exe.io/eUG2
301 Moved Permanently 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eUG2 HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 05 Dec 2022 23:53:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 00:53:12 GMT
Location: https://exe.io/eUG2
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1A2QYA21YcrpQ0ctgoPQPhR1UfiExHI0OAPhlGpPUZ4xEaXoz9xBIauxaYtfw1pSMjPex4JYZUKPHyMtfuIXKR2qQ%2FSIxPaT5fVLmV5UlvrQ2OWC6YtSjw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7750b32dee5e0b02-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11264
Expires: Tue, 06 Dec 2022 03:00:56 GMT
Date: Mon, 05 Dec 2022 23:53:12 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 673
Cache-Control: max-age=125360
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:12 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 10:42:32 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13825
Expires: Tue, 06 Dec 2022 03:43:37 GMT
Date: Mon, 05 Dec 2022 23:53:12 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 279 B IP
Hash fd77400dc41362bbf9dd92b4249c8a99
51184cc7dc18b0f7c0869fca3a26ac70505427e5
c8b0c46ab7c53dbc45620db2bbb133566c4458dc3652ae35541403ede3a8f6ca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2167
Cache-Control: max-age=164663
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:12 GMT
Etag: "638e5c28-117"
Expires: Wed, 07 Dec 2022 21:37:35 GMT
Last-Modified: Mon, 05 Dec 2022 21:01:28 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 23:18:31 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2081
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 6S7fvcgkvyAdLgT8MMHPO4wq7HIKdZQVvEjgZ3dhNEWBCPkHrU/RuTQWLd+jlwq4ck9L0N1IOcM=
x-amz-request-id: CN9VCQWVD8WT8BJT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 23:48:42 GMT
age: 270
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 23:53:12 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash fd77400dc41362bbf9dd92b4249c8a99
51184cc7dc18b0f7c0869fca3a26ac70505427e5
c8b0c46ab7c53dbc45620db2bbb133566c4458dc3652ae35541403ede3a8f6ca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2168
Cache-Control: max-age=164663
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:13 GMT
Etag: "638e5c28-117"
Expires: Wed, 07 Dec 2022 21:37:36 GMT
Last-Modified: Mon, 05 Dec 2022 21:01:28 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 0b6cb4418a2a5a46ef9b1c510abd916d
d7b34fafd23f48d30121e256d5340364cd4a3e36
b6e757d30af01a40f181baea49a2a553eeb40172509419e4a1c64d694a3c68c0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "B6E757D30AF01A40F181BAEA49A2A553EEB40172509419E4A1C64D694A3C68C0"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10945
Expires: Tue, 06 Dec 2022 02:55:38 GMT
Date: Mon, 05 Dec 2022 23:53:13 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 23:11:19 GMT
cache-control: public,max-age=3600
age: 2514
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 0b6cb4418a2a5a46ef9b1c510abd916d
d7b34fafd23f48d30121e256d5340364cd4a3e36
b6e757d30af01a40f181baea49a2a553eeb40172509419e4a1c64d694a3c68c0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "B6E757D30AF01A40F181BAEA49A2A553EEB40172509419E4A1C64D694A3C68C0"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10945
Expires: Tue, 06 Dec 2022 02:55:38 GMT
Date: Mon, 05 Dec 2022 23:53:13 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5f16a534222e5749ef240d413826c2f6
11683d84d420dd6f919425094edb8961278f7fed
691ebf7feb1f7d6ae7e5e7efd678626c62042dda520506f262c7d9a67a48e3ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP
File type ASCII text, with very long lines (1921)
Hash 3ebb727bba9256636a88eb208531f808
0fe05727706e51240f69fec4d8929dc4b972cbeb
ac500ccef25cba51fe72ec1231616e2ecd56b91140d3e72eb463c38c4810c681
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Dec 2022 23:53:13 GMT
expires: Mon, 05 Dec 2022 23:53:13 GMT
cache-control: private, max-age=900
last-modified: Mon, 05 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43632
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 664
Cache-Control: max-age=120283
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:13 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 09:17:56 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5f16a534222e5749ef240d413826c2f6
11683d84d420dd6f919425094edb8961278f7fed
691ebf7feb1f7d6ae7e5e7efd678626c62042dda520506f262c7d9a67a48e3ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash bab3e161e3f3854daf7dc364769decd5
48869547ffc9c4481f49a32528f2bbe9d7038bf0
02df2293bba89b1251e3dc7e75df671314cab849e0bc367507cdc10b35dbb4aa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "02DF2293BBA89B1251E3DC7E75DF671314CAB849E0BC367507CDC10B35DBB4AA"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1215
Expires: Tue, 06 Dec 2022 00:13:28 GMT
Date: Mon, 05 Dec 2022 23:53:13 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 7dfcccf215cf86b4623fff4c034715a4
50a277a800ab385c2e3c003f66a133952df13344
fc9a4dcaf897cbbe6d4350aeaa7b99c286ed1b6acbf2b2f9e01d5593732347a3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "FC9A4DCAF897CBBE6D4350AEAA7B99C286ED1B6ACBF2B2F9E01D5593732347A3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11629
Expires: Tue, 06 Dec 2022 03:07:02 GMT
Date: Mon, 05 Dec 2022 23:53:13 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 279 B IP
Hash b67f0ffe86aabe3e231a067ba78fdc6e
15090f309ab9f2393446f37ed38e2e709c26a4f2
0c45491a412177ed43976e0783d29b90f2e709682d5dedb2cdfee7d79a4694e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2119
Cache-Control: max-age=125331
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:13 GMT
Etag: "638dc2b5-117"
Expires: Wed, 07 Dec 2022 10:42:04 GMT
Last-Modified: Mon, 05 Dec 2022 10:06:45 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:52:41 GMT
expires: Tue, 05 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 18032
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 71a45d8a5362743aa24608a11f9d5cd8
4cdf403c8dd502021c4751c0e6356edfcb2c4b6f
bacbb522c01bbe210e502ed5c3f7af2ff7cbb24de26d0d0b38e0f213f3af8d24
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BACBB522C01BBE210E502ED5C3F7AF2FF7CBB24DE26D0D0B38E0F213F3AF8D24"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17808
Expires: Tue, 06 Dec 2022 04:50:01 GMT
Date: Mon, 05 Dec 2022 23:53:13 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 71a45d8a5362743aa24608a11f9d5cd8
4cdf403c8dd502021c4751c0e6356edfcb2c4b6f
bacbb522c01bbe210e502ed5c3f7af2ff7cbb24de26d0d0b38e0f213f3af8d24
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BACBB522C01BBE210E502ED5C3F7AF2FF7CBB24DE26D0D0B38E0F213F3AF8D24"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17808
Expires: Tue, 06 Dec 2022 04:50:01 GMT
Date: Mon, 05 Dec 2022 23:53:13 GMT
Connection: keep-alive
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
200 OK 62 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
Hash 6dd2a1e799a72473b96f311c808ec5d0
40ef8651ac7b1935a744415a51c11c0c44e25330
c20b2214a8ee2e541a45902dc347020f78446e1d455f4a4aad7fba9ffee2e3d5
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:56:07 GMT
expires: Tue, 05 Dec 2023 18:56:07 GMT
cache-control: public, max-age=31536000
age: 17826
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6ad9c8be90185a2999c437c8f20d9598
7bbd6e44e0668d39372e618f399b8870ae424be3
699465663efd32d1f7551f1fb3e5f42d7e625f9f821506033ace98e56f1fc991
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "699465663EFD32D1F7551F1FB3E5F42D7E625F9F821506033ACE98E56F1FC991"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3819
Expires: Tue, 06 Dec 2022 00:56:52 GMT
Date: Mon, 05 Dec 2022 23:53:13 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/zS9LQpQjq7E
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/zS9LQpQjq7E
IP
Hash 25390cf3c12981eaf3dfd85a8c68598e
543bd08b6eadedd122c3173be79cdbed6bde6d00
87682f755d290d90603accae3fbdbf564fc831124d1b3e727f4fc199c4c540ba
POST /s/gts1p5/zS9LQpQjq7E HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fn.deulspoorn.com/1clkn/29529
200 OK 26 B URL HTTP/1.1 fn.deulspoorn.com/1clkn/29529
IP
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: fn.deulspoorn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 23:53:13 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Tue, 06-Dec-2022 23:53:13 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Tue, 06-Dec-2022 23:53:13 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/s/gts1p5/zS9LQpQjq7E
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/zS9LQpQjq7E
IP
Hash 25390cf3c12981eaf3dfd85a8c68598e
543bd08b6eadedd122c3173be79cdbed6bde6d00
87682f755d290d90603accae3fbdbf564fc831124d1b3e727f4fc199c4c540ba
POST /s/gts1p5/zS9LQpQjq7E HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
othecknotinda.com/WTVOR2c4Vy0qWDgILGESK1lzYlUfEHwBA2pZJXISKUN+Lh8yTHxpBDVaOyMBK1ogM0k3UDpiVR9aFD09M2F9AiIOZH43MzF7KAVUE38WMF4BUSURJQF3DyAvIVYCAQAQXBYrKhJ0Gn8APE0tASBoDR8BHQxjGSA9H3w2Bi0MY3s3IRhZGB8JbG0MKy4bViURJQhdAyAgNUUbASM6fAwREAt+HDA2HHcXMjMYRRQANABRDXYDHlMaIzQecwA2NmhWKwEkAFMPdgwMZQgVMRtSfnAxH2AJEglgUxg/KQhxGBUxG10fKi9ocA0VCS5PHyA1DXt+IzMcBGMGKQ9zGwAiDVkbES89Zih3NRN3JTcWCAQqFSUwQi8EJRdnDRIpAXd/CUJrcx8BBBFnIHYlGGN2FSwxVgcTDAMMAHY+HmMjASUIYAAiAT4TJDQIN0VzMioKDCsuKRdyAzMtMw0
200 OK 1.2 kB URL HTTP/2 othecknotinda.com/WTVOR2c4Vy0qWDgILGESK1lzYlUfEHwBA2pZJXISKUN+Lh8yTHxpBDVaOyMBK1ogM0k3UDpiVR9aFD09M2F9AiIOZH43MzF7KAVUE38WMF4BUSURJQF3DyAvIVYCAQAQXBYrKhJ0Gn8APE0tASBoDR8BHQxjGSA9H3w2Bi0MY3s3IRhZGB8JbG0MKy4bViURJQhdAyAgNUUbASM6fAwREAt+HDA2HHcXMjMYRRQANABRDXYDHlMaIzQecwA2NmhWKwEkAFMPdgwMZQgVMRtSfnAxH2AJEglgUxg/KQhxGBUxG10fKi9ocA0VCS5PHyA1DXt+IzMcBGMGKQ9zGwAiDVkbES89Zih3NRN3JTcWCAQqFSUwQi8EJRdnDRIpAXd/CUJrcx8BBBFnIHYlGGN2FSwxVgcTDAMMAHY+HmMjASUIYAAiAT4TJDQIN0VzMioKDCsuKRdyAzMtMw0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash 1800ea62e10da1f77a83fad8489a2d5c
02bef7e3a1334689dd56425f4f6411c5706060d8
717abc023ac1db1fd9fabe5cdbc51ed31b5fb836f5eb3d33379bd6f176480ec6
GET /WTVOR2c4Vy0qWDgILGESK1lzYlUfEHwBA2pZJXISKUN+Lh8yTHxpBDVaOyMBK1ogM0k3UDpiVR9aFD09M2F9AiIOZH43MzF7KAVUE38WMF4BUSURJQF3DyAvIVYCAQAQXBYrKhJ0Gn8APE0tASBoDR8BHQxjGSA9H3w2Bi0MY3s3IRhZGB8JbG0MKy4bViURJQhdAyAgNUUbASM6fAwREAt+HDA2HHcXMjMYRRQANABRDXYDHlMaIzQecwA2NmhWKwEkAFMPdgwMZQgVMRtSfnAxH2AJEglgUxg/KQhxGBUxG10fKi9ocA0VCS5PHyA1DXt+IzMcBGMGKQ9zGwAiDVkbES89Zih3NRN3JTcWCAQqFSUwQi8EJRdnDRIpAXd/CUJrcx8BBBFnIHYlGGN2FSwxVgcTDAMMAHY+HmMjASUIYAAiAT4TJDQIN0VzMioKDCsuKRdyAzMtMw0 HTTP/1.1
Host: othecknotinda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1196
date: Mon, 05 Dec 2022 23:53:13 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ff51bc3614c373d274030fe4ca1a34fc.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: uK22aKzzILW_hgHw08c5VEHkZZEQq7DKtBIZvX8O3cO9jw8rNJgPzQ==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
othecknotinda.com/cmJ0dXATABcYTxNfFlMFAA5JUEI0R0YzFEEOH0AFAhREHAgZG0ZbEx4NAREWAA0aAV4cBwBQQjRQJUY6Cwc8OBc6MAMQJDYBFjMbJC4QRTYzNh8/HDUjMS04JiwkNyQrIzY3SEQtAyAkPAslLSYmAT0zGyQmLidEJiQcJ1VAICI3EyUnPEA0JCAfLTknWzMtFysLIA1IKiEnGhU6ChgiEyYwPCMbPA8lMDojIDcaEzQKFzA9NAY1JjJCUSJFMjszGjsTIw5FNDEkBjUmMSMTPDAiPzQaNAckUgQxP0IwMy0lMyAiRTI7IyAjKCM2GDYTQgYXJjYCDyUwXTsEMhwxKCoiRDIwNzY2IycsDiRAOCgiGzYxJDYwMjgKJRExNDgMOzU8KyYYQTE0NUQ/EQVSHwMdDARIBzwRMxg4MRQkMSYd
200 OK 1.2 kB URL HTTP/2 othecknotinda.com/cmJ0dXATABcYTxNfFlMFAA5JUEI0R0YzFEEOH0AFAhREHAgZG0ZbEx4NAREWAA0aAV4cBwBQQjRQJUY6Cwc8OBc6MAMQJDYBFjMbJC4QRTYzNh8/HDUjMS04JiwkNyQrIzY3SEQtAyAkPAslLSYmAT0zGyQmLidEJiQcJ1VAICI3EyUnPEA0JCAfLTknWzMtFysLIA1IKiEnGhU6ChgiEyYwPCMbPA8lMDojIDcaEzQKFzA9NAY1JjJCUSJFMjszGjsTIw5FNDEkBjUmMSMTPDAiPzQaNAckUgQxP0IwMy0lMyAiRTI7IyAjKCM2GDYTQgYXJjYCDyUwXTsEMhwxKCoiRDIwNzY2IycsDiRAOCgiGzYxJDYwMjgKJRExNDgMOzU8KyYYQTE0NUQ/EQVSHwMdDARIBzwRMxg4MRQkMSYd
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3021), with no line terminators
Hash 68863be7f6b38a0c24934a05843847d2
888b14acd1464058cf90ba3b220408d6ff89f806
60ac104da43012ade6ad4c9d7ea92a10b6c68cf858d2630000b4180cfa9eaf28
GET /cmJ0dXATABcYTxNfFlMFAA5JUEI0R0YzFEEOH0AFAhREHAgZG0ZbEx4NAREWAA0aAV4cBwBQQjRQJUY6Cwc8OBc6MAMQJDYBFjMbJC4QRTYzNh8/HDUjMS04JiwkNyQrIzY3SEQtAyAkPAslLSYmAT0zGyQmLidEJiQcJ1VAICI3EyUnPEA0JCAfLTknWzMtFysLIA1IKiEnGhU6ChgiEyYwPCMbPA8lMDojIDcaEzQKFzA9NAY1JjJCUSJFMjszGjsTIw5FNDEkBjUmMSMTPDAiPzQaNAckUgQxP0IwMy0lMyAiRTI7IyAjKCM2GDYTQgYXJjYCDyUwXTsEMhwxKCoiRDIwNzY2IycsDiRAOCgiGzYxJDYwMjgKJRExNDgMOzU8KyYYQTE0NUQ/EQVSHwMdDARIBzwRMxg4MRQkMSYd HTTP/1.1
Host: othecknotinda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1173
date: Mon, 05 Dec 2022 23:53:13 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ff51bc3614c373d274030fe4ca1a34fc.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: XsmM01g3U86f0LADOdUwakvPIkWISXxRezW-WMm0D8m4UxuYkwMK2g==
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash b67f0ffe86aabe3e231a067ba78fdc6e
15090f309ab9f2393446f37ed38e2e709c26a4f2
0c45491a412177ed43976e0783d29b90f2e709682d5dedb2cdfee7d79a4694e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2119
Cache-Control: max-age=125331
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:13 GMT
Etag: "638dc2b5-117"
Expires: Wed, 07 Dec 2022 10:42:04 GMT
Last-Modified: Mon, 05 Dec 2022 10:06:45 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
othecknotinda.com/utx?cb=tqpKwdW0Xzeb&top=exee.app&tid=889494
204 No Content 0 B URL HTTP/2 othecknotinda.com/utx?cb=tqpKwdW0Xzeb&top=exee.app&tid=889494
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=tqpKwdW0Xzeb&top=exee.app&tid=889494 HTTP/1.1
Host: othecknotinda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 05 Dec 2022 23:53:13 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 05 Dec 2022 23:54:13 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ff51bc3614c373d274030fe4ca1a34fc.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: RJGCQCeKHupjadaibLyGc2aA55GlN14MKQKMIGMSUE9YbmaW4cxrEw==
X-Firefox-Spdy: h2
exe.io/eUG2
302 Found 168 kB IP
Size 168 kB (168496 bytes)
Hash e844952513a0e1ccffb820a2133db133
9509b627d0af0e0d21cbe011f9beb2e4f7bc47c8
39138a6b60a558f3fcdea3d20e66581d72023aea759ddac024cc46889da4f95a
GET /eUG2 HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Mon, 05 Dec 2022 23:53:13 GMT
content-type: text/html; charset=UTF-8
location: https://exee.app/eUG2
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=f21b3d3c70c29f2fd68352b56e9393dd; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q3PynAPIbzFIN2d5cXZghN7YstwYfrPpAGDRqIzUVjIPmA%2Fj3j4VDUyRc76QUWCbhLEjCF%2BlobLhjI%2FSXs9oUZ2jVXL5o9mIjIObcdPNgmi3ePuABS0esw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7750b3300cd7b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
othecknotinda.com/utx?cb=Eojbl5VBYZeg&top=exee.app&tid=822524
204 No Content 0 B URL HTTP/2 othecknotinda.com/utx?cb=Eojbl5VBYZeg&top=exee.app&tid=822524
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=Eojbl5VBYZeg&top=exee.app&tid=822524 HTTP/1.1
Host: othecknotinda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 05 Dec 2022 23:53:13 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 05 Dec 2022 23:54:13 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ff51bc3614c373d274030fe4ca1a34fc.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: vdXJWpudQ8nBtmLqPnbBxQsw2aXwmHW8nQuKPA0p_KjFE1Xzrg8deg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b03513dc6bdc1c0f560a2003abb03433
441e54b5ea1a6360ec78f30d1b7f9e61139031b6
e8c37a959588a9ae367b0540f7baae34f0405f72f71b97abc8c268b4a12d572e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8C37A959588A9AE367B0540F7BAAE34F0405F72F71B97ABC8C268B4A12D572E"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3992
Expires: Tue, 06 Dec 2022 00:59:45 GMT
Date: Mon, 05 Dec 2022 23:53:13 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8SsVhw4me23i8og6oO1g+g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: YmnyTg4kjN7r/7bV3Mn7Mtegc0o=
ocsp.pki.goog/s/gts1p5/zS9LQpQjq7E
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/zS9LQpQjq7E
IP
Hash 25390cf3c12981eaf3dfd85a8c68598e
543bd08b6eadedd122c3173be79cdbed6bde6d00
87682f755d290d90603accae3fbdbf564fc831124d1b3e727f4fc199c4c540ba
POST /s/gts1p5/zS9LQpQjq7E HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
norakseemlyntr.com/d1hhMENYZwJDfiQQKAQhMBIZYzQPATdoejYcN1wUEQ0schshCUdEKhNlWQRwRW5QFjMePFwBe1ErFVE3AitcAWUeNgdfflEuXAFtR3ZTHnFRLVwBZQMoAFd+Rn4RRDcbZVAGdEdqWQRwTmhYCHI
204 No Content 0 B URL HTTP/2 norakseemlyntr.com/d1hhMENYZwJDfiQQKAQhMBIZYzQPATdoejYcN1wUEQ0schshCUdEKhNlWQRwRW5QFjMePFwBe1ErFVE3AitcAWUeNgdfflEuXAFtR3ZTHnFRLVwBZQMoAFd+Rn4RRDcbZVAGdEdqWQRwTmhYCHI
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d1hhMENYZwJDfiQQKAQhMBIZYzQPATdoejYcN1wUEQ0schshCUdEKhNlWQRwRW5QFjMePFwBe1ErFVE3AitcAWUeNgdfflEuXAFtR3ZTHnFRLVwBZQMoAFd+Rn4RRDcbZVAGdEdqWQRwTmhYCHI HTTP/1.1
Host: norakseemlyntr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 05 Dec 2022 23:53:13 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9wMCBnCdgtm7U2MfCYZOCYzwckompWEt4uRrwmA%2BmWiIC5xnLte1d2dmz0sFE%2BLFN%2FW291hbiUrGmyf46sEWpNlEgGqzOj1hYKIcMGzWC2cEbFQoiyi6NlQ5gsSaDHOm7Kq3xtg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7750b335aca6b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 71a45d8a5362743aa24608a11f9d5cd8
4cdf403c8dd502021c4751c0e6356edfcb2c4b6f
bacbb522c01bbe210e502ed5c3f7af2ff7cbb24de26d0d0b38e0f213f3af8d24
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BACBB522C01BBE210E502ED5C3F7AF2FF7CBB24DE26D0D0B38E0F213F3AF8D24"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17807
Expires: Tue, 06 Dec 2022 04:50:01 GMT
Date: Mon, 05 Dec 2022 23:53:14 GMT
Connection: keep-alive
norakseemlyntr.com/bllUeGdBZjcLWjQybT0CACkHHj8oHQUUXlc6PzYsO2o8QDMFYXIMDgpkbEpVW2tgXhcHPWlJQR0tNQwSHWRlXg4APztFQRhkZVZUWndnSUlffyFFVkgtJBkAU2hyCBMaNWlJUVlpZkBTXWBkQVZY
204 No Content 0 B URL HTTP/2 norakseemlyntr.com/bllUeGdBZjcLWjQybT0CACkHHj8oHQUUXlc6PzYsO2o8QDMFYXIMDgpkbEpVW2tgXhcHPWlJQR0tNQwSHWRlXg4APztFQRhkZVZUWndnSUlffyFFVkgtJBkAU2hyCBMaNWlJUVlpZkBTXWBkQVZY
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bllUeGdBZjcLWjQybT0CACkHHj8oHQUUXlc6PzYsO2o8QDMFYXIMDgpkbEpVW2tgXhcHPWlJQR0tNQwSHWRlXg4APztFQRhkZVZUWndnSUlffyFFVkgtJBkAU2hyCBMaNWlJUVlpZkBTXWBkQVZY HTTP/1.1
Host: norakseemlyntr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 05 Dec 2022 23:53:14 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OejzFPxNT7gpLhT7hnsIJgV02lZDNI50ValCwNQx1wok%2Fz7Xl3PpVTJc9mXNHUubA3hfW6%2BliM9nKQzSwoXoduoPoCZBnhXh7asz9lbpjKOkfElMU%2BxGN3N4Thj18Rru4QYoeME%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7750b3360d13b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/zS9LQpQjq7E
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/zS9LQpQjq7E
IP
Hash 25390cf3c12981eaf3dfd85a8c68598e
543bd08b6eadedd122c3173be79cdbed6bde6d00
87682f755d290d90603accae3fbdbf564fc831124d1b3e727f4fc199c4c540ba
POST /s/gts1p5/zS9LQpQjq7E HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:14 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdntechone.com/stattag.js
200 OK 5.2 kB URL HTTP/2 cdntechone.com/stattag.js
IP
File type ASCII text, with very long lines (12932), with no line terminators
Hash f95c022a04e2db37f1c70a2aaa22b40e
51a3a1c1478758643f5d7640d4e47aaa7ca2706e
abae49d4662d898deb06ea45753842e4b4288b67107574b0ed74a99d44e2a136
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:13 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5450
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z9VJZOyVT0ZSIBwD3ndMlzt9PZ%2BK9vLWcY7Klb8obwxx2gm%2BXjvHuTPBq5SYT8%2F9JWdOSI51SyJXqFX0eS3AaewwwFOq%2Fl9bCe%2Be0bBP4sOm77AFsldhjQXDVNMcBqXUHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7750b334b8351bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
200 OK 14 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37189), with no line terminators
Hash c3ec9bbf6a5512951da3737b51e5d7d9
3f59fdf96c37d5be41034a3b5f75a66f490304d2
0a78afbdf7cf938da38e51ff5068b6ba366900dfe2c80d5aec6249d48373023a
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Mon, 05 Dec 2022 23:53:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1cbec394c0ca5e50d28b2fb5be82e2fb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sectigo.com/
200 OK 472 B IP
Hash 688b45eb160bc1d3c007143fd57ffca4
fc3d05405c60679f2916d4d7f9456f66ee17b47e
fc2909dede0f02f33d873592a40c1617f8097be4e23990e4bde7806b2811c369
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 23:53:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 04:52:36 GMT
Expires: Mon, 12 Dec 2022 04:52:35 GMT
Etag: "fc3d05405c60679f2916d4d7f9456f66ee17b47e"
Cache-Control: max-age=535760,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7750b3377aa3b512-OSL
d3lk5upv0ixky2.cloudfront.net/uMFhhV2VTNw8xWkQxBWpdAmpUZVEWMhI4C0BlIGcQXTJTICBmMSVgQ0QiBWpVFjQAOQINfgQ5Bg1pRzYBUmVVcRFANwpqB0cgGDUPQj4MIENFOVw6CkoxDTsEFWonYksAfVNnTUcxDzMKRytEZVVeLERlVQFoT2dAAxpEZVVHMQ9hURVrI3JXACBXY0ADGk-RlVUIuRGQkAWhUeVUZfVNnAlU7CjhAAh5TZ1QAaFBnVBVqUTEMQj0HOB0VaidmVQV2UXEQDWk
200 OK 527 B URL HTTP/2 d3lk5upv0ixky2.cloudfront.net/uMFhhV2VTNw8xWkQxBWpdAmpUZVEWMhI4C0BlIGcQXTJTICBmMSVgQ0QiBWpVFjQAOQINfgQ5Bg1pRzYBUmVVcRFANwpqB0cgGDUPQj4MIENFOVw6CkoxDTsEFWonYksAfVNnTUcxDzMKRytEZVVeLERlVQFoT2dAAxpEZVVHMQ9hURVrI3JXACBXY0ADGk-RlVUIuRGQkAWhUeVUZfVNnAlU7CjhAAh5TZ1QAaFBnVBVqUTEMQj0HOB0VaidmVQV2UXEQDWk
IP
File type ASCII text, with very long lines (704), with no line terminators
Hash 9ebba8167a1deaf38af51c7850e34567
7d4c8b92bf49378e4ddf909e466b1565896fdca9
470d261de9ee4267992f179edf6436a8535be0946236836631e7a1882eb80896
GET /uMFhhV2VTNw8xWkQxBWpdAmpUZVEWMhI4C0BlIGcQXTJTICBmMSVgQ0QiBWpVFjQAOQINfgQ5Bg1pRzYBUmVVcRFANwpqB0cgGDUPQj4MIENFOVw6CkoxDTsEFWonYksAfVNnTUcxDzMKRytEZVVeLERlVQFoT2dAAxpEZVVHMQ9hURVrI3JXACBXY0ADGk-RlVUIuRGQkAWhUeVUZfVNnAlU7CjhAAh5TZ1QAaFBnVBVqUTEMQj0HOB0VaidmVQV2UXEQDWk HTTP/1.1
Host: d3lk5upv0ixky2.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://othecknotinda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 527
date: Mon, 05 Dec 2022 23:53:14 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NhGtAp3Mi3UGjvCrjL8JITsLbAfsJrr5b-VoLaJnaSSepaYm6Upyjg==
X-Firefox-Spdy: h2
d3lk5upv0ixky2.cloudfront.net/2Q3JyeHMgHRweTDcbFkVLd0FATkJlGAEXHTNPBTYABB86OwUTNiQXVTcIFkVDZR4TFhR+VBcWEH5DVBkXIU9GXgYiTx8XCSoeHhlWcTRHVkNmQEJQBCocFhcEMFdASB03V0BIQnNcQl1AAVdASAQqHERMVnAwV0pDO0RGXUABV0BIATVXQTlCc0dcSFpmQE-IfFiAZHV1BBUBCSUNzQ0JJVnFCFBEBJhQdAFZxNENIRm1CVA1Ocg
200 OK 194 B URL HTTP/2 d3lk5upv0ixky2.cloudfront.net/2Q3JyeHMgHRweTDcbFkVLd0FATkJlGAEXHTNPBTYABB86OwUTNiQXVTcIFkVDZR4TFhR+VBcWEH5DVBkXIU9GXgYiTx8XCSoeHhlWcTRHVkNmQEJQBCocFhcEMFdASB03V0BIQnNcQl1AAVdASAQqHERMVnAwV0pDO0RGXUABV0BIATVXQTlCc0dcSFpmQE-IfFiAZHV1BBUBCSUNzQ0JJVnFCFBEBJhQdAFZxNENIRm1CVA1Ocg
IP
File type ASCII text, with no line terminators
Hash 4f61eced8c395c4251ef0490be584dc5
8133e98ce96130cc84d81d5e8e85cd6f32a25560
83e58f737342c98dbae6e1d02656798a93a2fe3406bcc78df5ead7670c9391df
GET /2Q3JyeHMgHRweTDcbFkVLd0FATkJlGAEXHTNPBTYABB86OwUTNiQXVTcIFkVDZR4TFhR+VBcWEH5DVBkXIU9GXgYiTx8XCSoeHhlWcTRHVkNmQEJQBCocFhcEMFdASB03V0BIQnNcQl1AAVdASAQqHERMVnAwV0pDO0RGXUABV0BIATVXQTlCc0dcSFpmQE-IfFiAZHV1BBUBCSUNzQ0JJVnFCFBEBJhQdAFZxNENIRm1CVA1Ocg HTTP/1.1
Host: d3lk5upv0ixky2.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://othecknotinda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 194
date: Mon, 05 Dec 2022 23:53:14 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JGBAZDGwWI5k-pwLVh0vyedT9_pCQW3KZUofT_4EroTVuHyDVGIPww==
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 3 B IP
Hash fdb6102a6045838e0db6b0f44a805a9e
2ab4aa6912642d423aca3f34ee6327fc16e51470
24aa2791e4cb4a4105cb04f024a8cbf1ebc7aa9b8faed033a9681bfd6695dc2d
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 123
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:14 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wFrfIZdNXIMWl8ujL1dut4ULE6JFz9lE0IfgoClGvpCJptKkpsazucSqSNFE5e4keRiR8%2FAWOMTJuH9C7bwhFm2vnpm5mIDC32GspYNoxNrJR6Lx1ustPUAedws676eArwgY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7750b3366d83888f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d3lk5upv0ixky2.cloudfront.net/oZzZjT3EEWQ0pThNfB3JJXw9XdkVBXBAgHxcLFgIiXlMKAT8gexcFG18QFzUVWgZFIxAJUV5pFAlVXn5XBlIBckVBQhMgGlpUFDcIBVwRKRwQEBYuTApZGSYdC1dGfTdSGFNqQ1ceFCYfA1kUPFRVBg07VFUGUn9fVxNQDVRVBhQmH1ECRnwzQgRTN0dTE1-ANVFUGETlUVHdSf0RJBkpqQ1dRBiwaCBNRCUNXB1N/QFcHRn1BAV8RKhcITkZ9N1YGVmFBQUNefg
200 OK 603 B URL HTTP/2 d3lk5upv0ixky2.cloudfront.net/oZzZjT3EEWQ0pThNfB3JJXw9XdkVBXBAgHxcLFgIiXlMKAT8gexcFG18QFzUVWgZFIxAJUV5pFAlVXn5XBlIBckVBQhMgGlpUFDcIBVwRKRwQEBYuTApZGSYdC1dGfTdSGFNqQ1ceFCYfA1kUPFRVBg07VFUGUn9fVxNQDVRVBhQmH1ECRnwzQgRTN0dTE1-ANVFUGETlUVHdSf0RJBkpqQ1dRBiwaCBNRCUNXB1N/QFcHRn1BAV8RKhcITkZ9N1YGVmFBQUNefg
IP
File type ASCII text, with very long lines (874), with no line terminators
Hash 040eb6829baf55fa5946122e9d390cbb
53e13ba591aeed5bd8a182832271d0adc9bded93
98a6fb73263daaa4fa818ecbf9231a2279eb12552d54cac8c76a83b22a4872e4
GET /oZzZjT3EEWQ0pThNfB3JJXw9XdkVBXBAgHxcLFgIiXlMKAT8gexcFG18QFzUVWgZFIxAJUV5pFAlVXn5XBlIBckVBQhMgGlpUFDcIBVwRKRwQEBYuTApZGSYdC1dGfTdSGFNqQ1ceFCYfA1kUPFRVBg07VFUGUn9fVxNQDVRVBhQmH1ECRnwzQgRTN0dTE1-ANVFUGETlUVHdSf0RJBkpqQ1dRBiwaCBNRCUNXB1N/QFcHRn1BAV8RKhcITkZ9N1YGVmFBQUNefg HTTP/1.1
Host: d3lk5upv0ixky2.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://othecknotinda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 603
date: Mon, 05 Dec 2022 23:53:14 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nL94DggRHhUpDqo61uW1fUVVjMY2ugA7K8RrZDJMSBlIGcpr0ocAdw==
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash ffb1fa188f11f4b1ec69136d1920502b
8aac404d7cf025e415c22f6170fea74bf537c603
7beabb9b7af824e542dc5f62308e6d44c4a38dee34d69836ca4c1cf966592b82
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "7BEABB9B7AF824E542DC5F62308E6D44C4A38DEE34D69836CA4C1CF966592B82"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20522
Expires: Tue, 06 Dec 2022 05:35:16 GMT
Date: Mon, 05 Dec 2022 23:53:14 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 37e249436efd3904ad23a3bc6a1f22fe
c2a39e8bad784f494516d24094adb710193af8ec
c38a5798ed46d9276a2456e6565c6e162122223005f456c927d843ec6345de8a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=142013
Date: Mon, 05 Dec 2022 23:53:14 GMT
Etag: "638df297-1d7"
Expires: Wed, 07 Dec 2022 15:20:07 GMT
Last-Modified: Mon, 05 Dec 2022 13:31:03 GMT
Server: ECS (nyb/1D17)
X-Cache: Miss from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: z41bn9YwVsOXPsq8dgp_U2TYqFUHsv3KezeV2sENrhMhoJy8l_tr0g==
Age: 6545
friendshipmale.com/sfp.js
200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 5af3b0b2b84d959b76574c596d6602c1
cc37c6e53bf4299dfc315b7bc91f7a494b1b9e68
dff5658fa46d851cf7782e53fada887ffcf603fb5f0e8e94ee4b18a080d6a087
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:14 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 7a2dfe2d3705414decb3a2e439596634
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 05 Dec 2022 23:53:14 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YPYbD%2BtQ1e4JsJ7xybpIBTGZ%2FdeVYb%2FgBwj0tZggdicKAdzjHhN%2Fdt3WggOhzsWr6U8xBLe4b6DstldMoPXOMX%2F3YlX3C5YdCqXshsdFW8HeyFn4pkWL7IQTPa05stB5%2FbwNWzk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7750b338895088a1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 949ba252f682532f72cdb49499df82a2
72e4fee40f584e9732f36e25b24e78bce7f16245
252a69c30ddc4d23755dee263623abe2a62e778481848985a50e977eaf9e525e
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:14 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=51770f2b-2752-4924-94af-3f73466c1ec3:1:1; expires=Thu, 02 Dec 2032 23:53:14 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash ffb1fa188f11f4b1ec69136d1920502b
8aac404d7cf025e415c22f6170fea74bf537c603
7beabb9b7af824e542dc5f62308e6d44c4a38dee34d69836ca4c1cf966592b82
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "7BEABB9B7AF824E542DC5F62308E6D44C4A38DEE34D69836CA4C1CF966592B82"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20522
Expires: Tue, 06 Dec 2022 05:35:16 GMT
Date: Mon, 05 Dec 2022 23:53:14 GMT
Connection: keep-alive
a.vdo.ai/core/v-exee-app/vdo.ai.js
200 OK 4.9 kB URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP
File type ASCII text, with very long lines (8481)
Hash 7febbc894dcaa784087951571af75c6f
c6078132f44a9557c5c6992aabf04a2d8c066547
12bd802aafc34b6542705b227ee2b1978d41736e2146c0a9abe32b73266350fe
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:13 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
vdo-server: Tag2
cache-control: public, max-age=1800
x-varnish: 4540762 37311
age: 12
via: 1.1 varnish-v4
x-cache: HIT
cf-cache-status: HIT
last-modified: Mon, 05 Dec 2022 23:53:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JW%2Fsf8hC3Gu2upURR5JagdJGGH0d%2F%2BXD%2BVBqkdiLF3lsjuaP0seO6R%2F6BKiwz2vLlT4Sk%2BUcpc8PP928B7ic2zbYlOlFMhGFCNk6%2FkQ%2BZ57wR8HjnSKjzGMc4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7750b33558a77312-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash cd4f7adad3fe34548fa20fc8bcd9dfb8
89d9e0523fd6141bb3599dfe631af767a48ce10a
988b706c3c6accc138214ba147bfb17b01ae8ae34c98e3d6ded4e5340b63fa27
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 9d69ff04990cf145fb9c990ef594df3c
620b60961007c43da93fd24ff8bfade06943b926
aa36a39ff7e1724a518c35f6dcd1e9a8ff0526b9a57aecc097cfb7e38cdab728
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 05 Dec 2022 22:41:08 GMT
expires: Tue, 06 Dec 2022 00:41:08 GMT
cache-control: public, max-age=7200
age: 4326
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
imasdk.googleapis.com/js/sdkloader/ima3.js
200 OK 127 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/ima3.js
IP
File type ASCII text, with very long lines (2791)
Size 127 kB (126620 bytes)
Hash f641dae66d812e803cbfc91d689e2ea8
96372a7ba661528d13bc774536d04ab3e03b82d6
e78b718ac77697fbb92e88ac394141adc4e016830eb04d53279238cbcd65435b
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 126620
date: Mon, 05 Dec 2022 23:53:14 GMT
expires: Mon, 05 Dec 2022 23:53:14 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash 5711a38e483179c78d1eae903fca9d42
23ee2ddcdf85a3a2cacd5bdc134e6c60d2f37031
1c2ba21604db7298d4cfbebe0054e34c8a6e61767cd66146e29a2d1f048321d8
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Dec 2022 23:53:14 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1710273213%3A1670284394726588&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAujFOCZ5YmU00CTByLh1f4Pk-dLqAvVTw89CQSce5aiRwSYT9M-6gVf6HztvXEbXwpEXVwvBQ
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-1QaHTnmiWbcpLOzhLYJ3qQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:36xSjM0SYpx9NIJz5p0SkmJY7bGOyg:gj7Uqz3Qog3CUVOi;Path=/;Expires=Wed, 04-Dec-2024 23:53:14 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8ead0ac4ce19cef2471bae0458759d89
af02fd3fcd2e10cfa2458407c0c2e59a43e18517
507b93c64bab73e393cf8d8131415ef4d4b01e65e0f2ab73597715197845e75e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash a179b3b6ab78e29169af8cc2363d6280
501cd2871c5b70c56852c6cd0c87f383504ca933
ceecf34d673dd0d910e3622aa0fa8d84fea748592acc796286c4ec5e76fbc170
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6383
Cache-Control: max-age=144726
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:14 GMT
Etag: "638dfdd1-1d7"
Expires: Wed, 07 Dec 2022 16:05:20 GMT
Last-Modified: Mon, 05 Dec 2022 14:18:57 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
soldierreproduceadmiration.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
200 OK 29 kB URL HTTP/1.1 soldierreproduceadmiration.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 181c19eca314c9e346b98bced6c171c2
5aecf701ef951e162480f28e36a596a28d672838
1a78d532a7de105e8511ffe95a04baa396147d1a964588bf8646755cfe01a004
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/ed/da/e3edda287db626ee1ba52321f203a61e.js HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 23:53:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bf0b6cb050d05ad23df99f15e45da379
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pogothere.xyz/asd100.bin
200 OK 103 kB IP
Size 103 kB (102903 bytes)
Hash c1b5104b0429c2d542a8449e1e5a5bf3
2769c6f0e54b73c735691166083fb6d1b999c375
1c816eb6d6fbbae7ca9dabf17ea5e6b17a5073ef0759816042b1a4cd56f09b04
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:13 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MGm1Ci2jHboOojSQUUmt3EIuGYi7rwZmL0MTaaTnuNlGUdZ1UPKn1H85lhB7179Ta%2Bvv3cVLd0Id4SAv%2BN%2FFLJi9%2BNvCliHkOyaHrcVVlQLmahNuq4Oc3Z%2FheD5knHaC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7750b3359e5c7743-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
soldierreproduceadmiration.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=51770f2b-2752-4924-94af-3f73466c1ec3%3A1%3A1
200 OK 16 kB URL HTTP/1.1 soldierreproduceadmiration.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=51770f2b-2752-4924-94af-3f73466c1ec3%3A1%3A1
IP
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (23786), with no line terminators
Hash b5cfcb7796c63f14d459adf849edd820
ceef0314809357e46e635f2fcd1a256255beb05c
f5d666620e00568c94f5c29662d745a38facb1d690baa2ea1929b0f5074aecb2
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=51770f2b-2752-4924-94af-3f73466c1ec3%3A1%3A1 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 23:53:15 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://exee.app
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Tue, 06 Dec 2022 23:53:14 GMT; secure; SameSite=None
uid_id2=51770f2b-2752-4924-94af-3f73466c1ec3:1:1; expires=Mon, 12 Dec 2022 23:53:14 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 06 Dec 2022 23:53:15 GMT; secure; SameSite=None
uncs=1; expires=Tue, 06 Dec 2022 23:53:15 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 06 Dec 2022 23:53:15 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 06 Dec 2022 23:53:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 50b4d8adc76f76add8f8e3da8b21d487
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15504
Expires: Tue, 06 Dec 2022 04:11:39 GMT
Date: Mon, 05 Dec 2022 23:53:15 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15504
Expires: Tue, 06 Dec 2022 04:11:39 GMT
Date: Mon, 05 Dec 2022 23:53:15 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15504
Expires: Tue, 06 Dec 2022 04:11:39 GMT
Date: Mon, 05 Dec 2022 23:53:15 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15504
Expires: Tue, 06 Dec 2022 04:11:39 GMT
Date: Mon, 05 Dec 2022 23:53:15 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15504
Expires: Tue, 06 Dec 2022 04:11:39 GMT
Date: Mon, 05 Dec 2022 23:53:15 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:23:09 GMT
age: 5406
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc696fe00-4af0-41c0-a10e-ba5dcc55c22b.jpeg
200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc696fe00-4af0-41c0-a10e-ba5dcc55c22b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4193f05dfd1de8bf795f433d4387243
b76ea6ae9df756f131ec16b01cdc7ab19b2d01be
b56231f3c788519751528b849a442d5c7ed828ea4ce3321fd629ca27440ea6e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc696fe00-4af0-41c0-a10e-ba5dcc55c22b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6920
x-amzn-requestid: 05ec2698-a5ee-4046-be77-0036755f2946
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwaEd-IAMF_-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64cf-783b236b79b1e9ba22098cb2;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:23 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GgMHlvU3WIDYMF9fmZAajw_Y3zmPm2zojn7FTqgqtBj7e4qeu8Uokg==
via: 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:05:53 GMT
age: 6442
etag: "b76ea6ae9df756f131ec16b01cdc7ab19b2d01be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg
200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 49c08cd33e41826af9dd4a8a912e0ddf
bde85bd98858e4b13484a9cc3263b4db7fb5d348
43471e7b4da8e4e58b842d05cb073ef150ff119eaa6890c86162f03a140459cf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5273
x-amzn-requestid: 5ab71aaf-6757-46dc-86fc-0a866958d22f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSz2EqfIAMFqng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e5-15ae9d330e005f547161b4df;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xcEI729NEfORs3fT_fHi-BkyqA1sHl0dA6fAGd9hYkJNePUlM4vKQg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:05:52 GMT
age: 6443
etag: "bde85bd98858e4b13484a9cc3263b4db7fb5d348"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 109 kB IP
Size 109 kB (108752 bytes)
Hash a40a6713ef6db5a3494a476c262d455b
ca6d94081abc40159977b51ff176572ac4be0898
b927ea90555abe901e34d24d4b33b3609163a329e0b3696a2c5c67ee6f5c7393
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:13 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2TXdBOcz6KsrJmdmvon4mdW8%2BezhViRekuLnb9I7E53dmx5tIlLrLmL%2F%2FTTcbGoKETBNvABuigUOCl3NdnajbsKhuIfJFOifS9SAXLsLttP%2Fzn5sUacucdlm%2BbWChhHv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7750b335ae677743-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2f60a6490f38a772dcd50a1132e98e1b
ff254a1df087d2c157d88a6ef04e395dc49efe5e
653e40becd103cd76cc2f194a87e933e8c548d346f87520fefca3b16430fc4ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: c17eff92-da62-4f0f-9e75-2741012ec43a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqFSjoAMFQ6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-61d61d2f0bb01ecb21b809ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i6QasBBRK9APW19sH0DdOipvUJA3gWj0CAMTzt7ejRCOk_V2psz-Xw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:45:47 GMT
age: 7648
etag: "ff254a1df087d2c157d88a6ef04e395dc49efe5e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6aff31b2-ef3e-4782-ae28-38f9aee8b1b7.jpeg
200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6aff31b2-ef3e-4782-ae28-38f9aee8b1b7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3801236dc22938e1cc18947e90ea5326
5979d7dc3ba0eb61947282a4adeac8208b4148ae
3bd4eab29590ec3c316597abd2be65281cd9a6137add037ad57c093f1fca12e2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6aff31b2-ef3e-4782-ae28-38f9aee8b1b7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5995
x-amzn-requestid: 25b34277-c486-4642-aea7-21e0598babc3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSzOGGjoAMF4kw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e1-6f43ab8e0c1a5260327bce11;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cO5j7BIPh3GSOUqKDYYY2qmG6__Hn2XB9lFhhYT_WpOXya-9TTGtgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:24 GMT
age: 5451
etag: "5979d7dc3ba0eb61947282a4adeac8208b4148ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
organexpectationsmaintain.com/pixel/purst?dl=0&th=0&sc=0&rs=2287&rd=2287&fd=612&bv=22.10.v.10&tmpl=136
200 OK 0 B URL HTTP/1.1 organexpectationsmaintain.com/pixel/purst?dl=0&th=0&sc=0&rs=2287&rd=2287&fd=612&bv=22.10.v.10&tmpl=136
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2287&rd=2287&fd=612&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 05 Dec 2022 23:53:15 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8ead0ac4ce19cef2471bae0458759d89
af02fd3fcd2e10cfa2458407c0c2e59a43e18517
507b93c64bab73e393cf8d8131415ef4d4b01e65e0f2ab73597715197845e75e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash d9339bfb0393ef6575db48a0481f2556
351fa573fc3ea6626f3258061743cad65e0c4fce
5890254c4fac81ab169d788b9e5f9100f36e1ea2a2a6fe9036c45122aff062b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5670c32d73c3d5771a2d9396774a7eb9
3fb62916ff54f22a011e11730ba87fea48e5d239
062531ed89864b713048421c9639d4a6249e92f33ef4177206f1deb5d85a8757
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash e019960d2c3cdd45a75118541e29b5d5
438f4129566331f833c5d04f13dd1caaea1fcacd
e815519335cda62a03a703cd72aca4a07f52daefb36ebfd06f5534d230e6f376
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 05 Dec 2022 23:53:15 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 05 Dec 2022 18:30:18 GMT
Expires: Tue, 06 Dec 2022 18:30:18 GMT
ETag: "438f4129566331f833c5d04f13dd1caaea1fcacd"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash e019960d2c3cdd45a75118541e29b5d5
438f4129566331f833c5d04f13dd1caaea1fcacd
e815519335cda62a03a703cd72aca4a07f52daefb36ebfd06f5534d230e6f376
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 05 Dec 2022 23:53:15 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 05 Dec 2022 18:30:18 GMT
Expires: Tue, 06 Dec 2022 18:30:18 GMT
ETag: "438f4129566331f833c5d04f13dd1caaea1fcacd"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash e019960d2c3cdd45a75118541e29b5d5
438f4129566331f833c5d04f13dd1caaea1fcacd
e815519335cda62a03a703cd72aca4a07f52daefb36ebfd06f5534d230e6f376
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 05 Dec 2022 23:53:15 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 05 Dec 2022 18:30:18 GMT
Expires: Tue, 06 Dec 2022 18:30:18 GMT
ETag: "438f4129566331f833c5d04f13dd1caaea1fcacd"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d616b0b14e0c5cda5c98d0b99cccbaf3
657299c8f642a892045dbfe2a6958133e6b57f99
3590d6a37989c47a5d082655909defed76f2f4a467d3f6700134bba4ffb130f7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3590D6A37989C47A5D082655909DEFED76F2F4A467D3F6700134BBA4FFB130F7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10970
Expires: Tue, 06 Dec 2022 02:56:05 GMT
Date: Mon, 05 Dec 2022 23:53:15 GMT
Connection: keep-alive
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.16.1
Date: Mon, 05 Dec 2022 23:53:15 GMT
Connection: keep-alive
Expires: Tue, 05 Dec 2023 23:53:15 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
soldierreproduceadmiration.com/ren.gif?sid=H4sIAAAAAAAC%2F4xXTYgsWVbO6m4VGQSVWSgqFFO%2BQtGsirwRcSOzm%2BIR%2Fz%2F3xv%2F%2F3RQZGZFVUZWZkS8iMrOqRGicQQZBeYrg4Kar7%2BvXPTMOzowuXIn6nht5IPhcyGuwXenGTcPArKWqX0%2FPuJpLxL3n8EUQ59xzvvi4f%2Fj%2B5pMBQzfTV57d3NSLxfSYP2L2fyutV2Wz6%2FadaH%2FEHDHv7Kf1CnLv7F%2FdTe327RHDHzG%2Fva9Xs8vmGDAjhhkxo32tbqt5c3V8j9J6%2FZ3J6GjCHHHgaMRz9Kr9Sb%2Fb7NFuukfL7SeDX6Z1%2BfJnzv%2Fl%2B7SePaOr5feUqrvsm%2FXvqsvNYto3Ld2WH8Wry1WzW9HlF%2Ba83aPz1Uevn6ZN93Iw%2BMYbtFl99DoD2mw%2FuMuAFvXLwd5%2FjGix%2Buh1mLTYPv0s0mJBqxUtyi%2FR3fYZrRbPaD19RmfNV2ld%2FtuA0llJHZeulh86TbubXn%2BGTu%2FQl4O3fvgDWu9eDt76zy%2FT1fKvpUV9tR82i01fN6uOXs1vaX31jNZnz%2Bh685z2N3u03j2ns%2F4PaF3%2B6%2BD4h5iulh%2B43aKhdfnqN%2FmRIDBzUAyBwIMhNwHccMJN50N2LrAchLNRNWPvt6iun9F6%2Fowuqsd02u3Rzd1d79HNfI9u1nt0Wb7an%2FKTOcMI82LOsmNuNpux7GzGj2HJlyw3njN0M7vL4THt14%2FpbPGYztp36bp9l17Wj2m7%2BUfand%2FSrtyjXT%2Bg2%2FKW7qoB3XUDupsO6K4e0F0%2FoLvt7dNy0YHu9sNy0W2K0esVvF7Z2ydNf%2Fb%2B9GnTn1WrwfvrTwa%2FdLdxe7%2F47S%2FTy%2BrV%2Fpwf83PIz%2BAM8iPAFhO%2BLJlJUbGAKyu2KGhX39K6e%2BM%2BzZv65eDN3%2F9fuq5fDt6QjmkxfU67xXM6q79Cp5vfoNPdEwEwdHr%2BhBsz9Gb1YXVVHdUNLZtbuu7fov313vuLTwa%2Fel%2B6Y%2FoLtJq9ePjim39z%2FOsP36Kz9pau21t6Uf%2FzgJ4tvv4kaHaDD4Jm1w2%2B7677elnfTO%2FKGvbTvhp8G1XXu6YtTaV7%2FC1xdgfcmd%2BJqq7H01VZr866wV9JdVlWrda0s2rw92aXVoW36c6lTbvarLEna%2BZy3VZdVzerZ3RavxwM%2FvuazuqXg5%2F7wT%2Fdt%2ByvvPMprdvntN18%2FMb%2FnPf9unv7%2BJh9NF0fzZrlcb0qq6uj9fn64WV1fQKv12Be18yo3sHRmOcL9tHucF5VZV2eVOMJf9htiro8GQljOGFZcLjZ1OXJeDypOLacDKeVwA05XmCG42o0Gc7guJjM5nOGmXCH1frERLYgWyxWdZHXfB%2BFuszbwIsMYBtJKpi6CaHDmR7SBSv1YejaYWo7bqYrlp%2BHUhgDTfMhSTnNljKWh8TSU6KpdiL6EIlWxGskzVkdWzELxcyMI8vOtYgjMWZVVwGqnpupnjkplqJANwEhCvYIis3INbXAsWXPSoBqGrKnEJCGoeoRHZi8nPKppKm%2BYiHR0oib%2BrqqKILEinqmJ4rkQDElUpARpJqy5LAigrqVuaJiG56meVwi6Vh1%2BNROojgX8hDyjpSkGEgu0BDGOkcsKTBtP08jXuMigBQ30IAQSYGJfBzmKcaswslC7LmaCc0cSjrPkigW4kB1dCtPAVQTNQ8VyQ6c0MeBEkdQ9wVXIZbleDCRbeRgyU80heSO5HAuSHTO9aPINImeJ8QOSJylmgWxmXkOtBIbgdD3fduHGXZQoJmGwRuEZyXO0xLZQKIbOR4IIgVpyLOzWAAhMnKg4zxRdEW0ZFFCkhVleegpMm%2FJCWJNFiEr1Y3EcdlYFhLFs3GiaKzixKESx45FpFjiXJzEvmZKruFLvI4420NORERJVMwoVaGaS4ZpBrwQ4UDKU9ZNzdxBIHNIaJuc6GZSiIXAfMAqdLl58fD33vvG3%2F3aH93SunlGZ%2BuvfevgIDIjrB4cvDr%2B9L0%2FfxrVZVdUZ2216qp%2Bv68XxaZ8e3%2FEMMy%2B46L9edPul9XZ%2Fqfv%2FeW73z04UNRQDkwvMl3n4ODVV8LL61V5jz9%2Fuj9%2F%2FnR%2FWy0um2XXF81q03363p9977sHB1gMdPXUtEVdPTj4%2BE38OfeqzVHZzPqmXTddf7Sq%2BuNl1bf1rDvuptvqqF6ePay21ao%2F6dvp7LIqT%2BsfMbw7LOpyWJcnWzAcQYEBY46dcBNBGApDCAQ4HI2EMQDj4ZTnppwgcMORwHBDji3GQ8BU4yEcjblROZkxLOAP1209q06Yw3p5dnIf3ANWfAC0B0C7%2F%2FLR%2FVyvzvp2Op83d7%2BLB0Bbb7rzB0Crlw9Ybbrpzx%2BwyvoGboTxAwBnD1hlk17MRyGzOZXUaVv1SqoJ6SNHlGR7hfImEUThesS5THZ9fqPOe%2F1ymIDg3B2frq%2Brtelcruu%2Bd%2F11JoQlTNssMi9Wtm2XVp5yDDd2r7xmeXOKbK5UW6SzCPeRrHgRc3HNKWgojrnUF6%2FQxshmV5PJom5XW7wEgR428ng2OetVvthw0oWdN1MVBxOB5ZpZ3AZ8ZEVXVhfOx2rDY2PSO4a%2FjWdOaw3rG0T4m2HWA1ZPfbWZPErIjeEy46LfbZvF9BGj6ptTDm4mEVffIPaiGMdDIEfLZDcfTcVwtoiki1m0MOWNsw69m6vp1dIalfk5CApeWHftsjTnCZF3svrIFsXTsd88YkHO7aJLPCGhs1ZufIKzCBXV5OLSmpvuDHCZ5V%2BY%2BZhXNXgxuhgu2nbpTq8lrFqKUq1KJWv5vung9TSIvMVVT2x5tMLatk7ZIdg1Vvgoml%2FMLix2Wipjcl2ehmfkgj%2F3x3Y0uQrLiqymMnxkd%2BfFTJvYYGNmXFVcWNmi6CRhJWyYm2sR7FbD7WlHSBxEs9NtdcrLV%2B712UTLlaUMT3k2P5OX%2Flm3lZmMi6Lrs268Leenyvb6ETgzyZl%2BM4aYPy0Xk%2BvJpkx3RYEa5sa8ztPauTIcbjd9dG6Ncjj0wGSRqNk8uYqM9fJiK7Aey5x98%2BDAlO%2B4%2BPHP%2Fs7nvPq8XY%2BqzVHRFEXT3vfscdsXx%2Fca9iMaPfzpdas7GTGjw%2FJkxIGfEMK2P%2FlxAsLDrjhhjhgWMNxoJED%2BsLz3eY4T%2Fr9o9s1lXZ6sNovF4aZdnISex0Uux7OiaGDFEwVPZENJg7GVIZT7HotiUwsNQARe8X0dOZgjseyosWfCKDRdkkAxtgTMa5EqKy6PuQhJSDawp%2BPEMT09NgACWoqjSLE8zpMCU3BwiHXFZu1AhRkn5dgSCM6Q6vmExCznpZFvhY6WwCCNuTzkMdFhaGYQm2rmRrnuEFGwXUe2kCpgbPm2mInY0hKgq1BiVU1AgglSTkcISVkUS6muO7boJySQBTWXsMnmSuKk2Odt1uFiOUJZwhmZZIchLwdeLgFJ1j2EDd1y2VwNDBWpKpR1L88zNXT0VFdtKUWijXMXYC0gGkFqGHhhiLEQeIEgp5ou4STMlAQTnpclVUYqy4cBYFM9iwTHDkVTCXhdMiMvsFJOl7MgF33Ttgwz07NYCwXFiHM7gEZAWBKpIRuxLocFyQFWLGRJiFkbsKGBFZPkqhJbAQEkhFDwvDgIDKJhTvMNTpBlghSf5W1R93RssgkSHc%2BXIg1ZgQR51XDdSLeS0MZuGkE%2B1h3ASg6b6y5CTiKJCeubtpp5GDuWjJIEY1vRooRXwxRFouHxkFexKElsGGS8mGBd5OIghyYXmqyMUsMLzDwUnVwRDKIG2LLCVE%2F8yLMsjZexm%2FEaUCwNO5jLZU51BOzpQawYsSFLWehAx88NLzLjWJNjQXVcmdiQqCAnkSqKmuTKSu65ciIBIfX1XAkin0SeIRJeDEXLSTMAU%2BymSYgtZBluCpPMiFTb0nWERNFwxSyAdm6aWSyZnmQHUHaQqIqOJISxAU0hkjLPyNhAcDloyD4RBYJkElh5YvKqxdmJowKUhEKmyyqv%2BAYUAl5hcz%2FwUGqlumKpkUckzs35CEFN1sXYcwgrJ0CzZZN4tqjJvMZB24NKIDh6YmiJnMWBEclqIGRRkEPDV5AlkQiqJmtyQuSogpSzGhQtASZpyqteHEDOUDxVUV035swUZ8RXpCS3JAXzwI%2FixPT0kMSZnGRsIOfQTxEGBuB9x44EnTdlO8VsbCBeCSNLV3JDE5DuW0iGrmL6Fgg4Lsxt3SORFFvIyHUQI8%2BRiWbxrqZmBiJJGGA1iFFu5kqIIxkDW4EOybCfBSrUYKTzEvJcL%2FQUTjNMG4ZCjllFBq5jhnZiawnKZDMO2Yx3NDkzuViwIdIt35MID3EssUnkaBkXaUBBppXwnoWkwCAeSYgZQ5CFugsQieLQliHhpRB6QE6xJSExTuLA92ACVCm3CCCxGgSZqvlE9onBSmoWEN7NIXAjZNnQV5zIZFWX5Kbn2hJPcK6ZxLQBMiUn9H1VCyI29xLfB8gKNEeScZL6OcmN1EgdHz5glc%2Buw%2FpkPC6ZojzcnAhwNGXGh9PyhHbrF4PXg3bNgLaLL%2FxivUd3m9snLShePLw9%2B9ub4h9%2Bni7ql4O3vwTponrx8C%2F%2B2P2vd0pCp8Ut7aofe%2FEL%2B%2F3u6%2FSs3aPT%2Fqt0tbyl2%2FaWbhe3dLp4TLvNm0%2F6dfvi4b%2Bz94MWi70nxaLd%2B6BYtIs%2F%2Few02dWv9it%2BzswrBlTFfFLMhSlTTubcpJhORpVQ8NMR7buXsz%2F52uX%2FAQAA%2F%2F8BAAD%2F%2F2c8pOB7EQAA
200 OK 7 B URL HTTP/1.1 soldierreproduceadmiration.com/ren.gif?sid=H4sIAAAAAAAC%2F4xXTYgsWVbO6m4VGQSVWSgqFFO%2BQtGsirwRcSOzm%2BIR%2Fz%2F3xv%2F%2F3RQZGZFVUZWZkS8iMrOqRGicQQZBeYrg4Kar7%2BvXPTMOzowuXIn6nht5IPhcyGuwXenGTcPArKWqX0%2FPuJpLxL3n8EUQ59xzvvi4f%2Fj%2B5pMBQzfTV57d3NSLxfSYP2L2fyutV2Wz6%2FadaH%2FEHDHv7Kf1CnLv7F%2FdTe327RHDHzG%2Fva9Xs8vmGDAjhhkxo32tbqt5c3V8j9J6%2FZ3J6GjCHHHgaMRz9Kr9Sb%2Fb7NFuukfL7SeDX6Z1%2BfJnzv%2Fl%2B7SePaOr5feUqrvsm%2FXvqsvNYto3Ld2WH8Wry1WzW9HlF%2Ba83aPz1Uevn6ZN93Iw%2BMYbtFl99DoD2mw%2FuMuAFvXLwd5%2FjGix%2Buh1mLTYPv0s0mJBqxUtyi%2FR3fYZrRbPaD19RmfNV2ld%2FtuA0llJHZeulh86TbubXn%2BGTu%2FQl4O3fvgDWu9eDt76zy%2FT1fKvpUV9tR82i01fN6uOXs1vaX31jNZnz%2Bh685z2N3u03j2ns%2F4PaF3%2B6%2BD4h5iulh%2B43aKhdfnqN%2FmRIDBzUAyBwIMhNwHccMJN50N2LrAchLNRNWPvt6iun9F6%2Fowuqsd02u3Rzd1d79HNfI9u1nt0Wb7an%2FKTOcMI82LOsmNuNpux7GzGj2HJlyw3njN0M7vL4THt14%2FpbPGYztp36bp9l17Wj2m7%2BUfand%2FSrtyjXT%2Bg2%2FKW7qoB3XUDupsO6K4e0F0%2FoLvt7dNy0YHu9sNy0W2K0esVvF7Z2ydNf%2Fb%2B9GnTn1WrwfvrTwa%2FdLdxe7%2F47S%2FTy%2BrV%2Fpwf83PIz%2BAM8iPAFhO%2BLJlJUbGAKyu2KGhX39K6e%2BM%2BzZv65eDN3%2F9fuq5fDt6QjmkxfU67xXM6q79Cp5vfoNPdEwEwdHr%2BhBsz9Gb1YXVVHdUNLZtbuu7fov313vuLTwa%2Fel%2B6Y%2FoLtJq9ePjim39z%2FOsP36Kz9pau21t6Uf%2FzgJ4tvv4kaHaDD4Jm1w2%2B7677elnfTO%2FKGvbTvhp8G1XXu6YtTaV7%2FC1xdgfcmd%2BJqq7H01VZr866wV9JdVlWrda0s2rw92aXVoW36c6lTbvarLEna%2BZy3VZdVzerZ3RavxwM%2FvuazuqXg5%2F7wT%2Fdt%2ByvvPMprdvntN18%2FMb%2FnPf9unv7%2BJh9NF0fzZrlcb0qq6uj9fn64WV1fQKv12Be18yo3sHRmOcL9tHucF5VZV2eVOMJf9htiro8GQljOGFZcLjZ1OXJeDypOLacDKeVwA05XmCG42o0Gc7guJjM5nOGmXCH1frERLYgWyxWdZHXfB%2BFuszbwIsMYBtJKpi6CaHDmR7SBSv1YejaYWo7bqYrlp%2BHUhgDTfMhSTnNljKWh8TSU6KpdiL6EIlWxGskzVkdWzELxcyMI8vOtYgjMWZVVwGqnpupnjkplqJANwEhCvYIis3INbXAsWXPSoBqGrKnEJCGoeoRHZi8nPKppKm%2BYiHR0oib%2BrqqKILEinqmJ4rkQDElUpARpJqy5LAigrqVuaJiG56meVwi6Vh1%2BNROojgX8hDyjpSkGEgu0BDGOkcsKTBtP08jXuMigBQ30IAQSYGJfBzmKcaswslC7LmaCc0cSjrPkigW4kB1dCtPAVQTNQ8VyQ6c0MeBEkdQ9wVXIZbleDCRbeRgyU80heSO5HAuSHTO9aPINImeJ8QOSJylmgWxmXkOtBIbgdD3fduHGXZQoJmGwRuEZyXO0xLZQKIbOR4IIgVpyLOzWAAhMnKg4zxRdEW0ZFFCkhVleegpMm%2FJCWJNFiEr1Y3EcdlYFhLFs3GiaKzixKESx45FpFjiXJzEvmZKruFLvI4420NORERJVMwoVaGaS4ZpBrwQ4UDKU9ZNzdxBIHNIaJuc6GZSiIXAfMAqdLl58fD33vvG3%2F3aH93SunlGZ%2BuvfevgIDIjrB4cvDr%2B9L0%2FfxrVZVdUZ2216qp%2Bv68XxaZ8e3%2FEMMy%2B46L9edPul9XZ%2Fqfv%2FeW73z04UNRQDkwvMl3n4ODVV8LL61V5jz9%2Fuj9%2F%2FnR%2FWy0um2XXF81q03363p9977sHB1gMdPXUtEVdPTj4%2BE38OfeqzVHZzPqmXTddf7Sq%2BuNl1bf1rDvuptvqqF6ePay21ao%2F6dvp7LIqT%2BsfMbw7LOpyWJcnWzAcQYEBY46dcBNBGApDCAQ4HI2EMQDj4ZTnppwgcMORwHBDji3GQ8BU4yEcjblROZkxLOAP1209q06Yw3p5dnIf3ANWfAC0B0C7%2F%2FLR%2FVyvzvp2Op83d7%2BLB0Bbb7rzB0Crlw9Ybbrpzx%2BwyvoGboTxAwBnD1hlk17MRyGzOZXUaVv1SqoJ6SNHlGR7hfImEUThesS5THZ9fqPOe%2F1ymIDg3B2frq%2Brtelcruu%2Bd%2F11JoQlTNssMi9Wtm2XVp5yDDd2r7xmeXOKbK5UW6SzCPeRrHgRc3HNKWgojrnUF6%2FQxshmV5PJom5XW7wEgR428ng2OetVvthw0oWdN1MVBxOB5ZpZ3AZ8ZEVXVhfOx2rDY2PSO4a%2FjWdOaw3rG0T4m2HWA1ZPfbWZPErIjeEy46LfbZvF9BGj6ptTDm4mEVffIPaiGMdDIEfLZDcfTcVwtoiki1m0MOWNsw69m6vp1dIalfk5CApeWHftsjTnCZF3svrIFsXTsd88YkHO7aJLPCGhs1ZufIKzCBXV5OLSmpvuDHCZ5V%2BY%2BZhXNXgxuhgu2nbpTq8lrFqKUq1KJWv5vung9TSIvMVVT2x5tMLatk7ZIdg1Vvgoml%2FMLix2Wipjcl2ehmfkgj%2F3x3Y0uQrLiqymMnxkd%2BfFTJvYYGNmXFVcWNmi6CRhJWyYm2sR7FbD7WlHSBxEs9NtdcrLV%2B712UTLlaUMT3k2P5OX%2Flm3lZmMi6Lrs268Leenyvb6ETgzyZl%2BM4aYPy0Xk%2BvJpkx3RYEa5sa8ztPauTIcbjd9dG6Ncjj0wGSRqNk8uYqM9fJiK7Aey5x98%2BDAlO%2B4%2BPHP%2Fs7nvPq8XY%2BqzVHRFEXT3vfscdsXx%2Fca9iMaPfzpdas7GTGjw%2FJkxIGfEMK2P%2FlxAsLDrjhhjhgWMNxoJED%2BsLz3eY4T%2Fr9o9s1lXZ6sNovF4aZdnISex0Uux7OiaGDFEwVPZENJg7GVIZT7HotiUwsNQARe8X0dOZgjseyosWfCKDRdkkAxtgTMa5EqKy6PuQhJSDawp%2BPEMT09NgACWoqjSLE8zpMCU3BwiHXFZu1AhRkn5dgSCM6Q6vmExCznpZFvhY6WwCCNuTzkMdFhaGYQm2rmRrnuEFGwXUe2kCpgbPm2mInY0hKgq1BiVU1AgglSTkcISVkUS6muO7boJySQBTWXsMnmSuKk2Odt1uFiOUJZwhmZZIchLwdeLgFJ1j2EDd1y2VwNDBWpKpR1L88zNXT0VFdtKUWijXMXYC0gGkFqGHhhiLEQeIEgp5ou4STMlAQTnpclVUYqy4cBYFM9iwTHDkVTCXhdMiMvsFJOl7MgF33Ttgwz07NYCwXFiHM7gEZAWBKpIRuxLocFyQFWLGRJiFkbsKGBFZPkqhJbAQEkhFDwvDgIDKJhTvMNTpBlghSf5W1R93RssgkSHc%2BXIg1ZgQR51XDdSLeS0MZuGkE%2B1h3ASg6b6y5CTiKJCeubtpp5GDuWjJIEY1vRooRXwxRFouHxkFexKElsGGS8mGBd5OIghyYXmqyMUsMLzDwUnVwRDKIG2LLCVE%2F8yLMsjZexm%2FEaUCwNO5jLZU51BOzpQawYsSFLWehAx88NLzLjWJNjQXVcmdiQqCAnkSqKmuTKSu65ciIBIfX1XAkin0SeIRJeDEXLSTMAU%2BymSYgtZBluCpPMiFTb0nWERNFwxSyAdm6aWSyZnmQHUHaQqIqOJISxAU0hkjLPyNhAcDloyD4RBYJkElh5YvKqxdmJowKUhEKmyyqv%2BAYUAl5hcz%2FwUGqlumKpkUckzs35CEFN1sXYcwgrJ0CzZZN4tqjJvMZB24NKIDh6YmiJnMWBEclqIGRRkEPDV5AlkQiqJmtyQuSogpSzGhQtASZpyqteHEDOUDxVUV035swUZ8RXpCS3JAXzwI%2FixPT0kMSZnGRsIOfQTxEGBuB9x44EnTdlO8VsbCBeCSNLV3JDE5DuW0iGrmL6Fgg4Lsxt3SORFFvIyHUQI8%2BRiWbxrqZmBiJJGGA1iFFu5kqIIxkDW4EOybCfBSrUYKTzEvJcL%2FQUTjNMG4ZCjllFBq5jhnZiawnKZDMO2Yx3NDkzuViwIdIt35MID3EssUnkaBkXaUBBppXwnoWkwCAeSYgZQ5CFugsQieLQliHhpRB6QE6xJSExTuLA92ACVCm3CCCxGgSZqvlE9onBSmoWEN7NIXAjZNnQV5zIZFWX5Kbn2hJPcK6ZxLQBMiUn9H1VCyI29xLfB8gKNEeScZL6OcmN1EgdHz5glc%2Buw%2FpkPC6ZojzcnAhwNGXGh9PyhHbrF4PXg3bNgLaLL%2FxivUd3m9snLShePLw9%2B9ub4h9%2Bni7ql4O3vwTponrx8C%2F%2B2P2vd0pCp8Ut7aofe%2FEL%2B%2F3u6%2FSs3aPT%2Fqt0tbyl2%2FaWbhe3dLp4TLvNm0%2F6dfvi4b%2Bz94MWi70nxaLd%2B6BYtIs%2F%2Few02dWv9it%2BzswrBlTFfFLMhSlTTubcpJhORpVQ8NMR7buXsz%2F52uX%2FAQAA%2F%2F8BAAD%2F%2F2c8pOB7EQAA
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F4xXTYgsWVbO6m4VGQSVWSgqFFO%2BQtGsirwRcSOzm%2BIR%2Fz%2F3xv%2F%2F3RQZGZFVUZWZkS8iMrOqRGicQQZBeYrg4Kar7%2BvXPTMOzowuXIn6nht5IPhcyGuwXenGTcPArKWqX0%2FPuJpLxL3n8EUQ59xzvvi4f%2Fj%2B5pMBQzfTV57d3NSLxfSYP2L2fyutV2Wz6%2FadaH%2FEHDHv7Kf1CnLv7F%2FdTe327RHDHzG%2Fva9Xs8vmGDAjhhkxo32tbqt5c3V8j9J6%2FZ3J6GjCHHHgaMRz9Kr9Sb%2Fb7NFuukfL7SeDX6Z1%2BfJnzv%2Fl%2B7SePaOr5feUqrvsm%2FXvqsvNYto3Ld2WH8Wry1WzW9HlF%2Ba83aPz1Uevn6ZN93Iw%2BMYbtFl99DoD2mw%2FuMuAFvXLwd5%2FjGix%2Buh1mLTYPv0s0mJBqxUtyi%2FR3fYZrRbPaD19RmfNV2ld%2FtuA0llJHZeulh86TbubXn%2BGTu%2FQl4O3fvgDWu9eDt76zy%2FT1fKvpUV9tR82i01fN6uOXs1vaX31jNZnz%2Bh685z2N3u03j2ns%2F4PaF3%2B6%2BD4h5iulh%2B43aKhdfnqN%2FmRIDBzUAyBwIMhNwHccMJN50N2LrAchLNRNWPvt6iun9F6%2Fowuqsd02u3Rzd1d79HNfI9u1nt0Wb7an%2FKTOcMI82LOsmNuNpux7GzGj2HJlyw3njN0M7vL4THt14%2FpbPGYztp36bp9l17Wj2m7%2BUfand%2FSrtyjXT%2Bg2%2FKW7qoB3XUDupsO6K4e0F0%2FoLvt7dNy0YHu9sNy0W2K0esVvF7Z2ydNf%2Fb%2B9GnTn1WrwfvrTwa%2FdLdxe7%2F47S%2FTy%2BrV%2Fpwf83PIz%2BAM8iPAFhO%2BLJlJUbGAKyu2KGhX39K6e%2BM%2BzZv65eDN3%2F9fuq5fDt6QjmkxfU67xXM6q79Cp5vfoNPdEwEwdHr%2BhBsz9Gb1YXVVHdUNLZtbuu7fov313vuLTwa%2Fel%2B6Y%2FoLtJq9ePjim39z%2FOsP36Kz9pau21t6Uf%2FzgJ4tvv4kaHaDD4Jm1w2%2B7677elnfTO%2FKGvbTvhp8G1XXu6YtTaV7%2FC1xdgfcmd%2BJqq7H01VZr866wV9JdVlWrda0s2rw92aXVoW36c6lTbvarLEna%2BZy3VZdVzerZ3RavxwM%2FvuazuqXg5%2F7wT%2Fdt%2ByvvPMprdvntN18%2FMb%2FnPf9unv7%2BJh9NF0fzZrlcb0qq6uj9fn64WV1fQKv12Be18yo3sHRmOcL9tHucF5VZV2eVOMJf9htiro8GQljOGFZcLjZ1OXJeDypOLacDKeVwA05XmCG42o0Gc7guJjM5nOGmXCH1frERLYgWyxWdZHXfB%2BFuszbwIsMYBtJKpi6CaHDmR7SBSv1YejaYWo7bqYrlp%2BHUhgDTfMhSTnNljKWh8TSU6KpdiL6EIlWxGskzVkdWzELxcyMI8vOtYgjMWZVVwGqnpupnjkplqJANwEhCvYIis3INbXAsWXPSoBqGrKnEJCGoeoRHZi8nPKppKm%2BYiHR0oib%2BrqqKILEinqmJ4rkQDElUpARpJqy5LAigrqVuaJiG56meVwi6Vh1%2BNROojgX8hDyjpSkGEgu0BDGOkcsKTBtP08jXuMigBQ30IAQSYGJfBzmKcaswslC7LmaCc0cSjrPkigW4kB1dCtPAVQTNQ8VyQ6c0MeBEkdQ9wVXIZbleDCRbeRgyU80heSO5HAuSHTO9aPINImeJ8QOSJylmgWxmXkOtBIbgdD3fduHGXZQoJmGwRuEZyXO0xLZQKIbOR4IIgVpyLOzWAAhMnKg4zxRdEW0ZFFCkhVleegpMm%2FJCWJNFiEr1Y3EcdlYFhLFs3GiaKzixKESx45FpFjiXJzEvmZKruFLvI4420NORERJVMwoVaGaS4ZpBrwQ4UDKU9ZNzdxBIHNIaJuc6GZSiIXAfMAqdLl58fD33vvG3%2F3aH93SunlGZ%2BuvfevgIDIjrB4cvDr%2B9L0%2FfxrVZVdUZ2216qp%2Bv68XxaZ8e3%2FEMMy%2B46L9edPul9XZ%2Fqfv%2FeW73z04UNRQDkwvMl3n4ODVV8LL61V5jz9%2Fuj9%2F%2FnR%2FWy0um2XXF81q03363p9977sHB1gMdPXUtEVdPTj4%2BE38OfeqzVHZzPqmXTddf7Sq%2BuNl1bf1rDvuptvqqF6ePay21ao%2F6dvp7LIqT%2BsfMbw7LOpyWJcnWzAcQYEBY46dcBNBGApDCAQ4HI2EMQDj4ZTnppwgcMORwHBDji3GQ8BU4yEcjblROZkxLOAP1209q06Yw3p5dnIf3ANWfAC0B0C7%2F%2FLR%2FVyvzvp2Op83d7%2BLB0Bbb7rzB0Crlw9Ybbrpzx%2BwyvoGboTxAwBnD1hlk17MRyGzOZXUaVv1SqoJ6SNHlGR7hfImEUThesS5THZ9fqPOe%2F1ymIDg3B2frq%2Brtelcruu%2Bd%2F11JoQlTNssMi9Wtm2XVp5yDDd2r7xmeXOKbK5UW6SzCPeRrHgRc3HNKWgojrnUF6%2FQxshmV5PJom5XW7wEgR428ng2OetVvthw0oWdN1MVBxOB5ZpZ3AZ8ZEVXVhfOx2rDY2PSO4a%2FjWdOaw3rG0T4m2HWA1ZPfbWZPErIjeEy46LfbZvF9BGj6ptTDm4mEVffIPaiGMdDIEfLZDcfTcVwtoiki1m0MOWNsw69m6vp1dIalfk5CApeWHftsjTnCZF3svrIFsXTsd88YkHO7aJLPCGhs1ZufIKzCBXV5OLSmpvuDHCZ5V%2BY%2BZhXNXgxuhgu2nbpTq8lrFqKUq1KJWv5vung9TSIvMVVT2x5tMLatk7ZIdg1Vvgoml%2FMLix2Wipjcl2ehmfkgj%2F3x3Y0uQrLiqymMnxkd%2BfFTJvYYGNmXFVcWNmi6CRhJWyYm2sR7FbD7WlHSBxEs9NtdcrLV%2B712UTLlaUMT3k2P5OX%2Flm3lZmMi6Lrs268Leenyvb6ETgzyZl%2BM4aYPy0Xk%2BvJpkx3RYEa5sa8ztPauTIcbjd9dG6Ncjj0wGSRqNk8uYqM9fJiK7Aey5x98%2BDAlO%2B4%2BPHP%2Fs7nvPq8XY%2BqzVHRFEXT3vfscdsXx%2Fca9iMaPfzpdas7GTGjw%2FJkxIGfEMK2P%2FlxAsLDrjhhjhgWMNxoJED%2BsLz3eY4T%2Fr9o9s1lXZ6sNovF4aZdnISex0Uux7OiaGDFEwVPZENJg7GVIZT7HotiUwsNQARe8X0dOZgjseyosWfCKDRdkkAxtgTMa5EqKy6PuQhJSDawp%2BPEMT09NgACWoqjSLE8zpMCU3BwiHXFZu1AhRkn5dgSCM6Q6vmExCznpZFvhY6WwCCNuTzkMdFhaGYQm2rmRrnuEFGwXUe2kCpgbPm2mInY0hKgq1BiVU1AgglSTkcISVkUS6muO7boJySQBTWXsMnmSuKk2Odt1uFiOUJZwhmZZIchLwdeLgFJ1j2EDd1y2VwNDBWpKpR1L88zNXT0VFdtKUWijXMXYC0gGkFqGHhhiLEQeIEgp5ou4STMlAQTnpclVUYqy4cBYFM9iwTHDkVTCXhdMiMvsFJOl7MgF33Ttgwz07NYCwXFiHM7gEZAWBKpIRuxLocFyQFWLGRJiFkbsKGBFZPkqhJbAQEkhFDwvDgIDKJhTvMNTpBlghSf5W1R93RssgkSHc%2BXIg1ZgQR51XDdSLeS0MZuGkE%2B1h3ASg6b6y5CTiKJCeubtpp5GDuWjJIEY1vRooRXwxRFouHxkFexKElsGGS8mGBd5OIghyYXmqyMUsMLzDwUnVwRDKIG2LLCVE%2F8yLMsjZexm%2FEaUCwNO5jLZU51BOzpQawYsSFLWehAx88NLzLjWJNjQXVcmdiQqCAnkSqKmuTKSu65ciIBIfX1XAkin0SeIRJeDEXLSTMAU%2BymSYgtZBluCpPMiFTb0nWERNFwxSyAdm6aWSyZnmQHUHaQqIqOJISxAU0hkjLPyNhAcDloyD4RBYJkElh5YvKqxdmJowKUhEKmyyqv%2BAYUAl5hcz%2FwUGqlumKpkUckzs35CEFN1sXYcwgrJ0CzZZN4tqjJvMZB24NKIDh6YmiJnMWBEclqIGRRkEPDV5AlkQiqJmtyQuSogpSzGhQtASZpyqteHEDOUDxVUV035swUZ8RXpCS3JAXzwI%2FixPT0kMSZnGRsIOfQTxEGBuB9x44EnTdlO8VsbCBeCSNLV3JDE5DuW0iGrmL6Fgg4Lsxt3SORFFvIyHUQI8%2BRiWbxrqZmBiJJGGA1iFFu5kqIIxkDW4EOybCfBSrUYKTzEvJcL%2FQUTjNMG4ZCjllFBq5jhnZiawnKZDMO2Yx3NDkzuViwIdIt35MID3EssUnkaBkXaUBBppXwnoWkwCAeSYgZQ5CFugsQieLQliHhpRB6QE6xJSExTuLA92ACVCm3CCCxGgSZqvlE9onBSmoWEN7NIXAjZNnQV5zIZFWX5Kbn2hJPcK6ZxLQBMiUn9H1VCyI29xLfB8gKNEeScZL6OcmN1EgdHz5glc%2Buw%2FpkPC6ZojzcnAhwNGXGh9PyhHbrF4PXg3bNgLaLL%2FxivUd3m9snLShePLw9%2B9ub4h9%2Bni7ql4O3vwTponrx8C%2F%2B2P2vd0pCp8Ut7aofe%2FEL%2B%2F3u6%2FSs3aPT%2Fqt0tbyl2%2FaWbhe3dLp4TLvNm0%2F6dfvi4b%2Bz94MWi70nxaLd%2B6BYtIs%2F%2Few02dWv9it%2BzswrBlTFfFLMhSlTTubcpJhORpVQ8NMR7buXsz%2F52uX%2FAQAA%2F%2F8BAAD%2F%2F2c8pOB7EQAA HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=51770f2b-2752-4924-94af-3f73466c1ec3:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 23:53:15 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 28856c7222c6cb93c5ff5f354f115433
Strict-Transport-Security: max-age=0; includeSubdomains
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
200 OK 7.6 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP
Hash 5d70884c81835f59111a011da36dae6e
cc0b761c8834859ea7bf4b1f82fe36f83f8a3654
4083f5e84f250641ddb576c6be05096b6ca62b52294df32b8d7f0829897057a9
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Mon, 05 Dec 2022 23:53:15 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d37-bf80"
Expires: Tue, 05 Dec 2023 23:53:15 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
200 OK 58 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
IP
File type PNG image data, 320 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash cf8ffcaf217375cf9bb01c612300b25a
5d033771d013ab4364a83c6302b473c6f64ff722
2b14b918bb31b4672d92b0287ed00c91c74e5d315759da2deb6028b0b4e9f909
GET /media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Mon, 05 Dec 2022 23:53:15 GMT
Content-Type: image/png
Content-Length: 57775
Last-Modified: Fri, 01 Apr 2022 10:50:46 GMT
Connection: keep-alive
ETag: "6246d906-e1af"
Expires: Tue, 05 Dec 2023 23:53:15 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 8017f571df5727fe6f3e8c58e931076b
e09e55a3c306f2cb715e4ce1e2f0738ddf202c93
6478758dd37e708534996b23f8189e79637690d22edff70d5183a19ec66854db
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6478758DD37E708534996B23F8189E79637690D22EDFF70D5183A19EC66854DB"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5515
Expires: Tue, 06 Dec 2022 01:25:11 GMT
Date: Mon, 05 Dec 2022 23:53:16 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 8017f571df5727fe6f3e8c58e931076b
e09e55a3c306f2cb715e4ce1e2f0738ddf202c93
6478758dd37e708534996b23f8189e79637690d22edff70d5183a19ec66854db
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6478758DD37E708534996B23F8189E79637690D22EDFF70D5183A19EC66854DB"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5515
Expires: Tue, 06 Dec 2022 01:25:11 GMT
Date: Mon, 05 Dec 2022 23:53:16 GMT
Connection: keep-alive
soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Findex.html&l=1255&fd=125
200 OK 0 B URL HTTP/1.1 soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Findex.html&l=1255&fd=125
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Findex.html&l=1255&fd=125 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=51770f2b-2752-4924-94af-3f73466c1ec3:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 23:53:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/rtb/mac/2/img/close.png
200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/mac/2/img/close.png
IP
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/notifications/rtb/mac/2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:16 GMT
content-type: image/png
content-length: 5982
last-modified: Mon, 17 May 2021 12:14:41 GMT
etag: "60a25e31-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1764125
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BGWlnZw70DW0p8jiOG1npb0%2BBFkAOUatRwr%2BPOofwkhWDau5RVW36vAaKEn%2B%2BxpmsFJ3kMUjqiOuYtarUOH%2BtXCYYzl7MmG9pcsD%2Ffk6lFTOvzr3aiK6bRGPQCu6M1bGnm1g%2BFA22L%2Fe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7750b343ae0971a2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.16.1
Date: Mon, 05 Dec 2022 23:53:16 GMT
Connection: keep-alive
Expires: Tue, 05 Dec 2023 23:53:16 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
cdn.creative-bars1.com/sb/notifications/rtb/mac/2/css/style.css
200 OK 1.7 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/mac/2/css/style.css
IP
Hash 912abc89b910855c97c8d1ad9418e85a
4a7b01bfaf6b9c344bad3f1c85d1f06c5fbb6bea
2be604ae6d1984bf943ca5eecfaaff24d87bc6e93c243d662d5d2f8376c11bfb
GET /sb/notifications/rtb/mac/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:16 GMT
content-type: text/css
last-modified: Mon, 17 May 2021 12:30:23 GMT
etag: W/"60a261df-10d5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 320157
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mmXIehd4g5BWgej%2BjnwsfaL5dks%2Fja8237J1Wf0sWoBBESRTyiKnt7Um0%2B7I0olGsCdIT5gbH8pYelUvt6nSi0IeiLwTcA9%2BMjTUsBTqfNdkTwYOTRfTqA8rGduEkk7vaCq5xLIqVRb8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7750b3438ddf71a2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 8017f571df5727fe6f3e8c58e931076b
e09e55a3c306f2cb715e4ce1e2f0738ddf202c93
6478758dd37e708534996b23f8189e79637690d22edff70d5183a19ec66854db
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6478758DD37E708534996B23F8189E79637690D22EDFF70D5183A19EC66854DB"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5515
Expires: Tue, 06 Dec 2022 01:25:11 GMT
Date: Mon, 05 Dec 2022 23:53:16 GMT
Connection: keep-alive
tracking.eu.bobboro.com/rtb/feedimpression?uuid=889e43d9-ae74-4570-8e19-c68b9cff0094&s=101&d=142&feedid=e895&rt=1670284394976&sb=0.0320411765&db=0.05447&subid=17869332&tokid=null&url=SPP4TO453AAHLDPA7PA3SBF6UJXKKYQP3KUIFSH2Z75DQQGKNL4ZUCNEUPI6TSIOZV6AUJ7L5FTECDO5L4TKBKCHLPGLVNIPGUH2K2FWLTTDJP4PBRI7NLSLGDM3MRE6X4BYLJ7ZLXKEPQZZU34PWTQJSNFV6RWU4YS5LZG6SIX6LIEXOTYGNZA7MONCJKE7LLJQMAXALJFV2GE6B3EF7K7I2W4GKKKBXTUBWGGNMAQVZRC7EYBLI3YDVNWLQ5M3N4UCTKXV4HXBMSS5CRPYB2BCGPKLHGJO3YERHEKEE6CGPYYXESNGWGEMBWKAMLYO2LFRZFZKESRPSSLL7RPR7CWFGBLVSXDVLZ55CBECKE35SR23WGXT7NMSAIDR5GBITPRJW4GCXRYAQIMJHIXGXUFS7DHUYMR6HRZ3ZTES3T3O4L7BN2JU7XVSL3M23SHLDIZYEDUJRZ2ZS667PPURRHZFL4FQH47CCZKDQ35MAGPGLI3VKANPQBTFKJRB65EHOOTGJVSMLOWT65UGN23BN3YGOKKNVBAV3QIMEXPLLNJCKVVLLMDFTV5ESWKTAHP565ELABB3SRX5AVLGA4URY6I4SI3CKWHPRIYSANYD7HZERLJJSWGVQTPJJF5CLOX5F2DJFLNL4YC4EN7LPGRUDHUHCBXSN6NQYHPTIUUFCU7ENOCZM6ZE2YZTEAAFBOCDYPOCVB27WQGYDRTQZTPHAZ5ASAJNWX26WLOWVSLJKJHOW6VXHTEMJGGKKAAHOAXR6MYIIXUBIPBMR6CNKAEANB7SUH6I7TBXPHX3R7O46HCQZA7ZKCZRJYVI5EJ4MVNE2KVS7XGCE5DQH67R5D3YQRPKWJWGDJETPZB4OY5TK6FCGAUPNZ3CV2FMCIZPMAFC5F46MP6DR7NGVHFVCXURHTCER7XTRY6HQDKJBZT6EI3I47TNE7BY3F6AJ76VWW5EPUR64HDPEDEOOU4IWLXZQDBVYJBDL52QTUVIPGSZUXCVX3RCY6QWKL2H25QNMT7G5ICMWL3UHK5DSTJGDYHF7KGQJKC6ODIQJ2R44SYMGPZTBUJKHYG2UKPNCZFJ5OFEXHKZVSRLERUKYIYDSLTCL2MD6NZXLQXRE6F6TG5BKPOPSPD4FHIM6S7YL3DC2ONISMVMFVKXCIUS3X5NFCXI4U7M6KGJQPBZ56LUB3VTNFX4TF2DKIJV5PJKBRHZPZVZIU62XSGO2KZTUSMC6Z5BS6P2CWLJBKAUVURQP6V2EBYJZ2ZUERRXEFQZCQZH3BEXRZ5OY62OTKJM6QDNTI3EOZYIPOMB5ZLYFIZIM2KIBNSQQEFRT3YPVQQ2KJRFNBCLVWQYZYHWHWNQ6%3D%3D%3D&i=88d0bd&u=761a08&ad=
302 Found 0 B URL HTTP/1.1 tracking.eu.bobboro.com/rtb/feedimpression?uuid=889e43d9-ae74-4570-8e19-c68b9cff0094&s=101&d=142&feedid=e895&rt=1670284394976&sb=0.0320411765&db=0.05447&subid=17869332&tokid=null&url=SPP4TO453AAHLDPA7PA3SBF6UJXKKYQP3KUIFSH2Z75DQQGKNL4ZUCNEUPI6TSIOZV6AUJ7L5FTECDO5L4TKBKCHLPGLVNIPGUH2K2FWLTTDJP4PBRI7NLSLGDM3MRE6X4BYLJ7ZLXKEPQZZU34PWTQJSNFV6RWU4YS5LZG6SIX6LIEXOTYGNZA7MONCJKE7LLJQMAXALJFV2GE6B3EF7K7I2W4GKKKBXTUBWGGNMAQVZRC7EYBLI3YDVNWLQ5M3N4UCTKXV4HXBMSS5CRPYB2BCGPKLHGJO3YERHEKEE6CGPYYXESNGWGEMBWKAMLYO2LFRZFZKESRPSSLL7RPR7CWFGBLVSXDVLZ55CBECKE35SR23WGXT7NMSAIDR5GBITPRJW4GCXRYAQIMJHIXGXUFS7DHUYMR6HRZ3ZTES3T3O4L7BN2JU7XVSL3M23SHLDIZYEDUJRZ2ZS667PPURRHZFL4FQH47CCZKDQ35MAGPGLI3VKANPQBTFKJRB65EHOOTGJVSMLOWT65UGN23BN3YGOKKNVBAV3QIMEXPLLNJCKVVLLMDFTV5ESWKTAHP565ELABB3SRX5AVLGA4URY6I4SI3CKWHPRIYSANYD7HZERLJJSWGVQTPJJF5CLOX5F2DJFLNL4YC4EN7LPGRUDHUHCBXSN6NQYHPTIUUFCU7ENOCZM6ZE2YZTEAAFBOCDYPOCVB27WQGYDRTQZTPHAZ5ASAJNWX26WLOWVSLJKJHOW6VXHTEMJGGKKAAHOAXR6MYIIXUBIPBMR6CNKAEANB7SUH6I7TBXPHX3R7O46HCQZA7ZKCZRJYVI5EJ4MVNE2KVS7XGCE5DQH67R5D3YQRPKWJWGDJETPZB4OY5TK6FCGAUPNZ3CV2FMCIZPMAFC5F46MP6DR7NGVHFVCXURHTCER7XTRY6HQDKJBZT6EI3I47TNE7BY3F6AJ76VWW5EPUR64HDPEDEOOU4IWLXZQDBVYJBDL52QTUVIPGSZUXCVX3RCY6QWKL2H25QNMT7G5ICMWL3UHK5DSTJGDYHF7KGQJKC6ODIQJ2R44SYMGPZTBUJKHYG2UKPNCZFJ5OFEXHKZVSRLERUKYIYDSLTCL2MD6NZXLQXRE6F6TG5BKPOPSPD4FHIM6S7YL3DC2ONISMVMFVKXCIUS3X5NFCXI4U7M6KGJQPBZ56LUB3VTNFX4TF2DKIJV5PJKBRHZPZVZIU62XSGO2KZTUSMC6Z5BS6P2CWLJBKAUVURQP6V2EBYJZ2ZUERRXEFQZCQZH3BEXRZ5OY62OTKJM6QDNTI3EOZYIPOMB5ZLYFIZIM2KIBNSQQEFRT3YPVQQ2KJRFNBCLVWQYZYHWHWNQ6%3D%3D%3D&i=88d0bd&u=761a08&ad=
IP
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rtb/feedimpression?uuid=889e43d9-ae74-4570-8e19-c68b9cff0094&s=101&d=142&feedid=e895&rt=1670284394976&sb=0.0320411765&db=0.05447&subid=17869332&tokid=null&url=SPP4TO453AAHLDPA7PA3SBF6UJXKKYQP3KUIFSH2Z75DQQGKNL4ZUCNEUPI6TSIOZV6AUJ7L5FTECDO5L4TKBKCHLPGLVNIPGUH2K2FWLTTDJP4PBRI7NLSLGDM3MRE6X4BYLJ7ZLXKEPQZZU34PWTQJSNFV6RWU4YS5LZG6SIX6LIEXOTYGNZA7MONCJKE7LLJQMAXALJFV2GE6B3EF7K7I2W4GKKKBXTUBWGGNMAQVZRC7EYBLI3YDVNWLQ5M3N4UCTKXV4HXBMSS5CRPYB2BCGPKLHGJO3YERHEKEE6CGPYYXESNGWGEMBWKAMLYO2LFRZFZKESRPSSLL7RPR7CWFGBLVSXDVLZ55CBECKE35SR23WGXT7NMSAIDR5GBITPRJW4GCXRYAQIMJHIXGXUFS7DHUYMR6HRZ3ZTES3T3O4L7BN2JU7XVSL3M23SHLDIZYEDUJRZ2ZS667PPURRHZFL4FQH47CCZKDQ35MAGPGLI3VKANPQBTFKJRB65EHOOTGJVSMLOWT65UGN23BN3YGOKKNVBAV3QIMEXPLLNJCKVVLLMDFTV5ESWKTAHP565ELABB3SRX5AVLGA4URY6I4SI3CKWHPRIYSANYD7HZERLJJSWGVQTPJJF5CLOX5F2DJFLNL4YC4EN7LPGRUDHUHCBXSN6NQYHPTIUUFCU7ENOCZM6ZE2YZTEAAFBOCDYPOCVB27WQGYDRTQZTPHAZ5ASAJNWX26WLOWVSLJKJHOW6VXHTEMJGGKKAAHOAXR6MYIIXUBIPBMR6CNKAEANB7SUH6I7TBXPHX3R7O46HCQZA7ZKCZRJYVI5EJ4MVNE2KVS7XGCE5DQH67R5D3YQRPKWJWGDJETPZB4OY5TK6FCGAUPNZ3CV2FMCIZPMAFC5F46MP6DR7NGVHFVCXURHTCER7XTRY6HQDKJBZT6EI3I47TNE7BY3F6AJ76VWW5EPUR64HDPEDEOOU4IWLXZQDBVYJBDL52QTUVIPGSZUXCVX3RCY6QWKL2H25QNMT7G5ICMWL3UHK5DSTJGDYHF7KGQJKC6ODIQJ2R44SYMGPZTBUJKHYG2UKPNCZFJ5OFEXHKZVSRLERUKYIYDSLTCL2MD6NZXLQXRE6F6TG5BKPOPSPD4FHIM6S7YL3DC2ONISMVMFVKXCIUS3X5NFCXI4U7M6KGJQPBZ56LUB3VTNFX4TF2DKIJV5PJKBRHZPZVZIU62XSGO2KZTUSMC6Z5BS6P2CWLJBKAUVURQP6V2EBYJZ2ZUERRXEFQZCQZH3BEXRZ5OY62OTKJM6QDNTI3EOZYIPOMB5ZLYFIZIM2KIBNSQQEFRT3YPVQQ2KJRFNBCLVWQYZYHWHWNQ6%3D%3D%3D&i=88d0bd&u=761a08&ad= HTTP/1.1
Host: tracking.eu.bobboro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
referrer-policy: no-referrer
location: https://eu.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1670284394977-7-6276-1178228-a54a4774-1704-43b8-20e8-61841d9c0325&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DrnZAGydQ68zG7tB6-5Klx7JhtXOagjPsPjoMUWw9ro5zU3kS2KcDkoiEZT16mqG8A0UMxZhq3io5kygEg5tLrkZ3-uaZne9Ly0ZAd8n0a9IXuI5pRudqreuZ6bgTPjjScZOg0PNleOaSperNsE4Up6sSwT0rnzpHyy-4qQ7OkQAJ4c3A9VFadicmF7NzJ-p40-RWwiE0pfSCELpccdFEoO3fxw4LhQNhFvNgemKKnkKlc6peldX8K2EKWvtsnZE7FtD3sdwV369qh4GJwxI8iHV-LFTgZveIGjS5ao4KnF_ldG6S8nmiBvNe0BY3AiM8zfQ_kQxjcV-nlwC-bxrWJLOao3YMnd_F-VS0V4m8GWM8_anNwfwKQrgXFWaanLnZoxoClstzrpv2OZvdLLTZBJ8WMtk1N094s0sWzN2ewarV27lXbh0OnBxxDY-x2aWcliaYGZDbfXLgCfovCyznPrAl7JvVGeqC1CHeDOg827c1KNyF-IE6LXattD8MBpMpvty50awARrxLZtYfNhL8rrjJirkjE4DWAdjy_BfxLtYqtb0DmoFNN0K0vBiP2w50y_bPP6A1FyVEHlvwdpvzL2PPOf6b5ppsFSm8iC4H_7OPToZu
content-length: 0
date: Mon, 05 Dec 2022 23:53:16 GMT
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 387f33eb66c3b7f1eee293ab492bf85c
94d087d77680fa68297282369a90e213ff553a71
17d3214da9fea9561fd27a58c0faec65f3eef457ba19b64ec231ba42edef8ccd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17D3214DA9FEA9561FD27A58C0FAEC65F3EEF457BA19B64EC231BA42EDEF8CCD"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11777
Expires: Tue, 06 Dec 2022 03:09:33 GMT
Date: Mon, 05 Dec 2022 23:53:16 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/rtb/mac/2/js/script.js
200 OK 177 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/mac/2/js/script.js
IP
Hash dd98fab8904126e8ad37a3a1c3242681
3c7c74f840e6dc7ae53e562edbee877aa901a53f
48bba6f6e1c1b40610b07a9c27f1c0afa8b7ca826f9e1b635ec354d8bb652379
GET /sb/notifications/rtb/mac/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:16 GMT
content-type: application/javascript
last-modified: Mon, 17 May 2021 12:14:43 GMT
etag: W/"60a25e33-175"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1247973
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jpPQfgO7wCocakng8m%2BKmqsM7dja6byq1C1jbTTwxyjdqVmIvI50sxGI7xTDL9IdqgqgCqbJXLORPjQC91wsODO2ah6xz0K%2FuIzTFFd1YgzDF5j4suNwPll2gu7LT0awz4OGxhyjOKV9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7750b3438dd471a2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Fcss%2Fmagic.css&l=45250&fd=158
200 OK 0 B URL HTTP/1.1 soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Fcss%2Fmagic.css&l=45250&fd=158
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Fcss%2Fmagic.css&l=45250&fd=158 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=51770f2b-2752-4924-94af-3f73466c1ec3:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 23:53:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/rtb/mac/2/css/magic.css
200 OK 2.9 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/mac/2/css/magic.css
IP
Hash 0effca5fab677a1d7c71fbf26b86d726
bae9b92cc8d69e40575158a120bc091f4e5dab9d
7913960f54312d8ae17bdd007ea41e103152cf2e177fec0569c22b685a6bf82f
GET /sb/notifications/rtb/mac/2/css/magic.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:16 GMT
content-type: text/css
last-modified: Mon, 17 May 2021 12:30:23 GMT
etag: W/"60a261df-b0c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1246975
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h93bAH20uF4TB9Q3FJVsrMLS0yL03iUKsVOVWaXvpmZ%2BYLAVLtsBseIUq4ANK7QjcEh%2FJHgAEga%2BvRDx37pw63cConCdw0ufjdg0TF5o3Z41ZI4VfR90zHH6qw9b4NK9n6vDAk0OAfT5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7750b3438dde71a2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 447562
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 447541
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/iframe_api
200 OK 1.1 kB URL HTTP/2 www.youtube.com/iframe_api
IP
File type ASCII text, with very long lines (509)
Hash 8f30986f13814d3f58c460bb34d4b763
168f05aae7bad19d07ea6c02118c62c88d3019a7
e8f7a4823bd8b6e3b01ac9a78fab426c1a7c3bed31d965f69926149508ff8bfa
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Mon, 05 Dec 2022 23:53:15 GMT
date: Mon, 05 Dec 2022 23:53:15 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=6XEs3dKoG7U; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=QAMrw_Hs6uE; Domain=.youtube.com; Expires=Sat, 03-Jun-2023 23:53:15 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+145; expires=Wed, 04-Dec-2024 23:53:15 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
soldierreproduceadmiration.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 soldierreproduceadmiration.com/pixel/sbs?c=1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=51770f2b-2752-4924-94af-3f73466c1ec3:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 23:53:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
soldierreproduceadmiration.com/impr.gif?sid=H4sIAAAAAAAC%2F4xXTYgsWVbO6m4VGQSVWSgqFFO%2BQtGsirw34kZmN8Uj%2Fn%2Fujf%2F%2F2BQZGZFVUZWZkS8iMrOqRGicQQZBeYrg4Kar7%2BvXPTMOzowuXIn6nht5IPhcyGuwXenGTcPArKWqX0%2FPuJpLxL3ncCKI891zPr64f%2Fj%2B5pMBQzfTV67V3NSLxfSYO2L2fyupV2Wz6%2FbtcH%2FEHDHv7Cf1CrHv7F%2FdTe327RHDHTG%2Fva9Vs8vmGDAjhhkxo321bqt5c3V8H6X1%2BjuT0dGEOWLB0Yhj6VX7k3632aPddI%2BW208Gv0zr8uXPnP%2FL92k9e0ZXy%2B%2FJVXfZN%2BvfVZabxbRvWrotP4pWl6tmt6LLL8x5u0fnq49eP02b7uVg8I03aLP66DUC2mw%2FuENAi%2FrlYO8%2FRrRYffQ6TVpsn36WabGg1YoW5ZfobvuMVotntJ4%2Bo7Pmq7Qu%2F21A6ayktkNXyw%2Ftpt1Nrz%2BLTu%2BiLwdv%2FfAHtN69HLz1n1%2Bmq%2BVfi4v6aj9oFpu%2BblYdvZrf0vrqGa3PntH15jntb%2FZovXtOZ%2F0f0Lr818HxDwldLT9wukVD6%2FLVb3IjnmfmoBgCngNDdgLY4YSdzodwzkMWodmomsH7LarrZ7SeP6OL6jGddnt0c3fXe3Qz36Ob9R5dlq%2F2p9xkzjD8vJhDOGZnsxmEsxk3RiVXQnY8Z%2BhmdofhMe3Xj%2Bls8ZjO2nfpun2XXtaPabv5R9qd39Ku3KNdP6Db8pbuqgHddQO6mw7orh7QXT%2Bgu%2B3t03LRge72w3LRbYrR6xW8XuHtk6Y%2Fe3%2F6tOnPqtXg%2FfUng1%2B627i9X%2Fz2l%2Bll9Wp%2Fzo25OeJmaIa4EYDFhCtLZlJUELBlBYuCdvUtrbs37mHe1C8Hb%2F7%2B%2F9J1%2FXLwhnhMi%2Blz2i2e01n9FTrd%2FAad7p7wgKHT8yfsmKE3qw%2Brq%2BqobmjZ3NJ1%2Fxbtr%2FfeX3wy%2BNX70h3TX6DV7MXDF9%2F8m%2BNff%2FgWnbW3dN3e0ov6nwf0bPH1J36zG3zgN7tu8H1n3dfL%2BmZ6V9agn%2FbV4Nu4ut41bWnI3eNvCbO7wJ35nbDqejJdlfXqrBv8lViXZdWqTTurBn9vdElVuJvuXNy0q82auJJqLNdt1XV1s3pGp%2FXLweC%2Fr%2Bmsfjn4uR%2F8033L%2Fso7n9K6fU7bzcdv%2FM9536%2B7t4%2BP4aPp%2BmjWLI%2FrVVldHa3P1w8vq%2BsTdL0G87pmRvUOjcYcV8BHu8N5VZV1eVKNJ9xhtynq8mTEj9EEQnC42dTlyXg8qVhYTobTimeHLMczw3E1mgxnaFxMZvM5w0zYw2p9YmCLl0xIFE3gVM%2FDgSZxFnBDHVh6nPCGZiBks4aLNd5MPBQ4VpBYtpNqsullgRhEQFU9lCesaokp5FBuakmuKlYseAgLZsipeZJBjZgRREJqRKFpZWrI5hGBiiMDRcuMREvthIihrxkgz2Xi5jgyQsdQfduSXDMGiqFLrpyDJAgUN9eAwUkJl4iq4skmFkw1dxJPU2SZF6GgpVosizYSklz00xwrhiTaUMBIM1NHkC3dVVWXjUWNKDaXWHEYZXwWIM4W44QA0QEqJkRjc1P0DcvLkpBT2RBg2fFVwIeib2CPBFlCCJRZiY9cRzWQkSFR42AeRnzkK7ZmZglASqxkgSxavh14xJejEGke78i5adouiiUL20T0YlXOM1u0WQfEGut4YWgYuZbFueXnUZqoJiJG6trIjC0MAs%2FzLA%2BlxMa%2Baug6p%2BccFFlXjSUdC05ou8APZaxi10ojHgRYz4BGsljWZMGUBBGLZphmgStLnCnFGBoQYzPR9Nh2YCTxsexaJJZVKNtRIEeRbeZiJLIOiSNPNURH90ROw6zlYjvMBVGQjTBRkJKJumH4HB8SX8wS6CRGZmOQ2nlgGazgpGJAeN94AGW63Lx4%2BHvvfePvfu2PbmndPKOz9de%2Be3AgK4HkG25oOPbBwauvBJfXq3K%2FrM72nz%2Fdnz9%2Fur%2BtFpfNsuuLZrXpPn3vz7733YMDIviacmpYgqYcHHz8JvmcQNXmqGxmfdOum64%2FWlX98bLq23rWHXfTbXVUL88eVttq1Z%2F07XR2WZWn9Y9o2h0WdTmsy5MtGI4Qz4AxCyfshOeH%2FBABHg1HI34MwHg45dgpy%2FPscMQz7JCFxXgImGo8RKMxOyonMwYC7nDd1rPqhDmsl2cn98k9gMIDoD4A6v2Xj%2B7nenXWt9P5vLnj%2FAOgrjfd%2BQOg1ssHUJ1u%2BvMHUF7foA0%2FfgDQ7AGUN8nFfBQwm1NRmbZVLycqnzyyBVGyVjhrYl7gr0esw6TX5zfKvNcuhzHwz53x6fq6Whv25brue8dbp3xQoqRNQ%2BNiZVlWaWYJy7Bj58ptljen2GJLpcUaxKQPJdkNmYtrVsZDYcwmnnCFN3o6u5pMFnW72pIl8LWgkcazyVmvcMWGFS%2BsrJkqxJ%2FwkG1mUetzoRlemV0wHysNR%2FRJb%2BveNprZrTmsb3DO3QzTHkAt8ZRm8ijOb3SHGRf9btsspo8YRducsmgzCdn6BsOLYhwNgRQu4918NBWC2SIUL2bhwpA29jpwb66mV0tzVGbnwC84ft21y9KYx7m0k5RHliCcjr3mEQQZuwsvySQP7LV84%2BUkDXFRTS4uzbnhzACbmt6FkY05RUUXo4vhom2XzvRaJIopy9WqlNOW65sOXU%2F90F1c9bkljVZE3dYJHIJdYwaPwvnF7MKE01Ie59flaXCWX3Dn3tgKJ1dBWeWrqYQeWd15MVMnFtgYKVsVF2a6KDqRX%2FEb5uZaALvVcHva5Xnkh7PTbXXKSVfO9dlEzeSlhE45mJ1JS%2B%2Bs20pMyobh9Vk33pbzU3l7%2FQicGfmZdjNGhDstF5PryaZMdkWBG%2BbGuM6S2r7SbXY3fXRujjI0dMFkESvpPL4K9fXyYstDFzJn3zw4MKQ7Ln78s7%2FzOa8%2Bb9ejanNUNEXRtPc9e9z2xfG9EP2IRg9%2FevHpTkbM6LA8GbHgJ9Ss7U9%2BnIDosCtOmCMGAoYdjXjEHZb3Psey%2FP9Xvr65rMuT1WaxONy0i5PAddnQYTkoCDqRXYF3BRiIKorMFOPMcyGODDXQQc5zsudp2CZsHkm2ErkGCgPDyWMkRCZPODVUJNnhCBtiEUs6cTUS24arRTrAQE1IGMqmy7qib%2FA2CYgmW9DyFZSyYkZMPicpVlwvzyPIuknomYGtxshPIjYLOJJrKDBSRAwldcJMs3OBtxxbMrHCE2J6lpAKxFRjoClIhIrKY94ACathjMU0jMRE02xL8OLcl3glE4kBMzm2E%2BJxFrTZSApxGrN6KlpBwEm%2Bm4lAlDQXE10zHZgpvq5gRUGS5mZZqgS2lmiKJSZYsEjmAKL6uZpjJfDdICCE912flxJVE0kcpHJMco6TREXCCuQCH8BES0PetgLBkH1OE43Q9c2E1aTUzwTPsEzdSLU0UgNe1qPM8pHu5zAPlQCG0GEJL9rAjPg0Dgi0AAx0Iht5psiR6ecgDxDiXTfyfT1XCat6OstLUo5lD3KWoLkaMWCMBdv1xFDFpi8iTtEdJ9TMOLCIk4SIizQbQNGGmeZgbMeiEEPPsJTUJcQ2JRzHhFiyGsacEiQ4FHSXQ5xCBFGEgZ9yQkw0gY38DBlsYEAJJ7rrG1kg2JnM67niE9MMEi32Qtc0VU4iTsqpQDZVYhM2k1jF5omr%2BZGsR7okpoGNbC%2FT3dCIIlWKeMV2pNxCuQKyPFQEQRUdSc5cR4pFwCeelsl%2B6OWhqws5JwSCaScpQAlxkjggJjZ1J0FxqoeKZWoaxoKgO0LqIyszjDQSDVe0fCTZWFAEW%2BSDSEcGH4qpq6fQ5x0W6ZKXC3yOpdw3s9jgFJO1YlsBOA74VJMUTvZ0xPucDDPPd3FiJppsKqGbi6yTcSFGqqQJkWvnUIqBaklG7lqCKnEqiywXyT5va7GuxlIa%2BXooKT6fhn6GdE%2FGppiHSDGgwfKhrfBiBlUkmDyKk4RT3MhHrC67iqw4TsQaCUlzTxbjzBRlwgEvjGLD1YI8SqU4hb6UIS%2FBBOiA82wr5DXOkKyEwEjHnByEpiZnuspjzTOxhBzZ8Ezgs2yQWZqbh2JkYj3TQIRdW8pVk3NUJdVxHgc%2BUfwIZ0YmBySUCLBkZOcp8VJfQSoKNU7EruMGrsyqumGhgM8IlCXg2EZgxZYa41QyogCmnK1KqcFGvIWwZnqumHOIRCKMQ1tN2VAFMjbMmHNNLPp67uZxbkQIpIHmAJyHUWBJKOfEALlASogpYiGKI99zUQwUMTNzkEeK76eK6uWSl%2BtQVFI%2F55wMASfEpoU82Q4NqDh5ZriOJXI5yVQjNyyADdEOPE9R%2FRBmbux5AJu%2BaosSiRMvyzM90RPbQw%2Bg%2FNl1WJ%2BMxyVTlIebEx6Npsz4cFqefOvgIDRCohwcvDr%2B9L0%2FfxrWZVdUZ2216qp%2Bv68XxaZ8e3%2FEMMy%2B7eD9edPe%2F%2BR9%2Bt5fvku79YvB60G7ZkDbxRd%2Bsd6ju83tkxYULx7env3tTfEPP08X9cvB219CdFG9ePgXf%2Bz81ztlTqfFLe2qH3vxC%2Fv97uv0rN2j0%2F6rdLW8pdv2lm4Xt3S6eEy7zZtP%2BnX74uG%2Fw%2FtBi8Xek2LR7n1QLNrFn352muzqV%2FvciK3GxZiflWVRzcoRD%2BAYMgwoS5afVKMJ7buXsz%2F52uX%2FAQAA%2F%2F8BAAD%2F%2F%2Bn%2FR697EQAA
200 OK 7 B URL HTTP/1.1 soldierreproduceadmiration.com/impr.gif?sid=H4sIAAAAAAAC%2F4xXTYgsWVbO6m4VGQSVWSgqFFO%2BQtGsirw34kZmN8Uj%2Fn%2Fujf%2F%2F2BQZGZFVUZWZkS8iMrOqRGicQQZBeYrg4Kar7%2BvXPTMOzowuXIn6nht5IPhcyGuwXenGTcPArKWqX0%2FPuJpLxL3ncCKI891zPr64f%2Fj%2B5pMBQzfTV67V3NSLxfSYO2L2fyupV2Wz6%2FbtcH%2FEHDHv7Cf1CrHv7F%2FdTe327RHDHTG%2Fva9Vs8vmGDAjhhkxo321bqt5c3V8H6X1%2BjuT0dGEOWLB0Yhj6VX7k3632aPddI%2BW208Gv0zr8uXPnP%2FL92k9e0ZXy%2B%2FJVXfZN%2BvfVZabxbRvWrotP4pWl6tmt6LLL8x5u0fnq49eP02b7uVg8I03aLP66DUC2mw%2FuENAi%2FrlYO8%2FRrRYffQ6TVpsn36WabGg1YoW5ZfobvuMVotntJ4%2Bo7Pmq7Qu%2F21A6ayktkNXyw%2Ftpt1Nrz%2BLTu%2BiLwdv%2FfAHtN69HLz1n1%2Bmq%2BVfi4v6aj9oFpu%2BblYdvZrf0vrqGa3PntH15jntb%2FZovXtOZ%2F0f0Lr818HxDwldLT9wukVD6%2FLVb3IjnmfmoBgCngNDdgLY4YSdzodwzkMWodmomsH7LarrZ7SeP6OL6jGddnt0c3fXe3Qz36Ob9R5dlq%2F2p9xkzjD8vJhDOGZnsxmEsxk3RiVXQnY8Z%2BhmdofhMe3Xj%2Bls8ZjO2nfpun2XXtaPabv5R9qd39Ku3KNdP6Db8pbuqgHddQO6mw7orh7QXT%2Bgu%2B3t03LRge72w3LRbYrR6xW8XuHtk6Y%2Fe3%2F6tOnPqtXg%2FfUng1%2B627i9X%2Fz2l%2Bll9Wp%2Fzo25OeJmaIa4EYDFhCtLZlJUELBlBYuCdvUtrbs37mHe1C8Hb%2F7%2B%2F9J1%2FXLwhnhMi%2Blz2i2e01n9FTrd%2FAad7p7wgKHT8yfsmKE3qw%2Brq%2BqobmjZ3NJ1%2Fxbtr%2FfeX3wy%2BNX70h3TX6DV7MXDF9%2F8m%2BNff%2FgWnbW3dN3e0ov6nwf0bPH1J36zG3zgN7tu8H1n3dfL%2BmZ6V9agn%2FbV4Nu4ut41bWnI3eNvCbO7wJ35nbDqejJdlfXqrBv8lViXZdWqTTurBn9vdElVuJvuXNy0q82auJJqLNdt1XV1s3pGp%2FXLweC%2Fr%2Bmsfjn4uR%2F8033L%2Fso7n9K6fU7bzcdv%2FM9536%2B7t4%2BP4aPp%2BmjWLI%2FrVVldHa3P1w8vq%2BsTdL0G87pmRvUOjcYcV8BHu8N5VZV1eVKNJ9xhtynq8mTEj9EEQnC42dTlyXg8qVhYTobTimeHLMczw3E1mgxnaFxMZvM5w0zYw2p9YmCLl0xIFE3gVM%2FDgSZxFnBDHVh6nPCGZiBks4aLNd5MPBQ4VpBYtpNqsullgRhEQFU9lCesaokp5FBuakmuKlYseAgLZsipeZJBjZgRREJqRKFpZWrI5hGBiiMDRcuMREvthIihrxkgz2Xi5jgyQsdQfduSXDMGiqFLrpyDJAgUN9eAwUkJl4iq4skmFkw1dxJPU2SZF6GgpVosizYSklz00xwrhiTaUMBIM1NHkC3dVVWXjUWNKDaXWHEYZXwWIM4W44QA0QEqJkRjc1P0DcvLkpBT2RBg2fFVwIeib2CPBFlCCJRZiY9cRzWQkSFR42AeRnzkK7ZmZglASqxkgSxavh14xJejEGke78i5adouiiUL20T0YlXOM1u0WQfEGut4YWgYuZbFueXnUZqoJiJG6trIjC0MAs%2FzLA%2BlxMa%2Baug6p%2BccFFlXjSUdC05ou8APZaxi10ojHgRYz4BGsljWZMGUBBGLZphmgStLnCnFGBoQYzPR9Nh2YCTxsexaJJZVKNtRIEeRbeZiJLIOiSNPNURH90ROw6zlYjvMBVGQjTBRkJKJumH4HB8SX8wS6CRGZmOQ2nlgGazgpGJAeN94AGW63Lx4%2BHvvfePvfu2PbmndPKOz9de%2Be3AgK4HkG25oOPbBwauvBJfXq3K%2FrM72nz%2Fdnz9%2Fur%2BtFpfNsuuLZrXpPn3vz7733YMDIviacmpYgqYcHHz8JvmcQNXmqGxmfdOum64%2FWlX98bLq23rWHXfTbXVUL88eVttq1Z%2F07XR2WZWn9Y9o2h0WdTmsy5MtGI4Qz4AxCyfshOeH%2FBABHg1HI34MwHg45dgpy%2FPscMQz7JCFxXgImGo8RKMxOyonMwYC7nDd1rPqhDmsl2cn98k9gMIDoD4A6v2Xj%2B7nenXWt9P5vLnj%2FAOgrjfd%2BQOg1ssHUJ1u%2BvMHUF7foA0%2FfgDQ7AGUN8nFfBQwm1NRmbZVLycqnzyyBVGyVjhrYl7gr0esw6TX5zfKvNcuhzHwz53x6fq6Whv25brue8dbp3xQoqRNQ%2BNiZVlWaWYJy7Bj58ptljen2GJLpcUaxKQPJdkNmYtrVsZDYcwmnnCFN3o6u5pMFnW72pIl8LWgkcazyVmvcMWGFS%2BsrJkqxJ%2FwkG1mUetzoRlemV0wHysNR%2FRJb%2BveNprZrTmsb3DO3QzTHkAt8ZRm8ijOb3SHGRf9btsspo8YRducsmgzCdn6BsOLYhwNgRQu4918NBWC2SIUL2bhwpA29jpwb66mV0tzVGbnwC84ft21y9KYx7m0k5RHliCcjr3mEQQZuwsvySQP7LV84%2BUkDXFRTS4uzbnhzACbmt6FkY05RUUXo4vhom2XzvRaJIopy9WqlNOW65sOXU%2F90F1c9bkljVZE3dYJHIJdYwaPwvnF7MKE01Ie59flaXCWX3Dn3tgKJ1dBWeWrqYQeWd15MVMnFtgYKVsVF2a6KDqRX%2FEb5uZaALvVcHva5Xnkh7PTbXXKSVfO9dlEzeSlhE45mJ1JS%2B%2Bs20pMyobh9Vk33pbzU3l7%2FQicGfmZdjNGhDstF5PryaZMdkWBG%2BbGuM6S2r7SbXY3fXRujjI0dMFkESvpPL4K9fXyYstDFzJn3zw4MKQ7Ln78s7%2FzOa8%2Bb9ejanNUNEXRtPc9e9z2xfG9EP2IRg9%2FevHpTkbM6LA8GbHgJ9Ss7U9%2BnIDosCtOmCMGAoYdjXjEHZb3Psey%2FP9Xvr65rMuT1WaxONy0i5PAddnQYTkoCDqRXYF3BRiIKorMFOPMcyGODDXQQc5zsudp2CZsHkm2ErkGCgPDyWMkRCZPODVUJNnhCBtiEUs6cTUS24arRTrAQE1IGMqmy7qib%2FA2CYgmW9DyFZSyYkZMPicpVlwvzyPIuknomYGtxshPIjYLOJJrKDBSRAwldcJMs3OBtxxbMrHCE2J6lpAKxFRjoClIhIrKY94ACathjMU0jMRE02xL8OLcl3glE4kBMzm2E%2BJxFrTZSApxGrN6KlpBwEm%2Bm4lAlDQXE10zHZgpvq5gRUGS5mZZqgS2lmiKJSZYsEjmAKL6uZpjJfDdICCE912flxJVE0kcpHJMco6TREXCCuQCH8BES0PetgLBkH1OE43Q9c2E1aTUzwTPsEzdSLU0UgNe1qPM8pHu5zAPlQCG0GEJL9rAjPg0Dgi0AAx0Iht5psiR6ecgDxDiXTfyfT1XCat6OstLUo5lD3KWoLkaMWCMBdv1xFDFpi8iTtEdJ9TMOLCIk4SIizQbQNGGmeZgbMeiEEPPsJTUJcQ2JRzHhFiyGsacEiQ4FHSXQ5xCBFGEgZ9yQkw0gY38DBlsYEAJJ7rrG1kg2JnM67niE9MMEi32Qtc0VU4iTsqpQDZVYhM2k1jF5omr%2BZGsR7okpoGNbC%2FT3dCIIlWKeMV2pNxCuQKyPFQEQRUdSc5cR4pFwCeelsl%2B6OWhqws5JwSCaScpQAlxkjggJjZ1J0FxqoeKZWoaxoKgO0LqIyszjDQSDVe0fCTZWFAEW%2BSDSEcGH4qpq6fQ5x0W6ZKXC3yOpdw3s9jgFJO1YlsBOA74VJMUTvZ0xPucDDPPd3FiJppsKqGbi6yTcSFGqqQJkWvnUIqBaklG7lqCKnEqiywXyT5va7GuxlIa%2BXooKT6fhn6GdE%2FGppiHSDGgwfKhrfBiBlUkmDyKk4RT3MhHrC67iqw4TsQaCUlzTxbjzBRlwgEvjGLD1YI8SqU4hb6UIS%2FBBOiA82wr5DXOkKyEwEjHnByEpiZnuspjzTOxhBzZ8Ezgs2yQWZqbh2JkYj3TQIRdW8pVk3NUJdVxHgc%2BUfwIZ0YmBySUCLBkZOcp8VJfQSoKNU7EruMGrsyqumGhgM8IlCXg2EZgxZYa41QyogCmnK1KqcFGvIWwZnqumHOIRCKMQ1tN2VAFMjbMmHNNLPp67uZxbkQIpIHmAJyHUWBJKOfEALlASogpYiGKI99zUQwUMTNzkEeK76eK6uWSl%2BtQVFI%2F55wMASfEpoU82Q4NqDh5ZriOJXI5yVQjNyyADdEOPE9R%2FRBmbux5AJu%2BaosSiRMvyzM90RPbQw%2Bg%2FNl1WJ%2BMxyVTlIebEx6Npsz4cFqefOvgIDRCohwcvDr%2B9L0%2FfxrWZVdUZ2216qp%2Bv68XxaZ8e3%2FEMMy%2B7eD9edPe%2F%2BR9%2Bt5fvku79YvB60G7ZkDbxRd%2Bsd6ju83tkxYULx7env3tTfEPP08X9cvB219CdFG9ePgXf%2Bz81ztlTqfFLe2qH3vxC%2Fv97uv0rN2j0%2F6rdLW8pdv2lm4Xt3S6eEy7zZtP%2BnX74uG%2Fw%2FtBi8Xek2LR7n1QLNrFn352muzqV%2FvciK3GxZiflWVRzcoRD%2BAYMgwoS5afVKMJ7buXsz%2F52uX%2FAQAA%2F%2F8BAAD%2F%2F%2Bn%2FR697EQAA
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F4xXTYgsWVbO6m4VGQSVWSgqFFO%2BQtGsirw34kZmN8Uj%2Fn%2Fujf%2F%2F2BQZGZFVUZWZkS8iMrOqRGicQQZBeYrg4Kar7%2BvXPTMOzowuXIn6nht5IPhcyGuwXenGTcPArKWqX0%2FPuJpLxL3ncCKI891zPr64f%2Fj%2B5pMBQzfTV67V3NSLxfSYO2L2fyupV2Wz6%2FbtcH%2FEHDHv7Cf1CrHv7F%2FdTe327RHDHTG%2Fva9Vs8vmGDAjhhkxo321bqt5c3V8H6X1%2BjuT0dGEOWLB0Yhj6VX7k3632aPddI%2BW208Gv0zr8uXPnP%2FL92k9e0ZXy%2B%2FJVXfZN%2BvfVZabxbRvWrotP4pWl6tmt6LLL8x5u0fnq49eP02b7uVg8I03aLP66DUC2mw%2FuENAi%2FrlYO8%2FRrRYffQ6TVpsn36WabGg1YoW5ZfobvuMVotntJ4%2Bo7Pmq7Qu%2F21A6ayktkNXyw%2Ftpt1Nrz%2BLTu%2BiLwdv%2FfAHtN69HLz1n1%2Bmq%2BVfi4v6aj9oFpu%2BblYdvZrf0vrqGa3PntH15jntb%2FZovXtOZ%2F0f0Lr818HxDwldLT9wukVD6%2FLVb3IjnmfmoBgCngNDdgLY4YSdzodwzkMWodmomsH7LarrZ7SeP6OL6jGddnt0c3fXe3Qz36Ob9R5dlq%2F2p9xkzjD8vJhDOGZnsxmEsxk3RiVXQnY8Z%2BhmdofhMe3Xj%2Bls8ZjO2nfpun2XXtaPabv5R9qd39Ku3KNdP6Db8pbuqgHddQO6mw7orh7QXT%2Bgu%2B3t03LRge72w3LRbYrR6xW8XuHtk6Y%2Fe3%2F6tOnPqtXg%2FfUng1%2B627i9X%2Fz2l%2Bll9Wp%2Fzo25OeJmaIa4EYDFhCtLZlJUELBlBYuCdvUtrbs37mHe1C8Hb%2F7%2B%2F9J1%2FXLwhnhMi%2Blz2i2e01n9FTrd%2FAad7p7wgKHT8yfsmKE3qw%2Brq%2BqobmjZ3NJ1%2Fxbtr%2FfeX3wy%2BNX70h3TX6DV7MXDF9%2F8m%2BNff%2FgWnbW3dN3e0ov6nwf0bPH1J36zG3zgN7tu8H1n3dfL%2BmZ6V9agn%2FbV4Nu4ut41bWnI3eNvCbO7wJ35nbDqejJdlfXqrBv8lViXZdWqTTurBn9vdElVuJvuXNy0q82auJJqLNdt1XV1s3pGp%2FXLweC%2Fr%2Bmsfjn4uR%2F8033L%2Fso7n9K6fU7bzcdv%2FM9536%2B7t4%2BP4aPp%2BmjWLI%2FrVVldHa3P1w8vq%2BsTdL0G87pmRvUOjcYcV8BHu8N5VZV1eVKNJ9xhtynq8mTEj9EEQnC42dTlyXg8qVhYTobTimeHLMczw3E1mgxnaFxMZvM5w0zYw2p9YmCLl0xIFE3gVM%2FDgSZxFnBDHVh6nPCGZiBks4aLNd5MPBQ4VpBYtpNqsullgRhEQFU9lCesaokp5FBuakmuKlYseAgLZsipeZJBjZgRREJqRKFpZWrI5hGBiiMDRcuMREvthIihrxkgz2Xi5jgyQsdQfduSXDMGiqFLrpyDJAgUN9eAwUkJl4iq4skmFkw1dxJPU2SZF6GgpVosizYSklz00xwrhiTaUMBIM1NHkC3dVVWXjUWNKDaXWHEYZXwWIM4W44QA0QEqJkRjc1P0DcvLkpBT2RBg2fFVwIeib2CPBFlCCJRZiY9cRzWQkSFR42AeRnzkK7ZmZglASqxkgSxavh14xJejEGke78i5adouiiUL20T0YlXOM1u0WQfEGut4YWgYuZbFueXnUZqoJiJG6trIjC0MAs%2FzLA%2BlxMa%2Baug6p%2BccFFlXjSUdC05ou8APZaxi10ojHgRYz4BGsljWZMGUBBGLZphmgStLnCnFGBoQYzPR9Nh2YCTxsexaJJZVKNtRIEeRbeZiJLIOiSNPNURH90ROw6zlYjvMBVGQjTBRkJKJumH4HB8SX8wS6CRGZmOQ2nlgGazgpGJAeN94AGW63Lx4%2BHvvfePvfu2PbmndPKOz9de%2Be3AgK4HkG25oOPbBwauvBJfXq3K%2FrM72nz%2Fdnz9%2Fur%2BtFpfNsuuLZrXpPn3vz7733YMDIviacmpYgqYcHHz8JvmcQNXmqGxmfdOum64%2FWlX98bLq23rWHXfTbXVUL88eVttq1Z%2F07XR2WZWn9Y9o2h0WdTmsy5MtGI4Qz4AxCyfshOeH%2FBABHg1HI34MwHg45dgpy%2FPscMQz7JCFxXgImGo8RKMxOyonMwYC7nDd1rPqhDmsl2cn98k9gMIDoD4A6v2Xj%2B7nenXWt9P5vLnj%2FAOgrjfd%2BQOg1ssHUJ1u%2BvMHUF7foA0%2FfgDQ7AGUN8nFfBQwm1NRmbZVLycqnzyyBVGyVjhrYl7gr0esw6TX5zfKvNcuhzHwz53x6fq6Whv25brue8dbp3xQoqRNQ%2BNiZVlWaWYJy7Bj58ptljen2GJLpcUaxKQPJdkNmYtrVsZDYcwmnnCFN3o6u5pMFnW72pIl8LWgkcazyVmvcMWGFS%2BsrJkqxJ%2FwkG1mUetzoRlemV0wHysNR%2FRJb%2BveNprZrTmsb3DO3QzTHkAt8ZRm8ijOb3SHGRf9btsspo8YRducsmgzCdn6BsOLYhwNgRQu4918NBWC2SIUL2bhwpA29jpwb66mV0tzVGbnwC84ft21y9KYx7m0k5RHliCcjr3mEQQZuwsvySQP7LV84%2BUkDXFRTS4uzbnhzACbmt6FkY05RUUXo4vhom2XzvRaJIopy9WqlNOW65sOXU%2F90F1c9bkljVZE3dYJHIJdYwaPwvnF7MKE01Ie59flaXCWX3Dn3tgKJ1dBWeWrqYQeWd15MVMnFtgYKVsVF2a6KDqRX%2FEb5uZaALvVcHva5Xnkh7PTbXXKSVfO9dlEzeSlhE45mJ1JS%2B%2Bs20pMyobh9Vk33pbzU3l7%2FQicGfmZdjNGhDstF5PryaZMdkWBG%2BbGuM6S2r7SbXY3fXRujjI0dMFkESvpPL4K9fXyYstDFzJn3zw4MKQ7Ln78s7%2FzOa8%2Bb9ejanNUNEXRtPc9e9z2xfG9EP2IRg9%2FevHpTkbM6LA8GbHgJ9Ss7U9%2BnIDosCtOmCMGAoYdjXjEHZb3Psey%2FP9Xvr65rMuT1WaxONy0i5PAddnQYTkoCDqRXYF3BRiIKorMFOPMcyGODDXQQc5zsudp2CZsHkm2ErkGCgPDyWMkRCZPODVUJNnhCBtiEUs6cTUS24arRTrAQE1IGMqmy7qib%2FA2CYgmW9DyFZSyYkZMPicpVlwvzyPIuknomYGtxshPIjYLOJJrKDBSRAwldcJMs3OBtxxbMrHCE2J6lpAKxFRjoClIhIrKY94ACathjMU0jMRE02xL8OLcl3glE4kBMzm2E%2BJxFrTZSApxGrN6KlpBwEm%2Bm4lAlDQXE10zHZgpvq5gRUGS5mZZqgS2lmiKJSZYsEjmAKL6uZpjJfDdICCE912flxJVE0kcpHJMco6TREXCCuQCH8BES0PetgLBkH1OE43Q9c2E1aTUzwTPsEzdSLU0UgNe1qPM8pHu5zAPlQCG0GEJL9rAjPg0Dgi0AAx0Iht5psiR6ecgDxDiXTfyfT1XCat6OstLUo5lD3KWoLkaMWCMBdv1xFDFpi8iTtEdJ9TMOLCIk4SIizQbQNGGmeZgbMeiEEPPsJTUJcQ2JRzHhFiyGsacEiQ4FHSXQ5xCBFGEgZ9yQkw0gY38DBlsYEAJJ7rrG1kg2JnM67niE9MMEi32Qtc0VU4iTsqpQDZVYhM2k1jF5omr%2BZGsR7okpoGNbC%2FT3dCIIlWKeMV2pNxCuQKyPFQEQRUdSc5cR4pFwCeelsl%2B6OWhqws5JwSCaScpQAlxkjggJjZ1J0FxqoeKZWoaxoKgO0LqIyszjDQSDVe0fCTZWFAEW%2BSDSEcGH4qpq6fQ5x0W6ZKXC3yOpdw3s9jgFJO1YlsBOA74VJMUTvZ0xPucDDPPd3FiJppsKqGbi6yTcSFGqqQJkWvnUIqBaklG7lqCKnEqiywXyT5va7GuxlIa%2BXooKT6fhn6GdE%2FGppiHSDGgwfKhrfBiBlUkmDyKk4RT3MhHrC67iqw4TsQaCUlzTxbjzBRlwgEvjGLD1YI8SqU4hb6UIS%2FBBOiA82wr5DXOkKyEwEjHnByEpiZnuspjzTOxhBzZ8Ezgs2yQWZqbh2JkYj3TQIRdW8pVk3NUJdVxHgc%2BUfwIZ0YmBySUCLBkZOcp8VJfQSoKNU7EruMGrsyqumGhgM8IlCXg2EZgxZYa41QyogCmnK1KqcFGvIWwZnqumHOIRCKMQ1tN2VAFMjbMmHNNLPp67uZxbkQIpIHmAJyHUWBJKOfEALlASogpYiGKI99zUQwUMTNzkEeK76eK6uWSl%2BtQVFI%2F55wMASfEpoU82Q4NqDh5ZriOJXI5yVQjNyyADdEOPE9R%2FRBmbux5AJu%2BaosSiRMvyzM90RPbQw%2Bg%2FNl1WJ%2BMxyVTlIebEx6Npsz4cFqefOvgIDRCohwcvDr%2B9L0%2FfxrWZVdUZ2216qp%2Bv68XxaZ8e3%2FEMMy%2B7eD9edPe%2F%2BR9%2Bt5fvku79YvB60G7ZkDbxRd%2Bsd6ju83tkxYULx7env3tTfEPP08X9cvB219CdFG9ePgXf%2Bz81ztlTqfFLe2qH3vxC%2Fv97uv0rN2j0%2F6rdLW8pdv2lm4Xt3S6eEy7zZtP%2BnX74uG%2Fw%2FtBi8Xek2LR7n1QLNrFn352muzqV%2FvciK3GxZiflWVRzcoRD%2BAYMgwoS5afVKMJ7buXsz%2F52uX%2FAQAA%2F%2F8BAAD%2F%2F%2Bn%2FR697EQAA HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=51770f2b-2752-4924-94af-3f73466c1ec3:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 23:53:16 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f84d9ea6f1080f610233170b2830fd06
Strict-Transport-Security: max-age=0; includeSubdomains
adservice.google.com/adsid/integrator.js?domain=exee.app
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 05 Dec 2022 23:53:16 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 6f893b514649109a95e0a5a296c9d21f
cdcf062ccd27731f447c794459fb283d185dd2da
8ae5c6a97e5ca5051bee79bde5348ed85c2304e3f9cf6c431bea1458f6317d06
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 23:53:16 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 12:04:39 GMT
Expires: Sun, 11 Dec 2022 12:04:38 GMT
Etag: "cdcf062ccd27731f447c794459fb283d185dd2da"
Cache-Control: max-age=475281,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7750b3470e03b512-OSL
analytics.vdo.ai/logger
200 OK 36 B IP
Hash 8dec466e6e1e645dd15540750bad4166
da0e92c43a485b6bc23a7fddaf08d813979b4874
00de493647476f63fcd50025565bfe88a05e325b1dc084469c3d69013836ada2
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 177
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:15 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GJ4KkgDGWNkWbPCK7CxzV34rZhL3qrJYJ8PXx5x%2Fq9lWLiV1k%2Bmc%2FXacqPgBYf3vNUCwNYhTXcx00uWNPX9U%2FVuQtVCAlhI71mJ2NiUNLDTTrht9qG3%2FXrY5OHA35Btwn5W8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7750b340491b888f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
206 Partial Content 454 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP
Size 454 kB (453832 bytes)
Hash b2fa66eb6fbe5a86875597aafd72688e
3f3ffb07d91b34dcbaa886bbbb50c59ab33767c8
f2985ff1aa24da33cb50632ba0daed5632c90cd761f6a53c56084988c4ae4cc2
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-453831
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.16.1
Date: Mon, 05 Dec 2022 23:53:16 GMT
Content-Type: video/mp2t
Content-Length: 453832
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Connection: keep-alive
ETag: "62e47d37-cce09a8"
Expires: Tue, 05 Dec 2023 23:53:16 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-453831/214829480
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b4c9bc834e851e84ac0f779a505ac0c6
f9746f1a2d68290ba8ba920ec78ecf1602f11eac
a3d9e104fbe02e14a43829a34689265973087658cbb9e7430ab03ed257b6e83f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
track.trackingtraffo.com/push/ic?auth=pz6u78&c=rnZAGydQ68zG7tB6-5Klx7JhtXOagjPsPjoMUWw9ro5zU3kS2KcDkoiEZT16mqG8A0UMxZhq3io5kygEg5tLrkZ3-uaZne9Ly0ZAd8n0a9IXuI5pRudqreuZ6bgTPjjScZOg0PNleOaSperNsE4Up6sSwT0rnzpHyy-4qQ7OkQAJ4c3A9VFadicmF7NzJ-p40-RWwiE0pfSCELpccdFEoO3fxw4LhQNhFvNgemKKnkKlc6peldX8K2EKWvtsnZE7FtD3sdwV369qh4GJwxI8iHV-LFTgZveIGjS5ao4KnF_ldG6S8nmiBvNe0BY3AiM8zfQ_kQxjcV-nlwC-bxrWJLOao3YMnd_F-VS0V4m8GWM8_anNwfwKQrgXFWaanLnZoxoClstzrpv2OZvdLLTZBJ8WMtk1N094s0sWzN2ewarV27lXbh0OnBxxDY-x2aWcliaYGZDbfXLgCfovCyznPrAl7JvVGeqC1CHeDOg827c1KNyF-IE6LXattD8MBpMpvty50awARrxLZtYfNhL8rrjJirkjE4DWAdjy_BfxLtYqtb0DmoFNN0K0vBiP2w50y_bPP6A1FyVEHlvwdpvzL2PPOf6b5ppsFSm8iC4H_7OPToZu
302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/push/ic?auth=pz6u78&c=rnZAGydQ68zG7tB6-5Klx7JhtXOagjPsPjoMUWw9ro5zU3kS2KcDkoiEZT16mqG8A0UMxZhq3io5kygEg5tLrkZ3-uaZne9Ly0ZAd8n0a9IXuI5pRudqreuZ6bgTPjjScZOg0PNleOaSperNsE4Up6sSwT0rnzpHyy-4qQ7OkQAJ4c3A9VFadicmF7NzJ-p40-RWwiE0pfSCELpccdFEoO3fxw4LhQNhFvNgemKKnkKlc6peldX8K2EKWvtsnZE7FtD3sdwV369qh4GJwxI8iHV-LFTgZveIGjS5ao4KnF_ldG6S8nmiBvNe0BY3AiM8zfQ_kQxjcV-nlwC-bxrWJLOao3YMnd_F-VS0V4m8GWM8_anNwfwKQrgXFWaanLnZoxoClstzrpv2OZvdLLTZBJ8WMtk1N094s0sWzN2ewarV27lXbh0OnBxxDY-x2aWcliaYGZDbfXLgCfovCyznPrAl7JvVGeqC1CHeDOg827c1KNyF-IE6LXattD8MBpMpvty50awARrxLZtYfNhL8rrjJirkjE4DWAdjy_BfxLtYqtb0DmoFNN0K0vBiP2w50y_bPP6A1FyVEHlvwdpvzL2PPOf6b5ppsFSm8iC4H_7OPToZu
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push/ic?auth=pz6u78&c=rnZAGydQ68zG7tB6-5Klx7JhtXOagjPsPjoMUWw9ro5zU3kS2KcDkoiEZT16mqG8A0UMxZhq3io5kygEg5tLrkZ3-uaZne9Ly0ZAd8n0a9IXuI5pRudqreuZ6bgTPjjScZOg0PNleOaSperNsE4Up6sSwT0rnzpHyy-4qQ7OkQAJ4c3A9VFadicmF7NzJ-p40-RWwiE0pfSCELpccdFEoO3fxw4LhQNhFvNgemKKnkKlc6peldX8K2EKWvtsnZE7FtD3sdwV369qh4GJwxI8iHV-LFTgZveIGjS5ao4KnF_ldG6S8nmiBvNe0BY3AiM8zfQ_kQxjcV-nlwC-bxrWJLOao3YMnd_F-VS0V4m8GWM8_anNwfwKQrgXFWaanLnZoxoClstzrpv2OZvdLLTZBJ8WMtk1N094s0sWzN2ewarV27lXbh0OnBxxDY-x2aWcliaYGZDbfXLgCfovCyznPrAl7JvVGeqC1CHeDOg827c1KNyF-IE6LXattD8MBpMpvty50awARrxLZtYfNhL8rrjJirkjE4DWAdjy_BfxLtYqtb0DmoFNN0K0vBiP2w50y_bPP6A1FyVEHlvwdpvzL2PPOf6b5ppsFSm8iC4H_7OPToZu HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 05 Dec 2022 23:53:16 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National Casino black.png
s0.2mdn.net/instream/video/client.js
200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Mon, 05 Dec 2022 23:53:16 GMT
expires: Mon, 05 Dec 2022 23:53:16 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b4c9bc834e851e84ac0f779a505ac0c6
f9746f1a2d68290ba8ba920ec78ecf1602f11eac
a3d9e104fbe02e14a43829a34689265973087658cbb9e7430ab03ed257b6e83f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png
200 OK 4.5 kB URL HTTP/1.1 ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png
IP
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 58be17b22d6e1178a54c92cf862c817e
b821bc2f016751647df49e49863077e927a70322
9cc4f3f40313b08baf54c956685ac7a21ac8a3573908b9763865c6f613ce1b5f
GET /creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png HTTP/1.1
Host: ads.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 05 Dec 2022 23:53:17 GMT
Content-Type: image/png
Content-Length: 4456
Last-Modified: Wed, 03 Aug 2022 08:23:15 GMT
Connection: keep-alive
ETag: "62ea3073-1168"
Accept-Ranges: bytes
pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FeUG2&tfcd=0&npa=0&correlator=1376577591990696&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FeUG2&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F7cd94ad2-08a5-471d-ab15-45ea2f10a9b3&sid=A59D3685-DAEE-40CA-AD0B-C7841B3682D1&nel=0&eid=44748969%2C44765701&dlt=1670284390614&idt=2328&dt=1670284394066&cookie_enabled=1&scor=3621966459264132&ged=ve4_td3_er0.0.0.0_vi0.0.939.1280_vp0_eb16488
200 OK 113 B URL HTTP/2 pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FeUG2&tfcd=0&npa=0&correlator=1376577591990696&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FeUG2&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F7cd94ad2-08a5-471d-ab15-45ea2f10a9b3&sid=A59D3685-DAEE-40CA-AD0B-C7841B3682D1&nel=0&eid=44748969%2C44765701&dlt=1670284390614&idt=2328&dt=1670284394066&cookie_enabled=1&scor=3621966459264132&ged=ve4_td3_er0.0.0.0_vi0.0.939.1280_vp0_eb16488
IP
File type XML 1.0 document text\012- XML document, ASCII text
Hash 9e5d36292a75aef07bdde5891b2e4a7b
8d69904b7df5e550f1884e06c139bd9661eb2917
92ffc3ec51e068750c23ae95041fd670aa4aa60ce3a5295ad27d2179d0780168
GET /gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FeUG2&tfcd=0&npa=0&correlator=1376577591990696&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FeUG2&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F7cd94ad2-08a5-471d-ab15-45ea2f10a9b3&sid=A59D3685-DAEE-40CA-AD0B-C7841B3682D1&nel=0&eid=44748969%2C44765701&dlt=1670284390614&idt=2328&dt=1670284394066&cookie_enabled=1&scor=3621966459264132&ged=ve4_td3_er0.0.0.0_vi0.0.939.1280_vp0_eb16488 HTTP/1.1
Host: pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://imasdk.googleapis.com
google-lineitem-id: -2
google-creative-id: -2
google-mediationgroup-id: -2
google-mediationtag-id: -2
date: Mon, 05 Dec 2022 23:53:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 113
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 06-Dec-2022 00:08:16 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 227de73c2950d257905eda6128f90ea9
d700e7cbc5c620f274ec53c336dba15988f046d9
306cc0e4114a9e5b3f9125f9a6fe9746e2db74d94c7991c714e6abb2de046fbc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "306CC0E4114A9E5B3F9125F9A6FE9746E2DB74D94C7991C714E6ABB2DE046FBC"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3119
Expires: Tue, 06 Dec 2022 00:45:16 GMT
Date: Mon, 05 Dec 2022 23:53:17 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=51770f2b-2752-4924-94af-3f73466c1ec3&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=51770f2b-2752-4924-94af-3f73466c1ec3&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
IP
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=51770f2b-2752-4924-94af-3f73466c1ec3&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 05 Dec 2022 23:53:17 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 967dc23e0a61790c0640053d99969821
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=51770f2b-2752-4924-94af-3f73466c1ec3&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=51770f2b-2752-4924-94af-3f73466c1ec3&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
IP
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=51770f2b-2752-4924-94af-3f73466c1ec3&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 05 Dec 2022 23:53:17 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ea7c05c4fe94afd5fc548d6623069de4
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 67e4709c84acec8eddbeb11d56e7d0fd
32a14eeba023499cda0d49fd785ac7626f4a5582
8953090ad9df36f81c3393cc6c67c87b6ad521b8806c7ea004e0b4354b9e1c92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AMLnZu9s9V3TTkRxC4wlst9BjLL4LkmCMIwah8O7Tbbk=s48-c-k-c0x00ffffff-no-rj
200 OK 1.3 kB URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu9s9V3TTkRxC4wlst9BjLL4LkmCMIwah8O7Tbbk=s48-c-k-c0x00ffffff-no-rj
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 48x48, components 3\012- data
Hash 16dd29da8e56fe47acb39120bc9abd67
1db28acae84f4ebf193d38ca5ccdcc349abf6d08
10e6e64fb5dcf0e083af750c83f039074c08fef73098de35e44e18e6b0353504
GET /ytc/AMLnZu9s9V3TTkRxC4wlst9BjLL4LkmCMIwah8O7Tbbk=s48-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 1304
x-xss-protection: 0
date: Mon, 05 Dec 2022 22:37:15 GMT
expires: Mon, 01 Aug 2022 00:47:49 GMT
cache-control: public, max-age=86400, no-transform
age: 4563
etag: "v8"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/interaction/?ai=CsFgObYSOY4uEMeO17APEspzQDOGL3Mht86Sy4O0QsJAfEAEg5fGcfmDDhICAmBigAaHQuMUDyAEFqQK3Tg22_P16PuACAKgDAZgEAKoEjgJP0BQrW7In_zIBLM0tK8u41QyDxdOfxibjLtICQlmIMcTQSBayuELUEWup5GTLMQdo6axgP7xBW8GEwCny_yNFWaoobIuNyujHKYMQnFV4lt06vmxuwVkLR2RWfhgPmKY5BSfThE6tz2J7ZAHvmXKdvGJyFigwAV2xuE979LUfWEt1wBmLkf5BKsNGZ7DH-o-GwHcS0bD5Sy4QDFrj4cQUhPBQmuy0khrra2jhCdplJVlQkVx62KUTTUx_dHRt6xHLgG5EwJG1m_0Z34noHgMRgr6-n81jdjr558M3JZDG_dqfZEVmTQXWkUYsdizy2QbTgelWYgL4h_U_EPpG9IZaswvMkh11AeaQos7c-eDABNjQ-casBOAEAYgF0ryz6kaSBQgIAxABGAFQAaAGVIAHx6_HOqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHAagIAdIIEgiI4YAQEAEYHTIDqoIBOgKAQJoJNGh0dHBzOi8vd3d3LmV1cm9wcmlzLm5vL2FydGlrbGVyL2p1bC9pbnNwaXJhc2pvbi1qdWyxCYyYrr62jEv1gAoDyAsB0AsP4AsBuAwBmg0BD9gTE9AVAZgWAfgWAYAXAQ&sigh=T3JmX2Z92cc&label=show_ad&sdkv=h.3.547.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDU3OTIxNzQyOTEwNzIMNjM2ODc3MjI0NDE5QJoCUiMQDyUAAHhCKAE6CzFXTExKN1NBZ1RRQglnb29nbGVhZHNQABgB
200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/interaction/?ai=CsFgObYSOY4uEMeO17APEspzQDOGL3Mht86Sy4O0QsJAfEAEg5fGcfmDDhICAmBigAaHQuMUDyAEFqQK3Tg22_P16PuACAKgDAZgEAKoEjgJP0BQrW7In_zIBLM0tK8u41QyDxdOfxibjLtICQlmIMcTQSBayuELUEWup5GTLMQdo6axgP7xBW8GEwCny_yNFWaoobIuNyujHKYMQnFV4lt06vmxuwVkLR2RWfhgPmKY5BSfThE6tz2J7ZAHvmXKdvGJyFigwAV2xuE979LUfWEt1wBmLkf5BKsNGZ7DH-o-GwHcS0bD5Sy4QDFrj4cQUhPBQmuy0khrra2jhCdplJVlQkVx62KUTTUx_dHRt6xHLgG5EwJG1m_0Z34noHgMRgr6-n81jdjr558M3JZDG_dqfZEVmTQXWkUYsdizy2QbTgelWYgL4h_U_EPpG9IZaswvMkh11AeaQos7c-eDABNjQ-casBOAEAYgF0ryz6kaSBQgIAxABGAFQAaAGVIAHx6_HOqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHAagIAdIIEgiI4YAQEAEYHTIDqoIBOgKAQJoJNGh0dHBzOi8vd3d3LmV1cm9wcmlzLm5vL2FydGlrbGVyL2p1bC9pbnNwaXJhc2pvbi1qdWyxCYyYrr62jEv1gAoDyAsB0AsP4AsBuAwBmg0BD9gTE9AVAZgWAfgWAYAXAQ&sigh=T3JmX2Z92cc&label=show_ad&sdkv=h.3.547.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDU3OTIxNzQyOTEwNzIMNjM2ODc3MjI0NDE5QJoCUiMQDyUAAHhCKAE6CzFXTExKN1NBZ1RRQglnb29nbGVhZHNQABgB
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/interaction/?ai=CsFgObYSOY4uEMeO17APEspzQDOGL3Mht86Sy4O0QsJAfEAEg5fGcfmDDhICAmBigAaHQuMUDyAEFqQK3Tg22_P16PuACAKgDAZgEAKoEjgJP0BQrW7In_zIBLM0tK8u41QyDxdOfxibjLtICQlmIMcTQSBayuELUEWup5GTLMQdo6axgP7xBW8GEwCny_yNFWaoobIuNyujHKYMQnFV4lt06vmxuwVkLR2RWfhgPmKY5BSfThE6tz2J7ZAHvmXKdvGJyFigwAV2xuE979LUfWEt1wBmLkf5BKsNGZ7DH-o-GwHcS0bD5Sy4QDFrj4cQUhPBQmuy0khrra2jhCdplJVlQkVx62KUTTUx_dHRt6xHLgG5EwJG1m_0Z34noHgMRgr6-n81jdjr558M3JZDG_dqfZEVmTQXWkUYsdizy2QbTgelWYgL4h_U_EPpG9IZaswvMkh11AeaQos7c-eDABNjQ-casBOAEAYgF0ryz6kaSBQgIAxABGAFQAaAGVIAHx6_HOqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHAagIAdIIEgiI4YAQEAEYHTIDqoIBOgKAQJoJNGh0dHBzOi8vd3d3LmV1cm9wcmlzLm5vL2FydGlrbGVyL2p1bC9pbnNwaXJhc2pvbi1qdWyxCYyYrr62jEv1gAoDyAsB0AsP4AsBuAwBmg0BD9gTE9AVAZgWAfgWAYAXAQ&sigh=T3JmX2Z92cc&label=show_ad&sdkv=h.3.547.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDU3OTIxNzQyOTEwNzIMNjM2ODc3MjI0NDE5QJoCUiMQDyUAAHhCKAE6CzFXTExKN1NBZ1RRQglnb29nbGVhZHNQABgB HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 23:53:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
access-control-allow-origin: *
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 06-Dec-2022 00:08:18 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 401539b959383758ab687816fba35f02
3a5641a9b835b126e134c651f2cd91409ab1537c
377a3084dcd9b08f6e56713a135483013940e2d4bba6c08235ae95daf6ca8586
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 67e4709c84acec8eddbeb11d56e7d0fd
32a14eeba023499cda0d49fd785ac7626f4a5582
8953090ad9df36f81c3393cc6c67c87b6ad521b8806c7ea004e0b4354b9e1c92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 499f433bd71933899d145f015ae2bdeb
647d225b12e832ef5b7618f45f96fbebd22a39a3
9e140ba96b4daa850690bfa5c21e0c68b0445f2402b6e10e0ba0d37a0f7bf4fa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 23:53:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1670313197&ei=bYSOY-_WO4qRv_IPgZWBsAU&ip=91.90.42.154&id=d562cb27b4808134&itag=22&source=youtube&requiressl=yes&mh=Ch&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=2&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=62.577&lmt=1670001888158713&mt=1670283907&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhAP2KJ_UL87gKrtDeF0T0XTl8db4e5aRstRiFEA4nf0WWAiBfMlAXdA8Okuz3tOSd51EsFPb5sTUQ2O8En6jztXsdAQ==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgClX7V6Zj2HWk_8zRPM97bIZaBqfB53uzytUDZemNinsCIB2QnUON0VWGPWsjEq9FE09u4QX20MCQEWWYYHmq3JUv&cpn=7cygdMVeGsdzXv7x
206 Partial Content 617 kB URL HTTP/1.1 rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1670313197&ei=bYSOY-_WO4qRv_IPgZWBsAU&ip=91.90.42.154&id=d562cb27b4808134&itag=22&source=youtube&requiressl=yes&mh=Ch&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=2&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=62.577&lmt=1670001888158713&mt=1670283907&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhAP2KJ_UL87gKrtDeF0T0XTl8db4e5aRstRiFEA4nf0WWAiBfMlAXdA8Okuz3tOSd51EsFPb5sTUQ2O8En6jztXsdAQ==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgClX7V6Zj2HWk_8zRPM97bIZaBqfB53uzytUDZemNinsCIB2QnUON0VWGPWsjEq9FE09u4QX20MCQEWWYYHmq3JUv&cpn=7cygdMVeGsdzXv7x
IP
ASN #50304 Blix Solutions AS
File type ISO Media, MP4 v2 [ISO 14496-14]\012- data
Size 617 kB (616561 bytes)
Hash 69171e47997d1fccd608abdd68f3f67e
3c47d3240e7e73246c9fdc91b4f762230bb29e83
0c74848c0572deb5be6be6cb3f1068358313ed1a8c2b1e6a775fd843ac4a94e2
GET /videoplayback?expire=1670313197&ei=bYSOY-_WO4qRv_IPgZWBsAU&ip=91.90.42.154&id=d562cb27b4808134&itag=22&source=youtube&requiressl=yes&mh=Ch&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=2&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=62.577&lmt=1670001888158713&mt=1670283907&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhAP2KJ_UL87gKrtDeF0T0XTl8db4e5aRstRiFEA4nf0WWAiBfMlAXdA8Okuz3tOSd51EsFPb5sTUQ2O8En6jztXsdAQ==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgClX7V6Zj2HWk_8zRPM97bIZaBqfB53uzytUDZemNinsCIB2QnUON0VWGPWsjEq9FE09u4QX20MCQEWWYYHmq3JUv&cpn=7cygdMVeGsdzXv7x HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Last-Modified: Fri, 02 Dec 2022 17:24:48 GMT
Content-Type: video/mp4
Date: Mon, 05 Dec 2022 23:53:18 GMT
Expires: Mon, 05 Dec 2022 23:53:18 GMT
Cache-Control: private, max-age=28499
Content-Range: bytes 0-6654687/6654688
Accept-Ranges: bytes
Content-Length: 6654688
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
csi.gstatic.com/csi?v=2&s=ima&puid=1~lbbg79vw&c=7484370786191&slotId=3742185393095.5&qqid=CMvu0aHW4_sCFeMaewodRBkHyg&gqid=bYSOY_iRL4SOiM0PgoWRiAM&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44765701&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&met.4=ghmsh_s.lbbg7bqc~ghmsh_s.lbbg7bqh&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=7cygdMVeGsdzXv7x
204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&puid=1~lbbg79vw&c=7484370786191&slotId=3742185393095.5&qqid=CMvu0aHW4_sCFeMaewodRBkHyg&gqid=bYSOY_iRL4SOiM0PgoWRiAM&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44765701&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&met.4=ghmsh_s.lbbg7bqc~ghmsh_s.lbbg7bqh&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=7cygdMVeGsdzXv7x
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&puid=1~lbbg79vw&c=7484370786191&slotId=3742185393095.5&qqid=CMvu0aHW4_sCFeMaewodRBkHyg&gqid=bYSOY_iRL4SOiM0PgoWRiAM&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44748969%2C44765701&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&met.4=ghmsh_s.lbbg7bqc~ghmsh_s.lbbg7bqh&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=7cygdMVeGsdzXv7x HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Mon, 05 Dec 2022 23:53:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lbbg797e&c=7484370786191&slotId=3742185393095.5&eee=missing-element&bi=missing-id
204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lbbg797e&c=7484370786191&slotId=3742185393095.5&eee=missing-element&bi=missing-id
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&top=1&puid=1~lbbg797e&c=7484370786191&slotId=3742185393095.5&eee=missing-element&bi=missing-id HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: *
date: Mon, 05 Dec 2022 23:53:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FeUG2&tag=v-exee-app&domain=exee.app
200 OK 0 B URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FeUG2&tag=v-exee-app&domain=exee.app
IP
GET /allowed_url.php?type=json&url=exee.app%2FeUG2&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:14 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yuE7JhuZjdvf8akWn5hI97FhB1euCAHeQaCb%2F0m3ES1F6kilmcCTph2OT4IMNCga6ae8mDZCZx5rAJwnufgc5ETP4cwQ90AYa5lMaAKlSWzJfRGGotmGEzzotzelG1PLCjDx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7750b3366da923e7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 0 B IP
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 178
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:15 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HAVM2xagVEpVfkj1FgoZ85rskKbysyrDskl4c8bIA8bXcdLh3RFqwqmhiLANl77TiCwYFbrRZAzLeylRY9lj0bBL3Q7OsT%2B1jvzHBfvNH%2FV4iyValcQErGfQTMjJCcrinow8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7750b3406945888f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 0 B IP
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 176
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:14 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZI1sWTUkCffm1FtAQFiavmxjDw%2BnRZOZIa8yJDBJxgmf2mj8%2FZyN8y2ar5nAbWIukM1EAFwpFSvVkigp%2B58D8qXwmMPrPJ1Z2oRpR%2Fm35Aq9IGn4ZCEZfpaOYcoLgnQ1egOi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7750b33c0bf4888f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-49291486%3A1670284394677044&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAs6nuG1YEizwUyoSeOFO0bXVDGPUr9xZuujV0tibI1j0N_Bhn-5kmrSgCAwDYbHBmlf8ZSdpQ
403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-49291486%3A1670284394677044&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAs6nuG1YEizwUyoSeOFO0bXVDGPUr9xZuujV0tibI1j0N_Bhn-5kmrSgCAwDYbHBmlf8ZSdpQ
IP
GET /v3/signin/identifier?dsh=S-49291486%3A1670284394677044&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAs6nuG1YEizwUyoSeOFO0bXVDGPUr9xZuujV0tibI1j0N_Bhn-5kmrSgCAwDYbHBmlf8ZSdpQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Dec 2022 23:53:14 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-bK4wiK4HHwMmgwbsq7iqag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:13 GMT
content-type: text/plain
set-cookie: csu=1553952788872215@1@1670284393; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8PKU3ogDsQwF%2F7FqzaL1t2VQriD7ChWY5qCV0j5J3x4C%2FuNe6i%2FB0%2FqOVdVCXgeYaFqZ5WigiMSQ17HInvtfTXUW%2BrQQkt%2B3ovHxP%2FLeeoI%2FJVSa5TC4JC51E0lpdK8b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7750b335ae697743-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/notifications/rtb/mac/2/index.html
200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/rtb/mac/2/index.html
IP
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/rtb/mac/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:15 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:27 GMT
etag: W/"6275e5b7-4e7"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 06 Dec 2022 00:53:15 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 05 Dec 2022 23:53:13 GMT
date: Mon, 05 Dec 2022 23:53:13 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 0 B IP
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 185
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:15 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mnd8JrqkFLRKFK3oS%2FdWUOKUa3gHQQCcs%2FYLWyGt7AXSgm7cASjKfUHDitm89TmFca2VQnnsBgCUfjWwm9hkJa9QEu1JfwV%2Fw50RSXxk%2BT3mEkC%2Fszq68VNzC8bCR2p21X%2FQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7750b3406930888f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: GS1nqXINkYlxlsR4g4XysxteBnzOqkOcJ1mZQeThLeI7WrzgYXje118KiUm9foeTT4CAFuLRHOCxbjOSSMD1Kg==
date: Mon, 05 Dec 2022 23:53:14 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.vdo.ai/logger
200 OK 0 B IP
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 179
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 23:53:15 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JrjO73hYPtSs4EL8oz%2ByMoCJLBSBTgmAGTt1H%2F6OrTQCvJslmoiNeNFuOR7bEWsVzXtb5xMEPIbYnnOoOj1qQd56Ny9%2BSpMhYSnumPHfvKNVAoAXYueJZ3WIb3lZDHv%2Bpw04"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7750b3406932888f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
104.26.3.103
18.185.190.54
138.68.123.32
88.214.195.156
104.21.96.100
188.114.96.1
91.90.45.173
51.79.20.94
157.240.200.35