catcut.net/s/kPVI
79.132.136.12302 Moved Temporarily 0 B IP 79.132.136.12:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /s/kPVI HTTP/1.1
Host: catcut.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.20.2
Date: Sat, 28 Jan 2023 20:45:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Location: http://exe.io/7WIPHq
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4845
Expires: Sat, 28 Jan 2023 22:05:56 GMT
Date: Sat, 28 Jan 2023 20:45:11 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11313
Expires: Sat, 28 Jan 2023 23:53:44 GMT
Date: Sat, 28 Jan 2023 20:45:11 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 20:35:31 GMT
content-type: application/json
age: 580
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
exe.io/7WIPHq
188.114.96.1301 Moved Permanently 0 B IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /7WIPHq HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 28 Jan 2023 20:45:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 28 Jan 2023 21:45:11 GMT
Location: https://exe.io/7WIPHq
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IYggzR1EPAh23tT%2Bi3%2Bu28DPVLnzEX35syamk%2Fdald50TiQrQe%2FI8%2BH86StNf3fVYtanfCYDJtz3M6JFA0KZEVQ0KAvyGiQZ3%2FJRGqTi1G2pVH%2Bo3ZDA09Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790c92018cddb500-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13809
Expires: Sun, 29 Jan 2023 00:35:20 GMT
Date: Sat, 28 Jan 2023 20:45:11 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: RChlqzyUFHDYdWggqLQhVRMun5LJux9PIOvGk+a7hxje5ypdRwTTYkaY3gDYVOWolrzVVBod45I=
x-amz-request-id: VPV01BA8DEM7NJ2K
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 20:21:06 GMT
age: 1445
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 20:45:11 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5358f3f1b4b1ac3ec7a718d9778c8cde
825cf6fe192b93a6a4a7e9f31e1f72bdeedbfb0e
7a86f660f3713e292c9b81204d656351cbe415267b96e4161840b90f8dcdbe2d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 173
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:11 GMT
Etag: "63d4b482-117"
Last-Modified: Sat, 28 Jan 2023 20:42:18 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 19:49:03 GMT
age: 3368
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11370
Expires: Sat, 28 Jan 2023 23:54:42 GMT
Date: Sat, 28 Jan 2023 20:45:12 GMT
Connection: keep-alive
exe.io/img/logo_sm.png
188.114.97.1200 OK 11 kB IP 188.114.97.1:0
File type PNG image data, 262 x 110, 8-bit/color RGBA, non-interlaced\012- data
Hash babf1df3467cca81bd9fdd5540a70b3d
ab768d826851da1b84b22e14f4facfda137500f4
c63f2781570d012d67b1e5ed27544bf90097a71ca5ddbbcd86a98a0f52871534
GET /img/logo_sm.png HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:45:12 GMT
content-type: image/png
content-length: 10989
x-frame-options: SAMEORIGIN
last-modified: Sun, 28 Mar 2021 18:01:57 GMT
cache-control: max-age=31536000
expires: Thu, 25 Jan 2024 22:31:11 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 252841
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=simRAFglnm1CvzaFz%2B1vVgxBdhi08bkRH26b%2BzFQNycNmO8VcBR0PVWWfc0C58yHIPgz4%2BpyiUpJbwBv2ZwGeTZfDZSzA5pN75j8XfM84rkaaOS2oMWY0V4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790c92064c4eb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8c630e9bbc930d1c367efa81b67be3f7
ec536695531d40a813d99a06271c7c2d698d51d3
39ca0a60c3e2e85712757ead0830d0da82beac1e4f44b6e90243e5ca9326bf4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash bab8a4c1e6bb2e6c9cc00222eef1235d
1a5dd108e9f9aaf33bc048b0097a9f510d295cad
fd182297a143655a9142e3ee5bbafefd76ca974094f43fb695611f6876f3ab63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
142.250.74.72200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (1759)
Hash 10b5d6c18c9d127a642357bcbf456930
461a72ef8591cff78857f224ac40a3dd3dfeffea
42f8e5c7adbb5e58c1d87ecc5b6fcf4770fef85c168f42119cb711c6c47d8763
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Jan 2023 20:45:12 GMT
expires: Sat, 28 Jan 2023 20:45:12 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Jan 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44021
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash bab8a4c1e6bb2e6c9cc00222eef1235d
1a5dd108e9f9aaf33bc048b0097a9f510d295cad
fd182297a143655a9142e3ee5bbafefd76ca974094f43fb695611f6876f3ab63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 4d62c00dff264740d09dd987c35ea370
c38fd85d6b4594359bb3c5c4ea9a347005103c0e
670d8603cde086549e88158c9e4e672ecfe11d847fcccc97e1ddad13e8145500
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1767
Cache-Control: max-age=164003
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Etag: "63d56014-117"
Expires: Mon, 30 Jan 2023 18:18:35 GMT
Last-Modified: Sat, 28 Jan 2023 17:49:08 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f43bf5882edcb4f521f2a9ad080a95a6
de744dd4414df08537c8d262073e7cb0ebfe573c
cc338e9453d9289ab1b642c9b2e4ec52a203c03e20defd7132ecbcf151969736
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5437
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Etag: "63d40d46-118"
Last-Modified: Sat, 28 Jan 2023 19:14:35 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 77cc3af5cda362a69e4f25b9eaaffdfa
0a8f394abb5f11d8a8c358a458f3860dcdda045e
ff180e36fe7dbff7e39f077d1f93bfefe7d47d987c12799be8dee8eefb8089dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF180E36FE7DBFF7E39F077D1F93BFEFE7D47D987C12799BE8DEE8EEFB8089DC"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4542
Expires: Sat, 28 Jan 2023 22:00:54 GMT
Date: Sat, 28 Jan 2023 20:45:12 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f43bf5882edcb4f521f2a9ad080a95a6
de744dd4414df08537c8d262073e7cb0ebfe573c
cc338e9453d9289ab1b642c9b2e4ec52a203c03e20defd7132ecbcf151969736
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5437
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Etag: "63d40d46-118"
Last-Modified: Sat, 28 Jan 2023 19:14:35 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
qj.wimplesbooklet.com/1clkn/29529
172.255.6.251200 OK 26 B URL HTTP/1.1 qj.wimplesbooklet.com/1clkn/29529
IP 172.255.6.251:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: qj.wimplesbooklet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 20:45:12 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sun, 29-Jan-2023 20:45:12 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Sun, 29-Jan-2023 20:45:12 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8a44ff793854788a6c5c1ff2a0a29c7f
dac6a57158fd5322f83cba141efd34944ea0b5cb
7c5d77e67026793c297224f78928f8906fe6812def5058743f498960bf7f472a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7C5D77E67026793C297224F78928F8906FE6812DEF5058743F498960BF7F472A"
Last-Modified: Sat, 28 Jan 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20600
Expires: Sun, 29 Jan 2023 02:28:32 GMT
Date: Sat, 28 Jan 2023 20:45:12 GMT
Connection: keep-alive
hethisisath.xyz/ekVxOVQbJxJUaxt4Ex8hCClMHGY8YEN/MEh1Gl8lHzUbDWdKPxsXNxYqBF0yCCofTXoUIAUcZjwDKAgGDAo1fBU1MjdcEBImSHojLw8kbg4bBhZvEiotCWEMAgsBcWUsAjtBN00dJlo7GS0FegIscBpqAigUNW0aKQ0daBo0dDhzEg0MBn0FLwMjahUcE0BJMTAHRFoMOAwGeAECBDBXHRsSIE4bNT0nawwrfUBqMwp2J1ckHA0gdwAcBxlrDA0mRn4RCRAkbgU4ETNrBiADRXAcSwsJYRwVECRuBSMQJwACIwAedTdKHxxhZDsNJwoSGSAZawYgB1wIGzwDMG8MHSI0bQMoAjloGi4IBkk2LSIJQQwicTVsZiwjMngWLh8kVh87FCQAHCx0KX0XAg4yVzApHzdWAzsQJFEBHS5XUycVKwEEJBcyNXoAHxM6
54.230.111.57200 OK 1.2 kB URL HTTP/2 hethisisath.xyz/ekVxOVQbJxJUaxt4Ex8hCClMHGY8YEN/MEh1Gl8lHzUbDWdKPxsXNxYqBF0yCCofTXoUIAUcZjwDKAgGDAo1fBU1MjdcEBImSHojLw8kbg4bBhZvEiotCWEMAgsBcWUsAjtBN00dJlo7GS0FegIscBpqAigUNW0aKQ0daBo0dDhzEg0MBn0FLwMjahUcE0BJMTAHRFoMOAwGeAECBDBXHRsSIE4bNT0nawwrfUBqMwp2J1ckHA0gdwAcBxlrDA0mRn4RCRAkbgU4ETNrBiADRXAcSwsJYRwVECRuBSMQJwACIwAedTdKHxxhZDsNJwoSGSAZawYgB1wIGzwDMG8MHSI0bQMoAjloGi4IBkk2LSIJQQwicTVsZiwjMngWLh8kVh87FCQAHCx0KX0XAg4yVzApHzdWAzsQJFEBHS5XUycVKwEEJBcyNXoAHxM6
IP 54.230.111.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 20144771ff1e5a8bb639446a6305bfc6
2553d5a46c748d0716d506fa1f3351d3cdb21837
6ceda3e9e8308dba2a3c9d5db6a4ad68af982ba2a255a749e7743ed313256631
GET /ekVxOVQbJxJUaxt4Ex8hCClMHGY8YEN/MEh1Gl8lHzUbDWdKPxsXNxYqBF0yCCofTXoUIAUcZjwDKAgGDAo1fBU1MjdcEBImSHojLw8kbg4bBhZvEiotCWEMAgsBcWUsAjtBN00dJlo7GS0FegIscBpqAigUNW0aKQ0daBo0dDhzEg0MBn0FLwMjahUcE0BJMTAHRFoMOAwGeAECBDBXHRsSIE4bNT0nawwrfUBqMwp2J1ckHA0gdwAcBxlrDA0mRn4RCRAkbgU4ETNrBiADRXAcSwsJYRwVECRuBSMQJwACIwAedTdKHxxhZDsNJwoSGSAZawYgB1wIGzwDMG8MHSI0bQMoAjloGi4IBkk2LSIJQQwicTVsZiwjMngWLh8kVh87FCQAHCx0KX0XAg4yVzApHzdWAzsQJFEBHS5XUycVKwEEJBcyNXoAHxM6 HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1186
date: Sat, 28 Jan 2023 20:45:12 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wdmRB4cjopceNFyQZTd8ro2qzHWJLSSQZpd9cnGdwfpXnHLftJEHEg==
X-Firefox-Spdy: h2
hethisisath.xyz/utx?cb=qtHrA4jpzp5v&top=exeo.app&tid=822524
54.230.111.57204 No Content 0 B URL HTTP/2 hethisisath.xyz/utx?cb=qtHrA4jpzp5v&top=exeo.app&tid=822524
IP 54.230.111.57:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=qtHrA4jpzp5v&top=exeo.app&tid=822524 HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 20:45:12 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 28 Jan 2023 20:46:12 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: x7y6GCGa7eu7htuG4bc3ZoHlqLu_vy1jj7VWdbbKgO4Oo4YDtqOglg==
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.186.209.73101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.209.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 63OsLfcw75D0zN65SDaS/w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: OJrHKjcMgiqWintgNieTHa+q8y4=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 4d62c00dff264740d09dd987c35ea370
c38fd85d6b4594359bb3c5c4ea9a347005103c0e
670d8603cde086549e88158c9e4e672ecfe11d847fcccc97e1ddad13e8145500
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1767
Cache-Control: max-age=164003
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Etag: "63d56014-117"
Expires: Mon, 30 Jan 2023 18:18:35 GMT
Last-Modified: Sat, 28 Jan 2023 17:49:08 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
hethisisath.xyz/utx?cb=hdkvvbQWr0nW&top=exeo.app&tid=889494
54.230.111.57204 No Content 0 B URL HTTP/2 hethisisath.xyz/utx?cb=hdkvvbQWr0nW&top=exeo.app&tid=889494
IP 54.230.111.57:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=hdkvvbQWr0nW&top=exeo.app&tid=889494 HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 20:45:12 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 28 Jan 2023 20:46:12 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2h0XZgs-71ENFcG9jZ35XFUqH3SRBimo0XnF1x6GUHkRvDWUQn8mrQ==
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8a44ff793854788a6c5c1ff2a0a29c7f
dac6a57158fd5322f83cba141efd34944ea0b5cb
7c5d77e67026793c297224f78928f8906fe6812def5058743f498960bf7f472a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7C5D77E67026793C297224F78928F8906FE6812DEF5058743F498960BF7F472A"
Last-Modified: Sat, 28 Jan 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20600
Expires: Sun, 29 Jan 2023 02:28:32 GMT
Date: Sat, 28 Jan 2023 20:45:12 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4adeea2262378239736beff115f7a5a4
3f5dec01a072e26e8f9f436a7d28860fab4e0feb
52959cfee451c390f39e92b6fd2cb07ae7550e5d1ed880ff4f131c2837c377bd
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "52959CFEE451C390F39E92B6FD2CB07AE7550E5D1ED880FF4F131C2837C377BD"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7760
Expires: Sat, 28 Jan 2023 22:54:32 GMT
Date: Sat, 28 Jan 2023 20:45:12 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4adeea2262378239736beff115f7a5a4
3f5dec01a072e26e8f9f436a7d28860fab4e0feb
52959cfee451c390f39e92b6fd2cb07ae7550e5d1ed880ff4f131c2837c377bd
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "52959CFEE451C390F39E92B6FD2CB07AE7550E5D1ED880FF4F131C2837C377BD"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7760
Expires: Sat, 28 Jan 2023 22:54:32 GMT
Date: Sat, 28 Jan 2023 20:45:12 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4adeea2262378239736beff115f7a5a4
3f5dec01a072e26e8f9f436a7d28860fab4e0feb
52959cfee451c390f39e92b6fd2cb07ae7550e5d1ed880ff4f131c2837c377bd
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "52959CFEE451C390F39E92B6FD2CB07AE7550E5D1ED880FF4F131C2837C377BD"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7760
Expires: Sat, 28 Jan 2023 22:54:32 GMT
Date: Sat, 28 Jan 2023 20:45:12 GMT
Connection: keep-alive
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 18:52:41 GMT
expires: Tue, 23 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 438751
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
live.demand.supply/e/e.js?e=ll&d=159&cs=c&dsReferer=ZXhlby5hcHAvN1dJUEhx
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/e/e.js?e=ll&d=159&cs=c&dsReferer=ZXhlby5hcHAvN1dJUEhx
IP 104.16.134.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /e/e.js?e=ll&d=159&cs=c&dsReferer=ZXhlby5hcHAvN1dJUEhx HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:45:12 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
etag: "e11f25735db9ddc62adb36e2e1846234-ssl"
x-nf-request-id: 01GPGADBNXCHVSK51WK5YVFSDJ
cf-cache-status: HIT
age: 1458838
accept-ranges: bytes
set-cookie: __cf_bm=nwjRsXRUubZKAzh.B7kANIrD_6yNLR1WA2FnOZJd.4o-1674938712-0-ATMER5fViMAeUm3rFM3X2SA3nWBD5RGDeqQt/AEt25jWgNSGX5PdA464vN8WwfiuFLIlWF49h+Vk1zjCyfkmAeo=; path=/; expires=Sat, 28-Jan-23 21:15:12 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c92090f4c0b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hethisisath.xyz/a05oMmQKLAtfWwpzChQRGSJVF1Yta1p0AFl+A1QVDj4CBldbNAIcBwchHVYCGSEGRkoFKxwXVi19PAMhWgEuURc7IhxXBS89XGc1PTgMAAMpDz98FCR+MmorP3cbZSUbJixaJlwWOwJTIBwmfyg4OhtwNl95JFhdOAwwdxU7fzF0PgYlH2cyGz8NAQApHSxVDwkLPngpEgcPZzIyJDhYJT8aPGgdOwgYcTQCA1FkJloiK2U1CQ0geF0yHFliNAILWWUPUyUJXyktGAF8FTI5PXg+WQgAdyUYGAlfKS0aEgYMMTktVj4qf1hwEww4DWUxOg0QZBUyOUVkLyIZGFsAKiIGVwpTCC1qLlIXPngAJQ05F1YpCyldNg0ZLXcnLCpNACYyHzlWPjN2W2ohBDcjZlElBj9nLjIPPXwBM3dbYyU9I05YFwQgGA8JWXgpcyoONBxK
54.230.111.57200 OK 1.2 kB URL HTTP/2 hethisisath.xyz/a05oMmQKLAtfWwpzChQRGSJVF1Yta1p0AFl+A1QVDj4CBldbNAIcBwchHVYCGSEGRkoFKxwXVi19PAMhWgEuURc7IhxXBS89XGc1PTgMAAMpDz98FCR+MmorP3cbZSUbJixaJlwWOwJTIBwmfyg4OhtwNl95JFhdOAwwdxU7fzF0PgYlH2cyGz8NAQApHSxVDwkLPngpEgcPZzIyJDhYJT8aPGgdOwgYcTQCA1FkJloiK2U1CQ0geF0yHFliNAILWWUPUyUJXyktGAF8FTI5PXg+WQgAdyUYGAlfKS0aEgYMMTktVj4qf1hwEww4DWUxOg0QZBUyOUVkLyIZGFsAKiIGVwpTCC1qLlIXPngAJQ05F1YpCyldNg0ZLXcnLCpNACYyHzlWPjN2W2ohBDcjZlElBj9nLjIPPXwBM3dbYyU9I05YFwQgGA8JWXgpcyoONBxK
IP 54.230.111.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash 9e034ed08af755f67f57f845945ccc0d
b514eb1c23b0a44f12dc58584e5f5c2ecc484f31
8f3f4324aa489b2302a7c22006a3b68481c9288a807cdf5629c5a8e70b794001
GET /a05oMmQKLAtfWwpzChQRGSJVF1Yta1p0AFl+A1QVDj4CBldbNAIcBwchHVYCGSEGRkoFKxwXVi19PAMhWgEuURc7IhxXBS89XGc1PTgMAAMpDz98FCR+MmorP3cbZSUbJixaJlwWOwJTIBwmfyg4OhtwNl95JFhdOAwwdxU7fzF0PgYlH2cyGz8NAQApHSxVDwkLPngpEgcPZzIyJDhYJT8aPGgdOwgYcTQCA1FkJloiK2U1CQ0geF0yHFliNAILWWUPUyUJXyktGAF8FTI5PXg+WQgAdyUYGAlfKS0aEgYMMTktVj4qf1hwEww4DWUxOg0QZBUyOUVkLyIZGFsAKiIGVwpTCC1qLlIXPngAJQ05F1YpCyldNg0ZLXcnLCpNACYyHzlWPjN2W2ohBDcjZlElBj9nLjIPPXwBM3dbYyU9I05YFwQgGA8JWXgpcyoONBxK HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1192
date: Sat, 28 Jan 2023 20:45:12 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: E3V9heaymKlfQaDwzKRYFsg3_tO1dcmJDBh38S9OoNZaCwfvtB6n2Q==
X-Firefox-Spdy: h2
hethisisath.xyz/eVZtbFIYNA4BbRhrD0onCzpQSWA/c18qNktmBgojHCYHWGFJLAdCMRU5GAg0CzkDGHwXMxlJYD9vPDg6IzMGWDsvLA4PMS0APzwHHWQJPSYLAiVVPCw/AjobPRMrIABMYyJdOQERFQ8hHyEKGR0eMhwgBA5gIl0qEgUACyYuAg4IMUsyCSIqFSwOLmZNHgQUaj0eVTweSi47IjU4OCE6A00OXhsaPQ4JJzNKGyQPA0k4IV0lSxI5XTk6OwY5HRQHJg0HDXNfLjAOPlU/AwE9LgE5NxwUVB0bAFRVEwFnHz84I2UpJCozEio9GRgHClgIOCU0P2FMZisBfxUCDF8fMAYFVCYyOglUATg+Fy8VER0LAhMwNytVahoAWRsROiUDOis/MAstMTM3OFU1GgRZHwBKbksGIRY4HVEmHWEXDToYDwArAy0iKz4m
54.230.111.57200 OK 1.2 kB URL HTTP/2 hethisisath.xyz/eVZtbFIYNA4BbRhrD0onCzpQSWA/c18qNktmBgojHCYHWGFJLAdCMRU5GAg0CzkDGHwXMxlJYD9vPDg6IzMGWDsvLA4PMS0APzwHHWQJPSYLAiVVPCw/AjobPRMrIABMYyJdOQERFQ8hHyEKGR0eMhwgBA5gIl0qEgUACyYuAg4IMUsyCSIqFSwOLmZNHgQUaj0eVTweSi47IjU4OCE6A00OXhsaPQ4JJzNKGyQPA0k4IV0lSxI5XTk6OwY5HRQHJg0HDXNfLjAOPlU/AwE9LgE5NxwUVB0bAFRVEwFnHz84I2UpJCozEio9GRgHClgIOCU0P2FMZisBfxUCDF8fMAYFVCYyOglUATg+Fy8VER0LAhMwNytVahoAWRsROiUDOis/MAstMTM3OFU1GgRZHwBKbksGIRY4HVEmHWEXDToYDwArAy0iKz4m
IP 54.230.111.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3030), with no line terminators
Hash 12e22632a46f5e0049bd7b86300dff71
bd3698be1b6edc4e7e473c704b589d6d114dd8b3
afec9e50039e98482d071cce3430ebc9378d25de0c8b3ddcdcbff3e4caf11e74
GET /eVZtbFIYNA4BbRhrD0onCzpQSWA/c18qNktmBgojHCYHWGFJLAdCMRU5GAg0CzkDGHwXMxlJYD9vPDg6IzMGWDsvLA4PMS0APzwHHWQJPSYLAiVVPCw/AjobPRMrIABMYyJdOQERFQ8hHyEKGR0eMhwgBA5gIl0qEgUACyYuAg4IMUsyCSIqFSwOLmZNHgQUaj0eVTweSi47IjU4OCE6A00OXhsaPQ4JJzNKGyQPA0k4IV0lSxI5XTk6OwY5HRQHJg0HDXNfLjAOPlU/AwE9LgE5NxwUVB0bAFRVEwFnHz84I2UpJCozEio9GRgHClgIOCU0P2FMZisBfxUCDF8fMAYFVCYyOglUATg+Fy8VER0LAhMwNytVahoAWRsROiUDOis/MAstMTM3OFU1GgRZHwBKbksGIRY4HVEmHWEXDToYDwArAy0iKz4m HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1182
date: Sat, 28 Jan 2023 20:45:12 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: p7jD4lr62QMNCUT1vdAPKdzrkg4yBca-CiFF7-njUfH2Kcv7AlibRQ==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dhthrewdownth.xyz/T2JyWkhgXREpdRsmIGwbfRpGGCM/VSUSPwIzQWMsKRUKGS4JVlQuIStfSmh6elBGfDgmBk9rbjwWEy49PF9DfCEhBB1nbjlfQ3R7e0xBa2Z9RAdneWkWAjsvclNUKjw7Dk9rfnhWS2lweFNEbnt2
104.21.30.239204 No Content 0 B URL HTTP/2 dhthrewdownth.xyz/T2JyWkhgXREpdRsmIGwbfRpGGCM/VSUSPwIzQWMsKRUKGS4JVlQuIStfSmh6elBGfDgmBk9rbjwWEy49PF9DfCEhBB1nbjlfQ3R7e0xBa2Z9RAdneWkWAjsvclNUKjw7Dk9rfnhWS2lweFNEbnt2
IP 104.21.30.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /T2JyWkhgXREpdRsmIGwbfRpGGCM/VSUSPwIzQWMsKRUKGS4JVlQuIStfSmh6elBGfDgmBk9rbjwWEy49PF9DfCEhBB1nbjlfQ3R7e0xBa2Z9RAdneWkWAjsvclNUKjw7Dk9rfnhWS2lweFNEbnt2 HTTP/1.1
Host: dhthrewdownth.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 20:45:12 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fo65aDt7Bk52YP%2B3vqG6YORQlK0q0dnumXBvVMWZPy5r0wKovVYeZrl9C14IXd%2BbIM%2FM4RI7ckz%2BH0lU8Ha53OfTjDlk5fos8aHU20DhXWAy8%2Fn00piJsAMVfmGnanzSTKrc2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790c92089ebeb4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.106.19200 OK 103 kB IP 172.64.106.19:0
Size 103 kB (102745 bytes)
Hash 178fa0c8ff6710eed4da650b7e1ca597
f7ccf9591a33231fc1f2e547c837481178cdfaa3
b63ef905cfddd13edce742ecda0b977cb95139c1cc9126bb1707c987bad5ea04
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:45:12 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2219
last-modified: Sat, 28 Jan 2023 20:08:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wLuB7bRAQwCF8mHH9kL%2BXDDswb2ODhhjTwfng9YhUIm4B57BsPTKz5IMRyNctmqSDhIXK2p4GcbGhSkbuwzx%2BMrUyefUk0PxBBU6Veik13m0HBhq7LFfowndyDgoi3WM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c92090df871ed-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8a44ff793854788a6c5c1ff2a0a29c7f
dac6a57158fd5322f83cba141efd34944ea0b5cb
7c5d77e67026793c297224f78928f8906fe6812def5058743f498960bf7f472a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7C5D77E67026793C297224F78928F8906FE6812DEF5058743F498960BF7F472A"
Last-Modified: Sat, 28 Jan 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20600
Expires: Sun, 29 Jan 2023 02:28:32 GMT
Date: Sat, 28 Jan 2023 20:45:12 GMT
Connection: keep-alive
dhthrewdownth.xyz/SXVoYW9mSgsSUi0eBBENIz8uBzk9FCsKOX4tLhIsGz0QMDgIJE4VBi1IUFlWfUxcRx8gEVVQSToBCRUaOkhZRwYnEwdcST9IWU9cfVtbUEF7Ux1cXm8BGAAIdEROERs9GVVQWX5BUVJXfkReVVZ/
104.21.30.239204 No Content 0 B URL HTTP/2 dhthrewdownth.xyz/SXVoYW9mSgsSUi0eBBENIz8uBzk9FCsKOX4tLhIsGz0QMDgIJE4VBi1IUFlWfUxcRx8gEVVQSToBCRUaOkhZRwYnEwdcST9IWU9cfVtbUEF7Ux1cXm8BGAAIdEROERs9GVVQWX5BUVJXfkReVVZ/
IP 104.21.30.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /SXVoYW9mSgsSUi0eBBENIz8uBzk9FCsKOX4tLhIsGz0QMDgIJE4VBi1IUFlWfUxcRx8gEVVQSToBCRUaOkhZRwYnEwdcST9IWU9cfVtbUEF7Ux1cXm8BGAAIdEROERs9GVVQWX5BUVJXfkReVVZ/ HTTP/1.1
Host: dhthrewdownth.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 20:45:12 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WOxTCbe9xqwY%2FJxUYE1zUtwn%2FjqpBBoSzsB7h7e4jGIXxH1ipwS4UzfrMQo9I0bIUG9j2xxzkLMVchdtZFEQPVhr2%2FrI%2BktNB6biyBZ3%2F9a32sjRcwa4Db7esQru%2F2tNKbUBCA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790c9208df16b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dhthrewdownth.xyz/YnpIamlNRSsZVDMsEiUNUEsyMwcSORAyLw8cHTA8AS0KWDtTCW4eAAZHcF5aUEx5TBkLHnVbUUQJPAsdFwl1W08LFC4FVEQMdVtHUlR6RFtED3VbTxYKKQ1UU1w4Hh0OR3lcXlZDe1JeU0x9W1k
104.21.30.239204 No Content 0 B URL HTTP/2 dhthrewdownth.xyz/YnpIamlNRSsZVDMsEiUNUEsyMwcSORAyLw8cHTA8AS0KWDtTCW4eAAZHcF5aUEx5TBkLHnVbUUQJPAsdFwl1W08LFC4FVEQMdVtHUlR6RFtED3VbTxYKKQ1UU1w4Hh0OR3lcXlZDe1JeU0x9W1k
IP 104.21.30.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /YnpIamlNRSsZVDMsEiUNUEsyMwcSORAyLw8cHTA8AS0KWDtTCW4eAAZHcF5aUEx5TBkLHnVbUUQJPAsdFwl1W08LFC4FVEQMdVtHUlR6RFtED3VbTxYKKQ1UU1w4Hh0OR3lcXlZDe1JeU0x9W1k HTTP/1.1
Host: dhthrewdownth.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 20:45:12 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=68ZbBwAcfJ8kqfhoWY9ClP7jzxNmoy9N3JwoLe90u3hSdHexzC0cpb7bDokGML%2F2kz8n0lDO2I9R%2BRl4oDzrkWMLO%2Fjf%2BQe9PgFvCLJwSmjv6LQNWMntTom4zwuJ8mU%2FRb5aJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790c9208ef1ab4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exeo.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1674936000
104.26.8.233200 OK 16 kB URL HTTP/2 exeo.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1674936000
IP 104.26.8.233:0
File type ASCII text, with very long lines (37558), with no line terminators
Hash 4a8d5b5c11b9aeea80dcd6c4b3a6a73b
f7ddfc9bbcab73681088ab35138dd92f374836af
1ae4a18bef94766e6224a63f403f74fc17ec775776618d911f92a9c5fb84807e
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1674936000 HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: AppSession=53c1d209af83f075b8f1e7c1b77402f2; csrfToken=0f62e018e0497e75b2fdf4e8dc4166709f6e8b6a46a69dbf0f71875ada2e641f07c280a16298d430a2ff1d3a6dc6882bc99757bd783362ce58f4fb5be4680354
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:45:12 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Raw6tTlqr6CtaLg44UrefdpbC9vINSPj%2FoEPPMaR27dtq5hdA3l%2F%2FbCC%2FO3lvEn0aBIncgZb1xvd0Ofv6mO8I7LbZCzGIciJq99Dfc3wbHrFxRVa%2B62To%2BG4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790c9208fd160b31-OSL
content-encoding: br
X-Firefox-Spdy: h2
d20kfqepj430zj.cloudfront.net/3T1E1OFcsPlteaDs4UQVvd2gBAWNpO0ZXOT9sWAphDhB7XS07KRNMLStsBR47Lj9SBXEqP1YFZmkwUVpqe3dBSDgkbEVJMyIgUVYjPjATTTZyPFpCPiM9VB1lCWQbCHJ9YR1PPiE1Wk8kamMFViNqYwUJZ2FhEAsVamMFTz4hZwEdZA10BwgveWUQCxVqYw-VKIWpidAlnen8FEXJ9YVJdNCQ+EAoRfWEECGd+YQQdZX83XEoyKT5NHWUJYAUNeX93QAVm
54.230.245.229200 OK 611 B URL HTTP/2 d20kfqepj430zj.cloudfront.net/3T1E1OFcsPlteaDs4UQVvd2gBAWNpO0ZXOT9sWAphDhB7XS07KRNMLStsBR47Lj9SBXEqP1YFZmkwUVpqe3dBSDgkbEVJMyIgUVYjPjATTTZyPFpCPiM9VB1lCWQbCHJ9YR1PPiE1Wk8kamMFViNqYwUJZ2FhEAsVamMFTz4hZwEdZA10BwgveWUQCxVqYw-VKIWpidAlnen8FEXJ9YVJdNCQ+EAoRfWEECGd+YQQdZX83XEoyKT5NHWUJYAUNeX93QAVm
IP 54.230.245.229:0
File type ASCII text, with very long lines (862), with no line terminators
Hash 87548fd0cc144ea4db765d91e6bf44a1
845280de590a3755cdb1baba5b4637976ac53257
fec1a81e577e2374dfe1a8eb11eb804318ad4905f2fa921849ee57d373312229
GET /3T1E1OFcsPlteaDs4UQVvd2gBAWNpO0ZXOT9sWAphDhB7XS07KRNMLStsBR47Lj9SBXEqP1YFZmkwUVpqe3dBSDgkbEVJMyIgUVYjPjATTTZyPFpCPiM9VB1lCWQbCHJ9YR1PPiE1Wk8kamMFViNqYwUJZ2FhEAsVamMFTz4hZwEdZA10BwgveWUQCxVqYw-VKIWpidAlnen8FEXJ9YVJdNCQ+EAoRfWEECGd+YQQdZX83XEoyKT5NHWUJYAUNeX93QAVm HTTP/1.1
Host: d20kfqepj430zj.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hethisisath.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 611
date: Sat, 28 Jan 2023 20:45:12 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RlrZGz0FMOWqw9K9yo7XiG_gPqGk2CKaE6nffrS9LjwI8r0G1-9YCA==
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.106.19200 OK 499 B IP 172.64.106.19:0
File type ASCII text, with no line terminators
Hash c5a5a7a7cf80bddc086e5887b54567a0
5d37c664a09d3a5c3682b15b96d093cec9edc356
36f0373d15b6a868934033718b9d38a54992625f4cd2e74ce91c70060beff457
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:45:12 GMT
content-type: text/plain
set-cookie: csu=208317691465356@1@1674938712; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bk5RnbelrcAFzSCA3KY4SlZMvihHnvcKS7ENM26EH3krcEs%2Bi68Po1P4%2FYOQj4rQLrol3%2BQhePwn4U8y2H7fp0Syg799LSmV1Ge0rpQUCfHIwLKv0R731%2FbDitFRmKei"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790c92093e2f71ed-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
139.45.195.253200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 902
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 28 Jan 2023 20:45:12 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exeo.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
d20kfqepj430zj.cloudfront.net/9QThZek4iVzcccTVRPUd2dQtrTH9nUioVIDEFLR55O1kxGxcsfwguOgdqLVw6O1xkSmgtWTcdc2ddNxlzcB44Hix8DH8PL3xVNgAnLVQ4X3wHDXdKa3MIcQ0nL1w2DT1kCmkUOmQKaUt+bwh8SQxkCmkNJy8ObV99Ax1rSjZ3DHxJDGQKaQg4ZAsYS350Fm-lTa3MIPh8tKld8SAhzCGhKfnAIaF98cV4wCCsnVyFffAcJaU9gcR4sR38
54.230.245.229200 OK 189 B URL HTTP/2 d20kfqepj430zj.cloudfront.net/9QThZek4iVzcccTVRPUd2dQtrTH9nUioVIDEFLR55O1kxGxcsfwguOgdqLVw6O1xkSmgtWTcdc2ddNxlzcB44Hix8DH8PL3xVNgAnLVQ4X3wHDXdKa3MIcQ0nL1w2DT1kCmkUOmQKaUt+bwh8SQxkCmkNJy8ObV99Ax1rSjZ3DHxJDGQKaQg4ZAsYS350Fm-lTa3MIPh8tKld8SAhzCGhKfnAIaF98cV4wCCsnVyFffAcJaU9gcR4sR38
IP 54.230.245.229:0
File type ASCII text, with no line terminators
Hash f86210d405187d050682fa1c264d7c10
c9262755d369d1f924514e6ed5cab4244eb66d72
927f1a92b0f319c66805b8d084d954852ea706d33d003edc0d21bc6f017b2188
GET /9QThZek4iVzcccTVRPUd2dQtrTH9nUioVIDEFLR55O1kxGxcsfwguOgdqLVw6O1xkSmgtWTcdc2ddNxlzcB44Hix8DH8PL3xVNgAnLVQ4X3wHDXdKa3MIcQ0nL1w2DT1kCmkUOmQKaUt+bwh8SQxkCmkNJy8ObV99Ax1rSjZ3DHxJDGQKaQg4ZAsYS350Fm-lTa3MIPh8tKld8SAhzCGhKfnAIaF98cV4wCCsnVyFffAcJaU9gcR4sR38 HTTP/1.1
Host: d20kfqepj430zj.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hethisisath.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 189
date: Sat, 28 Jan 2023 20:45:12 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: QWndgsiypqKtkeysvneQOe0LF9GbPZz6ZQuVBNmrsp1qClTjHv3Adg==
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.106200 OK 3.4 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.106:0
Hash 9c2857c0c89300c64391642dc2f93b44
71a7c0ef0a82cb4621bce5b32f6c28524049bde0
ae845c34e58d310d5f970c6cc319457a8fdc13b93c3f08c1ba0f26b0b9d63263
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 28 Jan 2023 20:45:12 GMT
date: Sat, 28 Jan 2023 20:45:12 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 631ea0b9b4e3085e98b5c5498a4c9047
ec9f6e457fdd72390b9843f217821dff325c80f8
27c2771693d65c03977ca230c70271d4105cac00b7cf855d968473c6a9eec39f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 631ea0b9b4e3085e98b5c5498a4c9047
ec9f6e457fdd72390b9843f217821dff325c80f8
27c2771693d65c03977ca230c70271d4105cac00b7cf855d968473c6a9eec39f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 28 Jan 2023 19:45:20 GMT
expires: Sat, 28 Jan 2023 21:45:20 GMT
cache-control: public, max-age=7200
age: 3592
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ed8a8c45dceab588456b222e04775919
0242859712655caa3c3e9b936878c7c7874b7b5a
669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j99&a=173062152&t=pageview&_s=1&dl=https%3A%2F%2Fexeo.app%2F7WIPHq&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=2056167243&gjid=1821091188&cid=835405590.1674938717&tid=UA-135952122-1&_gid=1806132175.1674938717&_r=1&_slc=1>m=2ou1p0&z=1569776130
142.250.74.46200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=173062152&t=pageview&_s=1&dl=https%3A%2F%2Fexeo.app%2F7WIPHq&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=2056167243&gjid=1821091188&cid=835405590.1674938717&tid=UA-135952122-1&_gid=1806132175.1674938717&_r=1&_slc=1>m=2ou1p0&z=1569776130
IP 142.250.74.46:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j99&a=173062152&t=pageview&_s=1&dl=https%3A%2F%2Fexeo.app%2F7WIPHq&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=2056167243&gjid=1821091188&cid=835405590.1674938717&tid=UA-135952122-1&_gid=1806132175.1674938717&_r=1&_slc=1>m=2ou1p0&z=1569776130 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://exeo.app
date: Sat, 28 Jan 2023 20:45:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.34200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.34:0
File type ASCII text, with very long lines (39378)
Hash 5e67d8b08e414891ea9e85236c2ee7bb
ad9ba0a533dec8e03af843149d52be1620b63497
05740e91634401d03725ba7a8baa568ac3441e5a86c0151f4002dfc8dca8fcb1
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27624
date: Sat, 28 Jan 2023 20:45:12 GMT
expires: Sat, 28 Jan 2023 20:45:12 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1466 / 32 of 1000 / last-modified: 1674860850"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.211.13302 Found 390 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.211.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash a5f291b197e13249d44c4162268b16f4
fd234f53bc81a7da75b6f913abfb4bda07a28c47
3e72b292eb5cf1c2899fb41e179f0c5da2551a911b6037eafc30a1e6bcebe520
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 28 Jan 2023 20:45:12 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S671174007%3A1674938712856438&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcPBn6Chc5lAsnNaF4PIN9geWvmvfkr1jeT3o5m8Qt9d1Cl3_N5IrC_Kn92rCT8zNvRn70Aew
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-sNck1RTSxe1Py3nBavKwwA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 390
server: GSE
set-cookie: __Host-GAPS=1:OucN-Pz7HPcVYZDaAYdfmTH3arK4iw:py_Xmpz6QYJwVa6R;Path=/;Expires=Mon, 27-Jan-2025 20:45:12 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ed8a8c45dceab588456b222e04775919
0242859712655caa3c3e9b936878c7c7874b7b5a
669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ef589be52a3e55b643978f17949a73da
74545de6f144282252ff92c751f97cc835c80341
7bfa68c43e60a2627770163b5c1b96fbd7e4843984ad5ff6225c5490b8073b26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.211.13302 Found 838 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.211.13:0
Hash 13f2e347d78dfb16d8a1c771f6f4ecac
59c782faa9dc63fec3438ae8f36a1f1953cdd2e9
28d2c6799c025af5248bec07116a514506110589fcd4bcc374af652974c6ee5f
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 28 Jan 2023 20:45:12 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S487488246%3A1674938712910724&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHdk5nPKAAalMBd7urg8hXHV0WouNYJf6WbmQWFbpWXtRdHbvZD-zToQtPEMnAyRu7yQSGglRg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-UR1WvU6kdqTdq8MnbBWrsg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:BUMh9MvtoDK5gskOl6lc6P6S0qfa9Q:WdOJgetEor2e7NmG;Path=/;Expires=Mon, 27-Jan-2025 20:45:12 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7078b1d21bbac26012d93fc9501fbbb0
412189ffa7980709edc28b87a820aa1ae64fa3a7
6db1d0d3f3924d7e75e1fd087553cf4ec5fa938ecc52adf3f149570551eaf7f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2725
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:12 GMT
Last-Modified: Sat, 28 Jan 2023 19:59:47 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 24 kB IP 216.58.211.3:0
Hash 18bf37165592dc6081a5836254518dc9
5f2588793484ba7e60dc235ea0ad44a1d4801d89
be4a2b5f923889265a210309373690ccf5321b0a81882fbd10d3c589629b7b71
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 2.1 kB IP 216.58.211.3:0
Hash ae8c7d4fc4f1653be7c98b7c1dbc49a2
ee43c6a64fecd5d2b84400016d8ca5fff51bcd00
369afb859d5f46f34f51a71e5b7b34eb457b83eb2ceb2bb1687029abd57a45ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=exeo.app
142.250.74.98200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=exeo.app
IP 142.250.74.98:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exeo.app HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 28 Jan 2023 20:45:13 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=exeo.app
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exeo.app
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exeo.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 28 Jan 2023 20:45:13 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash b7da7d1d3e5880d5d4e313ac7fcf2a83
60a1e887ccb7c7cdae0035c65ef7df9908547fef
af17efcd17df50324c29cff05cea79f18cba79f6b1134ec0e6d1637759b5e895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
172.217.21.161200 OK 2.7 kB URL HTTP/2 04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: 04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Sat, 28 Jan 2023 20:45:13 GMT
expires: Sun, 28 Jan 2024 20:45:13 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023011901&st=env
142.250.74.98200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023011901&st=env
IP 142.250.74.98:0
File type JSON data\012- , ASCII text, with very long lines (14842), with no line terminators
Hash 2d328e27035f99220844b918df8aa55a
2bf2583468fd264e6d3a9eacdf86c5bbca943284
9468b39449b10cb1e3f73f60b45e19cef0653a475a22ea314c0cac4173f4e83b
GET /getconfig/sodar?sv=200&tid=gpt&tv=2023011901&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Sat, 28 Jan 2023 20:45:13 GMT
server: cafe
content-length: 11201
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 622fef0135648b055d1691ae97508eff
535c21115ccc50934d06c70e153df6ae542f1b5c
a66508fe21cab04638a3988ee90babe52167f0399a5440e329cf397182c813b4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pogothere.xyz/asd100.bin
172.64.106.19200 OK 109 kB IP 172.64.106.19:0
Size 109 kB (108786 bytes)
Hash 97abf906b1aa7ce0c548be99b3a0e5fa
532911ee2ac1d5788ea915e397d347a6cb678077
4ef7edfe8d0cbe8c3bd2f199d9b9d5c9b6c56f2226e6232914028dbdd203450a
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:45:12 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2219
last-modified: Sat, 28 Jan 2023 20:08:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J0QTdJneqLfYQKLpVI286XId9KoluH7Nw8JJ7PiTLyZN%2F3EPE%2B%2B4DhcAJGiM3uYNonr1vMxTymnheX33QIFye22JCv6iwnKus04hp7giEsalpwYCn1FBasv2kapoFS5%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c92092e2771ed-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
142.250.74.1200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 142.250.74.1:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Jan 2023 22:10:29 GMT
expires: Mon, 22 Jan 2024 22:10:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 513284
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 86352d15c37831cf9bf1e41325029224
ac8b28bcc1e6dd026e1f62d1ef8b9f80a42eee21
154f5f5e116df41f5d3bd414c671138b2afc198071529a0f3573109277566cd8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:45:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
216.58.211.4200 OK 513 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 216.58.211.4:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 8b60d6551734dfb20a8734fafcc45392
338066a6021491f570354fef74365cc918413383
d638915244e05ed8623d5908ec29d1d2eddf320043d9f26c38d1b91a36fc4929
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 28 Jan 2023 20:45:13 GMT
date: Sat, 28 Jan 2023 20:45:13 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-G3et9fJqhGWiNrQpghMI1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11284
Expires: Sat, 28 Jan 2023 23:53:17 GMT
Date: Sat, 28 Jan 2023 20:45:13 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11284
Expires: Sat, 28 Jan 2023 23:53:17 GMT
Date: Sat, 28 Jan 2023 20:45:13 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cadb8fa-5527-46cd-92dd-6316ac84a7d5.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cadb8fa-5527-46cd-92dd-6316ac84a7d5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57b73886cbbb719eda5f733c018eedfb
b84ed40973f8a0d3c10529e34f9466746cfdaf0c
4ba11c23e0bbd2aed53b04ad0b3d22161af1971ddcfb75ae55734de9a49af207
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cadb8fa-5527-46cd-92dd-6316ac84a7d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7028
x-amzn-requestid: c1743fed-205a-431b-8648-474facde6d09
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CwFtboAMF9rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-5b94864c707c42fc36fbc63a;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 35sWCIsACAhQvXkJvBn0LGf2m9OTklgDprONw5CDUoXD97TUpJ9j5Q==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:55:35 GMT
age: 82178
etag: "b84ed40973f8a0d3c10529e34f9466746cfdaf0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11284
Expires: Sat, 28 Jan 2023 23:53:17 GMT
Date: Sat, 28 Jan 2023 20:45:13 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 82107
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1WE1zQwrCGVy8HLT9_BFkAr6rQE_ROyttMOByR32KeT0w2Hd_ylvYQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:16:00 GMT
age: 80953
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 2e85f75e-ab9d-4d45-adad-7313950a9647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSWbxGwnoAMFejw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d117-68f1a9e71a07a0453311fd32;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 06:49:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dbz3wXGNaetf6xvRE98rshyHy-FVfDo8co-4VDL0a4Qe3E4U8A82Og==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 18:36:06 GMT
age: 7747
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c982569d070f24dba1259603091c22e3
0f93acb5bee53670cc4ef486922f7333d96a2f4e
9a5a2d8a181a763ee6f60c27b396a0e3d7b1527e5177b2aff8d511db250753ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4975
x-amzn-requestid: 633350b7-4686-40d5-8c9d-3c097f8e2d34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EBGuaoAMFbSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b3-4201212c1a0eb2a65d3f494c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XRAeWdoEkbnzXKOs_EdgQ1r9BGOeDNh4FRXm-fv0KiCz4juqk8UKIw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:59:35 GMT
age: 81938
etag: "0f93acb5bee53670cc4ef486922f7333d96a2f4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f185f0b4f90d06dbb397b44ed9c73dbe
a48e2c369a048447e0e25e4791eb603859391c1c
b466060fc132cc8d23fcb83001206606e2d5502118c65e9f55795b5adbff2fa6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9364
x-amzn-requestid: 1e581631-b99e-4d2d-9ae4-dfb9e740b6d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_ekGLJIAMF54A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f6-25b17a8d181dfcb251bd4ea6;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QWZHzwxoalbYlpl8-hYeqO_waF45AvOUNMkSniT8CbDVBj3V7f38cg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 16:01:46 GMT
etag: "a48e2c369a048447e0e25e4791eb603859391c1c"
content-type: image/jpeg
age: 17007
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3e863faa386be5424a5d4a452860ccbd
ceee8a9b940473ca6678375d68b2989c074d5175
678aa5fb1efcb394a85ca175ef644b9585d8cb5dc1c55a2331a8af0f3a601571
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "678AA5FB1EFCB394A85CA175EF644B9585D8CB5DC1C55A2331A8AF0F3A601571"
Last-Modified: Sat, 28 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8784
Expires: Sat, 28 Jan 2023 23:11:37 GMT
Date: Sat, 28 Jan 2023 20:45:13 GMT
Connection: keep-alive
googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj24ozGATAB&v=APEucNU3iwnO3qrB_D2eHtS3nFn_mqujkquvb1zY1U-RYbXWhBkHX0y4NH0cF7LXxq-kS8eLbod1CoNiRLG67p8W-f8PhAQi7XcaYEq7GnCwUwBq7WuvxBVEnIQDl8pFq9V6qUCTz355AFp-gwoNP_UOkFj_ReZC7npK7a_MvsntqPWiz-Z_7y1TuHEZeXsnMsZiI2lCpDfINEyADPGrfL43oIy7VlY6bg
142.250.74.66200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj24ozGATAB&v=APEucNU3iwnO3qrB_D2eHtS3nFn_mqujkquvb1zY1U-RYbXWhBkHX0y4NH0cF7LXxq-kS8eLbod1CoNiRLG67p8W-f8PhAQi7XcaYEq7GnCwUwBq7WuvxBVEnIQDl8pFq9V6qUCTz355AFp-gwoNP_UOkFj_ReZC7npK7a_MvsntqPWiz-Z_7y1TuHEZeXsnMsZiI2lCpDfINEyADPGrfL43oIy7VlY6bg
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CN-KGhDw3uOiAxj24ozGATAB&v=APEucNU3iwnO3qrB_D2eHtS3nFn_mqujkquvb1zY1U-RYbXWhBkHX0y4NH0cF7LXxq-kS8eLbod1CoNiRLG67p8W-f8PhAQi7XcaYEq7GnCwUwBq7WuvxBVEnIQDl8pFq9V6qUCTz355AFp-gwoNP_UOkFj_ReZC7npK7a_MvsntqPWiz-Z_7y1TuHEZeXsnMsZiI2lCpDfINEyADPGrfL43oIy7VlY6bg HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Jan 2023 20:45:13 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Jan-2023 21:00:13 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 28 Jan 2023 20:45:13 GMT
cache-control: private
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
142.250.74.66200 OK 49 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 142.250.74.66:0
File type ASCII text, with very long lines (3504)
Hash eaf26b8f5900d361a5d447ea72df4752
26b0a44ca382082dde8648abd0a4d949bdf0c664
1334af0b91c26ce21cb75ab69d0c7e9c8ec1f00c0ce946a3689bb9d6fdcc4d37
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 49065
date: Sat, 28 Jan 2023 20:45:13 GMT
expires: Sat, 28 Jan 2023 20:45:13 GMT
cache-control: private, max-age=3000
etag: "1674650782302584"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
id5-sync.com/api/esp/increment?counter=no-config
162.19.138.117204 0 B URL HTTP/1.1 id5-sync.com/api/esp/increment?counter=no-config
IP 162.19.138.117:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/esp/increment?counter=no-config HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
date: Sat, 28 Jan 2023 20:45:13 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AuRNsVSrJfAegLxBYOFmFPFnZy57bsE-fapvpJJsGDOkyMsjJB1fLvuXhAgR54tk5VBGtp1d3Ud2meFprLrqTBOCM3yFqr3NtgiUq11lE0CLKprnR0zo6E9tM5za8hb56ve18kM9ADQRTk1HQ8p1xV0YW-JsafdfZDo6Qe7lC1hTzyMOU&cry=1&dbm_d=AKAmf-DFV5nu-SMAOCrkSdBgWZlSRk3POgUwjMLyKci_YIgdL_oE9l2QXQYcVBPx5u0K7KRk7O38YkGiw2ZTvUsKrJHD-Ykmh25bstCE3uHcbjyqH1-2tiITdDq_K01S7c6j4D__-sSrZhBcNzESc0ZbmQYIl1XCZxMjM6lDmmgdykjsHv_MGnelTT4slMuy8VdUw8UwD0gviefLP0P2zMdyxHouLLzk_UaSzUj31ORLj8lswvQyM0AHVghEQ5I2VvkgB9gSsik2aMD15qHCrLvGTxc3ZMILK3rPcw7hYuxGJGrgzjefyeXFqNZbfFY6lHV7K_AdAYOpFL1xUUfLjz2FGrpPFJqQ4jEPMhMd1_I4_uoIP2NarpiNq0xwS8q08MIv21O8k0eusALgtwn8TIdkL1DZ9eaIVViJCajOQUmK9m_eyRkwRXE0XuVd01uMb64GGVXy4qnMVF-rENssMN0aQi0yuREVmtv4QzTjoEE709uBLHDFOp89vlQUN6zTaeS1YsFCHcm1NsDPOAKZ0aDzVlqwLkCZSCLoh3eqszrOv6QYV_NNwnjya0MgbbCu6UpM_cGEyepviUQOLKSW3sUJoIdz4d88ip8DvvhtMdIwa8HdLlxp2KBbfyv7Gr_H_ys27UOHxguICkZxvcmDhOvf5pdnIOCi1-5TUJvQLIt6MwBp12dYMjmSO_5uJRVa-mzNvrPljRgQpwi8oA8Q4fPsuxvKLDOE40dj7rMODljH4QEz1hlUT-YwBe8muViKnLOLHfMQjpbHc3ExYK_cuhwSDLxUPRB611vpGcROB6eB87C-9CgqNEwzGOQOTwPpu19Hu_J75F2Gz7u04a4cI1c9gzD9WFYT6d8-9qIB59ndpOCWYgBZmbiqPFSWLF-0N2DQJpn58wfEh0ErsF9azGgxoPjSlILnQs8GQphIZD2uN97TW8zv6yvfuHZ3rZVgDGGgB2UwfrziQL5J_s53uAD8zuIfE6TYKVPdwuNHEev46BDt5XppSC1HASar6HHDkZgyEt1j188Y8QX4oXC7AWmjkDK5tSCvdvWokppq2urQYvMl-lRPX6bzG3vyszO5srYGEdLEU1gQBchCf2Uv2AGq1vIB7pwWTGnGQNMEjTOHpa9GP8cpyA78w7QSLWtuvH-ukZvmTxllzkPyYFOxkJz6BHymk5sjnMIGzmN8kX_QGL1hj8PqO27V1wsan2Q3AdoiSqGdKCbIexHF8afqK4LAhlU_h4ZXHVoe04yU36hUuj5Mfk5WWq52kVxZPaha427N5Y5lXZ3S2tpGB22OmexgTwFmY5rSbkRp_lwuM0TNnV2CG1WpiMcs2AdZEUBGU6vwNWFSRJDT1-Ofe1gm55XOHLzUrQdzoRqixDqlPGqL_ToaAsfwVJnJ-yhwfrhXrIfIT6dorLWWYR0gFj0zoU8QH7koWOM4QhtU46P8Wzk2W8FYzc-LlCQmoMPd9V5dIKMe4m0S7jbXGXr3HUTPTvCsE8a33XqQuJ6C3ULZPvhtYfDKYIqGA4BtA58J-VFWhAovttizYGNhTjVoCGCXPhpTvvwTwameawm1hd_tSEdo8-4CuxXccpHAYTQ_2QiraSBb9J95dqhCPC4EA7yowGgfM7vQHKIraizrWU5AZyidDuCGRlLVX-M1cs62skj8OjhMADvyBy-59HhmMx3XieS1sw7mvpee2AlL325K95V9GSb_0ix6Q9KSUi3tgTaUt6_iuFU6Vg9IY-QoecK4LILNxJ9leoALkEueQoCQ2aCT3GwIhcHdhqeVapv0VX2Lq9inPAnagiiK7dERX358z5oBgR651petqedkZYKNyHwXOmt93j_ks8baL5TKoIm7vuiKEwiAAljsJMuQ_IMVYfYq2OHHDkdxZabMuH-dqYqeNGfZU4aoD7aBbBNaEp3z48semSsitmgA4hAb8-JFquyIDtyiu-MwNtFy_YjQaK0tdhvheLueiRYm9G8XWtHCLfR-A3D5w8DVFt07abxaJ1dIFydSOJyzhoTyV-LOR8EQvA4DEFpaptHE6CiY6GaMHwt4YV9Ffb_q2ItLVp2Io-iscZJsO0UwoVZFojrURBg2ax9hzoNFfFfugza6MG3vdnxo-L1VMFby35eMynKqflGpt9qorb3CvCibH-B5VfWMnnfMixXcmqHkkbqRIillwLu1W29EG7_unsZExaiIcFQsCneUEaNzOuxMmLzrjz1Nqu9Hx2nRIPRKGHmR6yioTu51vTRJhgeYRcP2rlGct9ukQeK8hhSzWcqKx4HBUlVnWxLa-r7T1h7rdbhC8SmydDkHwUC1j5nbFh2-Ot0Wk_j3_7_QeeekUdKjbRnj39k-y3H24k-3UfDgjbpQmfc0EmhAjeg184NOkXieLyK8A0JUunze-UJc3_oscuIqOs5U4wyPCpGanpSPmvfUAXEUroDkETIXKYc0T7aRSC-zpPSItKFBppnLvHQ5aDZ4mk7M3bouup0HVdXJlpcMQpa2AwFEIm7BYAswczGcIsWY7eOPhr4ZixBtA01QLXQau0WWfLJ_mhwmujf7bIyPsK_h2eaEOSPSrBDSEchasdI36AghszeyBuyOZ7-9u214HQj2jHvhGr0DxaSIZW7BKGNyLserSbH_H8VKu4K4QUE2Zu49ayyvAKI9nRSnx_88UWE-36e4qnIqJ0B8pzV9W6_xlxyx61NjVjw3tyuKfoyuVrSQUN63mLbEQZ1lFhv6Zde-OpCCFwHiihjQqXaiVCciOAjI7MqkNM8VptF45M9T3GAVJwMwEolPzil2RIj6KmNbMkuhzLWcpOw60FlndLk8vVvFvzPZIiwQHzj_8j2RM2M_3EuKECzZsnsWZZ4_lgfSAdjWz9B5_AtQeBUCNGm_RnetXeW6a8mNvl5EeuLJ8TkA-H3oI1rb0VS0vJMSkhw7NLCAX1zQDBPOM4cKTgrQn4aA1OqZjA3KpuS3LcTLJXV4jrrkCT9zVhRn-yBurGPjsxp6knz8KOb3JWuApmNoNY9awBBBYqRJgrh38oRiYokBVbb9_6IrnqcmpZA6dvbfkZGTYFwi3RUvMjZfCyPHmiCUSH_p5edA2dRLfwkp9tEXYQeVIMgyi2f7Yl8SCg8ywXUJr2krxpDzapGWnoAEXbyRKTwXePw1l1atDcBa-I6InfzqOrf0hjIZWEbkbW9VQmgY4s-I5K5IrT9gXaGLxHK8XJ0_hD3llQze9Yr2YprLgMAPQrRT8yaX_jytpcfOUGSXpjyHdmSV-IhMKq0XG0P7iTQlSBCr93C4vnCmPlC6VzWn6KBhV4P8NuttQI7L3uBY6ENO842CUQbHMCLj9nBeCrV8u_8JKT_ByZUVRhh21R1__k0PFGsGjWbLVy9kwDU4JpHeiwVN-ca4YxpFi8MysXUZhP9H9N74OpkSWp8sJL6CHGVEZ3rmez4fIGZa9InoW-MszPfFuxJggRSDOl00Slmzm-k8XgxsuD-zGR_90n5InPibQr4d2ZjJ24ZcZOk327T8XW0eIqeYdiI1x7boik6Sq73K_hyA2GRFSHVPPFbQfUul9p-WZFbuv22jsNwIYEfYHfg&cid=CAQSTADUE5ymIR6M3tbmxZtZwpClC8LRCx9kCQM1_5prqE77p4m1mdxKo_2438XT4oT9Y0JRyR41V0Zs81ReEdvyMO-HtDPsVJgX65cNhRMYASAT&dv3_ver=m202209210101&rfl=https%3A%2F%2Fexeo.app%2F&ds=l&xdt=1&iif=1&cor=17761543648441903000&adk=1761367587&idt=69&cac=0&dtd=13
142.250.74.66200 OK 11 kB URL HTTP/2 googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AuRNsVSrJfAegLxBYOFmFPFnZy57bsE-fapvpJJsGDOkyMsjJB1fLvuXhAgR54tk5VBGtp1d3Ud2meFprLrqTBOCM3yFqr3NtgiUq11lE0CLKprnR0zo6E9tM5za8hb56ve18kM9ADQRTk1HQ8p1xV0YW-JsafdfZDo6Qe7lC1hTzyMOU&cry=1&dbm_d=AKAmf-DFV5nu-SMAOCrkSdBgWZlSRk3POgUwjMLyKci_YIgdL_oE9l2QXQYcVBPx5u0K7KRk7O38YkGiw2ZTvUsKrJHD-Ykmh25bstCE3uHcbjyqH1-2tiITdDq_K01S7c6j4D__-sSrZhBcNzESc0ZbmQYIl1XCZxMjM6lDmmgdykjsHv_MGnelTT4slMuy8VdUw8UwD0gviefLP0P2zMdyxHouLLzk_UaSzUj31ORLj8lswvQyM0AHVghEQ5I2VvkgB9gSsik2aMD15qHCrLvGTxc3ZMILK3rPcw7hYuxGJGrgzjefyeXFqNZbfFY6lHV7K_AdAYOpFL1xUUfLjz2FGrpPFJqQ4jEPMhMd1_I4_uoIP2NarpiNq0xwS8q08MIv21O8k0eusALgtwn8TIdkL1DZ9eaIVViJCajOQUmK9m_eyRkwRXE0XuVd01uMb64GGVXy4qnMVF-rENssMN0aQi0yuREVmtv4QzTjoEE709uBLHDFOp89vlQUN6zTaeS1YsFCHcm1NsDPOAKZ0aDzVlqwLkCZSCLoh3eqszrOv6QYV_NNwnjya0MgbbCu6UpM_cGEyepviUQOLKSW3sUJoIdz4d88ip8DvvhtMdIwa8HdLlxp2KBbfyv7Gr_H_ys27UOHxguICkZxvcmDhOvf5pdnIOCi1-5TUJvQLIt6MwBp12dYMjmSO_5uJRVa-mzNvrPljRgQpwi8oA8Q4fPsuxvKLDOE40dj7rMODljH4QEz1hlUT-YwBe8muViKnLOLHfMQjpbHc3ExYK_cuhwSDLxUPRB611vpGcROB6eB87C-9CgqNEwzGOQOTwPpu19Hu_J75F2Gz7u04a4cI1c9gzD9WFYT6d8-9qIB59ndpOCWYgBZmbiqPFSWLF-0N2DQJpn58wfEh0ErsF9azGgxoPjSlILnQs8GQphIZD2uN97TW8zv6yvfuHZ3rZVgDGGgB2UwfrziQL5J_s53uAD8zuIfE6TYKVPdwuNHEev46BDt5XppSC1HASar6HHDkZgyEt1j188Y8QX4oXC7AWmjkDK5tSCvdvWokppq2urQYvMl-lRPX6bzG3vyszO5srYGEdLEU1gQBchCf2Uv2AGq1vIB7pwWTGnGQNMEjTOHpa9GP8cpyA78w7QSLWtuvH-ukZvmTxllzkPyYFOxkJz6BHymk5sjnMIGzmN8kX_QGL1hj8PqO27V1wsan2Q3AdoiSqGdKCbIexHF8afqK4LAhlU_h4ZXHVoe04yU36hUuj5Mfk5WWq52kVxZPaha427N5Y5lXZ3S2tpGB22OmexgTwFmY5rSbkRp_lwuM0TNnV2CG1WpiMcs2AdZEUBGU6vwNWFSRJDT1-Ofe1gm55XOHLzUrQdzoRqixDqlPGqL_ToaAsfwVJnJ-yhwfrhXrIfIT6dorLWWYR0gFj0zoU8QH7koWOM4QhtU46P8Wzk2W8FYzc-LlCQmoMPd9V5dIKMe4m0S7jbXGXr3HUTPTvCsE8a33XqQuJ6C3ULZPvhtYfDKYIqGA4BtA58J-VFWhAovttizYGNhTjVoCGCXPhpTvvwTwameawm1hd_tSEdo8-4CuxXccpHAYTQ_2QiraSBb9J95dqhCPC4EA7yowGgfM7vQHKIraizrWU5AZyidDuCGRlLVX-M1cs62skj8OjhMADvyBy-59HhmMx3XieS1sw7mvpee2AlL325K95V9GSb_0ix6Q9KSUi3tgTaUt6_iuFU6Vg9IY-QoecK4LILNxJ9leoALkEueQoCQ2aCT3GwIhcHdhqeVapv0VX2Lq9inPAnagiiK7dERX358z5oBgR651petqedkZYKNyHwXOmt93j_ks8baL5TKoIm7vuiKEwiAAljsJMuQ_IMVYfYq2OHHDkdxZabMuH-dqYqeNGfZU4aoD7aBbBNaEp3z48semSsitmgA4hAb8-JFquyIDtyiu-MwNtFy_YjQaK0tdhvheLueiRYm9G8XWtHCLfR-A3D5w8DVFt07abxaJ1dIFydSOJyzhoTyV-LOR8EQvA4DEFpaptHE6CiY6GaMHwt4YV9Ffb_q2ItLVp2Io-iscZJsO0UwoVZFojrURBg2ax9hzoNFfFfugza6MG3vdnxo-L1VMFby35eMynKqflGpt9qorb3CvCibH-B5VfWMnnfMixXcmqHkkbqRIillwLu1W29EG7_unsZExaiIcFQsCneUEaNzOuxMmLzrjz1Nqu9Hx2nRIPRKGHmR6yioTu51vTRJhgeYRcP2rlGct9ukQeK8hhSzWcqKx4HBUlVnWxLa-r7T1h7rdbhC8SmydDkHwUC1j5nbFh2-Ot0Wk_j3_7_QeeekUdKjbRnj39k-y3H24k-3UfDgjbpQmfc0EmhAjeg184NOkXieLyK8A0JUunze-UJc3_oscuIqOs5U4wyPCpGanpSPmvfUAXEUroDkETIXKYc0T7aRSC-zpPSItKFBppnLvHQ5aDZ4mk7M3bouup0HVdXJlpcMQpa2AwFEIm7BYAswczGcIsWY7eOPhr4ZixBtA01QLXQau0WWfLJ_mhwmujf7bIyPsK_h2eaEOSPSrBDSEchasdI36AghszeyBuyOZ7-9u214HQj2jHvhGr0DxaSIZW7BKGNyLserSbH_H8VKu4K4QUE2Zu49ayyvAKI9nRSnx_88UWE-36e4qnIqJ0B8pzV9W6_xlxyx61NjVjw3tyuKfoyuVrSQUN63mLbEQZ1lFhv6Zde-OpCCFwHiihjQqXaiVCciOAjI7MqkNM8VptF45M9T3GAVJwMwEolPzil2RIj6KmNbMkuhzLWcpOw60FlndLk8vVvFvzPZIiwQHzj_8j2RM2M_3EuKECzZsnsWZZ4_lgfSAdjWz9B5_AtQeBUCNGm_RnetXeW6a8mNvl5EeuLJ8TkA-H3oI1rb0VS0vJMSkhw7NLCAX1zQDBPOM4cKTgrQn4aA1OqZjA3KpuS3LcTLJXV4jrrkCT9zVhRn-yBurGPjsxp6knz8KOb3JWuApmNoNY9awBBBYqRJgrh38oRiYokBVbb9_6IrnqcmpZA6dvbfkZGTYFwi3RUvMjZfCyPHmiCUSH_p5edA2dRLfwkp9tEXYQeVIMgyi2f7Yl8SCg8ywXUJr2krxpDzapGWnoAEXbyRKTwXePw1l1atDcBa-I6InfzqOrf0hjIZWEbkbW9VQmgY4s-I5K5IrT9gXaGLxHK8XJ0_hD3llQze9Yr2YprLgMAPQrRT8yaX_jytpcfOUGSXpjyHdmSV-IhMKq0XG0P7iTQlSBCr93C4vnCmPlC6VzWn6KBhV4P8NuttQI7L3uBY6ENO842CUQbHMCLj9nBeCrV8u_8JKT_ByZUVRhh21R1__k0PFGsGjWbLVy9kwDU4JpHeiwVN-ca4YxpFi8MysXUZhP9H9N74OpkSWp8sJL6CHGVEZ3rmez4fIGZa9InoW-MszPfFuxJggRSDOl00Slmzm-k8XgxsuD-zGR_90n5InPibQr4d2ZjJ24ZcZOk327T8XW0eIqeYdiI1x7boik6Sq73K_hyA2GRFSHVPPFbQfUul9p-WZFbuv22jsNwIYEfYHfg&cid=CAQSTADUE5ymIR6M3tbmxZtZwpClC8LRCx9kCQM1_5prqE77p4m1mdxKo_2438XT4oT9Y0JRyR41V0Zs81ReEdvyMO-HtDPsVJgX65cNhRMYASAT&dv3_ver=m202209210101&rfl=https%3A%2F%2Fexeo.app%2F&ds=l&xdt=1&iif=1&cor=17761543648441903000&adk=1761367587&idt=69&cac=0&dtd=13
IP 142.250.74.66:0
File type ASCII text, with very long lines (15121), with no line terminators
Hash df3df5ae8c6d6d249036236c1f71ae9d
b51a5ca8e102b40bd2f6e1b462abb4fe41452204
5d77b69a7be49f17149349d2455356cc68a2b4591c895c85a7b3491c0816fa3b
GET /dbm/ad?dbm_c=AKAmf-AuRNsVSrJfAegLxBYOFmFPFnZy57bsE-fapvpJJsGDOkyMsjJB1fLvuXhAgR54tk5VBGtp1d3Ud2meFprLrqTBOCM3yFqr3NtgiUq11lE0CLKprnR0zo6E9tM5za8hb56ve18kM9ADQRTk1HQ8p1xV0YW-JsafdfZDo6Qe7lC1hTzyMOU&cry=1&dbm_d=AKAmf-DFV5nu-SMAOCrkSdBgWZlSRk3POgUwjMLyKci_YIgdL_oE9l2QXQYcVBPx5u0K7KRk7O38YkGiw2ZTvUsKrJHD-Ykmh25bstCE3uHcbjyqH1-2tiITdDq_K01S7c6j4D__-sSrZhBcNzESc0ZbmQYIl1XCZxMjM6lDmmgdykjsHv_MGnelTT4slMuy8VdUw8UwD0gviefLP0P2zMdyxHouLLzk_UaSzUj31ORLj8lswvQyM0AHVghEQ5I2VvkgB9gSsik2aMD15qHCrLvGTxc3ZMILK3rPcw7hYuxGJGrgzjefyeXFqNZbfFY6lHV7K_AdAYOpFL1xUUfLjz2FGrpPFJqQ4jEPMhMd1_I4_uoIP2NarpiNq0xwS8q08MIv21O8k0eusALgtwn8TIdkL1DZ9eaIVViJCajOQUmK9m_eyRkwRXE0XuVd01uMb64GGVXy4qnMVF-rENssMN0aQi0yuREVmtv4QzTjoEE709uBLHDFOp89vlQUN6zTaeS1YsFCHcm1NsDPOAKZ0aDzVlqwLkCZSCLoh3eqszrOv6QYV_NNwnjya0MgbbCu6UpM_cGEyepviUQOLKSW3sUJoIdz4d88ip8DvvhtMdIwa8HdLlxp2KBbfyv7Gr_H_ys27UOHxguICkZxvcmDhOvf5pdnIOCi1-5TUJvQLIt6MwBp12dYMjmSO_5uJRVa-mzNvrPljRgQpwi8oA8Q4fPsuxvKLDOE40dj7rMODljH4QEz1hlUT-YwBe8muViKnLOLHfMQjpbHc3ExYK_cuhwSDLxUPRB611vpGcROB6eB87C-9CgqNEwzGOQOTwPpu19Hu_J75F2Gz7u04a4cI1c9gzD9WFYT6d8-9qIB59ndpOCWYgBZmbiqPFSWLF-0N2DQJpn58wfEh0ErsF9azGgxoPjSlILnQs8GQphIZD2uN97TW8zv6yvfuHZ3rZVgDGGgB2UwfrziQL5J_s53uAD8zuIfE6TYKVPdwuNHEev46BDt5XppSC1HASar6HHDkZgyEt1j188Y8QX4oXC7AWmjkDK5tSCvdvWokppq2urQYvMl-lRPX6bzG3vyszO5srYGEdLEU1gQBchCf2Uv2AGq1vIB7pwWTGnGQNMEjTOHpa9GP8cpyA78w7QSLWtuvH-ukZvmTxllzkPyYFOxkJz6BHymk5sjnMIGzmN8kX_QGL1hj8PqO27V1wsan2Q3AdoiSqGdKCbIexHF8afqK4LAhlU_h4ZXHVoe04yU36hUuj5Mfk5WWq52kVxZPaha427N5Y5lXZ3S2tpGB22OmexgTwFmY5rSbkRp_lwuM0TNnV2CG1WpiMcs2AdZEUBGU6vwNWFSRJDT1-Ofe1gm55XOHLzUrQdzoRqixDqlPGqL_ToaAsfwVJnJ-yhwfrhXrIfIT6dorLWWYR0gFj0zoU8QH7koWOM4QhtU46P8Wzk2W8FYzc-LlCQmoMPd9V5dIKMe4m0S7jbXGXr3HUTPTvCsE8a33XqQuJ6C3ULZPvhtYfDKYIqGA4BtA58J-VFWhAovttizYGNhTjVoCGCXPhpTvvwTwameawm1hd_tSEdo8-4CuxXccpHAYTQ_2QiraSBb9J95dqhCPC4EA7yowGgfM7vQHKIraizrWU5AZyidDuCGRlLVX-M1cs62skj8OjhMADvyBy-59HhmMx3XieS1sw7mvpee2AlL325K95V9GSb_0ix6Q9KSUi3tgTaUt6_iuFU6Vg9IY-QoecK4LILNxJ9leoALkEueQoCQ2aCT3GwIhcHdhqeVapv0VX2Lq9inPAnagiiK7dERX358z5oBgR651petqedkZYKNyHwXOmt93j_ks8baL5TKoIm7vuiKEwiAAljsJMuQ_IMVYfYq2OHHDkdxZabMuH-dqYqeNGfZU4aoD7aBbBNaEp3z48semSsitmgA4hAb8-JFquyIDtyiu-MwNtFy_YjQaK0tdhvheLueiRYm9G8XWtHCLfR-A3D5w8DVFt07abxaJ1dIFydSOJyzhoTyV-LOR8EQvA4DEFpaptHE6CiY6GaMHwt4YV9Ffb_q2ItLVp2Io-iscZJsO0UwoVZFojrURBg2ax9hzoNFfFfugza6MG3vdnxo-L1VMFby35eMynKqflGpt9qorb3CvCibH-B5VfWMnnfMixXcmqHkkbqRIillwLu1W29EG7_unsZExaiIcFQsCneUEaNzOuxMmLzrjz1Nqu9Hx2nRIPRKGHmR6yioTu51vTRJhgeYRcP2rlGct9ukQeK8hhSzWcqKx4HBUlVnWxLa-r7T1h7rdbhC8SmydDkHwUC1j5nbFh2-Ot0Wk_j3_7_QeeekUdKjbRnj39k-y3H24k-3UfDgjbpQmfc0EmhAjeg184NOkXieLyK8A0JUunze-UJc3_oscuIqOs5U4wyPCpGanpSPmvfUAXEUroDkETIXKYc0T7aRSC-zpPSItKFBppnLvHQ5aDZ4mk7M3bouup0HVdXJlpcMQpa2AwFEIm7BYAswczGcIsWY7eOPhr4ZixBtA01QLXQau0WWfLJ_mhwmujf7bIyPsK_h2eaEOSPSrBDSEchasdI36AghszeyBuyOZ7-9u214HQj2jHvhGr0DxaSIZW7BKGNyLserSbH_H8VKu4K4QUE2Zu49ayyvAKI9nRSnx_88UWE-36e4qnIqJ0B8pzV9W6_xlxyx61NjVjw3tyuKfoyuVrSQUN63mLbEQZ1lFhv6Zde-OpCCFwHiihjQqXaiVCciOAjI7MqkNM8VptF45M9T3GAVJwMwEolPzil2RIj6KmNbMkuhzLWcpOw60FlndLk8vVvFvzPZIiwQHzj_8j2RM2M_3EuKECzZsnsWZZ4_lgfSAdjWz9B5_AtQeBUCNGm_RnetXeW6a8mNvl5EeuLJ8TkA-H3oI1rb0VS0vJMSkhw7NLCAX1zQDBPOM4cKTgrQn4aA1OqZjA3KpuS3LcTLJXV4jrrkCT9zVhRn-yBurGPjsxp6knz8KOb3JWuApmNoNY9awBBBYqRJgrh38oRiYokBVbb9_6IrnqcmpZA6dvbfkZGTYFwi3RUvMjZfCyPHmiCUSH_p5edA2dRLfwkp9tEXYQeVIMgyi2f7Yl8SCg8ywXUJr2krxpDzapGWnoAEXbyRKTwXePw1l1atDcBa-I6InfzqOrf0hjIZWEbkbW9VQmgY4s-I5K5IrT9gXaGLxHK8XJ0_hD3llQze9Yr2YprLgMAPQrRT8yaX_jytpcfOUGSXpjyHdmSV-IhMKq0XG0P7iTQlSBCr93C4vnCmPlC6VzWn6KBhV4P8NuttQI7L3uBY6ENO842CUQbHMCLj9nBeCrV8u_8JKT_ByZUVRhh21R1__k0PFGsGjWbLVy9kwDU4JpHeiwVN-ca4YxpFi8MysXUZhP9H9N74OpkSWp8sJL6CHGVEZ3rmez4fIGZa9InoW-MszPfFuxJggRSDOl00Slmzm-k8XgxsuD-zGR_90n5InPibQr4d2ZjJ24ZcZOk327T8XW0eIqeYdiI1x7boik6Sq73K_hyA2GRFSHVPPFbQfUul9p-WZFbuv22jsNwIYEfYHfg&cid=CAQSTADUE5ymIR6M3tbmxZtZwpClC8LRCx9kCQM1_5prqE77p4m1mdxKo_2438XT4oT9Y0JRyR41V0Zs81ReEdvyMO-HtDPsVJgX65cNhRMYASAT&dv3_ver=m202209210101&rfl=https%3A%2F%2Fexeo.app%2F&ds=l&xdt=1&iif=1&cor=17761543648441903000&adk=1761367587&idt=69&cac=0&dtd=13 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 28 Jan 2023 20:45:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 11272
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Jan-2023 21:00:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ff3e14c9d58721f775625952d9f656b0
a829901c9a06b38a4331d282d4232847b7587fe1
edfba570adc9bf9c2aeaf201414290cdb26c4c806fe9d16d438d75b6bbe59565
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EDFBA570ADC9BF9C2AEAF201414290CDB26C4C806FE9D16D438D75B6BBE59565"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8436
Expires: Sat, 28 Jan 2023 23:05:50 GMT
Date: Sat, 28 Jan 2023 20:45:14 GMT
Connection: keep-alive
hal9000.redintelligence.net/zone/3xszj6zdbiqg?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaxiPWYnVY8CdEoqUxdwP1eK7uAHJuaKcaYy1zc7VD_AuEAEglZvKIWDDhICAmBjIAQmpAthR_5RtO7I-qAMBqgSRAk_QR2GsVExmolWyHts9Dgp0PZ04mzNiviEokChm3D0l03O6iFIuK5lEx-K1AG25GBiHofIeWJXEzgtjaqlMoYEcUq0uH_zexGwpcUOkKFOTu-Dv7ZCAQe0C78ZBZzentYPHiIl6CFVgzg79p_vSbreIixXlT7X82cxaDJNN46sLtICbi5uyzzADUwsVQwxoiKftJAiN1tfEPNEdtOA9fwe7S0sNOKRMw2mZmTuhw2CrjdZ3AOkAT_55eByPFUmNuq6EsbNVRfexkOcqfGVJXyBb3B2X3YDeWExIITenZo9kU-Q2AT5iis5a9Zt-6IbEHtdy2_ojaaoNkmiDr7Il6SAP5CDUmElXrQ4Q1DWFJPfZI8AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymIR6M3tbmxZtZwpClC8LRCx9kCQM1_5prqE77p4m1mdxKo_2438XT4oT9Y0JRyR41V0Zs81ReEdvyMO-HtDPsVJgX65cNhRMYASAT%26sig%3DAOD64_1oZku4_y3SzAJcOLyAvENBkGensw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CGAyekuP9UosL9w6mNKs_VcS0VJ6CCB1qUNo_YcPZJgQz8yKSG-w-FIh1XoLSEna9M6cLhZEQpzc1tQNahqXQpxucUzm92Qao4dnCdZjyGmGUisQm0kZaXlb_rsPJ_87Pi4ol1ygKxGU_b9BA7i-6dl_00DeqTNJd5rq2KJMYBR3w3Nwc%26cry%3D1%26dbm_d%3DAKAmf-CgWJh8K8qi-PeF89sEKwRxgVYi0Kq0GD-5XKuwmt6nHTUizWOXFnpXCONCGznJnfOTv7Hwx48yfACc6OjGFQFS0-QqX3VlX3gPO3bzbS3u0kHJyNA1gAU1cNz5W-2SguLdWyojqmXYOlw9bZ2b-k7ePV8oJXFkTwo0V8ydzJlzcp09R4Zf79rXnKeDJFOAxwoVIcs09cWPEWPbxDm_arswaqZPEvslwPkFu9Hl6rrhzGC36ZT4Dz5h-YxpzGUOU1F6_qmC9RYwIeMK-e9BNNb6g-ouJzmi5CYdfNqRQOB08YSqNpX4YjBZaZii60KzIE6HmeNekcKpBHG45JDo8s-hheRnC3-oXJOgJ1FrcH4CrlxDhO_t7sDGBf3JdJ1nqdnZRo-bqdn2xlRiimXraiVK1sk3UdlShH9eD9ErG174PpUVSOKgRBWZic_v9S9qqpCHsK8mfdVFUpenOK09upuxABlcDo1H8X92wYn7Op1A02YrmkWBHagsu4iCb-4li_na-5w-6fzTenwc6a0og0lt1u0wXuY5VpYU7uyKsAMZwBGwCpw%26adurl%3D
138.201.63.150200 OK 4.1 kB URL HTTP/1.1 hal9000.redintelligence.net/zone/3xszj6zdbiqg?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaxiPWYnVY8CdEoqUxdwP1eK7uAHJuaKcaYy1zc7VD_AuEAEglZvKIWDDhICAmBjIAQmpAthR_5RtO7I-qAMBqgSRAk_QR2GsVExmolWyHts9Dgp0PZ04mzNiviEokChm3D0l03O6iFIuK5lEx-K1AG25GBiHofIeWJXEzgtjaqlMoYEcUq0uH_zexGwpcUOkKFOTu-Dv7ZCAQe0C78ZBZzentYPHiIl6CFVgzg79p_vSbreIixXlT7X82cxaDJNN46sLtICbi5uyzzADUwsVQwxoiKftJAiN1tfEPNEdtOA9fwe7S0sNOKRMw2mZmTuhw2CrjdZ3AOkAT_55eByPFUmNuq6EsbNVRfexkOcqfGVJXyBb3B2X3YDeWExIITenZo9kU-Q2AT5iis5a9Zt-6IbEHtdy2_ojaaoNkmiDr7Il6SAP5CDUmElXrQ4Q1DWFJPfZI8AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymIR6M3tbmxZtZwpClC8LRCx9kCQM1_5prqE77p4m1mdxKo_2438XT4oT9Y0JRyR41V0Zs81ReEdvyMO-HtDPsVJgX65cNhRMYASAT%26sig%3DAOD64_1oZku4_y3SzAJcOLyAvENBkGensw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CGAyekuP9UosL9w6mNKs_VcS0VJ6CCB1qUNo_YcPZJgQz8yKSG-w-FIh1XoLSEna9M6cLhZEQpzc1tQNahqXQpxucUzm92Qao4dnCdZjyGmGUisQm0kZaXlb_rsPJ_87Pi4ol1ygKxGU_b9BA7i-6dl_00DeqTNJd5rq2KJMYBR3w3Nwc%26cry%3D1%26dbm_d%3DAKAmf-CgWJh8K8qi-PeF89sEKwRxgVYi0Kq0GD-5XKuwmt6nHTUizWOXFnpXCONCGznJnfOTv7Hwx48yfACc6OjGFQFS0-QqX3VlX3gPO3bzbS3u0kHJyNA1gAU1cNz5W-2SguLdWyojqmXYOlw9bZ2b-k7ePV8oJXFkTwo0V8ydzJlzcp09R4Zf79rXnKeDJFOAxwoVIcs09cWPEWPbxDm_arswaqZPEvslwPkFu9Hl6rrhzGC36ZT4Dz5h-YxpzGUOU1F6_qmC9RYwIeMK-e9BNNb6g-ouJzmi5CYdfNqRQOB08YSqNpX4YjBZaZii60KzIE6HmeNekcKpBHG45JDo8s-hheRnC3-oXJOgJ1FrcH4CrlxDhO_t7sDGBf3JdJ1nqdnZRo-bqdn2xlRiimXraiVK1sk3UdlShH9eD9ErG174PpUVSOKgRBWZic_v9S9qqpCHsK8mfdVFUpenOK09upuxABlcDo1H8X92wYn7Op1A02YrmkWBHagsu4iCb-4li_na-5w-6fzTenwc6a0og0lt1u0wXuY5VpYU7uyKsAMZwBGwCpw%26adurl%3D
IP 138.201.63.150:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1722), with CRLF line terminators
Hash e3a7e40c0a7e880a735d71b0a8427ab9
3e0400fdbe237a4a968be2d3acf57e8af100738c
45844e060241e7fc331f4a93ecde8f36b6e3e8db1bb730edbf5e9bb28b747541
GET /zone/3xszj6zdbiqg?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaxiPWYnVY8CdEoqUxdwP1eK7uAHJuaKcaYy1zc7VD_AuEAEglZvKIWDDhICAmBjIAQmpAthR_5RtO7I-qAMBqgSRAk_QR2GsVExmolWyHts9Dgp0PZ04mzNiviEokChm3D0l03O6iFIuK5lEx-K1AG25GBiHofIeWJXEzgtjaqlMoYEcUq0uH_zexGwpcUOkKFOTu-Dv7ZCAQe0C78ZBZzentYPHiIl6CFVgzg79p_vSbreIixXlT7X82cxaDJNN46sLtICbi5uyzzADUwsVQwxoiKftJAiN1tfEPNEdtOA9fwe7S0sNOKRMw2mZmTuhw2CrjdZ3AOkAT_55eByPFUmNuq6EsbNVRfexkOcqfGVJXyBb3B2X3YDeWExIITenZo9kU-Q2AT5iis5a9Zt-6IbEHtdy2_ojaaoNkmiDr7Il6SAP5CDUmElXrQ4Q1DWFJPfZI8AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymIR6M3tbmxZtZwpClC8LRCx9kCQM1_5prqE77p4m1mdxKo_2438XT4oT9Y0JRyR41V0Zs81ReEdvyMO-HtDPsVJgX65cNhRMYASAT%26sig%3DAOD64_1oZku4_y3SzAJcOLyAvENBkGensw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CGAyekuP9UosL9w6mNKs_VcS0VJ6CCB1qUNo_YcPZJgQz8yKSG-w-FIh1XoLSEna9M6cLhZEQpzc1tQNahqXQpxucUzm92Qao4dnCdZjyGmGUisQm0kZaXlb_rsPJ_87Pi4ol1ygKxGU_b9BA7i-6dl_00DeqTNJd5rq2KJMYBR3w3Nwc%26cry%3D1%26dbm_d%3DAKAmf-CgWJh8K8qi-PeF89sEKwRxgVYi0Kq0GD-5XKuwmt6nHTUizWOXFnpXCONCGznJnfOTv7Hwx48yfACc6OjGFQFS0-QqX3VlX3gPO3bzbS3u0kHJyNA1gAU1cNz5W-2SguLdWyojqmXYOlw9bZ2b-k7ePV8oJXFkTwo0V8ydzJlzcp09R4Zf79rXnKeDJFOAxwoVIcs09cWPEWPbxDm_arswaqZPEvslwPkFu9Hl6rrhzGC36ZT4Dz5h-YxpzGUOU1F6_qmC9RYwIeMK-e9BNNb6g-ouJzmi5CYdfNqRQOB08YSqNpX4YjBZaZii60KzIE6HmeNekcKpBHG45JDo8s-hheRnC3-oXJOgJ1FrcH4CrlxDhO_t7sDGBf3JdJ1nqdnZRo-bqdn2xlRiimXraiVK1sk3UdlShH9eD9ErG174PpUVSOKgRBWZic_v9S9qqpCHsK8mfdVFUpenOK09upuxABlcDo1H8X92wYn7Op1A02YrmkWBHagsu4iCb-4li_na-5w-6fzTenwc6a0og0lt1u0wXuY5VpYU7uyKsAMZwBGwCpw%26adurl%3D HTTP/1.1
Host: hal9000.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:45:14 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4125
Connection: close
Content-Type: text/html; charset=UTF-8
hal90002.redintelligence.net/request.php?zone=3xszj6zdbiqg&nw=20&renderingType=javascript&namespace=d9d38683dd&subid=&uid=b2a7b06fb20b68c3&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=930x180&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaxiPWYnVY8CdEoqUxdwP1eK7uAHJuaKcaYy1zc7VD_AuEAEglZvKIWDDhICAmBjIAQmpAthR_5RtO7I-qAMBqgSRAk_QR2GsVExmolWyHts9Dgp0PZ04mzNiviEokChm3D0l03O6iFIuK5lEx-K1AG25GBiHofIeWJXEzgtjaqlMoYEcUq0uH_zexGwpcUOkKFOTu-Dv7ZCAQe0C78ZBZzentYPHiIl6CFVgzg79p_vSbreIixXlT7X82cxaDJNN46sLtICbi5uyzzADUwsVQwxoiKftJAiN1tfEPNEdtOA9fwe7S0sNOKRMw2mZmTuhw2CrjdZ3AOkAT_55eByPFUmNuq6EsbNVRfexkOcqfGVJXyBb3B2X3YDeWExIITenZo9kU-Q2AT5iis5a9Zt-6IbEHtdy2_ojaaoNkmiDr7Il6SAP5CDUmElXrQ4Q1DWFJPfZI8AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymIR6M3tbmxZtZwpClC8LRCx9kCQM1_5prqE77p4m1mdxKo_2438XT4oT9Y0JRyR41V0Zs81ReEdvyMO-HtDPsVJgX65cNhRMYASAT%26sig%3DAOD64_1oZku4_y3SzAJcOLyAvENBkGensw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CGAyekuP9UosL9w6mNKs_VcS0VJ6CCB1qUNo_YcPZJgQz8yKSG-w-FIh1XoLSEna9M6cLhZEQpzc1tQNahqXQpxucUzm92Qao4dnCdZjyGmGUisQm0kZaXlb_rsPJ_87Pi4ol1ygKxGU_b9BA7i-6dl_00DeqTNJd5rq2KJMYBR3w3Nwc%26cry%3D1%26dbm_d%3DAKAmf-CgWJh8K8qi-PeF89sEKwRxgVYi0Kq0GD-5XKuwmt6nHTUizWOXFnpXCONCGznJnfOTv7Hwx48yfACc6OjGFQFS0-QqX3VlX3gPO3bzbS3u0kHJyNA1gAU1cNz5W-2SguLdWyojqmXYOlw9bZ2b-k7ePV8oJXFkTwo0V8ydzJlzcp09R4Zf79rXnKeDJFOAxwoVIcs09cWPEWPbxDm_arswaqZPEvslwPkFu9Hl6rrhzGC36ZT4Dz5h-YxpzGUOU1F6_qmC9RYwIeMK-e9BNNb6g-ouJzmi5CYdfNqRQOB08YSqNpX4YjBZaZii60KzIE6HmeNekcKpBHG45JDo8s-hheRnC3-oXJOgJ1FrcH4CrlxDhO_t7sDGBf3JdJ1nqdnZRo-bqdn2xlRiimXraiVK1sk3UdlShH9eD9ErG174PpUVSOKgRBWZic_v9S9qqpCHsK8mfdVFUpenOK09upuxABlcDo1H8X92wYn7Op1A02YrmkWBHagsu4iCb-4li_na-5w-6fzTenwc6a0og0lt1u0wXuY5VpYU7uyKsAMZwBGwCpw%26adurl%3D&documentReferer=https%3A%2F%2F04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=6955394932612&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
46.4.10.47302 Found 0 B URL HTTP/1.1 hal90002.redintelligence.net/request.php?zone=3xszj6zdbiqg&nw=20&renderingType=javascript&namespace=d9d38683dd&subid=&uid=b2a7b06fb20b68c3&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=930x180&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaxiPWYnVY8CdEoqUxdwP1eK7uAHJuaKcaYy1zc7VD_AuEAEglZvKIWDDhICAmBjIAQmpAthR_5RtO7I-qAMBqgSRAk_QR2GsVExmolWyHts9Dgp0PZ04mzNiviEokChm3D0l03O6iFIuK5lEx-K1AG25GBiHofIeWJXEzgtjaqlMoYEcUq0uH_zexGwpcUOkKFOTu-Dv7ZCAQe0C78ZBZzentYPHiIl6CFVgzg79p_vSbreIixXlT7X82cxaDJNN46sLtICbi5uyzzADUwsVQwxoiKftJAiN1tfEPNEdtOA9fwe7S0sNOKRMw2mZmTuhw2CrjdZ3AOkAT_55eByPFUmNuq6EsbNVRfexkOcqfGVJXyBb3B2X3YDeWExIITenZo9kU-Q2AT5iis5a9Zt-6IbEHtdy2_ojaaoNkmiDr7Il6SAP5CDUmElXrQ4Q1DWFJPfZI8AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymIR6M3tbmxZtZwpClC8LRCx9kCQM1_5prqE77p4m1mdxKo_2438XT4oT9Y0JRyR41V0Zs81ReEdvyMO-HtDPsVJgX65cNhRMYASAT%26sig%3DAOD64_1oZku4_y3SzAJcOLyAvENBkGensw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CGAyekuP9UosL9w6mNKs_VcS0VJ6CCB1qUNo_YcPZJgQz8yKSG-w-FIh1XoLSEna9M6cLhZEQpzc1tQNahqXQpxucUzm92Qao4dnCdZjyGmGUisQm0kZaXlb_rsPJ_87Pi4ol1ygKxGU_b9BA7i-6dl_00DeqTNJd5rq2KJMYBR3w3Nwc%26cry%3D1%26dbm_d%3DAKAmf-CgWJh8K8qi-PeF89sEKwRxgVYi0Kq0GD-5XKuwmt6nHTUizWOXFnpXCONCGznJnfOTv7Hwx48yfACc6OjGFQFS0-QqX3VlX3gPO3bzbS3u0kHJyNA1gAU1cNz5W-2SguLdWyojqmXYOlw9bZ2b-k7ePV8oJXFkTwo0V8ydzJlzcp09R4Zf79rXnKeDJFOAxwoVIcs09cWPEWPbxDm_arswaqZPEvslwPkFu9Hl6rrhzGC36ZT4Dz5h-YxpzGUOU1F6_qmC9RYwIeMK-e9BNNb6g-ouJzmi5CYdfNqRQOB08YSqNpX4YjBZaZii60KzIE6HmeNekcKpBHG45JDo8s-hheRnC3-oXJOgJ1FrcH4CrlxDhO_t7sDGBf3JdJ1nqdnZRo-bqdn2xlRiimXraiVK1sk3UdlShH9eD9ErG174PpUVSOKgRBWZic_v9S9qqpCHsK8mfdVFUpenOK09upuxABlcDo1H8X92wYn7Op1A02YrmkWBHagsu4iCb-4li_na-5w-6fzTenwc6a0og0lt1u0wXuY5VpYU7uyKsAMZwBGwCpw%26adurl%3D&documentReferer=https%3A%2F%2F04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=6955394932612&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
IP 46.4.10.47:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /request.php?zone=3xszj6zdbiqg&nw=20&renderingType=javascript&namespace=d9d38683dd&subid=&uid=b2a7b06fb20b68c3&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=930x180&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaxiPWYnVY8CdEoqUxdwP1eK7uAHJuaKcaYy1zc7VD_AuEAEglZvKIWDDhICAmBjIAQmpAthR_5RtO7I-qAMBqgSRAk_QR2GsVExmolWyHts9Dgp0PZ04mzNiviEokChm3D0l03O6iFIuK5lEx-K1AG25GBiHofIeWJXEzgtjaqlMoYEcUq0uH_zexGwpcUOkKFOTu-Dv7ZCAQe0C78ZBZzentYPHiIl6CFVgzg79p_vSbreIixXlT7X82cxaDJNN46sLtICbi5uyzzADUwsVQwxoiKftJAiN1tfEPNEdtOA9fwe7S0sNOKRMw2mZmTuhw2CrjdZ3AOkAT_55eByPFUmNuq6EsbNVRfexkOcqfGVJXyBb3B2X3YDeWExIITenZo9kU-Q2AT5iis5a9Zt-6IbEHtdy2_ojaaoNkmiDr7Il6SAP5CDUmElXrQ4Q1DWFJPfZI8AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymIR6M3tbmxZtZwpClC8LRCx9kCQM1_5prqE77p4m1mdxKo_2438XT4oT9Y0JRyR41V0Zs81ReEdvyMO-HtDPsVJgX65cNhRMYASAT%26sig%3DAOD64_1oZku4_y3SzAJcOLyAvENBkGensw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CGAyekuP9UosL9w6mNKs_VcS0VJ6CCB1qUNo_YcPZJgQz8yKSG-w-FIh1XoLSEna9M6cLhZEQpzc1tQNahqXQpxucUzm92Qao4dnCdZjyGmGUisQm0kZaXlb_rsPJ_87Pi4ol1ygKxGU_b9BA7i-6dl_00DeqTNJd5rq2KJMYBR3w3Nwc%26cry%3D1%26dbm_d%3DAKAmf-CgWJh8K8qi-PeF89sEKwRxgVYi0Kq0GD-5XKuwmt6nHTUizWOXFnpXCONCGznJnfOTv7Hwx48yfACc6OjGFQFS0-QqX3VlX3gPO3bzbS3u0kHJyNA1gAU1cNz5W-2SguLdWyojqmXYOlw9bZ2b-k7ePV8oJXFkTwo0V8ydzJlzcp09R4Zf79rXnKeDJFOAxwoVIcs09cWPEWPbxDm_arswaqZPEvslwPkFu9Hl6rrhzGC36ZT4Dz5h-YxpzGUOU1F6_qmC9RYwIeMK-e9BNNb6g-ouJzmi5CYdfNqRQOB08YSqNpX4YjBZaZii60KzIE6HmeNekcKpBHG45JDo8s-hheRnC3-oXJOgJ1FrcH4CrlxDhO_t7sDGBf3JdJ1nqdnZRo-bqdn2xlRiimXraiVK1sk3UdlShH9eD9ErG174PpUVSOKgRBWZic_v9S9qqpCHsK8mfdVFUpenOK09upuxABlcDo1H8X92wYn7Op1A02YrmkWBHagsu4iCb-4li_na-5w-6fzTenwc6a0og0lt1u0wXuY5VpYU7uyKsAMZwBGwCpw%26adurl%3D&documentReferer=https%3A%2F%2F04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=6955394932612&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP/1.1
Host: hal90002.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Sat, 28 Jan 2023 20:45:14 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sat, 28 Jan 2023 20:45:14 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8lcfmzhxc8d6_uid=6709bb15d7e47193; expires=Fri, 28-Apr-2023 20:45:14 GMT; Max-Age=7776000; path=/; domain=.redintelligence.net; secure; SameSite=None
Location: request.php?zone=3xszj6zdbiqg&nw=20&renderingType=javascript&namespace=d9d38683dd&subid=&uid=b2a7b06fb20b68c3&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=930x180&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaxiPWYnVY8CdEoqUxdwP1eK7uAHJuaKcaYy1zc7VD_AuEAEglZvKIWDDhICAmBjIAQmpAthR_5RtO7I-qAMBqgSRAk_QR2GsVExmolWyHts9Dgp0PZ04mzNiviEokChm3D0l03O6iFIuK5lEx-K1AG25GBiHofIeWJXEzgtjaqlMoYEcUq0uH_zexGwpcUOkKFOTu-Dv7ZCAQe0C78ZBZzentYPHiIl6CFVgzg79p_vSbreIixXlT7X82cxaDJNN46sLtICbi5uyzzADUwsVQwxoiKftJAiN1tfEPNEdtOA9fwe7S0sNOKRMw2mZmTuhw2CrjdZ3AOkAT_55eByPFUmNuq6EsbNVRfexkOcqfGVJXyBb3B2X3YDeWExIITenZo9kU-Q2AT5iis5a9Zt-6IbEHtdy2_ojaaoNkmiDr7Il6SAP5CDUmElXrQ4Q1DWFJPfZI8AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymIR6M3tbmxZtZwpClC8LRCx9kCQM1_5prqE77p4m1mdxKo_2438XT4oT9Y0JRyR41V0Zs81ReEdvyMO-HtDPsVJgX65cNhRMYASAT%26sig%3DAOD64_1oZku4_y3SzAJcOLyAvENBkGensw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CGAyekuP9UosL9w6mNKs_VcS0VJ6CCB1qUNo_YcPZJgQz8yKSG-w-FIh1XoLSEna9M6cLhZEQpzc1tQNahqXQpxucUzm92Qao4dnCdZjyGmGUisQm0kZaXlb_rsPJ_87Pi4ol1ygKxGU_b9BA7i-6dl_00DeqTNJd5rq2KJMYBR3w3Nwc%26cry%3D1%26dbm_d%3DAKAmf-CgWJh8K8qi-PeF89sEKwRxgVYi0Kq0GD-5XKuwmt6nHTUizWOXFnpXCONCGznJnfOTv7Hwx48yfACc6OjGFQFS0-QqX3VlX3gPO3bzbS3u0kHJyNA1gAU1cNz5W-2SguLdWyojqmXYOlw9bZ2b-k7ePV8oJXFkTwo0V8ydzJlzcp09R4Zf79rXnKeDJFOAxwoVIcs09cWPEWPbxDm_arswaqZPEvslwPkFu9Hl6rrhzGC36ZT4Dz5h-YxpzGUOU1F6_qmC9RYwIeMK-e9BNNb6g-ouJzmi5CYdfNqRQOB08YSqNpX4YjBZaZii60KzIE6HmeNekcKpBHG45JDo8s-hheRnC3-oXJOgJ1FrcH4CrlxDhO_t7sDGBf3JdJ1nqdnZRo-bqdn2xlRiimXraiVK1sk3UdlShH9eD9ErG174PpUVSOKgRBWZic_v9S9qqpCHsK8mfdVFUpenOK09upuxABlcDo1H8X92wYn7Op1A02YrmkWBHagsu4iCb-4li_na-5w-6fzTenwc6a0og0lt1u0wXuY5VpYU7uyKsAMZwBGwCpw%26adurl%3D&documentReferer=https%3A%2F%2F04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=6955394932612&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
hal90002.redintelligence.net/request.php?zone=3xszj6zdbiqg&nw=20&renderingType=javascript&namespace=d9d38683dd&subid=&uid=b2a7b06fb20b68c3&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=930x180&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaxiPWYnVY8CdEoqUxdwP1eK7uAHJuaKcaYy1zc7VD_AuEAEglZvKIWDDhICAmBjIAQmpAthR_5RtO7I-qAMBqgSRAk_QR2GsVExmolWyHts9Dgp0PZ04mzNiviEokChm3D0l03O6iFIuK5lEx-K1AG25GBiHofIeWJXEzgtjaqlMoYEcUq0uH_zexGwpcUOkKFOTu-Dv7ZCAQe0C78ZBZzentYPHiIl6CFVgzg79p_vSbreIixXlT7X82cxaDJNN46sLtICbi5uyzzADUwsVQwxoiKftJAiN1tfEPNEdtOA9fwe7S0sNOKRMw2mZmTuhw2CrjdZ3AOkAT_55eByPFUmNuq6EsbNVRfexkOcqfGVJXyBb3B2X3YDeWExIITenZo9kU-Q2AT5iis5a9Zt-6IbEHtdy2_ojaaoNkmiDr7Il6SAP5CDUmElXrQ4Q1DWFJPfZI8AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymIR6M3tbmxZtZwpClC8LRCx9kCQM1_5prqE77p4m1mdxKo_2438XT4oT9Y0JRyR41V0Zs81ReEdvyMO-HtDPsVJgX65cNhRMYASAT%26sig%3DAOD64_1oZku4_y3SzAJcOLyAvENBkGensw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CGAyekuP9UosL9w6mNKs_VcS0VJ6CCB1qUNo_YcPZJgQz8yKSG-w-FIh1XoLSEna9M6cLhZEQpzc1tQNahqXQpxucUzm92Qao4dnCdZjyGmGUisQm0kZaXlb_rsPJ_87Pi4ol1ygKxGU_b9BA7i-6dl_00DeqTNJd5rq2KJMYBR3w3Nwc%26cry%3D1%26dbm_d%3DAKAmf-CgWJh8K8qi-PeF89sEKwRxgVYi0Kq0GD-5XKuwmt6nHTUizWOXFnpXCONCGznJnfOTv7Hwx48yfACc6OjGFQFS0-QqX3VlX3gPO3bzbS3u0kHJyNA1gAU1cNz5W-2SguLdWyojqmXYOlw9bZ2b-k7ePV8oJXFkTwo0V8ydzJlzcp09R4Zf79rXnKeDJFOAxwoVIcs09cWPEWPbxDm_arswaqZPEvslwPkFu9Hl6rrhzGC36ZT4Dz5h-YxpzGUOU1F6_qmC9RYwIeMK-e9BNNb6g-ouJzmi5CYdfNqRQOB08YSqNpX4YjBZaZii60KzIE6HmeNekcKpBHG45JDo8s-hheRnC3-oXJOgJ1FrcH4CrlxDhO_t7sDGBf3JdJ1nqdnZRo-bqdn2xlRiimXraiVK1sk3UdlShH9eD9ErG174PpUVSOKgRBWZic_v9S9qqpCHsK8mfdVFUpenOK09upuxABlcDo1H8X92wYn7Op1A02YrmkWBHagsu4iCb-4li_na-5w-6fzTenwc6a0og0lt1u0wXuY5VpYU7uyKsAMZwBGwCpw%26adurl%3D&documentReferer=https%3A%2F%2F04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=6955394932612&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
46.4.10.47200 OK 513 B URL HTTP/1.1 hal90002.redintelligence.net/request.php?zone=3xszj6zdbiqg&nw=20&renderingType=javascript&namespace=d9d38683dd&subid=&uid=b2a7b06fb20b68c3&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=930x180&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaxiPWYnVY8CdEoqUxdwP1eK7uAHJuaKcaYy1zc7VD_AuEAEglZvKIWDDhICAmBjIAQmpAthR_5RtO7I-qAMBqgSRAk_QR2GsVExmolWyHts9Dgp0PZ04mzNiviEokChm3D0l03O6iFIuK5lEx-K1AG25GBiHofIeWJXEzgtjaqlMoYEcUq0uH_zexGwpcUOkKFOTu-Dv7ZCAQe0C78ZBZzentYPHiIl6CFVgzg79p_vSbreIixXlT7X82cxaDJNN46sLtICbi5uyzzADUwsVQwxoiKftJAiN1tfEPNEdtOA9fwe7S0sNOKRMw2mZmTuhw2CrjdZ3AOkAT_55eByPFUmNuq6EsbNVRfexkOcqfGVJXyBb3B2X3YDeWExIITenZo9kU-Q2AT5iis5a9Zt-6IbEHtdy2_ojaaoNkmiDr7Il6SAP5CDUmElXrQ4Q1DWFJPfZI8AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymIR6M3tbmxZtZwpClC8LRCx9kCQM1_5prqE77p4m1mdxKo_2438XT4oT9Y0JRyR41V0Zs81ReEdvyMO-HtDPsVJgX65cNhRMYASAT%26sig%3DAOD64_1oZku4_y3SzAJcOLyAvENBkGensw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CGAyekuP9UosL9w6mNKs_VcS0VJ6CCB1qUNo_YcPZJgQz8yKSG-w-FIh1XoLSEna9M6cLhZEQpzc1tQNahqXQpxucUzm92Qao4dnCdZjyGmGUisQm0kZaXlb_rsPJ_87Pi4ol1ygKxGU_b9BA7i-6dl_00DeqTNJd5rq2KJMYBR3w3Nwc%26cry%3D1%26dbm_d%3DAKAmf-CgWJh8K8qi-PeF89sEKwRxgVYi0Kq0GD-5XKuwmt6nHTUizWOXFnpXCONCGznJnfOTv7Hwx48yfACc6OjGFQFS0-QqX3VlX3gPO3bzbS3u0kHJyNA1gAU1cNz5W-2SguLdWyojqmXYOlw9bZ2b-k7ePV8oJXFkTwo0V8ydzJlzcp09R4Zf79rXnKeDJFOAxwoVIcs09cWPEWPbxDm_arswaqZPEvslwPkFu9Hl6rrhzGC36ZT4Dz5h-YxpzGUOU1F6_qmC9RYwIeMK-e9BNNb6g-ouJzmi5CYdfNqRQOB08YSqNpX4YjBZaZii60KzIE6HmeNekcKpBHG45JDo8s-hheRnC3-oXJOgJ1FrcH4CrlxDhO_t7sDGBf3JdJ1nqdnZRo-bqdn2xlRiimXraiVK1sk3UdlShH9eD9ErG174PpUVSOKgRBWZic_v9S9qqpCHsK8mfdVFUpenOK09upuxABlcDo1H8X92wYn7Op1A02YrmkWBHagsu4iCb-4li_na-5w-6fzTenwc6a0og0lt1u0wXuY5VpYU7uyKsAMZwBGwCpw%26adurl%3D&documentReferer=https%3A%2F%2F04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=6955394932612&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
IP 46.4.10.47:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 5bf5732f57832e5004f01ca1a2b35f03
b5703075f571ca21ba860377bdc851045e0fab50
6911281a9d97edceec27b5f4ebc72869de4850f6587fb6c88a238981e926f609
GET /request.php?zone=3xszj6zdbiqg&nw=20&renderingType=javascript&namespace=d9d38683dd&subid=&uid=b2a7b06fb20b68c3&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=930x180&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaxiPWYnVY8CdEoqUxdwP1eK7uAHJuaKcaYy1zc7VD_AuEAEglZvKIWDDhICAmBjIAQmpAthR_5RtO7I-qAMBqgSRAk_QR2GsVExmolWyHts9Dgp0PZ04mzNiviEokChm3D0l03O6iFIuK5lEx-K1AG25GBiHofIeWJXEzgtjaqlMoYEcUq0uH_zexGwpcUOkKFOTu-Dv7ZCAQe0C78ZBZzentYPHiIl6CFVgzg79p_vSbreIixXlT7X82cxaDJNN46sLtICbi5uyzzADUwsVQwxoiKftJAiN1tfEPNEdtOA9fwe7S0sNOKRMw2mZmTuhw2CrjdZ3AOkAT_55eByPFUmNuq6EsbNVRfexkOcqfGVJXyBb3B2X3YDeWExIITenZo9kU-Q2AT5iis5a9Zt-6IbEHtdy2_ojaaoNkmiDr7Il6SAP5CDUmElXrQ4Q1DWFJPfZI8AEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymIR6M3tbmxZtZwpClC8LRCx9kCQM1_5prqE77p4m1mdxKo_2438XT4oT9Y0JRyR41V0Zs81ReEdvyMO-HtDPsVJgX65cNhRMYASAT%26sig%3DAOD64_1oZku4_y3SzAJcOLyAvENBkGensw%26client%3Dca-pub-3831894559014614%26dbm_c%3DAKAmf-CGAyekuP9UosL9w6mNKs_VcS0VJ6CCB1qUNo_YcPZJgQz8yKSG-w-FIh1XoLSEna9M6cLhZEQpzc1tQNahqXQpxucUzm92Qao4dnCdZjyGmGUisQm0kZaXlb_rsPJ_87Pi4ol1ygKxGU_b9BA7i-6dl_00DeqTNJd5rq2KJMYBR3w3Nwc%26cry%3D1%26dbm_d%3DAKAmf-CgWJh8K8qi-PeF89sEKwRxgVYi0Kq0GD-5XKuwmt6nHTUizWOXFnpXCONCGznJnfOTv7Hwx48yfACc6OjGFQFS0-QqX3VlX3gPO3bzbS3u0kHJyNA1gAU1cNz5W-2SguLdWyojqmXYOlw9bZ2b-k7ePV8oJXFkTwo0V8ydzJlzcp09R4Zf79rXnKeDJFOAxwoVIcs09cWPEWPbxDm_arswaqZPEvslwPkFu9Hl6rrhzGC36ZT4Dz5h-YxpzGUOU1F6_qmC9RYwIeMK-e9BNNb6g-ouJzmi5CYdfNqRQOB08YSqNpX4YjBZaZii60KzIE6HmeNekcKpBHG45JDo8s-hheRnC3-oXJOgJ1FrcH4CrlxDhO_t7sDGBf3JdJ1nqdnZRo-bqdn2xlRiimXraiVK1sk3UdlShH9eD9ErG174PpUVSOKgRBWZic_v9S9qqpCHsK8mfdVFUpenOK09upuxABlcDo1H8X92wYn7Op1A02YrmkWBHagsu4iCb-4li_na-5w-6fzTenwc6a0og0lt1u0wXuY5VpYU7uyKsAMZwBGwCpw%26adurl%3D&documentReferer=https%3A%2F%2F04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=6955394932612&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1 HTTP/1.1
Host: hal90002.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com/
Connection: keep-alive
Cookie: 8lcfmzhxc8d6_uid=6709bb15d7e47193
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:45:14 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sat, 28 Jan 2023 20:45:14 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8lcfmzhxc8d6_uid=6709bb15d7e47193; expires=Fri, 28-Apr-2023 20:45:14 GMT; Max-Age=7776000; path=/; domain=.redintelligence.net; secure; SameSite=None
X-NEORY-SubId: 35648900171576804439912012218002
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 513
Connection: close
Content-Type: application/x-javascript; charset=utf-8
hal90002.redintelligence.net/request_content.php?s=35648900171576804439912012218002&a=e0b85594
46.4.10.47200 OK 2.3 kB URL HTTP/1.1 hal90002.redintelligence.net/request_content.php?s=35648900171576804439912012218002&a=e0b85594
IP 46.4.10.47:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 7f055322a7cc1bab1b21cd7d7d042b1a
9ae50f48a6720cc0fe3fa9ae312be8ae0e7481ea
184ffa023eb5337fb002ecb8d592c435f8bfc800cdd34c86549d2ce2b7aa39b5
GET /request_content.php?s=35648900171576804439912012218002&a=e0b85594 HTTP/1.1
Host: hal90002.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://04ea1da5f31d860763005047f247a36f.safeframe.googlesyndication.com/
Cookie: 8lcfmzhxc8d6_uid=6709bb15d7e47193
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:45:14 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sat, 28 Jan 2023 20:45:14 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2284
Connection: close
Content-Type: text/html; charset=utf-8
ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js
142.250.74.138200 OK 32 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js
IP 142.250.74.138:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32764)
Hash 548260b20981c0be2d9dcf8d01c08c24
84230120f8f1bd559eca3fb2fec6acf6cffbf4e7
2f8a612a714e5c928525fdb193f8ec12f7965a6c0d63dd8e58ccae239358c8bb
GET /ajax/libs/jquery/1.6.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal90002.redintelligence.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 32245
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 06:39:38 GMT
expires: Wed, 24 Jan 2024 06:39:38 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 396336
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.contentspread.net/24i/content/soberfb/EN/S-930x180.gif
85.114.131.235200 OK 51 kB URL HTTP/1.1 cdn.contentspread.net/24i/content/soberfb/EN/S-930x180.gif
IP 85.114.131.235:0
ASN #24961 myLoc managed IT AG
File type GIF image data, version 89a, 930 x 180\012- data
Hash 0d639c4ab3a7647a3a51d896bf5ff938
b0d2822aab8124f1b49829ba215cb6f116c39a21
0a60a088b1c1981e7caa784843e558df7f4ebce874f76c5f4e16bae49adf10e8
GET /24i/content/soberfb/EN/S-930x180.gif HTTP/1.1
Host: cdn.contentspread.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal90002.redintelligence.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 20:45:15 GMT
Content-Type: image/gif
Content-Length: 51342
Last-Modified: Mon, 23 Jul 2018 15:20:13 GMT
Connection: close
ETag: "5b55f22d-c88e"
Accept-Ranges: bytes
hal90002.redintelligence.net/viewability?s=35648900171576804439912012218002&a=42dd84ee&vb=m
46.4.10.47200 OK 0 B URL HTTP/1.1 hal90002.redintelligence.net/viewability?s=35648900171576804439912012218002&a=42dd84ee&vb=m
IP 46.4.10.47:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /viewability?s=35648900171576804439912012218002&a=42dd84ee&vb=m HTTP/1.1
Host: hal90002.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal90002.redintelligence.net/request_content.php?s=35648900171576804439912012218002&a=e0b85594
Cookie: 8lcfmzhxc8d6_uid=6709bb15d7e47193
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:45:15 GMT
Server: Apache
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
hal90002.redintelligence.net/viewability?s=35648900171576804439912012218002&a=42dd84ee&vb=v
46.4.10.47200 OK 0 B URL HTTP/1.1 hal90002.redintelligence.net/viewability?s=35648900171576804439912012218002&a=42dd84ee&vb=v
IP 46.4.10.47:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /viewability?s=35648900171576804439912012218002&a=42dd84ee&vb=v HTTP/1.1
Host: hal90002.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal90002.redintelligence.net/request_content.php?s=35648900171576804439912012218002&a=e0b85594
Cookie: 8lcfmzhxc8d6_uid=6709bb15d7e47193
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:45:16 GMT
Server: Apache
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: s6XpDo/1mkdbYr1MLut/gbtPxBYy8BsZmNM99YsRJyy05kPJuBhr0v307MuCzumP9akcDlk0FJNNodI+l53NKA==
date: Sat, 28 Jan 2023 20:45:12 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.id5-sync.com/api/1.0/esp.js
172.67.38.106200 OK 0 B URL HTTP/2 cdn.id5-sync.com/api/1.0/esp.js
IP 172.67.38.106:0
GET /api/1.0/esp.js HTTP/1.1
Host: cdn.id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:45:13 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: FVMlFSmcD0Wn/+rph/xJPSMD8h1xLItGxMiFojs1e+J1f7LO28QsQCtM5wu1mlkwy4pwPQtZ0SQ=
x-amz-request-id: H5PSQWN45SZ0RJ5Q
last-modified: Wed, 18 Jan 2023 10:47:58 GMT
etag: W/"854d94282c6b6d99cd8ba33bb311e621"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 2735
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 790c92108d04b50b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
exeo.app/7WIPHq
104.26.8.233200 OK 0 B IP 104.26.8.233:0
Analyzer Verdict Alert fortinet Malware
GET /7WIPHq HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:45:11 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=53c1d209af83f075b8f1e7c1b77402f2; path=/; HttpOnly
csrfToken=0f62e018e0497e75b2fdf4e8dc4166709f6e8b6a46a69dbf0f71875ada2e641f07c280a16298d430a2ff1d3a6dc6882bc99757bd783362ce58f4fb5be4680354; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lPVNliMc6QFhVEVmP6cM9Z8RDs6CS%2F%2B0Lc8sJISQYnPVXwVliCODUmRKQl6mq2PkcUHG%2FMJlcJazjzldGTbU5NiAweIgN4cBONBZb3hZSfNfpQtYyfVkVOys"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790c9203efe10b31-OSL
content-encoding: br
X-Firefox-Spdy: h2
exeo.app/css/continue.css
104.26.8.233200 OK 0 B URL HTTP/2 exeo.app/css/continue.css
IP 104.26.8.233:0
GET /css/continue.css HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/7WIPHq
Cookie: AppSession=53c1d209af83f075b8f1e7c1b77402f2; csrfToken=0f62e018e0497e75b2fdf4e8dc4166709f6e8b6a46a69dbf0f71875ada2e641f07c280a16298d430a2ff1d3a6dc6882bc99757bd783362ce58f4fb5be4680354
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:45:12 GMT
content-type: text/css
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=211688
expires: Fri, 10 Feb 2023 22:59:15 GMT
last-modified: Mon, 12 Dec 2022 17:28:40 GMT
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1460757
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lQ3S0moHNVcwbzSYneyVK0WPwYp%2B4zYNf44b6I3G4R779j5k7UsZNtuQcrDaBLf%2Fd44EoyFIwrGEakXovmZw9uwLyralz4T0KSkj75TWQ86Nk43htX%2F6oFSe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790c920629d80b31-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
172.67.149.153200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP 172.67.149.153:0
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:45:12 GMT
content-type: application/javascript
last-modified: Thu, 29 Dec 2022 16:01:22 GMT
etag: W/"63adb9d2-331f"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6611
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=arqb2Xi%2B16sISt22ctZLP28TTkmtVcJICxXGqUowmxDfstRr%2FXv6MfOD18ahmkdVnQuI1BxivoPqJkbW5CO%2FL9oKAsJ%2FQ0RUOZyo9Ru8VLwhXzknD7LDO3Eu46qre8uESA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c92073a2fb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.demand.supply/v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvN1dJUEhx
104.16.134.22200 OK 0 B URL HTTP/2 api.demand.supply/v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvN1dJUEhx
IP 104.16.134.22:0
GET /v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvN1dJUEhx HTTP/1.1
Host: api.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:45:12 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
etag: W/"130-MoVCLVf5as2u/W3J5nbgZVD0v2w"
cf-cache-status: HIT
age: 2691
set-cookie: __cf_bm=dJFSLcgG9WDUbUc.HEQKS2wtX6Qmpw.7_fccKDgwHls-1674938712-0-AeOvLFCxcQBM23zG3LFQMRLRjUMao3ijqfmjxflSb8Aw8mukvTs0vJ3RQxUWsNaEb/b6JUmEbbod9Z3/7+Xsqr0=; path=/; expires=Sat, 28-Jan-23 21:15:12 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c9209e8220b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exe.io/7WIPHq
188.114.96.1302 Found 0 B IP 188.114.96.1:0
GET /7WIPHq HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sat, 28 Jan 2023 20:45:11 GMT
content-type: text/html; charset=UTF-8
location: https://exeo.app/7WIPHq
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=932b5435050b63bafd18144164fd2e65; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=65sqDcuTARM6dLk%2FZ%2F2i7xm3hrvcF3BThnfUYJXsQ9cWMAsV%2B85qOmO9KbCjQS0murBpK6BuSAKxQCoIWWi41Db96ad0DbtehaUxphOFfMoTH335%2FhAz%2BNY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790c92024b6b0b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S671174007%3A1674938712856438&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcPBn6Chc5lAsnNaF4PIN9geWvmvfkr1jeT3o5m8Qt9d1Cl3_N5IrC_Kn92rCT8zNvRn70Aew
216.58.211.13403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S671174007%3A1674938712856438&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcPBn6Chc5lAsnNaF4PIN9geWvmvfkr1jeT3o5m8Qt9d1Cl3_N5IrC_Kn92rCT8zNvRn70Aew
IP 216.58.211.13:0
GET /v3/signin/identifier?dsh=S671174007%3A1674938712856438&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcPBn6Chc5lAsnNaF4PIN9geWvmvfkr1jeT3o5m8Qt9d1Cl3_N5IrC_Kn92rCT8zNvRn70Aew HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 28 Jan 2023 20:45:12 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-BS4b5km0sJ4_iUKyxxGqig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
exeo.app/fv.ico
104.26.8.233200 OK 0 B IP 104.26.8.233:0
Analyzer Verdict Alert fortinet Malware
GET /fv.ico HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/7WIPHq
Cookie: AppSession=53c1d209af83f075b8f1e7c1b77402f2; csrfToken=0f62e018e0497e75b2fdf4e8dc4166709f6e8b6a46a69dbf0f71875ada2e641f07c280a16298d430a2ff1d3a6dc6882bc99757bd783362ce58f4fb5be4680354
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:45:12 GMT
content-type: image/x-icon
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Aug 2019 06:50:33 GMT
cache-control: max-age=31536000
expires: Tue, 12 Dec 2023 22:59:02 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4052770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TXvh2TeHP23re3WKzmTRWoDkUykEZ5fzp2%2F6MXwHK4ttEzZgX0ouzEpnBAqnjyaIzr7bAV7K4ENL03XZomPAWqIIVdZRQL%2FU6BGoNB2V4iOeCXeGPCCFJMkl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790c920adf860b31-OSL
content-encoding: br
X-Firefox-Spdy: h2