3b9718f548
77cd47c7b4171cf0275f1d97afc42f8bd84bc6661b5239b596d66b0e76ef21e5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "77CD47C7B4171CF0275F1D97AFC42F8BD84BC6661B5239B596D66B0E76EF21E5"
Last-Modified: Mon, 12 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6657
Expires: Mon, 12 Sep 2022 22:43:33 GMT
Date: Mon, 12 Sep 2022 20:52:36 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dc1a212f9b6fef727984d1c2d069d864
9bda38c848ece2871025878ec551bd9166f48bfc
565e82ed2ff159de980617ddf843ea226adea075940da3e4c84e59e3f2d301a4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "565E82ED2FF159DE980617DDF843EA226ADEA075940DA3E4C84E59E3F2D301A4"
Last-Modified: Sun, 11 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7155
Expires: Mon, 12 Sep 2022 22:51:51 GMT
Date: Mon, 12 Sep 2022 20:52:36 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 12 Sep 2022 19:56:07 GMT
Expires: Mon, 12 Sep 2022 20:36:03 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2v2Bm_y_3706H72Vbo7EbmM1PPfrZLqQo2VaVh790HmKoiqleALM3A==
Age: 3389
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
142.250.74.163200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exe.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 12 Sep 2022 19:07:15 GMT
expires: Tue, 12 Sep 2023 19:07:15 GMT
cache-control: public, max-age=31536000
age: 6321
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exe.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 08:31:01 GMT
expires: Wed, 06 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 562895
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fc25454d8e834e5629e19af9c11eaec4
567b16c5bbfea8ba4badf8d2538faa3b9718f548
77cd47c7b4171cf0275f1d97afc42f8bd84bc6661b5239b596d66b0e76ef21e5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "77CD47C7B4171CF0275F1D97AFC42F8BD84BC6661B5239B596D66B0E76EF21E5"
Last-Modified: Mon, 12 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6657
Expires: Mon, 12 Sep 2022 22:43:33 GMT
Date: Mon, 12 Sep 2022 20:52:36 GMT
Connection: keep-alive
cdnjs.cloudflare.com/ajax/libs/fuckadblock/3.2.1/fuckadblock.min.js
104.17.24.14200 OK 1.3 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/fuckadblock/3.2.1/fuckadblock.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (4741), with no line terminators
Hash 66105838a23d33ffeaff1b46e91493da
5ca20cb4e7995221de8b651b358ec60d0a657adb
06cf1ec54b9a6bf5bddc7baba5a4ed8d2306f40872681a0234b57526eab1643f
GET /ajax/libs/fuckadblock/3.2.1/fuckadblock.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exe.app
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:52:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 1309
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e6b-1285"
last-modified: Mon, 04 May 2020 16:10:19 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 3460392
expires: Sat, 02 Sep 2023 20:52:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Nz%2BUwgD9vIn7wYlHHA6ajmGrTWMyRdwQtkIk3qCJQVRfypTA2%2B%2F02%2B2AJ9oeH8I3CyyNMhAMlW%2B7NXDQHUGYg1wTb4KG6yevBViouTh%2BVVunGCHeS800BK82cuyq4vQL0WCckxr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 749b8720ccc20b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yresumeform.autos/utx?cb=CL2f3fMFGfl9&top=exe.app&tid=889494
54.230.111.51204 No Content 0 B URL HTTP/2 yresumeform.autos/utx?cb=CL2f3fMFGfl9&top=exe.app&tid=889494
IP 54.230.111.51:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=CL2f3fMFGfl9&top=exe.app&tid=889494 HTTP/1.1
Host: yresumeform.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exe.app
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 20:52:36 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exe.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 12 Sep 2022 20:53:36 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7O9h1tiEphHs2kWSgeOqgPSaphetEthj6KSr58PyWkiKDXNWd_JW1g==
X-Firefox-Spdy: h2
yresumeform.autos/OTF2a3RYUxUGS1gMFE0BS11LTkZ/FEQtEAoABgNMX1cCCUBLAg5FF1VeAw8SS14YH1pXVAJORn9DIi4ibFIwJgJyWxk8Fn1WBSYxCEMQBRBRYBsPBXVIFQ0kbUlCKTV0Wjo/RFd8JCFDXWYVDhBtVlNZMnR0RwEVUFpHIx5rSS8RMVx8Pi1EWlkzWDhXWRE9HVoJPQFNd3g1X0xpYztdOFNSESgsbAQ8LB9dYTIyB3ZzARIVYVIlOSwICS8sLnhUDDlEY2cgDDBUcxs6MAFdPRIxcFUYXkV1dB4HMQp/ET0jeH4vLC54eCIbE2NLMBoRVEUdPCxjFEQpEG0cOz05elIHCCFwZxAFIlVgMSVNXWYgPS1hRhw7JXADPQIbSmchLj9fdjwOLQteAQohfBccGBtXQUs7B05QDhg1eAZGWBo
54.230.111.51200 OK 1.2 kB URL HTTP/2 yresumeform.autos/OTF2a3RYUxUGS1gMFE0BS11LTkZ/FEQtEAoABgNMX1cCCUBLAg5FF1VeAw8SS14YH1pXVAJORn9DIi4ibFIwJgJyWxk8Fn1WBSYxCEMQBRBRYBsPBXVIFQ0kbUlCKTV0Wjo/RFd8JCFDXWYVDhBtVlNZMnR0RwEVUFpHIx5rSS8RMVx8Pi1EWlkzWDhXWRE9HVoJPQFNd3g1X0xpYztdOFNSESgsbAQ8LB9dYTIyB3ZzARIVYVIlOSwICS8sLnhUDDlEY2cgDDBUcxs6MAFdPRIxcFUYXkV1dB4HMQp/ET0jeH4vLC54eCIbE2NLMBoRVEUdPCxjFEQpEG0cOz05elIHCCFwZxAFIlVgMSVNXWYgPS1hRhw7JXADPQIbSmchLj9fdjwOLQteAQohfBccGBtXQUs7B05QDhg1eAZGWBo
IP 54.230.111.51:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3018), with no line terminators
Hash a6a1387eba6b182c9916fe4318e2b45f
429acdb4c4fc89949ea275caf10b4a1bff64ebd3
7e3b74de7e593dd270cc8f61e43b594326e769ab4d818decf86d277ee52fe6c5
GET /OTF2a3RYUxUGS1gMFE0BS11LTkZ/FEQtEAoABgNMX1cCCUBLAg5FF1VeAw8SS14YH1pXVAJORn9DIi4ibFIwJgJyWxk8Fn1WBSYxCEMQBRBRYBsPBXVIFQ0kbUlCKTV0Wjo/RFd8JCFDXWYVDhBtVlNZMnR0RwEVUFpHIx5rSS8RMVx8Pi1EWlkzWDhXWRE9HVoJPQFNd3g1X0xpYztdOFNSESgsbAQ8LB9dYTIyB3ZzARIVYVIlOSwICS8sLnhUDDlEY2cgDDBUcxs6MAFdPRIxcFUYXkV1dB4HMQp/ET0jeH4vLC54eCIbE2NLMBoRVEUdPCxjFEQpEG0cOz05elIHCCFwZxAFIlVgMSVNXWYgPS1hRhw7JXADPQIbSmchLj9fdjwOLQteAQohfBccGBtXQUs7B05QDhg1eAZGWBo HTTP/1.1
Host: yresumeform.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1175
date: Mon, 12 Sep 2022 20:52:36 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ip-dMoBRQERFfJ68gh_EUso8gqtYhK8AyH307_nzyMEzb7niZFqygg==
X-Firefox-Spdy: h2
lcreatessque.xyz/RjRhQ2RpCwIwWR8GWAoBDlwDFFcEejIFJiNRCgEmEFgFezcTBEc3DSIJWXFWcwZVZRQvUFxyQjVAADcRNQlQZQ0oUg5+QjAJUG1XchpTe0p3EhR+VWBAESIDewVHMxAyWFxyUnAHUXJRfwBVc1J3
104.21.81.70204 No Content 0 B URL HTTP/2 lcreatessque.xyz/RjRhQ2RpCwIwWR8GWAoBDlwDFFcEejIFJiNRCgEmEFgFezcTBEc3DSIJWXFWcwZVZRQvUFxyQjVAADcRNQlQZQ0oUg5+QjAJUG1XchpTe0p3EhR+VWBAESIDewVHMxAyWFxyUnAHUXJRfwBVc1J3
IP 104.21.81.70:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /RjRhQ2RpCwIwWR8GWAoBDlwDFFcEejIFJiNRCgEmEFgFezcTBEc3DSIJWXFWcwZVZRQvUFxyQjVAADcRNQlQZQ0oUg5+QjAJUG1XchpTe0p3EhR+VWBAESIDewVHMxAyWFxyUnAHUXJRfwBVc1J3 HTTP/1.1
Host: lcreatessque.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 20:52:36 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6k3UrZ0PdH3jBhR93WiDrU1uSYSfFcElKW%2FVyV%2BKxa5Q95DI36yYthdt9lC7N8yhbNBvNt9XgrtBJA6Cf6ZKZr%2BxCtCfxFXm94FxucIsN6Qrz5rEMwpeF85GtRXDLCRTMmHL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749b87201e41b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
yresumeform.autos/utx?cb=q7K8Q4aJOxtt&top=exe.app&tid=822524
54.230.111.51204 No Content 0 B URL HTTP/2 yresumeform.autos/utx?cb=q7K8Q4aJOxtt&top=exe.app&tid=822524
IP 54.230.111.51:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=q7K8Q4aJOxtt&top=exe.app&tid=822524 HTTP/1.1
Host: yresumeform.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exe.app
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 20:52:36 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exe.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 12 Sep 2022 20:53:36 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MCdvOq82VKgYhXp0TPIY_7OsWwlVIOomDKdyBpODDHlTKKoE49vfBw==
X-Firefox-Spdy: h2
lcreatessque.xyz/TVZMSjliaS85BABmAX9rCTUHLl4hLg0LSX0VfxN4Dx4dCF0MYmo+UClrdH4Kf2B9bEkkMnF7AWslOCtNOCVxex8kOColBGsgcXsXfXh9ZAprI3F7HzkmLS0EfHA8Pk0ha318D35mfX8AeWJ9eQ0
104.21.81.70204 No Content 0 B URL HTTP/2 lcreatessque.xyz/TVZMSjliaS85BABmAX9rCTUHLl4hLg0LSX0VfxN4Dx4dCF0MYmo+UClrdH4Kf2B9bEkkMnF7AWslOCtNOCVxex8kOColBGsgcXsXfXh9ZAprI3F7HzkmLS0EfHA8Pk0ha318D35mfX8AeWJ9eQ0
IP 104.21.81.70:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /TVZMSjliaS85BABmAX9rCTUHLl4hLg0LSX0VfxN4Dx4dCF0MYmo+UClrdH4Kf2B9bEkkMnF7AWslOCtNOCVxex8kOColBGsgcXsXfXh9ZAprI3F7HzkmLS0EfHA8Pk0ha318D35mfX8AeWJ9eQ0 HTTP/1.1
Host: lcreatessque.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 20:52:36 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k35eZ73yc%2BOsXo8wRtTGEHzQjktbi5aJmIHReXHup6GVrm3LO2VwJ4w2yHAENUWPqnAewFbpPLX1AdMSVHo%2BtAMjbP5zEoKcJKfEQu9QIi9qt3v8ED5D5JoJgyOG4TiwCgUh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749b87203e61b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lcreatessque.xyz/WFJXT3R3bTQ8STxiOws7HgARKSwBHA4KNn1gFSwDMDkGBxhrEWUGUiw7M3JMYGtjdkB+Ij4rSWl0JDsVLCckckV+OzkpG2V0IXJFdmFjYUZgfGZpAWVjcTsEOTVqflIoJiMjSWlkYXxEaWdue0BpY2Q
104.21.81.70204 No Content 0 B URL HTTP/2 lcreatessque.xyz/WFJXT3R3bTQ8STxiOws7HgARKSwBHA4KNn1gFSwDMDkGBxhrEWUGUiw7M3JMYGtjdkB+Ij4rSWl0JDsVLCckckV+OzkpG2V0IXJFdmFjYUZgfGZpAWVjcTsEOTVqflIoJiMjSWlkYXxEaWdue0BpY2Q
IP 104.21.81.70:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /WFJXT3R3bTQ8STxiOws7HgARKSwBHA4KNn1gFSwDMDkGBxhrEWUGUiw7M3JMYGtjdkB+Ij4rSWl0JDsVLCckckV+OzkpG2V0IXJFdmFjYUZgfGZpAWVjcTsEOTVqflIoJiMjSWlkYXxEaWdue0BpY2Q HTTP/1.1
Host: lcreatessque.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 20:52:36 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPLB%2BGSq9GpJbxmLNy4oxj1WhY58TTmKlCisSt5Uus4uiWw7jbFiv%2BWAJ8m0eoZPNAJRcDK7m1tvoLM3oRhxg6nqFtlDdCJx4Xu5QomAkauMoweb1F7E%2BKpHuEiX0ousSjXn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749b87201e44b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
yresumeform.autos/OVdqaVhYNQkEZ1hqCE8tSztXTGp/clgvPApmGgFgXzEeC2xLZBJHO1U4Hw0+SzgEHXZXMh5Man8cOzECfTI9AjF+BFoPDlMCDCNoawUOPA5BA1sBNnETKz4aQxEmLw1KIy0sFVscOSwefj4FERBtGlwmDgEzJRESHGUoOg0BIywQaFwBLQoMdQUaPDt/FgMhCU1vOwQNdBQiHjp1FicoFGs4AzEeSh87W2lzAyInH1ggLDA7fxkdJmhBLTgAYGgVEDgXYzweMxdsYlsjNABmP1oZDgMiJx90BlMkO1MzXD1oXS8yWwJ1ADkwDHAVIy4CfAYsOmlVIDgHdXcePTEabTQ/AghyFjsEEE4OXzxrfHJYLw1xMzMKaQE0DCw7Hz0ZBjZJajxbHGBiMjkQfTsDISxLGxA
54.230.111.51200 OK 1.2 kB URL HTTP/2 yresumeform.autos/OVdqaVhYNQkEZ1hqCE8tSztXTGp/clgvPApmGgFgXzEeC2xLZBJHO1U4Hw0+SzgEHXZXMh5Man8cOzECfTI9AjF+BFoPDlMCDCNoawUOPA5BA1sBNnETKz4aQxEmLw1KIy0sFVscOSwefj4FERBtGlwmDgEzJRESHGUoOg0BIywQaFwBLQoMdQUaPDt/FgMhCU1vOwQNdBQiHjp1FicoFGs4AzEeSh87W2lzAyInH1ggLDA7fxkdJmhBLTgAYGgVEDgXYzweMxdsYlsjNABmP1oZDgMiJx90BlMkO1MzXD1oXS8yWwJ1ADkwDHAVIy4CfAYsOmlVIDgHdXcePTEabTQ/AghyFjsEEE4OXzxrfHJYLw1xMzMKaQE0DCw7Hz0ZBjZJajxbHGBiMjkQfTsDISxLGxA
IP 54.230.111.51:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3006), with no line terminators
Hash f52fb9041c75496951dffedc35a71126
abf95fd9515e41961badbfdcadc38ad5574acc42
ef6ba1894f8db42fef40181b6d0a65536fc180bd11d346e2321f2f78c0e6a71e
GET /OVdqaVhYNQkEZ1hqCE8tSztXTGp/clgvPApmGgFgXzEeC2xLZBJHO1U4Hw0+SzgEHXZXMh5Man8cOzECfTI9AjF+BFoPDlMCDCNoawUOPA5BA1sBNnETKz4aQxEmLw1KIy0sFVscOSwefj4FERBtGlwmDgEzJRESHGUoOg0BIywQaFwBLQoMdQUaPDt/FgMhCU1vOwQNdBQiHjp1FicoFGs4AzEeSh87W2lzAyInH1ggLDA7fxkdJmhBLTgAYGgVEDgXYzweMxdsYlsjNABmP1oZDgMiJx90BlMkO1MzXD1oXS8yWwJ1ADkwDHAVIy4CfAYsOmlVIDgHdXcePTEabTQ/AghyFjsEEE4OXzxrfHJYLw1xMzMKaQE0DCw7Hz0ZBjZJajxbHGBiMjkQfTsDISxLGxA HTTP/1.1
Host: yresumeform.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1165
date: Mon, 12 Sep 2022 20:52:36 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kwqTzsGXyEnuKmAksQXQ20Q-GZIj75NmQ38sFQPm-B0XDV2xPSaHZg==
X-Firefox-Spdy: h2
yresumeform.autos/bUpTSk4MKDAncQx3MWw7HyZub3wrb2EMKl57IyJ2CywnKHofeStkLQElJi4oHyU9PmADLydvfCs9BQI+LisGen0rGSQaLQQLBwAiP3sxDwBfHxsmNygOFg0HFBgbBiZdCRwjBBUdFy0XKDIwcwE6eicQDF15Hg8qFB4qD38rCQUfLxcPBgMYP3IwIj0ACWAIKTUOChAHB3MbBx8eegMYJR8JKXIpLHgCKQIqIQsGHCAhHAgXBx4bch05eCsQLyoQGCsmK3IJHHcVAWEiIz4jZwsHFA8QEH8Zcx8PBF0EPT4pNXkWOC8qEBgHDFQlCTA6WhJhBCU4eH4uLAseHiwHPAM6KRsKDwR5fwEZPQAXCx0FLC0rISEaHwokFzMHHhJgCzgJDRkfLQZyZysbHmw5OSEDOm4mOiIkC3l/GAY6HxoZcwQ
54.230.111.51200 OK 1.2 kB URL HTTP/2 yresumeform.autos/bUpTSk4MKDAncQx3MWw7HyZub3wrb2EMKl57IyJ2CywnKHofeStkLQElJi4oHyU9PmADLydvfCs9BQI+LisGen0rGSQaLQQLBwAiP3sxDwBfHxsmNygOFg0HFBgbBiZdCRwjBBUdFy0XKDIwcwE6eicQDF15Hg8qFB4qD38rCQUfLxcPBgMYP3IwIj0ACWAIKTUOChAHB3MbBx8eegMYJR8JKXIpLHgCKQIqIQsGHCAhHAgXBx4bch05eCsQLyoQGCsmK3IJHHcVAWEiIz4jZwsHFA8QEH8Zcx8PBF0EPT4pNXkWOC8qEBgHDFQlCTA6WhJhBCU4eH4uLAseHiwHPAM6KRsKDwR5fwEZPQAXCx0FLC0rISEaHwokFzMHHhJgCzgJDRkfLQZyZysbHmw5OSEDOm4mOiIkC3l/GAY6HxoZcwQ
IP 54.230.111.51:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3025), with no line terminators
Hash e076c6ffaa268d347c4b1d750ec3b8d8
4fa33b76ef4e04e355476dd128413c3fd5813a08
ee199dba62fd84316d6762dab8302c99d593550ad56d0aa5f431d969f7725efd
GET /bUpTSk4MKDAncQx3MWw7HyZub3wrb2EMKl57IyJ2CywnKHofeStkLQElJi4oHyU9PmADLydvfCs9BQI+LisGen0rGSQaLQQLBwAiP3sxDwBfHxsmNygOFg0HFBgbBiZdCRwjBBUdFy0XKDIwcwE6eicQDF15Hg8qFB4qD38rCQUfLxcPBgMYP3IwIj0ACWAIKTUOChAHB3MbBx8eegMYJR8JKXIpLHgCKQIqIQsGHCAhHAgXBx4bch05eCsQLyoQGCsmK3IJHHcVAWEiIz4jZwsHFA8QEH8Zcx8PBF0EPT4pNXkWOC8qEBgHDFQlCTA6WhJhBCU4eH4uLAseHiwHPAM6KRsKDwR5fwEZPQAXCx0FLC0rISEaHwokFzMHHhJgCzgJDRkfLQZyZysbHmw5OSEDOm4mOiIkC3l/GAY6HxoZcwQ HTTP/1.1
Host: yresumeform.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1180
date: Mon, 12 Sep 2022 20:52:36 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: flP1QGLxqC4YHqGCkf42MtAbymZqSYx2kDWLBuxZkF4KJj-yM7OqVw==
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8e0bb95355c8f558c20ddd03e7baaa55
3c86bd3c526862edbc54a7f3fa81b93c608a3080
d9e292e7d1252f53a7551cc2abed2f17ec391d5f583bfb89924daca4b0116d77
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D9E292E7D1252F53A7551CC2ABED2F17EC391D5F583BFB89924DACA4B0116D77"
Last-Modified: Sun, 11 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7438
Expires: Mon, 12 Sep 2022 22:56:34 GMT
Date: Mon, 12 Sep 2022 20:52:36 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dc1a212f9b6fef727984d1c2d069d864
9bda38c848ece2871025878ec551bd9166f48bfc
565e82ed2ff159de980617ddf843ea226adea075940da3e4c84e59e3f2d301a4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "565E82ED2FF159DE980617DDF843EA226ADEA075940DA3E4C84E59E3F2D301A4"
Last-Modified: Sun, 11 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7155
Expires: Mon, 12 Sep 2022 22:51:51 GMT
Date: Mon, 12 Sep 2022 20:52:36 GMT
Connection: keep-alive
lcreatessque.xyz/MTAwN1keD1NEZH51X08XX1dxUghkeGF2bAlyV2UUdQMIdRtkQxZDMFUNCAVrBAIEESlYVA0Gf0JEUUMsQg0DETBfVl8KOl1ZU1x/Rw0BGWoFHgIPdwAWRQpoF0RAVj4MARZHLUVcDQZvBwMABmwIBAQFaQc
104.21.81.70204 No Content 0 B URL HTTP/2 lcreatessque.xyz/MTAwN1keD1NEZH51X08XX1dxUghkeGF2bAlyV2UUdQMIdRtkQxZDMFUNCAVrBAIEESlYVA0Gf0JEUUMsQg0DETBfVl8KOl1ZU1x/Rw0BGWoFHgIPdwAWRQpoF0RAVj4MARZHLUVcDQZvBwMABmwIBAQFaQc
IP 104.21.81.70:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /MTAwN1keD1NEZH51X08XX1dxUghkeGF2bAlyV2UUdQMIdRtkQxZDMFUNCAVrBAIEESlYVA0Gf0JEUUMsQg0DETBfVl8KOl1ZU1x/Rw0BGWoFHgIPdwAWRQpoF0RAVj4MARZHLUVcDQZvBwMABmwIBAQFaQc HTTP/1.1
Host: lcreatessque.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 20:52:36 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XEoXG4fCnJth4MP9yY9GB41Ohy9kyQzelwQqr96WRz8LdlOs9N4r2%2FANFYXxeO01PBXuxE2AXADgVMA22DAdGEcxa9NVHvUsLyZT9BV7dMRpXbmI4Alt54eEw6XSj2%2FkjziB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749b87207ec0b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cb674936db4af4be99c3c397eff8c6ae
de79d76bac3fae5799b0ff35ecc19360595dfb06
992b884b64f9f6fdb76a6ba91c48fed329325b95b99d8003b282879a52093c08
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6446
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:52:36 GMT
Last-Modified: Mon, 12 Sep 2022 19:05:10 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
d31ph8fftb4r3x.cloudfront.net/rTEVUcFMvKjoWbDgsME1rfndhQmdqLycfPTx4BAMkLT0nMRJ7dWcedTg/ME1jaik1HjRxYzEeMHF0chE3LnhgVic8Kj9NIC48PRM6LjcgCXU5JGkdPDYsOBwyaXcSRX18YGZAezR0ZVVgDmBmQD8lKyEIdn51LEhlE3NgVWAOYGZAITpgZzFqemtkWXZ+dT-MVMCcqcUIVfnVlQGN9dWVVYXwjPQI2KiosVWEKfGJeY2owaUE
54.230.245.208200 OK 535 B URL HTTP/2 d31ph8fftb4r3x.cloudfront.net/rTEVUcFMvKjoWbDgsME1rfndhQmdqLycfPTx4BAMkLT0nMRJ7dWcedTg/ME1jaik1HjRxYzEeMHF0chE3LnhgVic8Kj9NIC48PRM6LjcgCXU5JGkdPDYsOBwyaXcSRX18YGZAezR0ZVVgDmBmQD8lKyEIdn51LEhlE3NgVWAOYGZAITpgZzFqemtkWXZ+dT-MVMCcqcUIVfnVlQGN9dWVVYXwjPQI2KiosVWEKfGJeY2owaUE
IP 54.230.245.208:0
File type ASCII text, with very long lines (708), with no line terminators
Hash 352150718f5dd6d1347e9305aaa7e60c
e3a7809cb8c7784147b05ce72f33c01bd2cb02c9
53ce1d2e41c13ee80065ee2a24dce91ae354e4e655d4050e63d5adfc01c180d8
GET /rTEVUcFMvKjoWbDgsME1rfndhQmdqLycfPTx4BAMkLT0nMRJ7dWcedTg/ME1jaik1HjRxYzEeMHF0chE3LnhgVic8Kj9NIC48PRM6LjcgCXU5JGkdPDYsOBwyaXcSRX18YGZAezR0ZVVgDmBmQD8lKyEIdn51LEhlE3NgVWAOYGZAITpgZzFqemtkWXZ+dT-MVMCcqcUIVfnVlQGN9dWVVYXwjPQI2KiosVWEKfGJeY2owaUE HTTP/1.1
Host: d31ph8fftb4r3x.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yresumeform.autos/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 535
date: Mon, 12 Sep 2022 20:52:36 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kT6rbRTXADrB_d6XOc2anLzXPIp3-YOnU_x6LVraxcxG0zFYXh8qMQ==
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Mon, 12 Sep 2022 20:41:12 GMT
expires: Mon, 12 Sep 2022 22:41:12 GMT
cache-control: public, max-age=7200
age: 684
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d0b93bf10aa6a1c704f00fe526ad647b
0a19767b3b99aa79469aadc9b88ec5d3df93d442
852466649bb58710c5a9a42d6fcc2ada0d5062ba42351cc503ed2fdd46588e33
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 763
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:52:36 GMT
Last-Modified: Mon, 12 Sep 2022 20:39:53 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
d31ph8fftb4r3x.cloudfront.net/KQXZDeWkiGS0fVjUfJ0RRdUVxT1hnHDAWBzFLFUstGEMbKSEFGioxHTM6OV8dOxJ+SU8tFy0eVGcTLRpUcFAiHQt8QmUMCHwbLAMALRoiXFsHQ21JTHNGawFYcFNwO0xzRi8QBzQOZktZOU51Jl91U3A7THNGMQ9Mcjd6T0dxX2ZLWSYTIBIGZEQFS1lwRn-NIWXBTcUkPKAQmHwY5U3E/UHdYc18cfEc
54.230.245.208200 OK 192 B URL HTTP/2 d31ph8fftb4r3x.cloudfront.net/KQXZDeWkiGS0fVjUfJ0RRdUVxT1hnHDAWBzFLFUstGEMbKSEFGioxHTM6OV8dOxJ+SU8tFy0eVGcTLRpUcFAiHQt8QmUMCHwbLAMALRoiXFsHQ21JTHNGawFYcFNwO0xzRi8QBzQOZktZOU51Jl91U3A7THNGMQ9Mcjd6T0dxX2ZLWSYTIBIGZEQFS1lwRn-NIWXBTcUkPKAQmHwY5U3E/UHdYc18cfEc
IP 54.230.245.208:0
File type ASCII text, with no line terminators
Hash c8b61f42ee4abbb116c2f6df1328270e
56022711fd079589993e72632f42a2f738285ed3
226a54a4c18f84b73174b26ad9a147713db7a660635b94586ac0ee6db587aa96
GET /KQXZDeWkiGS0fVjUfJ0RRdUVxT1hnHDAWBzFLFUstGEMbKSEFGioxHTM6OV8dOxJ+SU8tFy0eVGcTLRpUcFAiHQt8QmUMCHwbLAMALRoiXFsHQ21JTHNGawFYcFNwO0xzRi8QBzQOZktZOU51Jl91U3A7THNGMQ9Mcjd6T0dxX2ZLWSYTIBIGZEQFS1lwRn-NIWXBTcUkPKAQmHwY5U3E/UHdYc18cfEc HTTP/1.1
Host: d31ph8fftb4r3x.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yresumeform.autos/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 192
date: Mon, 12 Sep 2022 20:52:36 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fVb-D5V_n8LUv1p_Lt_Bp5qCgXGMt5jl2bRW4aJCsKjWAgqdZE4KPg==
X-Firefox-Spdy: h2
d31ph8fftb4r3x.cloudfront.net/wVHpCaU03FSwPciATJlR1bEN2UHlyEDEGIyRHLh0COiJxWDgYExc9OW0tZB03MEdyTyE1FCVUazEUIVR8chsmC3BgXDYZIj9HMQs0PRkrCz8gA2QcLGkXLRMkOBYjTH8ST2xZaGZKahF8ZV9xK2hmSi4AIyECZ1t9LEJ0NntgX3EraGZKMB9oZzt7X2NkU2-dbfTMfIQIicUgEW31lSnJYfWVfcFkrPQgnDyIsX3AvdGJUck84aUs
54.230.245.208200 OK 612 B URL HTTP/2 d31ph8fftb4r3x.cloudfront.net/wVHpCaU03FSwPciATJlR1bEN2UHlyEDEGIyRHLh0COiJxWDgYExc9OW0tZB03MEdyTyE1FCVUazEUIVR8chsmC3BgXDYZIj9HMQs0PRkrCz8gA2QcLGkXLRMkOBYjTH8ST2xZaGZKahF8ZV9xK2hmSi4AIyECZ1t9LEJ0NntgX3EraGZKMB9oZzt7X2NkU2-dbfTMfIQIicUgEW31lSnJYfWVfcFkrPQgnDyIsX3AvdGJUck84aUs
IP 54.230.245.208:0
File type ASCII text, with very long lines (887), with no line terminators
Hash 5a6fdd81623f335c7618da96e8254bfd
b537b6a7a6f8d12ea985d0d8ecdfe0dbd423746e
79826f66e88348939584fd00d9ba9baccf41208d8583577010dbbe039dacb630
GET /wVHpCaU03FSwPciATJlR1bEN2UHlyEDEGIyRHLh0COiJxWDgYExc9OW0tZB03MEdyTyE1FCVUazEUIVR8chsmC3BgXDYZIj9HMQs0PRkrCz8gA2QcLGkXLRMkOBYjTH8ST2xZaGZKahF8ZV9xK2hmSi4AIyECZ1t9LEJ0NntgX3EraGZKMB9oZzt7X2NkU2-dbfTMfIQIicUgEW31lSnJYfWVfcFkrPQgnDyIsX3AvdGJUck84aUs HTTP/1.1
Host: d31ph8fftb4r3x.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yresumeform.autos/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 612
date: Mon, 12 Sep 2022 20:52:36 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JW-MICt0hXEhvZwMe-wvCifR1fSVzpKmzNyPHPfzM6k5SFt7pgGlcw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 19aaca11640614c5499efe5367106df4
282dbd79b2cdaba48a28e3137c226fc39c42d40a
ac577c2812c7d6eee40e4e5fe82cc12913ea1178121c0321790aa59b2264125c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 19aaca11640614c5499efe5367106df4
282dbd79b2cdaba48a28e3137c226fc39c42d40a
ac577c2812c7d6eee40e4e5fe82cc12913ea1178121c0321790aa59b2264125c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 399 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash 42cf649fd52510ac98681d425f2e401b
7e962452c9c9d8586544558d1e6f5fda9b4db8f6
b492a3f5d2f11cd610c837945ce101ac8d781918094888225ade9ea7511ec486
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 12 Sep 2022 20:52:36 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1408959457%3A1663015956941851&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqmxYxC5kLgC_1K4DuPOcQofe3FKYOKWDsWd6-DKh7VPAdw8ZkECc2IyGTx-bMruZpa0HlxMQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-i_bmxmu4Ycu-pJBrJKa_RQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 399
server: GSE
set-cookie: __Host-GAPS=1:0032WvPGUeoCtUUCtBue6U2sn58L6Q:UVFtTVzT8ec6YKjE;Path=/;Expires=Wed, 11-Sep-2024 20:52:36 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 35098b086edb5a4f04ae0929922125b9
5d1bc8f1dc407606a225ff4897d591dbda68ca1d
b164bbf0b20628dd676aa2261acd491bb20146fc39a943ef48ce2d5420791fb5
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 12 Sep 2022 20:52:36 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1846124758%3A1663015956956000&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoO2S4UrRQ4jsxrT8h2P0mnh5YDS3ZecG19nP7S9r3KjeF5u_J3U0scZfoGzb-H3d5uFsKYvA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-3AgQoAi0ZM809JV1nReRuQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:js-Lz4Nz0JBTglxKPOxqObVrMHLYZA:jfLMtZQlYn_daXQ6;Path=/;Expires=Wed, 11-Sep-2024 20:52:36 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ad439cab56126bcc402ee9f92365a209
a4b48a9a733c53cbc7020e190b8c787e1f80f55a
d0e2e52b66a8dec8c57092ec332f452a7348941d778d7b4686ca32696aabd065
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.41.252.32101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.252.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bbk8ljR9iETJY323Kci5Gw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: MU5SIr4NfUKfjeqea9uvdAY4JZE=
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d0b93bf10aa6a1c704f00fe526ad647b
0a19767b3b99aa79469aadc9b88ec5d3df93d442
852466649bb58710c5a9a42d6fcc2ada0d5062ba42351cc503ed2fdd46588e33
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 764
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:52:37 GMT
Last-Modified: Mon, 12 Sep 2022 20:39:53 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5b36f6508bf779a395d4b559b41d267d
a653f55ef7e337bd259cd76d14fe2adc91c11603
91e3696c53649e8d76b738dca29ed03b8b935f9fc230c735d2fd729428742605
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 20:52:37 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=249762,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749b87242a3cb518-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 431bccffdaad5a26e75e6dd4f8b1abaa
e4b0ac57e7c2d6d00e508cd99231b0f8d58942af
d2b9c8db43c744d36bc73630962238d7fb9017730f8ef8df9b6af1913b08cf35
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 20:52:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 12:52:23 GMT
Expires: Thu, 15 Sep 2022 12:52:22 GMT
Etag: "e4b0ac57e7c2d6d00e508cd99231b0f8d58942af"
Cache-Control: max-age=229784,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749b87242b43b523-OSL
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 51ddd8ed3792e835619bdbd746aadc3f
4ca865faaa98191c4d797e14b29d689deaca0801
c49e8225842e2418d8f5ce92a8b752466db8f00aa92408119a71ab46af8eadba
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exe.app
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 20:52:37 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://exe.app
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=865a3c213ac64b369743aa9a62a1cf46; expires=Tue, 12 Sep 2023 20:52:37 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exe.app/
Content-Type: text/plain;charset=UTF-8
Origin: https://exe.app
Content-Length: 1510
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 12 Sep 2022 20:52:50 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://exe.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
in-page-push.com/500/3230648?excludes=&oaid=865a3c213ac64b369743aa9a62a1cf46&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FgvBDalS&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.15200 OK 0 B URL HTTP/2 in-page-push.com/500/3230648?excludes=&oaid=865a3c213ac64b369743aa9a62a1cf46&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FgvBDalS&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/3230648?excludes=&oaid=865a3c213ac64b369743aa9a62a1cf46&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FgvBDalS&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: in-page-push.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://exe.app/
Origin: https://exe.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 20:52:37 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://exe.app
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
in-page-push.com/500/3230648?excludes=&oaid=865a3c213ac64b369743aa9a62a1cf46&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FgvBDalS&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.15200 OK 94 kB URL HTTP/2 in-page-push.com/500/3230648?excludes=&oaid=865a3c213ac64b369743aa9a62a1cf46&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FgvBDalS&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.15:0
Hash 439177214d7f103a6056627d621c9591
7a86245760e587b34b7edeabc216c260b27bb80c
5a659f1b920c4dbd44e903b725492f0500c2126514d9777b9c81a5ec8cbaba2a
Analyzer Verdict Alert quad9 Sinkholed
GET /500/3230648?excludes=&oaid=865a3c213ac64b369743aa9a62a1cf46&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FgvBDalS&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: in-page-push.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://exe.app
Connection: keep-alive
Referer: https://exe.app/
Cookie: OAID=1fcb5f53c60e44ca868c74784d970fe1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 20:52:37 GMT
content-type: application/javascript
x-trace-id: 012792ac284f89de5a4b8cca623f2e15
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://exe.app
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=865a3c213ac64b369743aa9a62a1cf46; expires=Tue, 12 Sep 2023 20:52:37 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
in-page-push.com/impression/dfkQTOdsFNDmpDhHNJFUm2C-01ofw6gbBlJNNCwCQRNysmKMfBxplNnuiBGIrkK1iAlvtxZLTWehVMCIERl7md7L83Z-DKtG8LvCrsqvC1bdBIcd69DjDzIVAg23ZQwOgzJ1kuPxY98rD9JALTxplac6QQtg3NC-dMPWu1cs41ZISnS_yAQ5vwkIfS4T5d5LX-ZWxsgYSl4hWSEtnc5xBVLFKopKzoM2WG3SeZ93w9zXMrpgUMuaHh_yLZA580WCmdcGdOBve17__hAbMkBX8-3pvcIX6jV0bNUgfecPPKGcMx6pUFFc7mcwVcrz8ZjYZMM2TXuyPqKiy9bZQsXUdxZQUTlp-q4mYiqrjMgBL_h2Y7XkcUZ-2nJKAc9vbG-uhrySSyYrDhLKASCWHcRcx7KO06SsacpT5MKrcC1NQVgCRrGHerU8dH8DSqeictoL0l-aCFVS2FjL1WIVDquhSOqgEtTuQZZ_i-VpgfKTBEKc5rg--KcqMM7wdk1oN9uBUad5GOq-rSmEuiKZfVCtC7a7rZ_oGSyv?_z=3230648&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FgvBDalS&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.15200 OK 43 B URL HTTP/2 in-page-push.com/impression/dfkQTOdsFNDmpDhHNJFUm2C-01ofw6gbBlJNNCwCQRNysmKMfBxplNnuiBGIrkK1iAlvtxZLTWehVMCIERl7md7L83Z-DKtG8LvCrsqvC1bdBIcd69DjDzIVAg23ZQwOgzJ1kuPxY98rD9JALTxplac6QQtg3NC-dMPWu1cs41ZISnS_yAQ5vwkIfS4T5d5LX-ZWxsgYSl4hWSEtnc5xBVLFKopKzoM2WG3SeZ93w9zXMrpgUMuaHh_yLZA580WCmdcGdOBve17__hAbMkBX8-3pvcIX6jV0bNUgfecPPKGcMx6pUFFc7mcwVcrz8ZjYZMM2TXuyPqKiy9bZQsXUdxZQUTlp-q4mYiqrjMgBL_h2Y7XkcUZ-2nJKAc9vbG-uhrySSyYrDhLKASCWHcRcx7KO06SsacpT5MKrcC1NQVgCRrGHerU8dH8DSqeictoL0l-aCFVS2FjL1WIVDquhSOqgEtTuQZZ_i-VpgfKTBEKc5rg--KcqMM7wdk1oN9uBUad5GOq-rSmEuiKZfVCtC7a7rZ_oGSyv?_z=3230648&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FgvBDalS&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.15:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/dfkQTOdsFNDmpDhHNJFUm2C-01ofw6gbBlJNNCwCQRNysmKMfBxplNnuiBGIrkK1iAlvtxZLTWehVMCIERl7md7L83Z-DKtG8LvCrsqvC1bdBIcd69DjDzIVAg23ZQwOgzJ1kuPxY98rD9JALTxplac6QQtg3NC-dMPWu1cs41ZISnS_yAQ5vwkIfS4T5d5LX-ZWxsgYSl4hWSEtnc5xBVLFKopKzoM2WG3SeZ93w9zXMrpgUMuaHh_yLZA580WCmdcGdOBve17__hAbMkBX8-3pvcIX6jV0bNUgfecPPKGcMx6pUFFc7mcwVcrz8ZjYZMM2TXuyPqKiy9bZQsXUdxZQUTlp-q4mYiqrjMgBL_h2Y7XkcUZ-2nJKAc9vbG-uhrySSyYrDhLKASCWHcRcx7KO06SsacpT5MKrcC1NQVgCRrGHerU8dH8DSqeictoL0l-aCFVS2FjL1WIVDquhSOqgEtTuQZZ_i-VpgfKTBEKc5rg--KcqMM7wdk1oN9uBUad5GOq-rSmEuiKZfVCtC7a7rZ_oGSyv?_z=3230648&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FgvBDalS&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: in-page-push.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Cookie: OAID=865a3c213ac64b369743aa9a62a1cf46
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 20:52:37 GMT
content-type: image/gif
content-length: 43
x-trace-id: adab2a5a75660fc301c38ac835102032
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15958
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:52:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15958
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:52:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15958
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:52:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15958
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:52:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7ccc33ae0c85a906f2c17db281ec790
1904722d70348235d5472c54f888d2b4b991e2aa
f48edc03624f582b05b596694b76bd784f85eb9f2ca5dd025bbea9cc2ff1f096
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6999
x-amzn-requestid: 61e3e817-fb62-47c7-b938-2dfc6a134622
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YO1mlG3XIAMFo5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c3629-37c2c8982c4ccf891875c59a;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 07:00:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: S2TR552YpZeEbhTSAn4vdXexYpvR4Lrr-LaJmfNd7LnO0L4QM8w-Dg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 07:13:41 GMT
age: 49137
etag: "1904722d70348235d5472c54f888d2b4b991e2aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6174529fff57758e958da5432344962f
05ec2076b32398d60ee77fab8c14345bc7dfe647
65284a76355864efa944dff5033575013c6d74a019a7b731e0236603f2f656a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9466
x-amzn-requestid: ba3f7eac-61c9-4b5f-ae8a-b372906a25ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOTeoHMKoAMFr5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bff90-1e70e2c444242a2d46387986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:08:00 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: -SwaUjMInlOaGpH6yK1W1a57QCQMgY-l43RdUfKVtZA1zJzMrLzC6g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 f7283f3fe2c258cf54f8b7d3dd272e0e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 04:04:42 GMT
age: 60476
etag: "05ec2076b32398d60ee77fab8c14345bc7dfe647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 22:16:58 GMT
age: 81340
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c14088c4ca0d576e087feed41b7f1565
172b23f2ef39b6c3fdebb5441b10a95712206d0a
2699efa811ceac5420f5bd26c35a6f48b51854e29cbce7cbb62efb613db7d6b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8799
x-amzn-requestid: 1bcdf387-9ad2-449a-861e-3352b1744d23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUI-0G6vIAMFgbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e552b-42aa46af6315148106c4fdee;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:37:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: g2mxKK8L5T4YkeD8JqNUuV_KfsIq8ypRMvxhsyzSZSEIP4gDl4zLVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:41:51 GMT
age: 83447
etag: "172b23f2ef39b6c3fdebb5441b10a95712206d0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 239262b6ab17cb19414c35cd4f761092
48eddcf9838e980e67cc8f9cbb05b475df2f0331
cd27cbce632d769288d9c33c5c8e887ba02df5677f10f7a6d03139b590ba24b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9815
x-amzn-requestid: 89243e57-94eb-4c6b-903f-aa01df030ecc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIxnEAjoAMF_Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d6-199403e2695b214711f5117f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PWOeca9JRnIgEymeLVyqTBucBJ0j6OS9Rmqwd4CcAKixqo0zvb452w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:48:14 GMT
age: 83064
etag: "48eddcf9838e980e67cc8f9cbb05b475df2f0331"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b674daf3dc6e85ed054ab34d69979b86
47aaf5a3af2c25820d01d613c82b7f1279a298fc
7b9993ef69d4b77c1533ada040c85563b9cf7b1f5d007177c005f6cd7fdba1d3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4162
x-amzn-requestid: 9dc27e34-69e1-439d-8974-1297584ef4d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YSIhuHlWIAMFhOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d87a4-410e9ede524aa657609a057a;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 07:00:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UxATqmWDCTwVqA3ORIXXObWZZj158TSRUoaAr48b08sxdAxBicw5zA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 07:27:45 GMT
age: 48293
etag: "47aaf5a3af2c25820d01d613c82b7f1279a298fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
104.21.86.231200 OK 0 B IP 104.21.86.231:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exe.app/
Origin: https://exe.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:52:36 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exe.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2672
last-modified: Mon, 12 Sep 2022 20:08:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N9E6LQ6WZ1jq05fR1s5EJIftN4CgVfMkX7D%2BnxoHAQOHr7yIj2%2BRBwRf9GzeVFXYVy5vftzMuoVuQWpSoOMW63GSFg0dll0VC4RqEbU4FLo0FWws3%2BUbFV%2FMuEOfgt94"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 749b871facc61c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
104.21.86.231200 OK 0 B IP 104.21.86.231:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exe.app/
Origin: https://exe.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:52:36 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exe.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2672
last-modified: Mon, 12 Sep 2022 20:08:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mirDGrLgb8dnyHUEozgH%2FeMzt%2BTE1k%2BPtAgfsniFDC7BOP2OLdu2ddQtPYGOM8eMY38qKrc1yyQBjeuVkFkKDygxjTabA%2FXNCrwC1cLuwPzOYQfs7xCKb5ovqB4uqTHs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 749b871fdd061c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.205.240200 OK 0 B IP 172.67.205.240:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:52:36 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 218
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RaFxUsGhvp2dJGniXKAS2tsvGYBbAfyNICErAX3bCgIpURAEe%2FxeoNA6UQCy4AEWDcH%2BIU%2BRug9OdFM4vDp6wzw09UfGM3WRY28hO2k7N7pDPRIqYbqfDdBWqxGXRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 749b8722eb730b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exe.app/gvBDalS
172.67.136.149200 OK 0 B IP 172.67.136.149:0
GET /gvBDalS HTTP/1.1
Host: exe.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:52:35 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=4e3a14a49193caad435ada208d862bd4; path=/; HttpOnly
csrfToken=9ed58da10504a420f2e04017b110224b0a03da83d316518fcbdfe6e97f561f868314b47a81539f305266af8daa65fb72d1301e6bec2c1939f2c1161b19ac5fb7; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ok2dLo8Pq7fHxJ2wUGufLsPpntzM4Jig220LgEFlOKpX7uxKqWhR%2BeYKSKJmkRTyNV8HdlDgz0wYXWnUf8bQkULO7GngeU9nu9pUndySdrb62EdbgY8TE1cy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749b871bfac6b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
104.21.86.231200 OK 0 B IP 104.21.86.231:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exe.app/
Origin: https://exe.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:52:36 GMT
content-type: text/plain
set-cookie: csu=2175223536294137@1@1663015956; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exe.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gb3lUodnW7%2FqPzJbQPvM2HfZTigSdnNwGfb88rZtKSxi7rN4HDKzxZxskXQ%2F8YKGqhs%2FXvbnTgL7kQmK2r1FsTNcZhBzxH%2FRhjN%2FUDdfAMkVp5IMnNS8x2P9sI0xilI%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749b871ffd2a1c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
in-page-push.com/400/3230648
139.45.197.15200 OK 0 B URL HTTP/2 in-page-push.com/400/3230648
IP 139.45.197.15:0
Analyzer Verdict Alert quad9 Sinkholed
GET /400/3230648 HTTP/1.1
Host: in-page-push.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 20:52:36 GMT
content-type: application/javascript
x-trace-id: 413467d0bb16f81be36e6a8e26ef664a
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=1fcb5f53c60e44ca868c74784d970fe1; expires=Tue, 12 Sep 2023 20:52:36 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1408959457%3A1663015956941851&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqmxYxC5kLgC_1K4DuPOcQofe3FKYOKWDsWd6-DKh7VPAdw8ZkECc2IyGTx-bMruZpa0HlxMQ
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1408959457%3A1663015956941851&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqmxYxC5kLgC_1K4DuPOcQofe3FKYOKWDsWd6-DKh7VPAdw8ZkECc2IyGTx-bMruZpa0HlxMQ
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S-1408959457%3A1663015956941851&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqmxYxC5kLgC_1K4DuPOcQofe3FKYOKWDsWd6-DKh7VPAdw8ZkECc2IyGTx-bMruZpa0HlxMQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exe.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 12 Sep 2022 20:52:36 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-sNM2MWgeSc8Vocu45MDc8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=b_72_B0ko1mZhoIVgwWQmJRVE5ItEEyrg4sW2LwVluh7xU7em4lbbY2A50Z6Y65iaGekC6Y32dPdstBh5wDuDuTy5UaSK6jEIxCDpbGvYiAz0DO8wnbznIi3G-Q22RO0wt1yzr0Ncn4Xk5Zb0u3WpZTiJdogR-mMl6AhadySJOo; expires=Tue, 14-Mar-2023 20:52:36 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.200.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: Qpf+FepJ/nK7Q7q3rRzWVWomDPxuVW9kU8tV/ELLvaC7YrwGn95Mmq2FKbwZKw5mmsV9wxOTvO58sRwcUbkBLQ==
date: Mon, 12 Sep 2022 20:52:36 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2