app.auditmy.link/r/cfb92389-9608-4361-8c04-4eb3af992fc1
62.171.189.208301 Moved Permanently 169 B URL HTTP/1.1 app.auditmy.link/r/cfb92389-9608-4361-8c04-4eb3af992fc1
IP 62.171.189.208:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /r/cfb92389-9608-4361-8c04-4eb3af992fc1 HTTP/1.1
Host: app.auditmy.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 21:32:57 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://app.auditmy.link/r/cfb92389-9608-4361-8c04-4eb3af992fc1
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12122
Expires: Fri, 02 Dec 2022 00:54:59 GMT
Date: Thu, 01 Dec 2022 21:32:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6994
Expires: Thu, 01 Dec 2022 23:29:32 GMT
Date: Thu, 01 Dec 2022 21:32:58 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3118
Cache-Control: max-age=136212
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:32:58 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:23:10 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: i3k/+PyRM+dRLmXB2ZVP0AlfVaTRJnXcZW9teSl720J1s6bEyuTIbRoxROksSUDHx1nr0UWcftc=
x-amz-request-id: WAMKSH64CD5F49NM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 20:45:48 GMT
age: 2830
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 21:19:49 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 789
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:32:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 78a214501de1fe5dd93c192de3274801
f61585cec4032f7c2aa1ce617c0483c8518272d2
02e5cfbaa9e0acbaed5cec313997657eae4dcf90caf4d21d0db730e5d6c98637
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02E5CFBAA9E0ACBAED5CEC313997657EAE4DCF90CAF4D21D0DB730E5D6C98637"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21522
Expires: Fri, 02 Dec 2022 03:31:40 GMT
Date: Thu, 01 Dec 2022 21:32:58 GMT
Connection: keep-alive
app.auditmy.link/r/cfb92389-9608-4361-8c04-4eb3af992fc1
62.171.189.208302 Found 0 B URL HTTP/1.1 app.auditmy.link/r/cfb92389-9608-4361-8c04-4eb3af992fc1
IP 62.171.189.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /r/cfb92389-9608-4361-8c04-4eb3af992fc1 HTTP/1.1
Host: app.auditmy.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 21:32:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Content-Language: en
Vary: Accept-Language, Cookie
Location: http://app.auditmy.link//i/93mj8
X-Frame-Options: SAMEORIGIN
app.auditmy.link//i/93mj8
62.171.189.208301 Moved Permanently 169 B URL HTTP/1.1 app.auditmy.link//i/93mj8
IP 62.171.189.208:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET //i/93mj8 HTTP/1.1
Host: app.auditmy.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 21:32:58 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://app.auditmy.link//i/93mj8
app.auditmy.link//i/93mj8
62.171.189.208302 Found 0 B URL HTTP/1.1 app.auditmy.link//i/93mj8
IP 62.171.189.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //i/93mj8 HTTP/1.1
Host: app.auditmy.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 21:32:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Content-Language: en
Vary: Accept-Language, Cookie
Location: https://exe.io/st?api=92cf2cb66586454fdb1c839903bcf17a864c53ed&url=http://app.auditmy.link/r/cfb92389-9608-4361-8c04-4eb3af992fc1
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 64ea2ff0ffb1602b7df144d12aa88eb4
0af83ebb0d7de232e227dcd882393067c590e578
dd89b95c5c6d731e9fce7482f2ddaa33b7e214b7ef76f82bc28bb5a03179e03c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5790
Cache-Control: max-age=90268
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:32:58 GMT
Etag: "6387c488-117"
Expires: Fri, 02 Dec 2022 22:37:26 GMT
Last-Modified: Wed, 30 Nov 2022 21:00:56 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 21:08:56 GMT
cache-control: public,max-age=3600
age: 1442
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3103
Cache-Control: max-age=131134
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:32:58 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:58:32 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 64ea2ff0ffb1602b7df144d12aa88eb4
0af83ebb0d7de232e227dcd882393067c590e578
dd89b95c5c6d731e9fce7482f2ddaa33b7e214b7ef76f82bc28bb5a03179e03c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5790
Cache-Control: max-age=90268
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:32:58 GMT
Etag: "6387c488-117"
Expires: Fri, 02 Dec 2022 22:37:26 GMT
Last-Modified: Wed, 30 Nov 2022 21:00:56 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
push.services.mozilla.com/
52.89.136.7101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.136.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PWmmmFuBtCRzZj6NjSzQuQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NmrGDldzWLojmt0Gxw1QbAiQB1E=
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4506652cf61d7778652f0a76a61494ba
41c953d3db39407685a841ffe8e23d80362e170d
9a9605bf0dbb67e3b4d6bdeea89e9efa97763e9f22fd46de185c6677d766f188
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9A9605BF0DBB67E3B4D6BDEEA89E9EFA97763E9F22FD46DE185C6677D766F188"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6212
Expires: Thu, 01 Dec 2022 23:16:31 GMT
Date: Thu, 01 Dec 2022 21:32:59 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4506652cf61d7778652f0a76a61494ba
41c953d3db39407685a841ffe8e23d80362e170d
9a9605bf0dbb67e3b4d6bdeea89e9efa97763e9f22fd46de185c6677d766f188
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9A9605BF0DBB67E3B4D6BDEEA89E9EFA97763E9F22FD46DE185C6677D766F188"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6212
Expires: Thu, 01 Dec 2022 23:16:31 GMT
Date: Thu, 01 Dec 2022 21:32:59 GMT
Connection: keep-alive
exee.app/css/continue.css
104.21.48.127200 OK 44 kB URL HTTP/2 exee.app/css/continue.css
IP 104.21.48.127:0
File type assembler source, ASCII text
Hash cf0ceed6327356f5d96236209aaeb665
1847479262b55367dd1dcf584d4ff705ece52a25
87724d14aced7c89515f0a71c8ab965c12a2e0bc8fe99d6a5c3d6b1fd643492a
GET /css/continue.css HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/O9q9xc
Cookie: AppSession=931d58f3045de4ad33ed6c36cad18b5a; csrfToken=00fa0d6035278f0e14e0668c41ef2810f2d18629b09b088be11db604a289e556e568bcbe1af47d81a52695752873adefd313264055da5607cecdd2fa9e69dc11
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:32:59 GMT
content-type: text/css
x-frame-options: SAMEORIGIN
last-modified: Fri, 20 Nov 2020 17:25:47 GMT
cache-control: max-age=2592000
expires: Fri, 16 Dec 2022 15:46:33 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1316786
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KnJi8dKgAEeSdM9%2B2GnsLYOt06Z3eJro3SZ3rCZGuPmVrT2gIGgRAUSbRzv7z1ao2uLp%2Fsdnl7fD2gVTbFG4zttHzlkX4R0QX0HCsh8%2BhF5A%2BIwpoJe3POmZuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef0461848b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:32:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3519a58310eefa01756f0440e2acd7dd
50153382830684a6abb653dc7b4e41d7c7e386b5
5f321e771fa62d9f794339006752655316cdb6e8d69bc23e1d0e3c8bc526f12e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:32:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash a4cafa85454c01ccc03bafb7ca18c16a
dbf206190af4215ebf1d731d7c2a32254bbd72f6
75e7a065584ed4d33ccfbd5ae3c0436ab2917607d8a06958075e82714821a848
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Dec 2022 21:32:59 GMT
expires: Thu, 01 Dec 2022 21:32:59 GMT
cache-control: private, max-age=900
last-modified: Thu, 01 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43623
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 23edbcea34e45cbb27ca66ccb29838f2
c9ad8390b99324c28d1beb84b4d0ed9fb9b18d48
185ac350702b58b7350b9ada6d16e4d551dcd126d19b4ea4e6545ec8471358cf
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "185AC350702B58B7350B9ADA6D16E4D551DCD126D19B4EA4E6545EC8471358CF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6366
Expires: Thu, 01 Dec 2022 23:19:05 GMT
Date: Thu, 01 Dec 2022 21:32:59 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:32:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash df29ad1d35c61068d0f5a3bcea531c39
a42473179e16a7a2d726cca1f1589cb08d6c8ead
957921145eb8386dbf74bbeb34e6e2a1149772fb3e525f0b73d47bed93aebf2a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5902
Cache-Control: max-age=137535
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:32:59 GMT
Etag: "63887cbc-117"
Expires: Sat, 03 Dec 2022 11:45:14 GMT
Last-Modified: Thu, 01 Dec 2022 10:06:52 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 23edbcea34e45cbb27ca66ccb29838f2
c9ad8390b99324c28d1beb84b4d0ed9fb9b18d48
185ac350702b58b7350b9ada6d16e4d551dcd126d19b4ea4e6545ec8471358cf
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "185AC350702B58B7350B9ADA6D16E4D551DCD126D19B4EA4E6545EC8471358CF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6366
Expires: Thu, 01 Dec 2022 23:19:05 GMT
Date: Thu, 01 Dec 2022 21:32:59 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:32:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1e667a2ef09b074335a72154b467b817
23bbe0ae105e2f7c68da2dc8b9f97aa2615a6f95
228f93b50ce9a919708078d7be6bee880bb4ba71acff797fda87421ec4f0b60f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "228F93B50CE9A919708078D7BE6BEE880BB4BA71ACFF797FDA87421EC4F0B60F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15347
Expires: Fri, 02 Dec 2022 01:48:47 GMT
Date: Thu, 01 Dec 2022 21:33:00 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:33:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
216.58.207.227200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:56:05 GMT
expires: Tue, 28 Nov 2023 18:56:05 GMT
cache-control: public, max-age=31536000
age: 268615
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:52:41 GMT
expires: Tue, 28 Nov 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 268819
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5d1ed5404640b6d35430f374f359f76b
2a0ca26e77bcf29cb3b8e8a989f5760e70a8e93b
7986ce9d8561f1b50d1487379ce48945196d903270e7d3ac6fa6929dd453b606
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7986CE9D8561F1B50D1487379CE48945196D903270E7D3AC6FA6929DD453B606"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6720
Expires: Thu, 01 Dec 2022 23:25:00 GMT
Date: Thu, 01 Dec 2022 21:33:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7355c762f64563188d049c306cecc4ec
8304a032dde4c8c9a1f930ec70aafc364a66f43d
ac1aea318eac25515262eed4e62a89adfbf2187a5ce41bdbab51bed86357be71
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC1AEA318EAC25515262EED4E62A89ADFBF2187A5CE41BDBAB51BED86357BE71"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3074
Expires: Thu, 01 Dec 2022 22:24:14 GMT
Date: Thu, 01 Dec 2022 21:33:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14609
Expires: Fri, 02 Dec 2022 01:36:29 GMT
Date: Thu, 01 Dec 2022 21:33:00 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash df29ad1d35c61068d0f5a3bcea531c39
a42473179e16a7a2d726cca1f1589cb08d6c8ead
957921145eb8386dbf74bbeb34e6e2a1149772fb3e525f0b73d47bed93aebf2a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5903
Cache-Control: max-age=137535
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:33:00 GMT
Etag: "63887cbc-117"
Expires: Sat, 03 Dec 2022 11:45:15 GMT
Last-Modified: Thu, 01 Dec 2022 10:06:52 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14609
Expires: Fri, 02 Dec 2022 01:36:29 GMT
Date: Thu, 01 Dec 2022 21:33:00 GMT
Connection: keep-alive
gedspecificano.com/utx?cb=StKXi27mEAL8&top=exee.app&tid=822524
108.157.214.15204 No Content 0 B URL HTTP/2 gedspecificano.com/utx?cb=StKXi27mEAL8&top=exee.app&tid=822524
IP 108.157.214.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=StKXi27mEAL8&top=exee.app&tid=822524 HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 21:33:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 01 Dec 2022 21:34:00 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9803a30a87f1ec1047cb2b8ad5ecc43e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: ncTf1Wnu8KjEYLIH0uERtZD6dyjiajEJ5pIWtf6DQrP4qEypzZhP6Q==
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kZfRQsF_Fo2UtTqK0ByOPeQK-IzTQO9JtTmxIMlapmsd93SJk_4VYw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:47:30 GMT
age: 85530
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gedspecificano.com/am1OMEsLDy1ddAtQLBY+GAFzFXksSHx2L1kZdgckBQJ+BnJdHXYeKAYCO1QtGAIgRGUECDoVeSw7AF1+HDkLQB0rPAtBLz8kBnN4LBQPXHoOCCBDGigvOVoBLzcaeCxSAxtZAlkpHHIxK1wiCAZbXAd3MTMYDQF+ICQNRBIpOwRBB1sKAGUlWx4YRyQkDhYEGi0ae0gBWwYbciIrABgAPw4uIAgSMgY+FXkoCCYEESgEB0UcOAYtURMNKg9yPxoID2otMl8EBg5bXTpREw0qCWESAwsPegcyLHtGCSxZFlUlXjkWY3oaCA9pKC06IgUvW1QoVRw7KhwAZhpIfHIuBigCdAgJAQsBPBoLIF8DMgF3CS4NCQJoEx0eFkg8ISYnZgQ5XH57Lh03LGETEh4fAQUPSyRDJAQdc0EIBwkCaAowKCMGexMG
108.157.214.15200 OK 1.2 kB URL HTTP/2 gedspecificano.com/am1OMEsLDy1ddAtQLBY+GAFzFXksSHx2L1kZdgckBQJ+BnJdHXYeKAYCO1QtGAIgRGUECDoVeSw7AF1+HDkLQB0rPAtBLz8kBnN4LBQPXHoOCCBDGigvOVoBLzcaeCxSAxtZAlkpHHIxK1wiCAZbXAd3MTMYDQF+ICQNRBIpOwRBB1sKAGUlWx4YRyQkDhYEGi0ae0gBWwYbciIrABgAPw4uIAgSMgY+FXkoCCYEESgEB0UcOAYtURMNKg9yPxoID2otMl8EBg5bXTpREw0qCWESAwsPegcyLHtGCSxZFlUlXjkWY3oaCA9pKC06IgUvW1QoVRw7KhwAZhpIfHIuBigCdAgJAQsBPBoLIF8DMgF3CS4NCQJoEx0eFkg8ISYnZgQ5XH57Lh03LGETEh4fAQUPSyRDJAQdc0EIBwkCaAowKCMGexMG
IP 108.157.214.15:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3025), with no line terminators
Hash 3a0678a5f14c447549b43f7266b42feb
bc5abf5d88c4a22dcbdab4bbdb1d026ceedb906e
28d03a48a1947a9833348518a30a4cbda877b3a525324a05c465387e71e38d01
GET /am1OMEsLDy1ddAtQLBY+GAFzFXksSHx2L1kZdgckBQJ+BnJdHXYeKAYCO1QtGAIgRGUECDoVeSw7AF1+HDkLQB0rPAtBLz8kBnN4LBQPXHoOCCBDGigvOVoBLzcaeCxSAxtZAlkpHHIxK1wiCAZbXAd3MTMYDQF+ICQNRBIpOwRBB1sKAGUlWx4YRyQkDhYEGi0ae0gBWwYbciIrABgAPw4uIAgSMgY+FXkoCCYEESgEB0UcOAYtURMNKg9yPxoID2otMl8EBg5bXTpREw0qCWESAwsPegcyLHtGCSxZFlUlXjkWY3oaCA9pKC06IgUvW1QoVRw7KhwAZhpIfHIuBigCdAgJAQsBPBoLIF8DMgF3CS4NCQJoEx0eFkg8ISYnZgQ5XH57Lh03LGETEh4fAQUPSyRDJAQdc0EIBwkCaAowKCMGexMG HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1179
date: Thu, 01 Dec 2022 21:33:00 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9803a30a87f1ec1047cb2b8ad5ecc43e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: y56mxTZMnBATp46qRnLU4h7Kj-yMuvnsIYGWDExfmjB0cZGHr8hxPQ==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14609
Expires: Fri, 02 Dec 2022 01:36:29 GMT
Date: Thu, 01 Dec 2022 21:33:00 GMT
Connection: keep-alive
exee.app/O9q9xc
104.21.48.127200 OK 168 kB IP 104.21.48.127:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61733)
Size 168 kB (167523 bytes)
Hash 8fbb3c133c4e82a0d529056af520b772
adf31525f0c1d1fb2e1d1c6d9a1441a81606da3b
0ad6821a78e03a2a85e580e38e2c66242eac13a9e0b55552bb2c44b9727f9363
GET /O9q9xc HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exe.io/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:32:59 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=931d58f3045de4ad33ed6c36cad18b5a; path=/; HttpOnly
csrfToken=00fa0d6035278f0e14e0668c41ef2810f2d18629b09b088be11db604a289e556e568bcbe1af47d81a52695752873adefd313264055da5607cecdd2fa9e69dc11; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6AhddlSR4DWcgmSC1ERoRorbzmWeXi262IvfDkxwXZad%2F9tLsW%2BdqbK9TX%2F8i1YLDFbeMRdBNzXx6WA2GDwHKeyIjkXSbrGLxdZ6HFvCTplkR6fD0hqAfUZYlg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef044ff00b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14609
Expires: Fri, 02 Dec 2022 01:36:29 GMT
Date: Thu, 01 Dec 2022 21:33:00 GMT
Connection: keep-alive
gedspecificano.com/M1B6akhSMhkHd1JtGEw9QTxHT3p1dUgsLAAkQl0nXD9KXHEEIEJEK18/Dw4uQT8UHmZdNQ5PenUZGy8afgNKMwR4KTMeLWEnDiEAaXVIKB17YU4JJnkfNgBwWBs4An14OA1aB1oFSgkmZhQyOwF4M0peP305Q10fdBkdISFUAB89J0YbOx59VQdKBAxwCgIMenIzNCkFVDUCBTF8Kh0dD2AJFCYxCh83OXkBGw0JbQESMDkrQhMtLG0BEj4yBnQ0PQZ9Vzs7EAJgBRMoMn51SCwqXQIjISJbJR4sIAI2PTx6ZwgZJSpdAiMnMWY8GSwwWzYNBiJkPitaLmsaNA4/HmUPDg5UYjUHfQIbIjxwVT0SMypkPE8OLws4NhMJQwQiMwNWCCAwLHsoTA4kXzgcBDtUES4zOH8DETsRa2Q0DnlbKCMEPFQYIgZxFToJBSZDbRw9OmExAlN7WAk0K30
108.157.214.15200 OK 1.2 kB URL HTTP/2 gedspecificano.com/M1B6akhSMhkHd1JtGEw9QTxHT3p1dUgsLAAkQl0nXD9KXHEEIEJEK18/Dw4uQT8UHmZdNQ5PenUZGy8afgNKMwR4KTMeLWEnDiEAaXVIKB17YU4JJnkfNgBwWBs4An14OA1aB1oFSgkmZhQyOwF4M0peP305Q10fdBkdISFUAB89J0YbOx59VQdKBAxwCgIMenIzNCkFVDUCBTF8Kh0dD2AJFCYxCh83OXkBGw0JbQESMDkrQhMtLG0BEj4yBnQ0PQZ9Vzs7EAJgBRMoMn51SCwqXQIjISJbJR4sIAI2PTx6ZwgZJSpdAiMnMWY8GSwwWzYNBiJkPitaLmsaNA4/HmUPDg5UYjUHfQIbIjxwVT0SMypkPE8OLws4NhMJQwQiMwNWCCAwLHsoTA4kXzgcBDtUES4zOH8DETsRa2Q0DnlbKCMEPFQYIgZxFToJBSZDbRw9OmExAlN7WAk0K30
IP 108.157.214.15:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Hash c49424d841cd0424642eba7a1e61bf96
480e801f257fb2d7ccdae63c1440d4fe01f74397
1bdba2af7bc862fa4a76db4e6181b88043e37088d2bb3edd2b170020dd7bfa8b
GET /M1B6akhSMhkHd1JtGEw9QTxHT3p1dUgsLAAkQl0nXD9KXHEEIEJEK18/Dw4uQT8UHmZdNQ5PenUZGy8afgNKMwR4KTMeLWEnDiEAaXVIKB17YU4JJnkfNgBwWBs4An14OA1aB1oFSgkmZhQyOwF4M0peP305Q10fdBkdISFUAB89J0YbOx59VQdKBAxwCgIMenIzNCkFVDUCBTF8Kh0dD2AJFCYxCh83OXkBGw0JbQESMDkrQhMtLG0BEj4yBnQ0PQZ9Vzs7EAJgBRMoMn51SCwqXQIjISJbJR4sIAI2PTx6ZwgZJSpdAiMnMWY8GSwwWzYNBiJkPitaLmsaNA4/HmUPDg5UYjUHfQIbIjxwVT0SMypkPE8OLws4NhMJQwQiMwNWCCAwLHsoTA4kXzgcBDtUES4zOH8DETsRa2Q0DnlbKCMEPFQYIgZxFToJBSZDbRw9OmExAlN7WAk0K30 HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1194
date: Thu, 01 Dec 2022 21:33:00 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9803a30a87f1ec1047cb2b8ad5ecc43e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 9vK3zGPD0ue7fT2HKEuIP0pnxVTuC0Gp_wp2PsthGQEzdAj_OX0ZaQ==
X-Firefox-Spdy: h2
ummerciseha.com/eDJCZ3FXDSEUTCEAe1MUIGgjPzRBfBAxNxxhFxM5LQM6JiA9d2QTGBwPelVDTQB2QQERVn9WVwtGIxMECw9zQRgWVC1aVw4Pc0lCTBxxVl9JFDdaQF5GMgYWRQNkFwUMXn9WR04Le1RBSwV1X0BM
104.21.71.102204 No Content 0 B URL HTTP/2 ummerciseha.com/eDJCZ3FXDSEUTCEAe1MUIGgjPzRBfBAxNxxhFxM5LQM6JiA9d2QTGBwPelVDTQB2QQERVn9WVwtGIxMECw9zQRgWVC1aVw4Pc0lCTBxxVl9JFDdaQF5GMgYWRQNkFwUMXn9WR04Le1RBSwV1X0BM
IP 104.21.71.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eDJCZ3FXDSEUTCEAe1MUIGgjPzRBfBAxNxxhFxM5LQM6JiA9d2QTGBwPelVDTQB2QQERVn9WVwtGIxMECw9zQRgWVC1aVw4Pc0lCTBxxVl9JFDdaQF5GMgYWRQNkFwUMXn9WR04Le1RBSwV1X0BM HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 21:33:00 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hh7bvbYQCgp76aBVOm5Jp24TzUs38mfz8dQryZ702GRWHkyywstjDduPDMbnDbq54BQqa9x5LhBuBVf5%2F2v7jaCfknc39TG7DnnAhI7msVu%2FXtjROYqs2ihl76%2F0YzQJGLc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef04e3b11b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e1e6b6ba4f82221b41c3d9129008c76d
2f9532d698b4c28df23e18bbb66399ec776d5b9f
218c6f41a16e6087c611d4db5784a7cc1d027084d0bf2bd6dc3843ee5dfd560f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9459
x-amzn-requestid: c08f55b2-7ac6-4dec-b53c-fd3f4533f9c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpBiGoHIAMFR2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bba3-69c2c2d05e55fd745caf1dce;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:09:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w_Mb-0pBwp-pUyU2bdJ8MhrGHkk6VQgJmcGV9MfHwj_yGUMIYZkyrg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 17:08:13 GMT
age: 15887
etag: "2f9532d698b4c28df23e18bbb66399ec776d5b9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: 52b09ca3-705b-4c86-9f56-172637553f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7TVG58oAMFQTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c15-4577a47243ad190672f8ac89;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Y0-NAp2LMMG5TjQQ9ENHwDyKXLObKTYqzPPOWvZhs7Y9WJIC6LoblQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 05:45:16 GMT
age: 56864
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gedspecificano.com/YTRBNlMAViJbbAAJIxAmE1h8E2EnEXNwN1JAeQE8DltxAGpWRHkYMA1bNFI1E1svQn0PUTUTYSdbFlwZDGAvY2Y5ZSZZAAgBI3c9L3ogdxE1UgRwazZ2FF4UGFsRejQ0bgoFFllkJgYgBXIYbxslDXR7FAZ2CHAJA1Ite2E0QyZGAClMGXUQUH0gTgIpfylSPSNfAAARNWIbYSkWcA1jFjBkOVUrN1N4WRIlRxF1KiRkDAdnKnhwdDwFcg9RATkMAGA+OHcMByQifRB/IycFExNhI3M4Ags3fHRzMglMFldjOG0HBwFEBgN3OS9XFH4jMFUZdBcHcRRfEScZC0QBCVMZYBtVfA10NzdwcWQiIwQpE2EjbAkOEjddKmccN18LV2MCVwBwCUQGB2QEDnAXWGowVQB/EitDIhNhJ2IAXWE0cykGBVIBAFISK3UOBjsTEitFPA9EfH4YDUUCbCMZQgcGBQhRCmA
108.157.214.15200 OK 1.2 kB URL HTTP/2 gedspecificano.com/YTRBNlMAViJbbAAJIxAmE1h8E2EnEXNwN1JAeQE8DltxAGpWRHkYMA1bNFI1E1svQn0PUTUTYSdbFlwZDGAvY2Y5ZSZZAAgBI3c9L3ogdxE1UgRwazZ2FF4UGFsRejQ0bgoFFllkJgYgBXIYbxslDXR7FAZ2CHAJA1Ite2E0QyZGAClMGXUQUH0gTgIpfylSPSNfAAARNWIbYSkWcA1jFjBkOVUrN1N4WRIlRxF1KiRkDAdnKnhwdDwFcg9RATkMAGA+OHcMByQifRB/IycFExNhI3M4Ags3fHRzMglMFldjOG0HBwFEBgN3OS9XFH4jMFUZdBcHcRRfEScZC0QBCVMZYBtVfA10NzdwcWQiIwQpE2EjbAkOEjddKmccN18LV2MCVwBwCUQGB2QEDnAXWGowVQB/EitDIhNhJ2IAXWE0cykGBVIBAFISK3UOBjsTEitFPA9EfH4YDUUCbCMZQgcGBQhRCmA
IP 108.157.214.15:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3051), with no line terminators
Hash 8fe79078ac8e6fc9436a561bfba386b7
9cca7363f0dff750e2dc8263e48234484bea0875
0f64daa96880c3bbbc5d1a8b37a824473f38e6317dc922e2c2145d40ba905eb8
GET /YTRBNlMAViJbbAAJIxAmE1h8E2EnEXNwN1JAeQE8DltxAGpWRHkYMA1bNFI1E1svQn0PUTUTYSdbFlwZDGAvY2Y5ZSZZAAgBI3c9L3ogdxE1UgRwazZ2FF4UGFsRejQ0bgoFFllkJgYgBXIYbxslDXR7FAZ2CHAJA1Ite2E0QyZGAClMGXUQUH0gTgIpfylSPSNfAAARNWIbYSkWcA1jFjBkOVUrN1N4WRIlRxF1KiRkDAdnKnhwdDwFcg9RATkMAGA+OHcMByQifRB/IycFExNhI3M4Ags3fHRzMglMFldjOG0HBwFEBgN3OS9XFH4jMFUZdBcHcRRfEScZC0QBCVMZYBtVfA10NzdwcWQiIwQpE2EjbAkOEjddKmccN18LV2MCVwBwCUQGB2QEDnAXWGowVQB/EitDIhNhJ2IAXWE0cykGBVIBAFISK3UOBjsTEitFPA9EfH4YDUUCbCMZQgcGBQhRCmA HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1201
date: Thu, 01 Dec 2022 21:33:00 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9803a30a87f1ec1047cb2b8ad5ecc43e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: _nMp_LkzyqP918A-ZoKpxqRz5QxAUCPPlrL4AwGhqHOW3EDtOQNGVQ==
X-Firefox-Spdy: h2
ummerciseha.com/MlNrVTQdbAgmCVBgOSFWX2oPB1hgMDxkAXQEBw9VamMxN2Nea00hXVZuU2EHAGVac0RbN1ZkDBQgHzRARyBWZBJbPQ06CRQlVmQaAn1ZewYUJlZkEkYjCjIJA3UbIUBeblpjAgtqWGUHBWRTYgE
104.21.71.102204 No Content 0 B URL HTTP/2 ummerciseha.com/MlNrVTQdbAgmCVBgOSFWX2oPB1hgMDxkAXQEBw9VamMxN2Nea00hXVZuU2EHAGVac0RbN1ZkDBQgHzRARyBWZBJbPQ06CRQlVmQaAn1ZewYUJlZkEkYjCjIJA3UbIUBeblpjAgtqWGUHBWRTYgE
IP 104.21.71.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MlNrVTQdbAgmCVBgOSFWX2oPB1hgMDxkAXQEBw9VamMxN2Nea00hXVZuU2EHAGVac0RbN1ZkDBQgHzRARyBWZBJbPQ06CRQlVmQaAn1ZewYUJlZkEkYjCjIJA3UbIUBeblpjAgtqWGUHBWRTYgE HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 21:33:00 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=toJEOZMEcUDn6kOeiW80vWS6TVTCpwfieUW%2F1lGkYV1lUN6yEy5Mj2dgX5dVubk7HexvYHwfto1BVhQ%2B3QnfwYx0zfvWHlp29pVHuu0ULWKzW37UiW4%2BPCMply%2FB3Nn%2FJ%2BY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef04e4b2ab500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 328ce221bcf3442f88d09373193ff594
63bfa2ea925aa2c188c664a7bf7af7b0e5417e60
21d5b5ec267430dba91b17f89a557aca5cd2a21535da18eb02ec69ed0e1b7371
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13411
x-amzn-requestid: 71f8798f-93e9-4649-8822-7ad3fadeec34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz6vH05oAMF_qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd11-1849aa08463e5c1f3d9b15b9;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QVGFEOePBybOeNxG6eWBffm8Ha_fmBnT8vMIGcI8zv9C7yiBeSncDw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
etag: "63bfa2ea925aa2c188c664a7bf7af7b0e5417e60"
content-type: image/jpeg
age: 85260
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gedspecificano.com/utx?cb=x3WIZeN5jnu5&top=exee.app&tid=889494
108.157.214.15204 No Content 0 B URL HTTP/2 gedspecificano.com/utx?cb=x3WIZeN5jnu5&top=exee.app&tid=889494
IP 108.157.214.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=x3WIZeN5jnu5&top=exee.app&tid=889494 HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 21:33:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 01 Dec 2022 21:34:00 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9803a30a87f1ec1047cb2b8ad5ecc43e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: RUu6-rkwBlz0C0ntB7KipTNZ9bSV-vHX1NMJRruQNBpnv4Uo-4xKEQ==
X-Firefox-Spdy: h2
ummerciseha.com/TUZwaUlieRMadBgQKj0cf3cXMCQ9KChbLSYcQhkrLAFFDhAhclYdICl7SFFweX9ETzkkIk1Ybz4yER08PntBTyAjIB9Ubzt7QUd6eWhDWGd8YAVUeGsyAAgucHdWGT05Kk1Yf3t/SVp5fnFHUXx0
104.21.71.102204 No Content 0 B URL HTTP/2 ummerciseha.com/TUZwaUlieRMadBgQKj0cf3cXMCQ9KChbLSYcQhkrLAFFDhAhclYdICl7SFFweX9ETzkkIk1Ybz4yER08PntBTyAjIB9Ubzt7QUd6eWhDWGd8YAVUeGsyAAgucHdWGT05Kk1Yf3t/SVp5fnFHUXx0
IP 104.21.71.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TUZwaUlieRMadBgQKj0cf3cXMCQ9KChbLSYcQhkrLAFFDhAhclYdICl7SFFweX9ETzkkIk1Ybz4yER08PntBTyAjIB9Ubzt7QUd6eWhDWGd8YAVUeGsyAAgucHdWGT05Kk1Yf3t/SVp5fnFHUXx0 HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 21:33:00 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FE85XGNLnLtDMAHkt2srEhiPxNE5gHe9jv%2FJsCT21ZxJh20r7e%2BZrqo%2BSAT0PgVsJbCW3rJBhfl07rCRf9h78eTcdCfVjebusn9eYVvDP%2BVCkcpMYcguQWh6y9oxXBXN9Vw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef04e4b30b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:33:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 925134ee-dd35-45ed-8da7-d60c9c484993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80EHboAMFtmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-48de287757e82632291365ee;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I8qQQUMSVzFmXqjWM1n_F1XEE-ZQcpEF81OwJgf9i3Q5M8XiFAa8Zg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
age: 85260
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 18:58:06 GMT
age: 9294
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
IP 142.250.74.131:0
Hash 1883a5abb177dd5c8c8928d1280a19c3
082dac7d452a638aa649ceb39f89ab9d6ca478d0
1d4206b362c04826df0b60877e5ad9c6cf67e82316b079f6a855af635b12eb0f
POST /s/gts1p5/dCF-Qj_WHqY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:33:00 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
IP 142.250.74.131:0
Hash 1883a5abb177dd5c8c8928d1280a19c3
082dac7d452a638aa649ceb39f89ab9d6ca478d0
1d4206b362c04826df0b60877e5ad9c6cf67e82316b079f6a855af635b12eb0f
POST /s/gts1p5/dCF-Qj_WHqY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:33:00 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1e667a2ef09b074335a72154b467b817
23bbe0ae105e2f7c68da2dc8b9f97aa2615a6f95
228f93b50ce9a919708078d7be6bee880bb4ba71acff797fda87421ec4f0b60f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "228F93B50CE9A919708078D7BE6BEE880BB4BA71ACFF797FDA87421EC4F0B60F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15347
Expires: Fri, 02 Dec 2022 01:48:47 GMT
Date: Thu, 01 Dec 2022 21:33:00 GMT
Connection: keep-alive
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
173.233.137.36200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP 173.233.137.36:0
File type ASCII text, with very long lines (37159), with no line terminators
Hash 8e4a6b413f379cee5cdc06a39684b56f
cc9997e1b65352bd2847e4025bb956c41427544e
4e1c58c52914b9aaa3d1b4f8257744859219e81778a3499ca6231ff53e88e514
Analyzer Verdict Alert quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 21:33:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1a39cf99778408af4763992b1af928ec
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash e2ef0ef17169d7b35a7dd72be93b8a73
6aa14bfc09ce48513aafcf5a600ceffd2d35733d
2485f4e261456c25948ee0bb6665b448b63b08296692e629b8de26376bedd34e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 21:33:00 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 16:52:38 GMT
Expires: Thu, 08 Dec 2022 16:52:37 GMT
Etag: "6aa14bfc09ce48513aafcf5a600ceffd2d35733d"
Cache-Control: max-age=587376,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772ef04f4bc00b39-OSL
d3t87ooo0697p8.cloudfront.net/VNm5vTEpVAQEqdUIHC3FyAl1densQBBwjJEZTHg8nUiI3DRBzA1l8M11IGzYuC15JICtYCVJqL1gNUn1sVwoNcX4QGw5xJ1kUBiAmV0tdCn8YXkp+eh4ZBiIuWRkcaXgGABtpeAZfX2J6E10taXgGGQYifAJLXA5vBF4Xen4TXS1peAYcGWl5d19feWQGR0-p+elELDCclE1wpfnoHXl99egdLXXwsXxwKKiVOS10KewZbQXxsQ1Ne
143.204.42.94200 OK 189 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/VNm5vTEpVAQEqdUIHC3FyAl1densQBBwjJEZTHg8nUiI3DRBzA1l8M11IGzYuC15JICtYCVJqL1gNUn1sVwoNcX4QGw5xJ1kUBiAmV0tdCn8YXkp+eh4ZBiIuWRkcaXgGABtpeAZfX2J6E10taXgGGQYifAJLXA5vBF4Xen4TXS1peAYcGWl5d19feWQGR0-p+elELDCclE1wpfnoHXl99egdLXXwsXxwKKiVOS10KewZbQXxsQ1Ne
IP 143.204.42.94:0
File type ASCII text, with no line terminators
Hash 923565da94d61f266ade3e86dc6ed6b9
25b7a0fa01d684b177bf94afc880c892833c7993
91759931c9be6aa07696c9d5115f8e6c80d97e7dfa78fde75fa401da5c058910
GET /VNm5vTEpVAQEqdUIHC3FyAl1densQBBwjJEZTHg8nUiI3DRBzA1l8M11IGzYuC15JICtYCVJqL1gNUn1sVwoNcX4QGw5xJ1kUBiAmV0tdCn8YXkp+eh4ZBiIuWRkcaXgGABtpeAZfX2J6E10taXgGGQYifAJLXA5vBF4Xen4TXS1peAYcGWl5d19feWQGR0-p+elELDCclE1wpfnoHXl99egdLXXwsXxwKKiVOS10KewZbQXxsQ1Ne HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gedspecificano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 189
date: Thu, 01 Dec 2022 21:33:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zz3B0RHunVO7YI9qaofelYqbFpxKAySkV00tsh9FaQtLgJU0yHuyag==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/IaERMS0YLKyIteRwtKHZ+UH14cnJOLj8kKBh5Khw0OiU0cnUDHQIKc04wNi97WGIgKigPeWouKAt5fW0nDCZxf2AcNCMgexoyOzgwGSYnLy9OMS12Kwc+JScqCWF+DXNGdGl5dkAzJSUiBzM/bnRYKjhudFh1fGV2TXcObnRYMyUlcFxhfwljWnQ0fXJNdw-5udFg2Om51KXV8fmhYbWl5dg8hLyApTXYKeXZZdHx6dllhfnsgATYpLSkQYX4Nd1hxYntgHXl9
143.204.42.94200 OK 615 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/IaERMS0YLKyIteRwtKHZ+UH14cnJOLj8kKBh5Khw0OiU0cnUDHQIKc04wNi97WGIgKigPeWouKAt5fW0nDCZxf2AcNCMgexoyOzgwGSYnLy9OMS12Kwc+JScqCWF+DXNGdGl5dkAzJSUiBzM/bnRYKjhudFh1fGV2TXcObnRYMyUlcFxhfwljWnQ0fXJNdw-5udFg2Om51KXV8fmhYbWl5dg8hLyApTXYKeXZZdHx6dllhfnsgATYpLSkQYX4Nd1hxYntgHXl9
IP 143.204.42.94:0
File type ASCII text, with very long lines (873), with no line terminators
Hash d001aae0563e32b408fca7250bd2c769
627affbb11f73bd8f568e56a2c441820c158fc84
51b6505166bf2aab5b8f6be0355852957a8a3221ca718620d125ff10313af163
GET /IaERMS0YLKyIteRwtKHZ+UH14cnJOLj8kKBh5Khw0OiU0cnUDHQIKc04wNi97WGIgKigPeWouKAt5fW0nDCZxf2AcNCMgexoyOzgwGSYnLy9OMS12Kwc+JScqCWF+DXNGdGl5dkAzJSUiBzM/bnRYKjhudFh1fGV2TXcObnRYMyUlcFxhfwljWnQ0fXJNdw-5udFg2Om51KXV8fmhYbWl5dg8hLyApTXYKeXZZdHx6dllhfnsgATYpLSkQYX4Nd1hxYntgHXl9 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gedspecificano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 615
date: Thu, 01 Dec 2022 21:33:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: mqwHvpFKL5ia-cAvhByPwMXDu6_xnUOeYgVBW8y4bFpXKhDGO5-btg==
X-Firefox-Spdy: h2
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
37.48.68.71200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 917
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 01 Dec 2022 21:33:00 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1f1beac7928ab3d37cedfb7e9db6de8c
dbec1313a709861142ee3b08c1031e4c297435d0
25faaa716072ce2493633a4252fde0606c5da842936e6f4874eb461c180367de
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "25FAAA716072CE2493633A4252FDE0606C5DA842936E6F4874EB461C180367DE"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5805
Expires: Thu, 01 Dec 2022 23:09:45 GMT
Date: Thu, 01 Dec 2022 21:33:00 GMT
Connection: keep-alive
d3t87ooo0697p8.cloudfront.net/oWjJmTnU5XQgoSi5bAnNNaABTfEF8WBUhGyoPLgUZK3E8Pg0sdFYYHD95MGgBIFZbflM2UwgpSHxXCC1IaxQHKhdnBkA6BTVZWzwDLUEQPxcxVg9oADsPCyEPM14KL1BodFNgRX8AVmYCM1wCIQIpF1R+Gy4XVH5EahxWa0YYF1R+AjNcUHpQaXBDfEUiBF-JrRhgXVH4HLBdVD0RqB0h+XH8AVikQOVkJa0ccAFZ/RWoDVn9QaAIAJwc/VAk2UGh0V35AdAJAO0hr
143.204.42.94200 OK 518 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/oWjJmTnU5XQgoSi5bAnNNaABTfEF8WBUhGyoPLgUZK3E8Pg0sdFYYHD95MGgBIFZbflM2UwgpSHxXCC1IaxQHKhdnBkA6BTVZWzwDLUEQPxcxVg9oADsPCyEPM14KL1BodFNgRX8AVmYCM1wCIQIpF1R+Gy4XVH5EahxWa0YYF1R+AjNcUHpQaXBDfEUiBF-JrRhgXVH4HLBdVD0RqB0h+XH8AVikQOVkJa0ccAFZ/RWoDVn9QaAIAJwc/VAk2UGh0V35AdAJAO0hr
IP 143.204.42.94:0
File type ASCII text, with very long lines (704), with no line terminators
Hash 6cd87561e23ec8b11f69e53ca51a2cc4
206a9612981a6766ac990286016c13e89a8809c8
a99a2ee622d7d8c2439bedce5e68f67520e1f1621af4b948192ac6feb5d403a1
GET /oWjJmTnU5XQgoSi5bAnNNaABTfEF8WBUhGyoPLgUZK3E8Pg0sdFYYHD95MGgBIFZbflM2UwgpSHxXCC1IaxQHKhdnBkA6BTVZWzwDLUEQPxcxVg9oADsPCyEPM14KL1BodFNgRX8AVmYCM1wCIQIpF1R+Gy4XVH5EahxWa0YYF1R+AjNcUHpQaXBDfEUiBF-JrRhgXVH4HLBdVD0RqB0h+XH8AVikQOVkJa0ccAFZ/RWoDVn9QaAIAJwc/VAk2UGh0V35AdAJAO0hr HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gedspecificano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 518
date: Thu, 01 Dec 2022 21:33:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Cfh4P442_CjGNvTGDsLTcWigsBdOT11SZ5mM9zY-yg7q8D6IKeRp8Q==
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash f60f02a95664f3be8fd0b4e614010c6a
bb83d56ac8ae98bff5e9954dffc7f2035b47f63f
eddc54420a811685bfd0c2c14dd13340c9380b529bf1bb8c0426baa0375a67f2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 01 Dec 2022 21:33:01 GMT
Last-Modified: Thu, 01 Dec 2022 20:47:49 GMT
Server: ECS (bsa/EB1E)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: zEv4LP7OO2s1EP9gUmeeIHqMsX-9Bmxn4XZFcZ7nZi_NufKoRc8qbQ==
Age: 2712
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 23193c3c0d9580d0c757de17730ac556
5ac0a13fe68155bfd4c6a3076729da2578776f8c
5019cffffb2c40d48d084ac4bf0bfac07569ecbe8835293c9ee4d4404dbcd4da
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5019CFFFFB2C40D48D084AC4BF0BFAC07569ECBE8835293C9EE4D4404DBCD4DA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13740
Expires: Fri, 02 Dec 2022 01:22:01 GMT
Date: Thu, 01 Dec 2022 21:33:01 GMT
Connection: keep-alive
ummerciseha.com/popunder.gif
104.21.71.102200 OK 75 B URL HTTP/2 ummerciseha.com/popunder.gif
IP 104.21.71.102:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6790ff1294fd9f045bf6c78cedfe9b56
2e8c3d7c144659949653fd8593560df741fc08d1
cbc29168ed1bca24df34580e96b4ce8b0bb2009b577d7506293f4efe05d99b90
GET /popunder.gif HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:00 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 6985
last-modified: Thu, 01 Dec 2022 19:36:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ad1MAsSr7hbC27qL1%2BMGXVXGo6qwirxpBaBTl%2Bfk25BuOnIzbLZqd%2BN2Qx9P%2F0mzFsPYBldFhOlogQsWRVi%2BRGOdD6vPWzUwxn0NgS%2FW9S1pW9qduGdJAOMEXuGyinvQe8A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772ef04e3b17b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.202.23200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.202.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 97c07d4f6a6e623ad11a23f0191d896a
ea96bd0dd508910887b0c649c16e695eeba29c65
e06d0143dda62f0f8bca26d095b9e30ec6298244677d14c9a921d790ccb5662b
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:01 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 89d27055748c9172eead7aa3aa2b5312
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 01 Dec 2022 21:33:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7TUdVVrgtjji44CKJsAjutyDciARySmt1WpY6q%2FKeI7QeyayVbeZPXF7xymdXBsseQG71g2w2wmBk5jVMq36pKo5Gq1bwQBknApEZP22kX3IUVDLP17mAo0cRgV6wufv34cpLsQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772ef05119a8741f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 01 Dec 2022 20:41:08 GMT
expires: Thu, 01 Dec 2022 22:41:08 GMT
cache-control: public, max-age=7200
age: 3113
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.vdo.ai/core/v-exee-app/vdo.ai.js
172.64.104.3200 OK 4.9 kB URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP 172.64.104.3:0
File type ASCII text, with very long lines (8481)
Hash a6a64eb24b6497790e99fe96f6a01dc8
c1ce445f46c326f9e5e89d75ed3059c20e2d4481
cb40a98eaa14429a8aa6d99b037879e68ddd9c090b22a89a04c698cb2c2f6642
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:32:59 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
vdo-server: Tag2
cache-control: public, max-age=1800
x-varnish: 3168907 1718872
age: 32
via: 1.1 varnish-v4
x-cache: HIT
cf-cache-status: HIT
last-modified: Thu, 01 Dec 2022 21:32:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GpeArf3wAOaSjkAyNilrkA0lQy0IBmSZWyFIZM4%2BUX%2BXtDM0TRuy1NrMt3t5Bw%2FrfaL%2BHRySDIYDNcL%2FNoZl928g5D12t8tWtpt%2FjLPoJnUyrJ2LrRvTEr40Lg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef047bed172b5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.104.3200 OK 472 B IP 172.64.104.3:0
Hash 5ad0d2e8c58f83c75598a1d62a8209de
97abcef73032eb430c4fe5721f3bb3e902563d12
99d705172c16ebb22cf4dd068235695ff9361b33955b1ea6ef480ef9eefbe2c9
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 125
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:00 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HJOOuptoG9IwGxERhjVV7ra%2B1SuMffpH1SwyiOOl8FtWfOYnVY51PASj7%2Buy2nu6q4o9HNBjEQ99bKnoBq%2BzNWLBonnkK0HXrHQD1n4e8unAFBBOjDSD%2FXtuvAEMMrqN8tvY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef04f4edc7539-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8a48642d82eee3c432a3f38879f9541b
f53e46a8406bbad51319826db59b6c265622241f
33a0510300258746dda57d56cf6fec74147cd138f7bae2c609d0976841fc3adc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1808
Cache-Control: max-age=96016
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:33:01 GMT
Etag: "6387ea8d-1d7"
Expires: Sat, 03 Dec 2022 00:13:17 GMT
Last-Modified: Wed, 30 Nov 2022 23:43:09 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
imasdk.googleapis.com/js/sdkloader/ima3.js
142.250.74.74200 OK 127 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/ima3.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (2791)
Size 127 kB (126620 bytes)
Hash f641dae66d812e803cbfc91d689e2ea8
96372a7ba661528d13bc774536d04ab3e03b82d6
e78b718ac77697fbb92e88ac394141adc4e016830eb04d53279238cbcd65435b
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 126620
date: Thu, 01 Dec 2022 21:33:01 GMT
expires: Thu, 01 Dec 2022 21:33:01 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 6ef40c78023c33b6099d8e5f19b99248
782dbdc9aacfc8663e03004d65d7ebd16ec612a0
0c09c519ddd5e3ab629b33f5e2dddfc4f527d0e4a0c8031ef0a619256c283da0
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 01 Dec 2022 21:33:01 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S2030274078%3A1669930381297351&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuUSuh0j7uCXPiX5YZ3oyMEmXulPlnnjy77aH4bgm5HXarE_Y_RkQ9UyZjk484KKwhjlhwInw
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-cbSccOCSojp_5B3zY0WG2w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:d1zBHR8l3u565B1UTdStJEIV9mNLBA:cia_4R1TbTuyDlg7;Path=/;Expires=Sat, 30-Nov-2024 21:33:01 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j98&a=1220101632&t=timing&_s=1&dl=https%3A%2F%2Fexee.app%2FO9q9xc&dr=https%3A%2F%2Fexe.io%2F&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=233&_u=YEDAAUABCAAAACAAI~&jid=1024087714&gjid=1852672145&cid=16818920.1669930380&tid=UA-113932176-41&_gid=1160911708.1669930380&_r=1>m=2oubu0&z=1689307453
142.250.74.110200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=1220101632&t=timing&_s=1&dl=https%3A%2F%2Fexee.app%2FO9q9xc&dr=https%3A%2F%2Fexe.io%2F&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=233&_u=YEDAAUABCAAAACAAI~&jid=1024087714&gjid=1852672145&cid=16818920.1669930380&tid=UA-113932176-41&_gid=1160911708.1669930380&_r=1>m=2oubu0&z=1689307453
IP 142.250.74.110:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=1220101632&t=timing&_s=1&dl=https%3A%2F%2Fexee.app%2FO9q9xc&dr=https%3A%2F%2Fexe.io%2F&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=233&_u=YEDAAUABCAAAACAAI~&jid=1024087714&gjid=1852672145&cid=16818920.1669930380&tid=UA-113932176-41&_gid=1160911708.1669930380&_r=1>m=2oubu0&z=1689307453 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://exee.app
date: Thu, 01 Dec 2022 21:33:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 533f66ef53706466ce20dc9aebf11812
0c0d713d538eb224deeb9241917a117205f16cb2
8ce7b68022c847b59b9a132ada3a75eea73bb57bae4683901c8df08fa255ba79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:33:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 400 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash d71125b1cae26ee718b1439087e323db
1ddb46248db7da5c593bbbfa78414ecce4021cf8
afb866360d0c82a37fe961611c3df45bbc7843ee31e2df09e5f4db4efa8e4751
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 01 Dec 2022 21:33:01 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1408706254%3A1669930381349484&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuqLu7WCbq5zJihp3gShEzABBSnsgIIw3JNdI_EyR-LTvvJ0B6GRQ5x71o3A14ynQLUKDweZA
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-JEsT_Pss8J17RNX8bJFqpg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 400
server: GSE
set-cookie: __Host-GAPS=1:02JcEwl39rItHeL821WOCaiIj3a_Jg:pWTpUkOUZodgtoIc;Path=/;Expires=Sat, 30-Nov-2024 21:33:01 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8a48642d82eee3c432a3f38879f9541b
f53e46a8406bbad51319826db59b6c265622241f
33a0510300258746dda57d56cf6fec74147cd138f7bae2c609d0976841fc3adc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1808
Cache-Control: max-age=96016
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:33:01 GMT
Etag: "6387ea8d-1d7"
Expires: Sat, 03 Dec 2022 00:13:17 GMT
Last-Modified: Wed, 30 Nov 2022 23:43:09 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 976ec0477aa30cbf00f53b05c49663ff
0d333f4aab7f1286c2e68480ba986915f0188b8d
e6eb3a90890b38211a9cfad8c78fd23978e2f855829c4e0cde29feccf1d8950a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E6EB3A90890B38211A9CFAD8C78FD23978E2F855829C4E0CDE29FECCF1D8950A"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11124
Expires: Fri, 02 Dec 2022 00:38:25 GMT
Date: Thu, 01 Dec 2022 21:33:01 GMT
Connection: keep-alive
reproductiontape.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=2235b05c-d966-429c-89ad-56f02cdbd97d%3A2%3A1
192.243.59.13200 OK 4.2 kB URL HTTP/1.1 reproductiontape.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=2235b05c-d966-429c-89ad-56f02cdbd97d%3A2%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (6063), with no line terminators
Hash 4f458096e63e779c4f15ed4a587580ff
f34ca046e6e3e9ab1166a098c149c01cf5797207
0c26c74c403b35514e0b245263c3c6ef7ca04bd019dd8b2b1405a6783184511e
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=2235b05c-d966-429c-89ad-56f02cdbd97d%3A2%3A1 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 01 Dec 2022 21:33:01 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://exee.app
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Fri, 02 Dec 2022 21:33:01 GMT; secure; SameSite=None
uid_id2=2235b05c-d966-429c-89ad-56f02cdbd97d:2:1; expires=Thu, 08 Dec 2022 21:33:01 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 02 Dec 2022 21:33:01 GMT; secure; SameSite=None
uncs=1; expires=Fri, 02 Dec 2022 21:33:01 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 02 Dec 2022 21:33:01 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 02 Dec 2022 21:33:01 GMT; secure; SameSite=None
slecf585f65c6c65123b95dd09be324de3bb=[3789938]; expires=Thu, 01 Dec 2022 21:33:06 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: af7672622dccc1e0e1b9d54231dbdb33
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
tallysaturatesnare.com/pixel/purst?dl=0&th=0&sc=0&rs=2658&rd=2658&fd=592&bv=22.10.v.10&tmpl=136
173.233.139.164200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/purst?dl=0&th=0&sc=0&rs=2658&rd=2658&fd=592&bv=22.10.v.10&tmpl=136
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2658&rd=2658&fd=592&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 21:33:01 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
accounts.google.com/v3/signin/identifier?dsh=S2030274078%3A1669930381297351&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuUSuh0j7uCXPiX5YZ3oyMEmXulPlnnjy77aH4bgm5HXarE_Y_RkQ9UyZjk484KKwhjlhwInw
142.250.74.109403 Forbidden 185 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S2030274078%3A1669930381297351&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuUSuh0j7uCXPiX5YZ3oyMEmXulPlnnjy77aH4bgm5HXarE_Y_RkQ9UyZjk484KKwhjlhwInw
IP 142.250.74.109:0
Size 185 kB (184618 bytes)
Hash ed7c2de168e30a8d47c1befc0bb072ca
1fd988e82cbf072388e0196d5c67168a460a5f21
bf5a20171caa5b7af9d1bf81a2f3503df7f1cd102313a49bc1657c993f0db893
GET /v3/signin/identifier?dsh=S2030274078%3A1669930381297351&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuUSuh0j7uCXPiX5YZ3oyMEmXulPlnnjy77aH4bgm5HXarE_Y_RkQ9UyZjk484KKwhjlhwInw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 01 Dec 2022 21:33:01 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-bbboN4IiFrXCuMfvjG68dA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.104.3200 OK 473 B IP 172.64.104.3:0
Hash a21ac7e38c06b41630c9552829add09a
5089df1670d81264b4eee5b64635b2726ce0cf77
5a53d738e114fc079c1910fd3e3038bb493dad0125ca91349126234842883e76
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 178
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:01 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQkzyWfeedPvnHTEZt9s7OLxf4LCrvRtL%2BJ3e9UFTbewwMSo8a57PGK8mQzGUkp96Dm85T7AHIssT%2BHnkMgYKwtb4%2FLNUbGg3JeBsqK9%2FHHTRdCyDlsoydCNhMnJBFHvNYiy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef0543d647539-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:33:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
142.250.74.130200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 21:04:29 GMT
expires: Thu, 01 Dec 2022 22:04:29 GMT
cache-control: public, max-age=3600
age: 1713
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:33:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.22200 OK 2.4 kB IP 192.124.249.22:0
Hash b4027901822cba709d6980a88dcde830
2c133937f0747bf3c3fea1203baead92d9fa5fc5
f545506bbf3826857a7b46e0930e1caf5829a645ef6c3b80b4de4898b0f8de5e
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 01 Dec 2022 21:33:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 01 Dec 2022 18:25:12 GMT
Expires: Fri, 02 Dec 2022 18:25:12 GMT
ETag: "b4481d3fb83e3cdecd7013c004b2caea9eaee2d7"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 8ffafbaaf077c1bfbcd28a0ea3ceeb03
b4481d3fb83e3cdecd7013c004b2caea9eaee2d7
261be3cd39ceacc2fbda510e774c8789d2b5ec416c6204b633feae244eb3d20c
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 01 Dec 2022 21:33:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 01 Dec 2022 18:25:12 GMT
Expires: Fri, 02 Dec 2022 18:25:12 GMT
ETag: "b4481d3fb83e3cdecd7013c004b2caea9eaee2d7"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 8ffafbaaf077c1bfbcd28a0ea3ceeb03
b4481d3fb83e3cdecd7013c004b2caea9eaee2d7
261be3cd39ceacc2fbda510e774c8789d2b5ec416c6204b633feae244eb3d20c
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 01 Dec 2022 21:33:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 01 Dec 2022 18:25:12 GMT
Expires: Fri, 02 Dec 2022 18:25:12 GMT
ETag: "b4481d3fb83e3cdecd7013c004b2caea9eaee2d7"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.youtube.com/iframe_api
142.250.74.142200 OK 523 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.142:0
File type ASCII text, with very long lines (509)
Hash f11352d83b92c5dc8814bbfd8f21177b
5c84513d4670f5cb23ca5427467115ab71895f75
f1b809754501772f0794e3de4897263b43ce1d0424f476636666b87ef9dac6b9
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Thu, 01 Dec 2022 21:33:01 GMT
date: Thu, 01 Dec 2022 21:33:01 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=TnzvrASEalo; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=EGezO6JWe1k; Domain=.youtube.com; Expires=Tue, 30-May-2023 21:33:01 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+932; expires=Sat, 30-Nov-2024 21:33:01 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9abc24f39564dc848d6bcdefbcdafc7b
b8c7e8e03ebea34dc55cb1edc5821875ef3b8ced
746046171e16c754f1385bee917d0d771988a6cc69bfef15b30af8d773cad83f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "746046171E16C754F1385BEE917D0D771988A6CC69BFEF15B30AF8D773CAD83F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8937
Expires: Fri, 02 Dec 2022 00:01:59 GMT
Date: Thu, 01 Dec 2022 21:33:02 GMT
Connection: keep-alive
reproductiontape.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgdVRi9k8aNbqp046LyEPEHzMv8vHnJ2EU11pZiTUtbqSvx%2Fk1yzZ25w70zb14DQrFQ6kJ4gqDLyXlpgrUUK7qUyosbCQh9ChLEYNdupELX8pJA8Fvc77v3nMV3zrk31qpd4qOiOxfeMatKazobt%2F3Wy1dULkztWouXW4Hf9k%2B0rqi82znR6k8O23st8OO2%2F0rrjOQrZjb0A98P%2FKB1WlmZmv7sHgpV3EmCduK3O2E7iDvo2%2F%2FfXeXBUQ%2Bit0uegRLjJ5Z%2FvgfFR8izb05Jt1Ka4tW3skrT0lj0xOa7%2BUpu6hzZ4ZhaD2m%2BecCGcWNCvpyCyTcPFMD01icKwNSYeL8HYPnmwZpgvVv7mzINmYOJp1D3RpB6BEVH4OY6lHhAAC6weB55trFobE2v7qN0go7J9ON%2Foeoxmf7zGPLs7oJW%2FdYlo6tSmdyhnzZQ%2FRHU0ghFtYVy1YOqt8DLj6HEL2T28Tnk2fp5pw2U2HkhDKOY%2BTGfEUm3O9MJEz4zn1AxE3dTP%2BSCiWRO7Fmk1AgqHUHLAaibQuU8VMpDlXqoCg%2BZ2GnROEl9fy5laRTNdzjnUcR5PN8VsYg686mPik80DFAWA3A9ALfXUNhrWFED2OpHuOUGTnhwJUFPNKglQe0IakpQK4K6JKh7zS2hXeiaDaFdxYKDHh70qBmacmmN3jLlkszJWrFLnp4Y5x29fQwrcqeVxvNx2o15l3fjIIxYEgvhJ0xGYUfIiDE41UC5KVDnYVWNyZGP%2FkahxmRqYRaMbsHpLXD1PGh1HLQezoU%2B6PKwM%2B9jNd%2BQfdlWBsI0KMpplFe9Nb1Lnt2LLvnNQvLt11%2F6fPXhmbvHwG2Dwjb4UP1EsKRvDi%2BamqxfNLUj984XpcrUKp3EeqmkpZy%2B%2Fba8Whsrzp5yg6%2Fe4BNgMt65LF15juZC5UuOfL2ghJD2tLFckh%2FOuiuSXajc8kJl86o4d%2BHN02ezwkrnlMlHoOrBB%2FfB1Zg8md3Y%2B7DP%2FXEDyo5gqwZZtU0OCspsgRfX4Irtk399l7x3lC3CGQKrDzms8FBXzdCG7PBRqzGJXnwELbdPfvvFw%2FD79x%2BBsgZOHtrA5Pb9f%2Fb5a%2B4mlqwHWl5HnjXo2QY93YDqAVx1ZFgWdvvkr9FegWlvyLT11pm2%2BrN9e53aack49VPph5KlCUvnqC%2BStJMwmgRyjsU0QOnG%2FJPjn%2F4HAAD%2F%2FwEAAP%2F%2FOpeDG4wEAAA%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 reproductiontape.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgdVRi9k8aNbqp046LyEPEHzMv8vHnJ2EU11pZiTUtbqSvx%2Fk1yzZ25w70zb14DQrFQ6kJ4gqDLyXlpgrUUK7qUyosbCQh9ChLEYNdupELX8pJA8Fvc77v3nMV3zrk31qpd4qOiOxfeMatKazobt%2F3Wy1dULkztWouXW4Hf9k%2B0rqi82znR6k8O23st8OO2%2F0rrjOQrZjb0A98P%2FKB1WlmZmv7sHgpV3EmCduK3O2E7iDvo2%2F%2FfXeXBUQ%2Bit0uegRLjJ5Z%2FvgfFR8izb05Jt1Ka4tW3skrT0lj0xOa7%2BUpu6hzZ4ZhaD2m%2BecCGcWNCvpyCyTcPFMD01icKwNSYeL8HYPnmwZpgvVv7mzINmYOJp1D3RpB6BEVH4OY6lHhAAC6weB55trFobE2v7qN0go7J9ON%2Foeoxmf7zGPLs7oJW%2FdYlo6tSmdyhnzZQ%2FRHU0ghFtYVy1YOqt8DLj6HEL2T28Tnk2fp5pw2U2HkhDKOY%2BTGfEUm3O9MJEz4zn1AxE3dTP%2BSCiWRO7Fmk1AgqHUHLAaibQuU8VMpDlXqoCg%2BZ2GnROEl9fy5laRTNdzjnUcR5PN8VsYg686mPik80DFAWA3A9ALfXUNhrWFED2OpHuOUGTnhwJUFPNKglQe0IakpQK4K6JKh7zS2hXeiaDaFdxYKDHh70qBmacmmN3jLlkszJWrFLnp4Y5x29fQwrcqeVxvNx2o15l3fjIIxYEgvhJ0xGYUfIiDE41UC5KVDnYVWNyZGP%2FkahxmRqYRaMbsHpLXD1PGh1HLQezoU%2B6PKwM%2B9jNd%2BQfdlWBsI0KMpplFe9Nb1Lnt2LLvnNQvLt11%2F6fPXhmbvHwG2Dwjb4UP1EsKRvDi%2BamqxfNLUj984XpcrUKp3EeqmkpZy%2B%2Fba8Whsrzp5yg6%2Fe4BNgMt65LF15juZC5UuOfL2ghJD2tLFckh%2FOuiuSXajc8kJl86o4d%2BHN02ezwkrnlMlHoOrBB%2FfB1Zg8md3Y%2B7DP%2FXEDyo5gqwZZtU0OCspsgRfX4Irtk399l7x3lC3CGQKrDzms8FBXzdCG7PBRqzGJXnwELbdPfvvFw%2FD79x%2BBsgZOHtrA5Pb9f%2Fb5a%2B4mlqwHWl5HnjXo2QY93YDqAVx1ZFgWdvvkr9FegWlvyLT11pm2%2BrN9e53aack49VPph5KlCUvnqC%2BStJMwmgRyjsU0QOnG%2FJPjn%2F4HAAD%2F%2FwEAAP%2F%2FOpeDG4wEAAA%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgdVRi9k8aNbqp046LyEPEHzMv8vHnJ2EU11pZiTUtbqSvx%2Fk1yzZ25w70zb14DQrFQ6kJ4gqDLyXlpgrUUK7qUyosbCQh9ChLEYNdupELX8pJA8Fvc77v3nMV3zrk31qpd4qOiOxfeMatKazobt%2F3Wy1dULkztWouXW4Hf9k%2B0rqi82znR6k8O23st8OO2%2F0rrjOQrZjb0A98P%2FKB1WlmZmv7sHgpV3EmCduK3O2E7iDvo2%2F%2FfXeXBUQ%2Bit0uegRLjJ5Z%2FvgfFR8izb05Jt1Ka4tW3skrT0lj0xOa7%2BUpu6hzZ4ZhaD2m%2BecCGcWNCvpyCyTcPFMD01icKwNSYeL8HYPnmwZpgvVv7mzINmYOJp1D3RpB6BEVH4OY6lHhAAC6weB55trFobE2v7qN0go7J9ON%2Foeoxmf7zGPLs7oJW%2FdYlo6tSmdyhnzZQ%2FRHU0ghFtYVy1YOqt8DLj6HEL2T28Tnk2fp5pw2U2HkhDKOY%2BTGfEUm3O9MJEz4zn1AxE3dTP%2BSCiWRO7Fmk1AgqHUHLAaibQuU8VMpDlXqoCg%2BZ2GnROEl9fy5laRTNdzjnUcR5PN8VsYg686mPik80DFAWA3A9ALfXUNhrWFED2OpHuOUGTnhwJUFPNKglQe0IakpQK4K6JKh7zS2hXeiaDaFdxYKDHh70qBmacmmN3jLlkszJWrFLnp4Y5x29fQwrcqeVxvNx2o15l3fjIIxYEgvhJ0xGYUfIiDE41UC5KVDnYVWNyZGP%2FkahxmRqYRaMbsHpLXD1PGh1HLQezoU%2B6PKwM%2B9jNd%2BQfdlWBsI0KMpplFe9Nb1Lnt2LLvnNQvLt11%2F6fPXhmbvHwG2Dwjb4UP1EsKRvDi%2BamqxfNLUj984XpcrUKp3EeqmkpZy%2B%2Fba8Whsrzp5yg6%2Fe4BNgMt65LF15juZC5UuOfL2ghJD2tLFckh%2FOuiuSXajc8kJl86o4d%2BHN02ezwkrnlMlHoOrBB%2FfB1Zg8md3Y%2B7DP%2FXEDyo5gqwZZtU0OCspsgRfX4Irtk399l7x3lC3CGQKrDzms8FBXzdCG7PBRqzGJXnwELbdPfvvFw%2FD79x%2BBsgZOHtrA5Pb9f%2Fb5a%2B4mlqwHWl5HnjXo2QY93YDqAVx1ZFgWdvvkr9FegWlvyLT11pm2%2BrN9e53aack49VPph5KlCUvnqC%2BStJMwmgRyjsU0QOnG%2FJPjn%2F4HAAD%2F%2FwEAAP%2F%2FOpeDG4wEAAA%3D HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=2235b05c-d966-429c-89ad-56f02cdbd97d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 01 Dec 2022 21:33:02 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a2addef08d0da08fcc25112218c20feb
Strict-Transport-Security: max-age=0; includeSubdomains
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
51.79.72.199200 OK 7.6 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP 51.79.72.199:0
Hash 328c6e3376b5f6a768ef9e2e60edc0c7
f8d239b58fe8c4674b2a74d17b0eeb7adbda5128
5326fa8f8372b7cd25ad24264f49a19cc9807b39113af68b63a30188b02778db
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.21.4.1
Date: Thu, 01 Dec 2022 21:33:02 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d37-bf80"
Expires: Fri, 01 Dec 2023 21:33:02 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
51.79.72.199200 OK 58 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
IP 51.79.72.199:0
File type PNG image data, 320 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash cf8ffcaf217375cf9bb01c612300b25a
5d033771d013ab4364a83c6302b473c6f64ff722
2b14b918bb31b4672d92b0287ed00c91c74e5d315759da2deb6028b0b4e9f909
GET /media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.21.4.1
Date: Thu, 01 Dec 2022 21:33:02 GMT
Content-Type: image/png
Content-Length: 57775
Last-Modified: Fri, 01 Apr 2022 10:50:46 GMT
Connection: keep-alive
ETag: "6246d906-e1af"
Expires: Fri, 01 Dec 2023 21:33:02 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 920992c4818e7d17517e3dfef67a22c1
407b7e56fbb4faacca123af367b6cfdf0b7b2d99
527197c1e55e0b319d64e59070906d60084827233a6d7498cf63145ab665c424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:33:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
analytics.vdo.ai/logger
172.64.104.3200 OK 17 kB IP 172.64.104.3:0
Hash cb5039d73b1593e21fe99662dbfca05a
b586964603f7fa5052458d2b222260a048a0ad23
dc0cfeb5dc2b477d01feaeba4626ebef9986451d551d08dbf0f64cbd11cdd2d0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 180
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:02 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I43Ez%2FRr%2FE2tUiHaEBjGT2f7a%2BhrmAdclUO5SBWwvmhOc3lygSs5AHCkmMf51qJI4%2BwCA1F1jKmkJPI4QnqEZwwDiMEdggPKKRLJVimgN%2FCU9Y4LtYZvbj41YAhfkJXRJngU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef0596cd17539-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 920992c4818e7d17517e3dfef67a22c1
407b7e56fbb4faacca123af367b6cfdf0b7b2d99
527197c1e55e0b319d64e59070906d60084827233a6d7498cf63145ab665c424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:33:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
51.79.72.199204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP 51.79.72.199:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: openresty/1.21.4.1
Date: Thu, 01 Dec 2022 21:33:02 GMT
Connection: keep-alive
Expires: Fri, 01 Dec 2023 21:33:02 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0f3fa70c4b85f9af8be81db15f2473b6
e5dadf573bde48707d00993b7a0301f7303f1a73
ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9757
Expires: Fri, 02 Dec 2022 00:15:39 GMT
Date: Thu, 01 Dec 2022 21:33:02 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0f3fa70c4b85f9af8be81db15f2473b6
e5dadf573bde48707d00993b7a0301f7303f1a73
ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9757
Expires: Fri, 02 Dec 2022 00:15:39 GMT
Date: Thu, 01 Dec 2022 21:33:02 GMT
Connection: keep-alive
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=211
192.243.59.13200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=211
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=211 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=2235b05c-d966-429c-89ad-56f02cdbd97d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 01 Dec 2022 21:33:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0f3fa70c4b85f9af8be81db15f2473b6
e5dadf573bde48707d00993b7a0301f7303f1a73
ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9757
Expires: Fri, 02 Dec 2022 00:15:39 GMT
Date: Thu, 01 Dec 2022 21:33:02 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
172.64.109.13200 OK 322 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
IP 172.64.109.13:0
File type PNG image data, 729 x 331, 8-bit/color RGBA, non-interlaced\012- data
Size 322 kB (322399 bytes)
Hash 47b7ae41a98644de6d46d58a0e51a793
b0f736609af3c0b3214ee52cc9f0798dcc972df6
b2ad5bf8fc066203168fbceb53b7df6012e8897be344b240e94105af1b4ba0f2
GET /sb/notifications/games/nutaku/multi/2/img/girls.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:02 GMT
content-type: image/png
content-length: 322399
last-modified: Wed, 07 Sep 2022 14:37:32 GMT
etag: "6318acac-4eb5f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1410113
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IbnvtASmWLrJK3VbVWwJWatxg7Q%2BOIa361ycMB8Uo2YXlcZbo5KnF3Dlart0uho5GwBJhZnjonbhrFb5%2BGT56bLHifywE1jHvxETsxUWppqGB3EoQFjNsh5dQ2Wx1io7r1uecLeW3zXU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772ef05cfcdf06c9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
172.64.109.13200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
IP 172.64.109.13:0
Hash c91016401e0a0b7b3d7572de48c76597
12fb634abb5e708b4f55d1489055b4f626d3cdd1
2472e286e0bf6f54cef9d99e9c63301c873fa02bc4e3979e1a18587a6d973120
GET /sb/notifications/games/nutaku/multi/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:02 GMT
content-type: text/css
last-modified: Thu, 15 Sep 2022 10:38:28 GMT
etag: W/"632300a4-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 894909
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6b3YXPdgY40ud1JEhyNKo%2FJMANngY%2Bf9GfKUQUHQKz0QyOi%2F9tG%2BDfjHxlhwD%2FseoKX%2BAQCRWxlEBde5bR2YwwK%2FE7vgesbRLd0NgJ3sQXslitsYrhmPbxpG3Xb85v6%2BBTAnELJ3yqy7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772ef05c7b86e658-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=168
192.243.59.13200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=168
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=168 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=2235b05c-d966-429c-89ad-56f02cdbd97d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 01 Dec 2022 21:33:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=40
192.243.59.13200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=40
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fjs%2Fmain.js&l=6946&fd=40 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=2235b05c-d966-429c-89ad-56f02cdbd97d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 01 Dec 2022 21:33:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
51.79.72.199206 Partial Content 454 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP 51.79.72.199:0
Size 454 kB (453832 bytes)
Hash b2fa66eb6fbe5a86875597aafd72688e
3f3ffb07d91b34dcbaa886bbbb50c59ab33767c8
f2985ff1aa24da33cb50632ba0daed5632c90cd761f6a53c56084988c4ae4cc2
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-453831
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: openresty/1.21.4.1
Date: Thu, 01 Dec 2022 21:33:02 GMT
Content-Type: video/mp2t
Content-Length: 453832
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Connection: keep-alive
ETag: "62e47d37-cce09a8"
Expires: Fri, 01 Dec 2023 21:33:02 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-453831/214829480
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
172.64.109.13200 OK 10 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
IP 172.64.109.13:0
Hash 63eb024e87754f25ae49ae656d0b2555
6e8cc54e36e33fffeff8cb177fa22ca449cc6ea1
1d44f05750705d82c3dd965c7fde8cae0abfd7f77106b5bf3165f77d7f7dd59c
GET /sb/notifications/games/nutaku/multi/2/css/styles.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:02 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 08:03:32 GMT
etag: W/"632ac554-2c89"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 886855
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AVsGW5qWOl7IouX3GHUS2TgkEg44df%2FE4iaUyjU%2Fsfg4jMBmDJ3ZgfVseNnJh6YZkrolKNmp02V5BRfyol9i0Z6kq6%2FKpcDpUULQsB9xkQ7K0HRHPK5JzOlrpkTX56BGMGSCsqBXpC6v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772ef05c8b8ee658-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reproductiontape.com/pixel/sbs?c=1
192.243.59.13200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbs?c=1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=2235b05c-d966-429c-89ad-56f02cdbd97d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 01 Dec 2022 21:33:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
reproductiontape.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWhcVRi9L40b3VTpxkVlEPEHzOT9zJvMs4tqrC3Fmpa2Ulfi%2FXvJNXfefdz73rxpQCgWSl0IIwi6fDmTJlhLsaJLqUzcSEDoKEgQg127kQpdyyQDwW9xv%2B%2FecxbfOefeWC%2F3iI%2BS7l54x6wprel83PQbL19RmTCVayxdbgR%2B0z%2FRuKKydutEoz85bO%2B1wI%2Bb%2FiuNM5KvmvnQD3w%2F8IPGaWVlavrz%2ByhUficJmonfbIXNIG6hb%2F9%2Fd6UHRz2I3h55BkqMn1j5%2BR4UHyHrfnNKutXC5K%2B%2B1S01LYxFT2y9m61mpsrQPRxT6yHNtqZsGDcm5MsZmGxrqgCmtzFRAKbGxPs9AMu2pmuC9W4dbMo0ZAYmnkLVG0HqERQdgZvrUOIBAbjA0nlk3c0lYyt69QClE3RMZh%2F%2FC1WNyeyfx5B17y5q1W9cMroslMkc%2BmkN1R9BLY%2BQl9so1jyoahu8%2BBhK%2FELmH59D1t0477SBErsvhGEUMz%2FmcyJpt%2BdaYcLnOgkVc3E79UMumEgWxL5FSo2g0hG0HIC6GZTOQ6k8lKmHMvfQFbsNGiep7y%2BkLI2iTotzHkWcx522iEXU6qQ%2BSj7RMECRD8D1ANxeQ26vYVUNYMsf4VZqOOHBFQQ9UaOSBJUjqChBpQiqgqDq1beEdqGrN4V2JQumPZz2qB6aYnmd3jLFsszIer5Hnp4Y5x29fQyrcreRxp04bce8zdtxEEYsiYXwEyajsCVkxBicqqHcDKjzsKbG5MhHfyNXYzKzOA9Gt%2BH0Nrh6HrQ8DloNF0IfdGXY6vhYyzZlXzaVgTA18mIWxVVvXe%2BRZ%2FejS36zkHzn9Zc%2BX3t45u4xcFsjtzU%2BVD8RLOubw4umIhsXTeXIvfN5obpqjU5ivVTQQs7eflterYwVZ0%2B5wVdv8AkwGe9clq44RzOhsmVHvl5UQkh72lguyQ9n3RXJLpRuZbG0WZmfu%2FDm6bPd3ErnlMlGoOrBB%2FfB1Zg82b2x%2F2Gf%2B%2BMGlB3BljW65Q6ZFpTZBs%2BvweU7J%2F%2F6LnnvKFuCMwRWH3JY7qEq66EN2eGjVmMSvfgIWu6c%2FPaLh%2BH37z8CZTWcPLSByZ37%2Fxzw191NLFsPtLiOrFujZ2v0dA2qB3DlkWGR252Tv0b7Baa9IdPW22Da6s8O7HVqtxEHLdlhnQUuBJNcBAth1Il8PxSitZDIIEHhxvyT45%2F%2BBwAA%2F%2F8BAAD%2F%2Fy6fDf2MBAAA
192.243.59.13200 OK 7 B URL HTTP/1.1 reproductiontape.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWhcVRi9L40b3VTpxkVlEPEHzOT9zJvMs4tqrC3Fmpa2Ulfi%2FXvJNXfefdz73rxpQCgWSl0IIwi6fDmTJlhLsaJLqUzcSEDoKEgQg127kQpdyyQDwW9xv%2B%2FecxbfOefeWC%2F3iI%2BS7l54x6wprel83PQbL19RmTCVayxdbgR%2B0z%2FRuKKydutEoz85bO%2B1wI%2Bb%2FiuNM5KvmvnQD3w%2F8IPGaWVlavrz%2ByhUficJmonfbIXNIG6hb%2F9%2Fd6UHRz2I3h55BkqMn1j5%2BR4UHyHrfnNKutXC5K%2B%2B1S01LYxFT2y9m61mpsrQPRxT6yHNtqZsGDcm5MsZmGxrqgCmtzFRAKbGxPs9AMu2pmuC9W4dbMo0ZAYmnkLVG0HqERQdgZvrUOIBAbjA0nlk3c0lYyt69QClE3RMZh%2F%2FC1WNyeyfx5B17y5q1W9cMroslMkc%2BmkN1R9BLY%2BQl9so1jyoahu8%2BBhK%2FELmH59D1t0477SBErsvhGEUMz%2FmcyJpt%2BdaYcLnOgkVc3E79UMumEgWxL5FSo2g0hG0HIC6GZTOQ6k8lKmHMvfQFbsNGiep7y%2BkLI2iTotzHkWcx522iEXU6qQ%2BSj7RMECRD8D1ANxeQ26vYVUNYMsf4VZqOOHBFQQ9UaOSBJUjqChBpQiqgqDq1beEdqGrN4V2JQumPZz2qB6aYnmd3jLFsszIer5Hnp4Y5x29fQyrcreRxp04bce8zdtxEEYsiYXwEyajsCVkxBicqqHcDKjzsKbG5MhHfyNXYzKzOA9Gt%2BH0Nrh6HrQ8DloNF0IfdGXY6vhYyzZlXzaVgTA18mIWxVVvXe%2BRZ%2FejS36zkHzn9Zc%2BX3t45u4xcFsjtzU%2BVD8RLOubw4umIhsXTeXIvfN5obpqjU5ivVTQQs7eflterYwVZ0%2B5wVdv8AkwGe9clq44RzOhsmVHvl5UQkh72lguyQ9n3RXJLpRuZbG0WZmfu%2FDm6bPd3ErnlMlGoOrBB%2FfB1Zg82b2x%2F2Gf%2B%2BMGlB3BljW65Q6ZFpTZBs%2BvweU7J%2F%2F6LnnvKFuCMwRWH3JY7qEq66EN2eGjVmMSvfgIWu6c%2FPaLh%2BH37z8CZTWcPLSByZ37%2Fxzw191NLFsPtLiOrFujZ2v0dA2qB3DlkWGR252Tv0b7Baa9IdPW22Da6s8O7HVqtxEHLdlhnQUuBJNcBAth1Il8PxSitZDIIEHhxvyT45%2F%2BBwAA%2F%2F8BAAD%2F%2Fy6fDf2MBAAA
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTWhcVRi9L40b3VTpxkVlEPEHzOT9zJvMs4tqrC3Fmpa2Ulfi%2FXvJNXfefdz73rxpQCgWSl0IIwi6fDmTJlhLsaJLqUzcSEDoKEgQg127kQpdyyQDwW9xv%2B%2FecxbfOefeWC%2F3iI%2BS7l54x6wprel83PQbL19RmTCVayxdbgR%2B0z%2FRuKKydutEoz85bO%2B1wI%2Bb%2FiuNM5KvmvnQD3w%2F8IPGaWVlavrz%2ByhUficJmonfbIXNIG6hb%2F9%2Fd6UHRz2I3h55BkqMn1j5%2BR4UHyHrfnNKutXC5K%2B%2B1S01LYxFT2y9m61mpsrQPRxT6yHNtqZsGDcm5MsZmGxrqgCmtzFRAKbGxPs9AMu2pmuC9W4dbMo0ZAYmnkLVG0HqERQdgZvrUOIBAbjA0nlk3c0lYyt69QClE3RMZh%2F%2FC1WNyeyfx5B17y5q1W9cMroslMkc%2BmkN1R9BLY%2BQl9so1jyoahu8%2BBhK%2FELmH59D1t0477SBErsvhGEUMz%2FmcyJpt%2BdaYcLnOgkVc3E79UMumEgWxL5FSo2g0hG0HIC6GZTOQ6k8lKmHMvfQFbsNGiep7y%2BkLI2iTotzHkWcx522iEXU6qQ%2BSj7RMECRD8D1ANxeQ26vYVUNYMsf4VZqOOHBFQQ9UaOSBJUjqChBpQiqgqDq1beEdqGrN4V2JQumPZz2qB6aYnmd3jLFsszIer5Hnp4Y5x29fQyrcreRxp04bce8zdtxEEYsiYXwEyajsCVkxBicqqHcDKjzsKbG5MhHfyNXYzKzOA9Gt%2BH0Nrh6HrQ8DloNF0IfdGXY6vhYyzZlXzaVgTA18mIWxVVvXe%2BRZ%2FejS36zkHzn9Zc%2BX3t45u4xcFsjtzU%2BVD8RLOubw4umIhsXTeXIvfN5obpqjU5ivVTQQs7eflterYwVZ0%2B5wVdv8AkwGe9clq44RzOhsmVHvl5UQkh72lguyQ9n3RXJLpRuZbG0WZmfu%2FDm6bPd3ErnlMlGoOrBB%2FfB1Zg82b2x%2F2Gf%2B%2BMGlB3BljW65Q6ZFpTZBs%2BvweU7J%2F%2F6LnnvKFuCMwRWH3JY7qEq66EN2eGjVmMSvfgIWu6c%2FPaLh%2BH37z8CZTWcPLSByZ37%2Fxzw191NLFsPtLiOrFujZ2v0dA2qB3DlkWGR252Tv0b7Baa9IdPW22Da6s8O7HVqtxEHLdlhnQUuBJNcBAth1Il8PxSitZDIIEHhxvyT45%2F%2BBwAA%2F%2F8BAAD%2F%2Fy6fDf2MBAAA HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=2235b05c-d966-429c-89ad-56f02cdbd97d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 01 Dec 2022 21:33:03 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b185eff482a9677982858e74092a9ae1
Strict-Transport-Security: max-age=0; includeSubdomains
adservice.google.com/adsid/integrator.js?domain=exee.app
142.250.74.98200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP 142.250.74.98:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 01 Dec 2022 21:33:03 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FO9q9xc&tfcd=0&npa=0&correlator=2217182344172673&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FO9q9xc&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F0bde7bba-4b16-4289-8231-c81c580a8eb7&sid=6BCC6412-56AD-429E-947E-158B4D3B2DF1&nel=0&eid=44748969%2C44765701&ref=https%3A%2F%2Fexe.io%2F&dlt=1669930377601&idt=3079&dt=1669930381879&cookie_enabled=1&scor=309372406068625&ged=ve4_td4_tt1_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
142.250.74.162200 OK 6.4 kB URL HTTP/2 pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FO9q9xc&tfcd=0&npa=0&correlator=2217182344172673&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FO9q9xc&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F0bde7bba-4b16-4289-8231-c81c580a8eb7&sid=6BCC6412-56AD-429E-947E-158B4D3B2DF1&nel=0&eid=44748969%2C44765701&ref=https%3A%2F%2Fexe.io%2F&dlt=1669930377601&idt=3079&dt=1669930381879&cookie_enabled=1&scor=309372406068625&ged=ve4_td4_tt1_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
IP 142.250.74.162:0
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (5548)
Hash db02afce9d9df839bd260f4e9b1dd0a6
cbef87145211cefc8e5e05ea11d5cd16c18b7a4d
c8ee61dd55d7301df7b5fed5b70099e83e033f7b123305bf10fefa278a4e7bc9
GET /gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FO9q9xc&tfcd=0&npa=0&correlator=2217182344172673&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FO9q9xc&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F0bde7bba-4b16-4289-8231-c81c580a8eb7&sid=6BCC6412-56AD-429E-947E-158B4D3B2DF1&nel=0&eid=44748969%2C44765701&ref=https%3A%2F%2Fexe.io%2F&dlt=1669930377601&idt=3079&dt=1669930381879&cookie_enabled=1&scor=309372406068625&ged=ve4_td4_tt1_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491 HTTP/1.1
Host: pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://imasdk.googleapis.com
google-lineitem-id: -1
google-creative-id: -1
date: Thu, 01 Dec 2022 21:33:03 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 6369
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 01-Dec-2022 21:48:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-D5P7pecbsPSlESEB-PviMbKLcMzZ32Q7cI7mKUCpmBJcr1RgJlj4e1yqqMBn18EhKFTc-DaQCNKlLMu27HiqzuM2EkqA&cry=1&dbm_d=AKAmf-ASkDCB2UCVqDTI-_Tv2NAQ_pH1xw_JTgyJKJOmjgNR8oKZvTXwibQDZPUruIze-pm4BkhAWBReMfISHpD3ocADY2vH8iCKFdkHsyYPlBHwx35nNLAFUjo6_Kx3hYJNo0S1Wu6c2M3_Q4F3qvAyX4_KRhKko9nDVhzN6XCZOmmXOAp_StggxI5Zb1KFWA9m6OjCGxMIWFgiXu8e0s8JGVSonu6ftIPeYRNFwazKk2L6bkuPH-4FpJRAN1O3Y-LDJSaIBO8knXtrY2yxxPmVuQ7egAsOMGb531-GOedhvYb12HnSc3HmMADjzgYLO-nqJPTAWnPJ5_qYuM_8lyj5wwXGuydSx8-glOeqE8hd64L_AbpQ6i0Vx44n6npYBQGsPMCyhAkzxyaGBNx91XCDSJjlF4uewMPs0oTzXgxyhbnJyZbQHdtnZtnfw0624OOlrPhAhDMZf1J_5R0OzwyFXl6dooSB722EiRUSA5vzgKi_Zic9r40P3opQg2GBeyp4S4Fu-iPvV_urQm3jXz5Xp5G9qF2zbH6PmPRvfkzjcrjSz9OEAZIn3qjbHnsbn9glfFFRznW7FpO8PFMFy-1IcnxPyFgcnGSut30m4ew5vomBFEF1HaNzBEt1pK2j_rbIIxiQ8sDxL6rMLfrJN7h5K_jqRhUSO6tj_E8BLsnG5SO12mmmKI7ysjBaUXdRD3MSoY8q74zJ-Q92vwCil7pNzVrzwwpy78CWFmrl3Ulnq4Kp6rztnb-ABrcqMH8CYjn03aEDAxOHFpSqkicB2Bk3WmJK6fo_35gCMgJVZd3p1SddXZSqdvdgQ5b60SVeV-wfgBc_E9o5aI6_hfbUCwizxGlTyWb0ChAFcvPtIM-uR-UxSLvlmJEzVBO8UoRScb6wG5HFbZWkA3Ld0CWWaYr1rsXHS5K8dP4NW8KGYa8jSwXh5IGR9NM6mpXGTTsk2kPIMfE2cVTjh_bHGLtjLg9WhRYYuUxOq_BER2OFFoyOp6BY5wcZoYSF_T7e31UXo8u3xft3E7A7htlGL10eHQK9tM_QLBI7m9Y48PonVMi9XABDLIEAzY5Yr3-yDG6xaYniiwk_j43y35GWOm4-refHpIZsF1yy0FnBZiaEhv3q5sjAMdZdPO75u4a5aETHETiIuPSOpUSCnq4gwz-HAdjHEsz7DREirLuFFoXG9k4m1RFzKY8OXB5tjug67m59vMCdipON8Sk6gvsW2IdOs-3ERf22euJVjXPblsuUAGqMMBRmReL5UeLcEBGzTkj3ZTfRL5Jw3WZb21jcRrzeewRnQOqPO4RSdj91zyvnXSuEE-POnwS7LDA5GSJFMNHum9enJrI-xJylKOjFkELig3Ef4XHAiEx1zfIIwq5Eu2_1e-mDOCg-PIpdfPn7SYPIO38iBb1B4QLp4XXn31QwQX_xMkSYKQHkiYIKOPXOgEqN9ecT43rudg5N0e79Kbd5dlTaJSVxs1t5-SkaRdaD-jFokp9LRJqqsRb3IRnkVNjGw533J5u0sSZYBS2eITbQKh3R4PGUpBLiO7BBes3v-88QG--2bbe0x67xtL89x9LWsHAP4J584nu-3BWxTyld7Tvn5Ok-pZR3aBmpF5Pwba5KFAKDdZ9SLR1Z7YHAIxW94LsbVfT5q6ulRuUTMCRXgGIAPouCF2uGwi-YO2nrCHdHZ1QjxCK-rr6RkI-JnxsGQdvNC-0GRWIpOw51kNkNvA041rBwg48vRk2zpVhFmH9AWwBZGKeggA5rEIi2PRmHOTmgNZR3goF3fW1GSHIKwTOIWiL5o6sMpbHjwjrOME38GoDiXdBx5W2qIBLn9DmLuU3nbB3s7GtN8InJX3Rqk0SqESqXGnUVnQkHJx8QCa6OaTGKQo3bAsv0geyQsAFSdLM2Fd4srh0hKIGKSiUnMaWORXEymicxt82St9BWd97V09ZOOZPFJzpkaWb8r3O9lCq8BOEqhL3qvZRzo-eoEiYu_a2UXtzEcXyhEY5Ih-vsPX093H7jP6z8lSZVLBcslek8mmIydxpU4MOjx6aHncxxQP7pH2mc6sToSjJyjpq83ghOX2opOYA9w_N_YQHwRI__Cs7j5RSiwtmBKTezDiPn2-G_TehqBJtMv-hkIvdgd26_Na3JFnvIYHlLB4aCPLb4QG15OB0V8zExLCPdWxsg6KOfdVnFTR6P-KVVH-b5ux-RqWnGFpc95wOmeAAeLBh1pPIw8tPSlXxjYokI-J-gNAK6LBpbWDnkK2QTVk5BzAb4ucT1OD8lZCHOAsTYYAoLnl1rLQfNpfWNdreaXLdLrV7sv_11RT9MfRgaxfSCNoBbgJhmeOjWmvSP-ce27nuwV1817UZ3wV6OeEXZYFb2X01K-CIptAsixjmTsEMTv366cFo5rA7U4_GKtVcv8EEZyL9MCUnFTSKf0xVIQrzpmxG-P1GR4Oa5LgwbKuRPbdAmpQjJHrirC5FaslJzH1Pqpprwuf9buT7uCvUv7BF7kPGjcvKYA2iKwloGzzPUpCpUzPKEFr0uAeb1AywUwI_US6k6V9i_TAnD6rsQ8-PScDdjBYeEdbsYa9IZno4VkX3TDRC-Zv9BLt7m5ig4K3tgdLIVKaNvo8Y9wvjrY0EiiZOTiz7v0SW_mda4E9FreIh3o0A-0fFS1jyObvzq7KehA7Zc7lrIK81mdpCAwSyEFbkhdMRC2cC36KVh8DxjWbygyMv_EegZJLdyHG9UuQSsnRRr7-6zzBPAQFhSC-FCBpWGc3yAZm52uJ5_y1XlQbjHCmeANLCBkexYwDNq5ILiqNORRP0awybYD_1SbBFMJp7wM4E4SCdy4LegMVS09BU6TJsDxIoZnRwSvKxwsbbnjM1xnhTEHcolCGAxSP4scLyUB2JDy9xUA7INd2duAr5P_dIytv11curpOon7wTzmah9GxHB8KyFPacqnmQgo45ikCg6Uc4WY_fTYQQP17ksXPwx3F9-PQpb9OFYtFsM7CKA4pZcXnxPS5pOLtysJGGj8CiGcODHNZg9-nb21f234JF1WgAWi0T5sA0hmqf__DVr_fbHy2wN7kVI9MOwSuHLTYU_asPL52UfOge0S56kf7fx8-987V5LjHx9ygrlrL8sTUr2XyMu1YQdKCZxnZy_wGEW2PHXDU-c3-4dtn5jFJGgsrH4PxXl9xfJIs7Z8Dky6KN9zxyavVJTBnL0pnLW8iptZsx2NhHiKGfrk52yY-J_EGXSX7gTXb1o_7DAkjYIRePUOlDJNUPyiWwkNAixa-TvGtkn4-p6-8HsIcYfxbxSzJ3oaN-1z_Wz8pMENil07TG7An0rwe9QWs131J6OZbDsN1p-7uN11X51FfX6pMojgs7YeRei86GA25mx93Iysdu_JnXngHFtmSZTH90rJjRUYJdxIsZd2TTUIAOYaYAcEo5KXgDISsjyc1AXjD17ug4YSMofaAEj1yhKVRB0WXjWJyyzm8CqS9EVgKcMJKqCJSwlWhKDef4hVqy7MPfByVIQgUe_Hte65EKbIz2a_zsImbXj2wsDZFewwV9VlBZcLPg2UBaXaxFFh4dZ6_3-IvPM&cid=CAQSPgDq26N92wQzUPyvwenLGCtPW_LYC3y79n0JL83Dzk1ykqaOPPusbipvXCWrcjW-KvVTfBnu0CtB_XLQPCp9GAEgEw&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F0bde7bba-4b16-4289-8231-c81c580a8eb7&sid=6BCC6412-56AD-429E-947E-158B4D3B2DF1&nel=0&eid=44748969%2C44765701&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&ref=https%3A%2F%2Fexe.io%2F&url=https%3A%2F%2Fexee.app%2FO9q9xc&dlt=1669930377601&idt=3079&dt=1669930382310&ged=ve4_td4_tt1_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_ts0_eb16491
173.194.220.157200 OK 4.8 kB URL HTTP/2 bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-D5P7pecbsPSlESEB-PviMbKLcMzZ32Q7cI7mKUCpmBJcr1RgJlj4e1yqqMBn18EhKFTc-DaQCNKlLMu27HiqzuM2EkqA&cry=1&dbm_d=AKAmf-ASkDCB2UCVqDTI-_Tv2NAQ_pH1xw_JTgyJKJOmjgNR8oKZvTXwibQDZPUruIze-pm4BkhAWBReMfISHpD3ocADY2vH8iCKFdkHsyYPlBHwx35nNLAFUjo6_Kx3hYJNo0S1Wu6c2M3_Q4F3qvAyX4_KRhKko9nDVhzN6XCZOmmXOAp_StggxI5Zb1KFWA9m6OjCGxMIWFgiXu8e0s8JGVSonu6ftIPeYRNFwazKk2L6bkuPH-4FpJRAN1O3Y-LDJSaIBO8knXtrY2yxxPmVuQ7egAsOMGb531-GOedhvYb12HnSc3HmMADjzgYLO-nqJPTAWnPJ5_qYuM_8lyj5wwXGuydSx8-glOeqE8hd64L_AbpQ6i0Vx44n6npYBQGsPMCyhAkzxyaGBNx91XCDSJjlF4uewMPs0oTzXgxyhbnJyZbQHdtnZtnfw0624OOlrPhAhDMZf1J_5R0OzwyFXl6dooSB722EiRUSA5vzgKi_Zic9r40P3opQg2GBeyp4S4Fu-iPvV_urQm3jXz5Xp5G9qF2zbH6PmPRvfkzjcrjSz9OEAZIn3qjbHnsbn9glfFFRznW7FpO8PFMFy-1IcnxPyFgcnGSut30m4ew5vomBFEF1HaNzBEt1pK2j_rbIIxiQ8sDxL6rMLfrJN7h5K_jqRhUSO6tj_E8BLsnG5SO12mmmKI7ysjBaUXdRD3MSoY8q74zJ-Q92vwCil7pNzVrzwwpy78CWFmrl3Ulnq4Kp6rztnb-ABrcqMH8CYjn03aEDAxOHFpSqkicB2Bk3WmJK6fo_35gCMgJVZd3p1SddXZSqdvdgQ5b60SVeV-wfgBc_E9o5aI6_hfbUCwizxGlTyWb0ChAFcvPtIM-uR-UxSLvlmJEzVBO8UoRScb6wG5HFbZWkA3Ld0CWWaYr1rsXHS5K8dP4NW8KGYa8jSwXh5IGR9NM6mpXGTTsk2kPIMfE2cVTjh_bHGLtjLg9WhRYYuUxOq_BER2OFFoyOp6BY5wcZoYSF_T7e31UXo8u3xft3E7A7htlGL10eHQK9tM_QLBI7m9Y48PonVMi9XABDLIEAzY5Yr3-yDG6xaYniiwk_j43y35GWOm4-refHpIZsF1yy0FnBZiaEhv3q5sjAMdZdPO75u4a5aETHETiIuPSOpUSCnq4gwz-HAdjHEsz7DREirLuFFoXG9k4m1RFzKY8OXB5tjug67m59vMCdipON8Sk6gvsW2IdOs-3ERf22euJVjXPblsuUAGqMMBRmReL5UeLcEBGzTkj3ZTfRL5Jw3WZb21jcRrzeewRnQOqPO4RSdj91zyvnXSuEE-POnwS7LDA5GSJFMNHum9enJrI-xJylKOjFkELig3Ef4XHAiEx1zfIIwq5Eu2_1e-mDOCg-PIpdfPn7SYPIO38iBb1B4QLp4XXn31QwQX_xMkSYKQHkiYIKOPXOgEqN9ecT43rudg5N0e79Kbd5dlTaJSVxs1t5-SkaRdaD-jFokp9LRJqqsRb3IRnkVNjGw533J5u0sSZYBS2eITbQKh3R4PGUpBLiO7BBes3v-88QG--2bbe0x67xtL89x9LWsHAP4J584nu-3BWxTyld7Tvn5Ok-pZR3aBmpF5Pwba5KFAKDdZ9SLR1Z7YHAIxW94LsbVfT5q6ulRuUTMCRXgGIAPouCF2uGwi-YO2nrCHdHZ1QjxCK-rr6RkI-JnxsGQdvNC-0GRWIpOw51kNkNvA041rBwg48vRk2zpVhFmH9AWwBZGKeggA5rEIi2PRmHOTmgNZR3goF3fW1GSHIKwTOIWiL5o6sMpbHjwjrOME38GoDiXdBx5W2qIBLn9DmLuU3nbB3s7GtN8InJX3Rqk0SqESqXGnUVnQkHJx8QCa6OaTGKQo3bAsv0geyQsAFSdLM2Fd4srh0hKIGKSiUnMaWORXEymicxt82St9BWd97V09ZOOZPFJzpkaWb8r3O9lCq8BOEqhL3qvZRzo-eoEiYu_a2UXtzEcXyhEY5Ih-vsPX093H7jP6z8lSZVLBcslek8mmIydxpU4MOjx6aHncxxQP7pH2mc6sToSjJyjpq83ghOX2opOYA9w_N_YQHwRI__Cs7j5RSiwtmBKTezDiPn2-G_TehqBJtMv-hkIvdgd26_Na3JFnvIYHlLB4aCPLb4QG15OB0V8zExLCPdWxsg6KOfdVnFTR6P-KVVH-b5ux-RqWnGFpc95wOmeAAeLBh1pPIw8tPSlXxjYokI-J-gNAK6LBpbWDnkK2QTVk5BzAb4ucT1OD8lZCHOAsTYYAoLnl1rLQfNpfWNdreaXLdLrV7sv_11RT9MfRgaxfSCNoBbgJhmeOjWmvSP-ce27nuwV1817UZ3wV6OeEXZYFb2X01K-CIptAsixjmTsEMTv366cFo5rA7U4_GKtVcv8EEZyL9MCUnFTSKf0xVIQrzpmxG-P1GR4Oa5LgwbKuRPbdAmpQjJHrirC5FaslJzH1Pqpprwuf9buT7uCvUv7BF7kPGjcvKYA2iKwloGzzPUpCpUzPKEFr0uAeb1AywUwI_US6k6V9i_TAnD6rsQ8-PScDdjBYeEdbsYa9IZno4VkX3TDRC-Zv9BLt7m5ig4K3tgdLIVKaNvo8Y9wvjrY0EiiZOTiz7v0SW_mda4E9FreIh3o0A-0fFS1jyObvzq7KehA7Zc7lrIK81mdpCAwSyEFbkhdMRC2cC36KVh8DxjWbygyMv_EegZJLdyHG9UuQSsnRRr7-6zzBPAQFhSC-FCBpWGc3yAZm52uJ5_y1XlQbjHCmeANLCBkexYwDNq5ILiqNORRP0awybYD_1SbBFMJp7wM4E4SCdy4LegMVS09BU6TJsDxIoZnRwSvKxwsbbnjM1xnhTEHcolCGAxSP4scLyUB2JDy9xUA7INd2duAr5P_dIytv11curpOon7wTzmah9GxHB8KyFPacqnmQgo45ikCg6Uc4WY_fTYQQP17ksXPwx3F9-PQpb9OFYtFsM7CKA4pZcXnxPS5pOLtysJGGj8CiGcODHNZg9-nb21f234JF1WgAWi0T5sA0hmqf__DVr_fbHy2wN7kVI9MOwSuHLTYU_asPL52UfOge0S56kf7fx8-987V5LjHx9ygrlrL8sTUr2XyMu1YQdKCZxnZy_wGEW2PHXDU-c3-4dtn5jFJGgsrH4PxXl9xfJIs7Z8Dky6KN9zxyavVJTBnL0pnLW8iptZsx2NhHiKGfrk52yY-J_EGXSX7gTXb1o_7DAkjYIRePUOlDJNUPyiWwkNAixa-TvGtkn4-p6-8HsIcYfxbxSzJ3oaN-1z_Wz8pMENil07TG7An0rwe9QWs131J6OZbDsN1p-7uN11X51FfX6pMojgs7YeRei86GA25mx93Iysdu_JnXngHFtmSZTH90rJjRUYJdxIsZd2TTUIAOYaYAcEo5KXgDISsjyc1AXjD17ug4YSMofaAEj1yhKVRB0WXjWJyyzm8CqS9EVgKcMJKqCJSwlWhKDef4hVqy7MPfByVIQgUe_Hte65EKbIz2a_zsImbXj2wsDZFewwV9VlBZcLPg2UBaXaxFFh4dZ6_3-IvPM&cid=CAQSPgDq26N92wQzUPyvwenLGCtPW_LYC3y79n0JL83Dzk1ykqaOPPusbipvXCWrcjW-KvVTfBnu0CtB_XLQPCp9GAEgEw&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F0bde7bba-4b16-4289-8231-c81c580a8eb7&sid=6BCC6412-56AD-429E-947E-158B4D3B2DF1&nel=0&eid=44748969%2C44765701&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&ref=https%3A%2F%2Fexe.io%2F&url=https%3A%2F%2Fexee.app%2FO9q9xc&dlt=1669930377601&idt=3079&dt=1669930382310&ged=ve4_td4_tt1_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_ts0_eb16491
IP 173.194.220.157:0
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1802)
Hash 476845b5a431e3e916f03ea29a5c7cac
a28a0d93a7393246d48b1e140aef385edffd0b9b
abc3cd5aac438e16bb1fb26542dd88fef4f8ecd78897d9ca7a297ff55f6f6810
GET /dbm/vast?dbm_c=AKAmf-D5P7pecbsPSlESEB-PviMbKLcMzZ32Q7cI7mKUCpmBJcr1RgJlj4e1yqqMBn18EhKFTc-DaQCNKlLMu27HiqzuM2EkqA&cry=1&dbm_d=AKAmf-ASkDCB2UCVqDTI-_Tv2NAQ_pH1xw_JTgyJKJOmjgNR8oKZvTXwibQDZPUruIze-pm4BkhAWBReMfISHpD3ocADY2vH8iCKFdkHsyYPlBHwx35nNLAFUjo6_Kx3hYJNo0S1Wu6c2M3_Q4F3qvAyX4_KRhKko9nDVhzN6XCZOmmXOAp_StggxI5Zb1KFWA9m6OjCGxMIWFgiXu8e0s8JGVSonu6ftIPeYRNFwazKk2L6bkuPH-4FpJRAN1O3Y-LDJSaIBO8knXtrY2yxxPmVuQ7egAsOMGb531-GOedhvYb12HnSc3HmMADjzgYLO-nqJPTAWnPJ5_qYuM_8lyj5wwXGuydSx8-glOeqE8hd64L_AbpQ6i0Vx44n6npYBQGsPMCyhAkzxyaGBNx91XCDSJjlF4uewMPs0oTzXgxyhbnJyZbQHdtnZtnfw0624OOlrPhAhDMZf1J_5R0OzwyFXl6dooSB722EiRUSA5vzgKi_Zic9r40P3opQg2GBeyp4S4Fu-iPvV_urQm3jXz5Xp5G9qF2zbH6PmPRvfkzjcrjSz9OEAZIn3qjbHnsbn9glfFFRznW7FpO8PFMFy-1IcnxPyFgcnGSut30m4ew5vomBFEF1HaNzBEt1pK2j_rbIIxiQ8sDxL6rMLfrJN7h5K_jqRhUSO6tj_E8BLsnG5SO12mmmKI7ysjBaUXdRD3MSoY8q74zJ-Q92vwCil7pNzVrzwwpy78CWFmrl3Ulnq4Kp6rztnb-ABrcqMH8CYjn03aEDAxOHFpSqkicB2Bk3WmJK6fo_35gCMgJVZd3p1SddXZSqdvdgQ5b60SVeV-wfgBc_E9o5aI6_hfbUCwizxGlTyWb0ChAFcvPtIM-uR-UxSLvlmJEzVBO8UoRScb6wG5HFbZWkA3Ld0CWWaYr1rsXHS5K8dP4NW8KGYa8jSwXh5IGR9NM6mpXGTTsk2kPIMfE2cVTjh_bHGLtjLg9WhRYYuUxOq_BER2OFFoyOp6BY5wcZoYSF_T7e31UXo8u3xft3E7A7htlGL10eHQK9tM_QLBI7m9Y48PonVMi9XABDLIEAzY5Yr3-yDG6xaYniiwk_j43y35GWOm4-refHpIZsF1yy0FnBZiaEhv3q5sjAMdZdPO75u4a5aETHETiIuPSOpUSCnq4gwz-HAdjHEsz7DREirLuFFoXG9k4m1RFzKY8OXB5tjug67m59vMCdipON8Sk6gvsW2IdOs-3ERf22euJVjXPblsuUAGqMMBRmReL5UeLcEBGzTkj3ZTfRL5Jw3WZb21jcRrzeewRnQOqPO4RSdj91zyvnXSuEE-POnwS7LDA5GSJFMNHum9enJrI-xJylKOjFkELig3Ef4XHAiEx1zfIIwq5Eu2_1e-mDOCg-PIpdfPn7SYPIO38iBb1B4QLp4XXn31QwQX_xMkSYKQHkiYIKOPXOgEqN9ecT43rudg5N0e79Kbd5dlTaJSVxs1t5-SkaRdaD-jFokp9LRJqqsRb3IRnkVNjGw533J5u0sSZYBS2eITbQKh3R4PGUpBLiO7BBes3v-88QG--2bbe0x67xtL89x9LWsHAP4J584nu-3BWxTyld7Tvn5Ok-pZR3aBmpF5Pwba5KFAKDdZ9SLR1Z7YHAIxW94LsbVfT5q6ulRuUTMCRXgGIAPouCF2uGwi-YO2nrCHdHZ1QjxCK-rr6RkI-JnxsGQdvNC-0GRWIpOw51kNkNvA041rBwg48vRk2zpVhFmH9AWwBZGKeggA5rEIi2PRmHOTmgNZR3goF3fW1GSHIKwTOIWiL5o6sMpbHjwjrOME38GoDiXdBx5W2qIBLn9DmLuU3nbB3s7GtN8InJX3Rqk0SqESqXGnUVnQkHJx8QCa6OaTGKQo3bAsv0geyQsAFSdLM2Fd4srh0hKIGKSiUnMaWORXEymicxt82St9BWd97V09ZOOZPFJzpkaWb8r3O9lCq8BOEqhL3qvZRzo-eoEiYu_a2UXtzEcXyhEY5Ih-vsPX093H7jP6z8lSZVLBcslek8mmIydxpU4MOjx6aHncxxQP7pH2mc6sToSjJyjpq83ghOX2opOYA9w_N_YQHwRI__Cs7j5RSiwtmBKTezDiPn2-G_TehqBJtMv-hkIvdgd26_Na3JFnvIYHlLB4aCPLb4QG15OB0V8zExLCPdWxsg6KOfdVnFTR6P-KVVH-b5ux-RqWnGFpc95wOmeAAeLBh1pPIw8tPSlXxjYokI-J-gNAK6LBpbWDnkK2QTVk5BzAb4ucT1OD8lZCHOAsTYYAoLnl1rLQfNpfWNdreaXLdLrV7sv_11RT9MfRgaxfSCNoBbgJhmeOjWmvSP-ce27nuwV1817UZ3wV6OeEXZYFb2X01K-CIptAsixjmTsEMTv366cFo5rA7U4_GKtVcv8EEZyL9MCUnFTSKf0xVIQrzpmxG-P1GR4Oa5LgwbKuRPbdAmpQjJHrirC5FaslJzH1Pqpprwuf9buT7uCvUv7BF7kPGjcvKYA2iKwloGzzPUpCpUzPKEFr0uAeb1AywUwI_US6k6V9i_TAnD6rsQ8-PScDdjBYeEdbsYa9IZno4VkX3TDRC-Zv9BLt7m5ig4K3tgdLIVKaNvo8Y9wvjrY0EiiZOTiz7v0SW_mda4E9FreIh3o0A-0fFS1jyObvzq7KehA7Zc7lrIK81mdpCAwSyEFbkhdMRC2cC36KVh8DxjWbygyMv_EegZJLdyHG9UuQSsnRRr7-6zzBPAQFhSC-FCBpWGc3yAZm52uJ5_y1XlQbjHCmeANLCBkexYwDNq5ILiqNORRP0awybYD_1SbBFMJp7wM4E4SCdy4LegMVS09BU6TJsDxIoZnRwSvKxwsbbnjM1xnhTEHcolCGAxSP4scLyUB2JDy9xUA7INd2duAr5P_dIytv11curpOon7wTzmah9GxHB8KyFPacqnmQgo45ikCg6Uc4WY_fTYQQP17ksXPwx3F9-PQpb9OFYtFsM7CKA4pZcXnxPS5pOLtysJGGj8CiGcODHNZg9-nb21f234JF1WgAWi0T5sA0hmqf__DVr_fbHy2wN7kVI9MOwSuHLTYU_asPL52UfOge0S56kf7fx8-987V5LjHx9ygrlrL8sTUr2XyMu1YQdKCZxnZy_wGEW2PHXDU-c3-4dtn5jFJGgsrH4PxXl9xfJIs7Z8Dky6KN9zxyavVJTBnL0pnLW8iptZsx2NhHiKGfrk52yY-J_EGXSX7gTXb1o_7DAkjYIRePUOlDJNUPyiWwkNAixa-TvGtkn4-p6-8HsIcYfxbxSzJ3oaN-1z_Wz8pMENil07TG7An0rwe9QWs131J6OZbDsN1p-7uN11X51FfX6pMojgs7YeRei86GA25mx93Iysdu_JnXngHFtmSZTH90rJjRUYJdxIsZd2TTUIAOYaYAcEo5KXgDISsjyc1AXjD17ug4YSMofaAEj1yhKVRB0WXjWJyyzm8CqS9EVgKcMJKqCJSwlWhKDef4hVqy7MPfByVIQgUe_Hte65EKbIz2a_zsImbXj2wsDZFewwV9VlBZcLPg2UBaXaxFFh4dZ6_3-IvPM&cid=CAQSPgDq26N92wQzUPyvwenLGCtPW_LYC3y79n0JL83Dzk1ykqaOPPusbipvXCWrcjW-KvVTfBnu0CtB_XLQPCp9GAEgEw&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F0bde7bba-4b16-4289-8231-c81c580a8eb7&sid=6BCC6412-56AD-429E-947E-158B4D3B2DF1&nel=0&eid=44748969%2C44765701&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&ref=https%3A%2F%2Fexe.io%2F&url=https%3A%2F%2Fexee.app%2FO9q9xc&dlt=1669930377601&idt=3079&dt=1669930382310&ged=ve4_td4_tt1_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_ts0_eb16491 HTTP/1.1
Host: bid.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 21:33:03 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://imasdk.googleapis.com
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4827
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 01-Dec-2022 21:48:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FO9q9xc&tag=v-exee-app&domain=exee.app
172.64.104.3200 OK 2.2 kB URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FO9q9xc&tag=v-exee-app&domain=exee.app
IP 172.64.104.3:0
File type JSON data\012- , ASCII text, with very long lines (8589)
Hash 8bb6748c71bbf5d68166e244d6c31246
fea068b518f857191c1ebcd55b2a1720ae6bee65
539c831cc95a2546b42c226f21aa02ddbe1c1c3377aa0d2ff85b108b7de940e4
GET /allowed_url.php?type=json&url=exee.app%2FO9q9xc&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:00 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xqdleF2Xf8UJY%2FyCmv2tj362FFWFWzppaVw6c4I3eyEZnNj%2FTi3tZLQiXFSpr7F5NlS%2F8Oa%2BYX3jf%2FWr7G3%2FRzlhVcUVHbuwXK5GikRYcQ2leGBUXfJw9G2amx25iBCKgzUO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef04f4dfd71bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 77a6b6638e0ee5ec4eeb988d3d3af050
219272781fc7a6ac331496b257c7976daa7b62de
d3092d8548c448fab08751eb00cce0ffb883786084d77320da1e0a858b70c5cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3092D8548C448FAB08751EB00CCE0FFB883786084D77320DA1E0A858B70C5CB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10892
Expires: Fri, 02 Dec 2022 00:34:36 GMT
Date: Thu, 01 Dec 2022 21:33:04 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.106200 OK 103 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.106:0
Size 103 kB (103293 bytes)
Hash f1509a33d1b8d8a1db1233358977442d
77b4aa48c0d92c31891865adef041f6a47b792cc
a9e16f650de47995e9e633960cdfadfebd57cb749a806bb5dbffc5cb452f7199
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 21:32:59 GMT
date: Thu, 01 Dec 2022 21:32:59 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=2235b05c-d966-429c-89ad-56f02cdbd97d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=2235b05c-d966-429c-89ad-56f02cdbd97d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=2235b05c-d966-429c-89ad-56f02cdbd97d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 01 Dec 2022 21:33:04 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e1b9f439703700a662cf624c9312fc80
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=2235b05c-d966-429c-89ad-56f02cdbd97d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=2235b05c-d966-429c-89ad-56f02cdbd97d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=2235b05c-d966-429c-89ad-56f02cdbd97d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 01 Dec 2022 21:33:04 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5ef747a61ad35bef5901e17c848949a2
Strict-Transport-Security: max-age=0; includeSubdomains
gcdn.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/id,itag,source,ctier,ip,ipbits,expire/signature/F4B2070B25D477C06E7AADDF93E4942BA756A8.1E3BA2433E7A33B54EAE60E2316297D8E931344D/key/ck2/file/file.mp3?cpn=yqN2uSwXpwHOPMfM
172.217.21.174302 Found 652 B URL HTTP/2 gcdn.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/id,itag,source,ctier,ip,ipbits,expire/signature/F4B2070B25D477C06E7AADDF93E4942BA756A8.1E3BA2433E7A33B54EAE60E2316297D8E931344D/key/ck2/file/file.mp3?cpn=yqN2uSwXpwHOPMfM
IP 172.217.21.174:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (475), with CRLF, LF line terminators
Hash 1623e606d4cc1099b75320a681c36bec
f0961068cb3245446c96993a2ebe4f5d1cf5b248
220429488fdc5e6941753a5535694bd634151b2045a6e65d172a4938f7ea4930
GET /videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/id,itag,source,ctier,ip,ipbits,expire/signature/F4B2070B25D477C06E7AADDF93E4942BA756A8.1E3BA2433E7A33B54EAE60E2316297D8E931344D/key/ck2/file/file.mp3?cpn=yqN2uSwXpwHOPMfM HTTP/1.1
Host: gcdn.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 01 Dec 2022 21:33:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
location: https://r3---sn-5goeenez.c.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/08BD95F8C7F4908DE130C5D1DB1965FECB0E2613.05DCDEDD6FF92A0B8AAB4F0F3A313618F3C39C3B/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5goeenez/ms/onc/mt/1669928996/mv/u/mvi/3/pl/21?cpn=yqN2uSwXpwHOPMfM&file=file.mp3
content-type: text/html; charset=UTF-8
server: ClientMapServer
content-length: 652
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 79e80787534035cb4b3531d77a0d4432
61477b58a4caa41e02f12ddb606fb9059fea76ac
487a083d5db20fc4afe03e307ec0605954f43e3acd48feabd206c7aa599852bb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:33:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3---sn-5goeenez.c.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/08BD95F8C7F4908DE130C5D1DB1965FECB0E2613.05DCDEDD6FF92A0B8AAB4F0F3A313618F3C39C3B/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5goeenez/ms/onc/mt/1669928996/mv/u/mvi/3/pl/21?cpn=yqN2uSwXpwHOPMfM&file=file.mp3
74.125.111.8206 Partial Content 1.2 MB URL HTTP/1.1 r3---sn-5goeenez.c.2mdn.net/videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/08BD95F8C7F4908DE130C5D1DB1965FECB0E2613.05DCDEDD6FF92A0B8AAB4F0F3A313618F3C39C3B/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5goeenez/ms/onc/mt/1669928996/mv/u/mvi/3/pl/21?cpn=yqN2uSwXpwHOPMfM&file=file.mp3
IP 74.125.111.8:0
File type MPEG ADTS, layer III, v1, 320 kbps, 44.1 kHz, Stereo\012- data
Size 1.2 MB (1204766 bytes)
Hash 4f1ca5415b4e51bad24263dc7d382b11
046e74e914f65a9f702c4b166f76f1c1a3940a2a
892ae392d580de00e186369e2fc995d7144385e18474223be3c2ff82fff9512d
GET /videoplayback/id/3d97a47926169016/itag/25/source/web_video_ads/ctier/L/ip/0.0.0.0/ipbits/0/expire/3814179660/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/08BD95F8C7F4908DE130C5D1DB1965FECB0E2613.05DCDEDD6FF92A0B8AAB4F0F3A313618F3C39C3B/key/cms1/cms_redirect/yes/mh/t5/mip/91.90.42.154/mm/42/mn/sn-5goeenez/ms/onc/mt/1669928996/mv/u/mvi/3/pl/21?cpn=yqN2uSwXpwHOPMfM&file=file.mp3 HTTP/1.1
Host: r3---sn-5goeenez.c.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Last-Modified: Tue, 29 Nov 2022 14:20:57 GMT
Content-Type: audio/mpeg
Date: Thu, 01 Dec 2022 21:33:04 GMT
Expires: Thu, 01 Dec 2022 21:33:04 GMT
Cache-Control: private, max-age=86400
Content-Range: bytes 0-1204765/1204766
Accept-Ranges: bytes
Content-Length: 1204766
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Vary: Origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 79e80787534035cb4b3531d77a0d4432
61477b58a4caa41e02f12ddb606fb9059fea76ac
487a083d5db20fc4afe03e307ec0605954f43e3acd48feabd206c7aa599852bb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:33:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ad.doubleclick.net/ddm/trackimp/N468401.3446421DISPLAY360/B22920954.353495029;dc_trk_aid=544408964;dc_trk_cid=183216483;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
216.58.207.230200 OK 42 B URL HTTP/2 ad.doubleclick.net/ddm/trackimp/N468401.3446421DISPLAY360/B22920954.353495029;dc_trk_aid=544408964;dc_trk_cid=183216483;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
IP 216.58.207.230:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ddm/trackimp/N468401.3446421DISPLAY360/B22920954.353495029;dc_trk_aid=544408964;dc_trk_cid=183216483;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 21:33:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 01-Dec-2022 21:48:04 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ade.googlesyndication.com/ddm/activity/dc_oe=ChMIn8PZuq_Z-wIVUI6yCh0GVAuKEAAYACCx9pBXQhMIr4XCuq_Z-wIVhUzCCh1IUgTV;met=1;ecn1=1;etm1=0;eid1=200022;
142.250.74.98200 OK 42 B URL HTTP/2 ade.googlesyndication.com/ddm/activity/dc_oe=ChMIn8PZuq_Z-wIVUI6yCh0GVAuKEAAYACCx9pBXQhMIr4XCuq_Z-wIVhUzCCh1IUgTV;met=1;ecn1=1;etm1=0;eid1=200022;
IP 142.250.74.98:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ddm/activity/dc_oe=ChMIn8PZuq_Z-wIVUI6yCh0GVAuKEAAYACCx9pBXQhMIr4XCuq_Z-wIVhUzCCh1IUgTV;met=1;ecn1=1;etm1=0;eid1=200022; HTTP/1.1
Host: ade.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 21:33:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ade.googlesyndication.com/ddm/activity/dc_oe=ChMIn8PZuq_Z-wIVUI6yCh0GVAuKEAAYACCx9pBXQhMIr4XCuq_Z-wIVhUzCCh1IUgTV;met=1;ecn1=1;etm1=0;eid1=200017;
142.250.74.98200 OK 42 B URL HTTP/2 ade.googlesyndication.com/ddm/activity/dc_oe=ChMIn8PZuq_Z-wIVUI6yCh0GVAuKEAAYACCx9pBXQhMIr4XCuq_Z-wIVhUzCCh1IUgTV;met=1;ecn1=1;etm1=0;eid1=200017;
IP 142.250.74.98:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ddm/activity/dc_oe=ChMIn8PZuq_Z-wIVUI6yCh0GVAuKEAAYACCx9pBXQhMIr4XCuq_Z-wIVhUzCCh1IUgTV;met=1;ecn1=1;etm1=0;eid1=200017; HTTP/1.1
Host: ade.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 21:33:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
51.79.72.199204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
IP 51.79.72.199:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /uploads/videos/16552732563362a977286fb00.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: openresty/1.21.4.1
Date: Thu, 01 Dec 2022 21:33:04 GMT
Connection: keep-alive
Expires: Fri, 01 Dec 2023 21:33:04 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
51.79.72.199200 OK 1.3 kB URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.m3u8
IP 51.79.72.199:0
Hash e4fa2d0ca2740699f072678c596e61bf
e93ebc97eae0ed2e360d06189cdc6b7fb0eb74cd
52d0c8c1a160dd54f991f9e88520769e0476ba00c6f19d9767ce5d11936f1e0f
GET /uploads/videos/16552732563362a977286fb00.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.21.4.1
Date: Thu, 01 Dec 2022 21:33:04 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Fri, 29 Jul 2022 23:17:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e46a6c-25b6"
Expires: Fri, 01 Dec 2023 21:33:04 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
51.79.72.199204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
IP 51.79.72.199:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /uploads/videos/16552732563362a977286fb00.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: openresty/1.21.4.1
Date: Thu, 01 Dec 2022 21:33:04 GMT
Connection: keep-alive
Expires: Fri, 01 Dec 2023 21:33:04 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
51.79.72.199206 Partial Content 259 kB URL HTTP/1.1 h5.vdo.ai/uploads/videos/16552732563362a977286fb00.ts
IP 51.79.72.199:0
Size 259 kB (258688 bytes)
Hash 83788bd4cc603c61f79c652266ad1647
71e8aee6ef1aa1b667796c87d267187a7b3a136f
565960ae5ab4cb3ddd2eb5f29e1be7eba68ef345f09fca29b40bb6b248334ef4
GET /uploads/videos/16552732563362a977286fb00.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-258687
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: openresty/1.21.4.1
Date: Thu, 01 Dec 2022 21:33:05 GMT
Content-Type: video/mp2t
Content-Length: 258688
Last-Modified: Fri, 29 Jul 2022 23:17:00 GMT
Connection: keep-alive
ETag: "62e46a6c-17b6408"
Expires: Fri, 01 Dec 2023 21:33:05 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-258687/24863752
csi.gstatic.com/csi?v=2&s=ima&puid=1~lb5lfk9z&c=8004599161907&slotId=4002299580953.5&qqid=CK-Fwrqv2fsCFYVMwgodSFIE1Q&gqid=jx2JY_jqIs3KZZqMrOgE&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&wta=1&ghmsh_eids=44748969%2C44765701&vmfc=3&vhc=0&ccc=1&ccrh=0&ccri=0&ccrs=1&ccru=0&ccrhc=false
142.250.194.195204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&puid=1~lb5lfk9z&c=8004599161907&slotId=4002299580953.5&qqid=CK-Fwrqv2fsCFYVMwgodSFIE1Q&gqid=jx2JY_jqIs3KZZqMrOgE&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&wta=1&ghmsh_eids=44748969%2C44765701&vmfc=3&vhc=0&ccc=1&ccrh=0&ccri=0&ccrs=1&ccru=0&ccrhc=false
IP 142.250.194.195:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&puid=1~lb5lfk9z&c=8004599161907&slotId=4002299580953.5&qqid=CK-Fwrqv2fsCFYVMwgodSFIE1Q&gqid=jx2JY_jqIs3KZZqMrOgE&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&wta=1&ghmsh_eids=44748969%2C44765701&vmfc=3&vhc=0&ccc=1&ccrh=0&ccri=0&ccrs=1&ccru=0&ccrhc=false HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Thu, 01 Dec 2022 21:33:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lb5lfjna&c=8004599161907&slotId=4002299580953.5&eee=missing-element&bi=missing-id
142.250.194.195204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lb5lfjna&c=8004599161907&slotId=4002299580953.5&eee=missing-element&bi=missing-id
IP 142.250.194.195:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&top=1&puid=1~lb5lfjna&c=8004599161907&slotId=4002299580953.5&eee=missing-element&bi=missing-id HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Thu, 01 Dec 2022 21:33:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=ima&top=1&puid=2~lb5lflro&c=8004599161907&slotId=4002299580953.5&met.4=hvd_lc.lb5lflrn~hvd_src.lb5lflrn&ps=640x360
142.250.194.195204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&top=1&puid=2~lb5lflro&c=8004599161907&slotId=4002299580953.5&met.4=hvd_lc.lb5lflrn~hvd_src.lb5lflrn&ps=640x360
IP 142.250.194.195:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&top=1&puid=2~lb5lflro&c=8004599161907&slotId=4002299580953.5&met.4=hvd_lc.lb5lflrn~hvd_src.lb5lflrn&ps=640x360 HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Thu, 01 Dec 2022 21:33:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.104.3200 OK 0 B IP 172.64.104.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 234
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:04 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FxG0gNsDulVPMeeuvDWU3qM3uKht5f3oH10Ww6RZQESWsBM2cR45bNtEb2NfucrpCTGOtILut3KwynIWD2kZHiuY6lftG8s16dsQUQ8P6seJcNZ%2FzDwijjo1ZRCdOwvyMJW7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef06749de7539-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
IP 172.64.109.13:0
GET /sb/notifications/games/nutaku/multi/2/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:02 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Aug 2022 08:55:17 GMT
etag: W/"62fdfe75-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1410113
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xi%2BOxlzcEpDc%2Bq8%2FMoZI%2B1TQoe8VMkG0HZYH5AyzK0siDsfQv6F9ixWw6I8Gd3dGxETHDONaF08dzUN%2BoUSerit%2Bgy%2B%2BGSWiHQXoQsKHJ4WHzzRGznVF8UG%2FdoEwyJM%2BycZbB70NKAC1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772ef05cfce906c9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:00 GMT
content-type: text/plain
set-cookie: csu=215297915144428@1@1669930380; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8lrq9Nj%2B1WkHFWP9ngLiRXU%2F3Llu%2BjQQeHXH6%2BGRgje5%2F%2FzIVllkClDcE%2ByMdc1huGaUNNdu6gxjstSvqokWu88RIi6mgQMSFT3wSGOYMG%2FYbL5Oxu3udtYgplyVFaiJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef04e4bfd071e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.104.3200 OK 0 B IP 172.64.104.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 238
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:04 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u5M8x9dIvkd1YIE0FWLroVdeg2q5vvxtkWHsHSV8dExez4n8P1gQi5sxUKTGYwnSutjo8s%2Bma84o6qr7wL0GXBqNoUZwWpd8U1zE7ZSFfSa%2Bt3NAraic%2BKitQki%2FHLLplEFw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef06739d27539-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/games/nutaku/multi/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:02 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 15 Sep 2022 10:38:26 GMT
etag: W/"632300a2-514"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 01 Dec 2022 22:33:02 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
exe.io/st?api=92cf2cb66586454fdb1c839903bcf17a864c53ed&url=http://app.auditmy.link/r/cfb92389-9608-4361-8c04-4eb3af992fc1
104.26.2.103200 OK 0 B URL HTTP/2 exe.io/st?api=92cf2cb66586454fdb1c839903bcf17a864c53ed&url=http://app.auditmy.link/r/cfb92389-9608-4361-8c04-4eb3af992fc1
IP 104.26.2.103:0
GET /st?api=92cf2cb66586454fdb1c839903bcf17a864c53ed&url=http://app.auditmy.link/r/cfb92389-9608-4361-8c04-4eb3af992fc1 HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:32:58 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=dd807399e2267ff5b2e8904206f9c376; path=/; HttpOnly
csrfToken=bace5b095142f700e0c40964f82bfc6effd8338a20e937d331b3b5684f85861b6222048ce92084eec91c67258591b22e9c45180a800057bef3074b32586f1b0d; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5rkvQc4dXTce7RvJBQjJeh8X6EKUkUi9QKYAd5tTFq3c%2BINvbduU2UmqHZGs%2FDjJuDX5nxRJXjnMWxacFmtA20OEhOtJsAygPZcjJamb1FXOnwlczEWmOw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef0418bbfb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
IP 172.64.109.13:0
GET /sb/notifications/games/nutaku/multi/2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:02 GMT
content-type: application/javascript
last-modified: Thu, 18 Aug 2022 08:55:27 GMT
etag: W/"62fdfe7f-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1410113
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1nmnYcodyqIfD0wAiLtR5PZ8L%2B%2BZ3Ct2y8mYvYrsqAR4sfjZlH0HAI70QW0gaHyn3c89769v3ERVHRgSK8x1zmdzXsYkH4T8I3KgeCVXP7q%2BA03%2BtSEIKquS1AGHXP2dgvOig77fzDUS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772ef05cfcea06c9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:00 GMT
content-type: text/plain
set-cookie: csu=596879696236999@1@1669930380; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kvtw6jh3AZ1BcFYgBdTgzCE8bmFOj61jAZAQgefvSt1guBybh9i0bF1w6vCO5Cg90VHJu%2FEm7SexPTgGHoxpDGEKvtcLSSe%2BB%2Bmgo77uGmbgSfHvuNhwR4Wv8FU76y7y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef04f3d09071e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.104.3200 OK 0 B IP 172.64.104.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 193
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:04 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eEd%2FtABp2THXDqtRVzB5x%2B9lkfUMNuqy3HJS%2BiJ%2BOp2gZfCYpiE087U7oHIbJF4rfhEk2WLXIEC14sEuEo0tN6k7o%2B9pWVyRe2bOZcdLOx7wHKcEb0t6QpV012DFAV5yB8DZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef067ca957539-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.104.3200 OK 0 B IP 172.64.104.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 179
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:02 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERzkcoe6PhgWVmzFTS1Eyo5%2FCEN4amlZ2LHy6j3HxIDgpUF2WCXfVmDCHy9bSa8Y3m6LzeIdkAAGgADTCD3ARIb8a%2FyEFc1VPnd%2Bu9UaS6i4c48x4NGq1%2Fd7naPyNMQWpN0s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef0594ca87539-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.104.3200 OK 0 B IP 172.64.104.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 181
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:02 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sadaXIpVi9JDuJgdbhbM5qL68qnA9L4p1gc%2FGbc5oUg32LCCrcO5h%2BkkEAoEMOmZuSmr0lZIurPlsqpScSniavEJqEoh19%2Fe0m3lz9ywNE%2BMSdqHxmoNzrQYVFV7HOriCupZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef0596cc37539-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
188.114.96.1200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP 188.114.96.1:0
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:32:59 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4409
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZhAwJQUR6DOehzoo7OsYcDvyWSd1wFuIOM1nILJZ3yPR40pCSnUNlW1y4%2FVjcieCsH1TEZEOYD8eqOFWzwHAb1QzLXlqT4ZHh8bsYzse0pQXXa26Aa8cHZyMzH62DWKCBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772ef047389ab4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:00 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4933
last-modified: Thu, 01 Dec 2022 20:10:47 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5fPRAWN2w9cmHhTsbGqMwUrN3%2BhMdurK1R6iv0bVn1r4UXF89RL1bz%2FbO3Z5H7q1uUuCmnxvrOcPqoBVlePvxViwq7TAIZKSoQRDz0IGUb9QyU1Trrs8QN8m8RbULlM2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772ef04eac6d071e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
172.64.104.3200 OK 0 B IP 172.64.104.3:0
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 187
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:33:02 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3T44UJA6qprJ4CiX8aLcsDazxs%2BThjluBUIJtGcKtWBvm2R6gibDox4b1eb89fVgVacZiY8o6xAQSCBMm6PyJursfwKfH%2FpljrGsVkNOAwCA8icYSIbc9O%2FarDZ0gNMH0nER"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772ef0595cb87539-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2