exeo.app/h6c
104.26.8.233301 Moved Permanently 0 B IP 104.26.8.233:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /h6c HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 01 Feb 2023 22:24:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 01 Feb 2023 23:24:34 GMT
Location: https://exeo.app/h6c
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2FNr0TLARgwoIE1HmOV7ZgwL2yWP%2FonncaEtnUShmcgyWq%2FF9U5iag1TBDljSuQ5pT51CzZOkpmFoRhGmy5htrc6o8ztDVKhpgdGwuyBxr82okdZiyNr5G1C"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792e1919cdf60b65-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6405
Expires: Thu, 02 Feb 2023 00:11:20 GMT
Date: Wed, 01 Feb 2023 22:24:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4388
Expires: Wed, 01 Feb 2023 23:37:43 GMT
Date: Wed, 01 Feb 2023 22:24:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 21:36:02 GMT
content-type: application/json
age: 2913
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2279
Expires: Wed, 01 Feb 2023 23:02:34 GMT
Date: Wed, 01 Feb 2023 22:24:35 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 166fc87dece870128185582384015084
19f8308cb1162fc27aa89c14b80b91699ec10bb9
3b7f4db451838e751627bd1fb34e7feeb3d859fb078b2bfde1e99f508816be02
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5382
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:35 GMT
Last-Modified: Wed, 01 Feb 2023 20:54:53 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: gL8RAm9Dsn12Vvoxl6j4I6DZz4J3rtziKx6tliy1MJBfXhnOMYBx+C3EcZgTIZJ99Km4nvRNZGnKv/padB4DXw==
x-amz-request-id: CZPHVDBCJ2VBWHDB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 21:51:43 GMT
age: 1972
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 22:24:35 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
exeo.app/css/continue.css
104.26.8.233200 OK 42 kB URL HTTP/2 exeo.app/css/continue.css
IP 104.26.8.233:0
File type ASCII text, with very long lines (65079)
Hash 3477adcca4f5b87f057b0fc2eaefedbd
3a976c29affc79a96bed585a0111c90c258afe5b
af6bdcdc8bc6218d5415451a61a71cf759f8c3fadb8f8b1ca48d40ee65c6611f
GET /css/continue.css HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/h6c
Cookie: AppSession=7ed0f003bb490896b0465f3de530ebda; csrfToken=f821eb30901de00e8671e02a8a501097e3dd25a5fa6a9f56ea0f7469cf2581d6ae38eca516cfd8e50d6a43d899b9b33c124d08d497471f9c82936f0f8db58005
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:35 GMT
content-type: text/css
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=211688
expires: Fri, 10 Feb 2023 22:59:15 GMT
last-modified: Mon, 12 Dec 2022 17:28:40 GMT
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1812320
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z%2Fsn9l34hKGVtTEjoHlgBIZ6WRrLV%2FZcOcgEbQ5NavSBkTb3OFT%2FGkJYC4GhVXZhjo6KvKVPkF3D4pB5hi9eljvXZ2DnaGYXRa1OpZHzC%2Fd4ryAWb0V3gnIb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792e191dcbe5b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
exe.io/img/logo_sm.png
188.114.96.1200 OK 11 kB IP 188.114.96.1:0
File type PNG image data, 262 x 110, 8-bit/color RGBA, non-interlaced\012- data
Hash babf1df3467cca81bd9fdd5540a70b3d
ab768d826851da1b84b22e14f4facfda137500f4
c63f2781570d012d67b1e5ed27544bf90097a71ca5ddbbcd86a98a0f52871534
GET /img/logo_sm.png HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:35 GMT
content-type: image/png
content-length: 10989
x-frame-options: SAMEORIGIN
last-modified: Sun, 28 Mar 2021 18:01:57 GMT
cache-control: max-age=31536000
expires: Thu, 25 Jan 2024 22:31:11 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 604404
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7qY9NDzFG5%2FOPHpGTLCehUZ3G9rsNt%2F44L4WqgOJUNU8I5f5Uv%2Fli4CBGUsKC8HYF6faK8cn%2B7g5c5%2FrSpYSP1Umdhtxb%2BPUK3uZ7V%2F0bXkNhOc13eFpIA4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792e191e3ab8b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash de49044c9365e16fec3a6d361cb94728
2b7b69c16de6fda1ae5206f92fe781ee07bd182a
6e76887b036544a5da3918116a180876c094cc3b31676abce8d5b7b716b00c30
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7040d1b33c1831876715fde7ed2ee071
47cc2991fe2cafec726a28ba63d91ab5ee970221
f86a3920c2597900254934c86ebf0ff8c400292c8c611ae8febf0b5de46f5d98
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5609
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:35 GMT
Last-Modified: Wed, 01 Feb 2023 20:51:06 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 2751084b42dd111d0a7f28241a77201b
680a9ac2f4cf451c9a8449c4df3587595ed9cc4c
1c68a770afbcdb5405fe330f2eabefa576ea1d08740719956083d7f6b490ccf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash bda3d713baaaa0779dd2c269b6c07acd
d71c6cdc46db77b9843356369a599eceb32ebfca
74081dde1f5df4a1859246e794b0727a011540271fb869ab8ada6512b5d77588
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4446
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:35 GMT
Last-Modified: Wed, 01 Feb 2023 21:10:29 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280
www.googletagmanager.com/gtag/js?id=UA-135952122-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash bc46c8bf55cff02d9b7902da6315cbec
4d528e62c956d8ef1703234532b781b014db6df4
e2ab0122916f3b2d0a4bf960b1d178e4e623559791ce41eb46f7576b78725df9
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Feb 2023 22:24:35 GMT
expires: Wed, 01 Feb 2023 22:24:35 GMT
cache-control: private, max-age=900
last-modified: Wed, 01 Feb 2023 22:06:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43952
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash de49044c9365e16fec3a6d361cb94728
2b7b69c16de6fda1ae5206f92fe781ee07bd182a
6e76887b036544a5da3918116a180876c094cc3b31676abce8d5b7b716b00c30
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 277 B IP 93.184.220.29:0
Hash a40d9ef33c53ffac627d022d6f86e4d1
3d503f543f87ca35785e83a4a691c3449af8a11c
dcd2b4df8e1d7cb27de234b084033e691581d968bdf4d56274008e64c5d2ed73
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5911
Cache-Control: max-age=161830
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:35 GMT
Etag: "63daa4b2-115"
Expires: Fri, 03 Feb 2023 19:21:45 GMT
Last-Modified: Wed, 01 Feb 2023 17:43:14 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 277
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 2751084b42dd111d0a7f28241a77201b
680a9ac2f4cf451c9a8449c4df3587595ed9cc4c
1c68a770afbcdb5405fe330f2eabefa576ea1d08740719956083d7f6b490ccf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 277 B IP 93.184.220.29:0
Hash a40d9ef33c53ffac627d022d6f86e4d1
3d503f543f87ca35785e83a4a691c3449af8a11c
dcd2b4df8e1d7cb27de234b084033e691581d968bdf4d56274008e64c5d2ed73
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5911
Cache-Control: max-age=161830
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:35 GMT
Etag: "63daa4b2-115"
Expires: Fri, 03 Feb 2023 19:21:45 GMT
Last-Modified: Wed, 01 Feb 2023 17:43:14 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 277
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 818aabfbdacbf4adf5ca54d94315ad07
3b7132aa8efee54eb2d5e040aad8e73814df4852
afa41c3be2600f18445cab220e00c5d621b403983d7f601f6a6b70c916005f8b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AFA41C3BE2600F18445CAB220E00C5D621B403983D7F601F6A6B70C916005F8B"
Last-Modified: Wed, 01 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10154
Expires: Thu, 02 Feb 2023 01:13:49 GMT
Date: Wed, 01 Feb 2023 22:24:35 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b1a7b37ab41ab2c241ca4b4a3bb3319a
daf83e4a20f0849dc16777ed18d21806f978c555
4b423ec7676253213ed3bab15af479edcfa43ee8bd23da39b5ee34589020e033
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "4B423EC7676253213ED3BAB15AF479EDCFA43EE8BD23DA39B5EE34589020E033"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8274
Expires: Thu, 02 Feb 2023 00:42:29 GMT
Date: Wed, 01 Feb 2023 22:24:35 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b1a7b37ab41ab2c241ca4b4a3bb3319a
daf83e4a20f0849dc16777ed18d21806f978c555
4b423ec7676253213ed3bab15af479edcfa43ee8bd23da39b5ee34589020e033
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "4B423EC7676253213ED3BAB15AF479EDCFA43EE8BD23DA39B5EE34589020E033"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8274
Expires: Thu, 02 Feb 2023 00:42:29 GMT
Date: Wed, 01 Feb 2023 22:24:35 GMT
Connection: keep-alive
placeofres.com/utx?cb=6f1lewhVTqZR&top=exeo.app&tid=822524
108.157.229.31204 No Content 0 B URL HTTP/2 placeofres.com/utx?cb=6f1lewhVTqZR&top=exeo.app&tid=822524
IP 108.157.229.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=6f1lewhVTqZR&top=exeo.app&tid=822524 HTTP/1.1
Host: placeofres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 01 Feb 2023 22:24:35 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 01 Feb 2023 22:25:35 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ce3c66cc97e84e18b943362365d9ba66.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: KBW7_IfRsFpZQhiAmq-KEV_qNqxgaAiW5_JTJb12n1RL9dD9DLeomw==
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 18:52:41 GMT
expires: Tue, 30 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 185514
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb90ba2e5c9b091b1f8e5961116e27bc
9673d4df03150e77e8a9055af908b1f497a540d3
0b98dc66b33c35a49bc50f8ca5b376dea60fe7e1da9923d0a8190317e144b9f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B98DC66B33C35A49BC50F8CA5B376DEA60FE7E1DA9923D0A8190317E144B9F3"
Last-Modified: Tue, 31 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4119
Expires: Wed, 01 Feb 2023 23:33:14 GMT
Date: Wed, 01 Feb 2023 22:24:35 GMT
Connection: keep-alive
placeofres.com/NDU2VThVV1U4B1UIVHNNRlkLcApyEAQTXAZEWGVcXlcAOk1eWUJ7W1haQzFeRlpYIRZaUEJwCnJMbC9yflRcDH1sZlUYe2Z7VBluV3puIkwNYEEfemNxWRNvdlZmHwlcUHAdeVpiWhAdBnduEVdZU2IQbWRndAZvU39AF1RXf2ANanlgQTlqUHNFBHpYbEQDT353ZD9Tcm1gJVt7dHwRfgRgABdUYXlwEU94dkElXHlCeDR7BXtFAnB2Zn4dVGR3cDZZZFJ4DHkFBRNnenNneAN5XVZTEAlhdlMTV21jTjEOf3d4A3leAXICfnFyVBNUBGRRFw1xUnQBfgcYWTp9BWB1GkBDYWAddgBiURtydVh0BXpyUWAZeVhRdRdcA3l3B2B1Blo0egVWcjd+U3J3A0sDcQcUcWdYTgxbcmx1M31lcmcAXARiQXNSR1pYJQVaB14meloFUQxWR3l9Aw
108.157.229.31200 OK 1.2 kB URL HTTP/2 placeofres.com/NDU2VThVV1U4B1UIVHNNRlkLcApyEAQTXAZEWGVcXlcAOk1eWUJ7W1haQzFeRlpYIRZaUEJwCnJMbC9yflRcDH1sZlUYe2Z7VBluV3puIkwNYEEfemNxWRNvdlZmHwlcUHAdeVpiWhAdBnduEVdZU2IQbWRndAZvU39AF1RXf2ANanlgQTlqUHNFBHpYbEQDT353ZD9Tcm1gJVt7dHwRfgRgABdUYXlwEU94dkElXHlCeDR7BXtFAnB2Zn4dVGR3cDZZZFJ4DHkFBRNnenNneAN5XVZTEAlhdlMTV21jTjEOf3d4A3leAXICfnFyVBNUBGRRFw1xUnQBfgcYWTp9BWB1GkBDYWAddgBiURtydVh0BXpyUWAZeVhRdRdcA3l3B2B1Blo0egVWcjd+U3J3A0sDcQcUcWdYTgxbcmx1M31lcmcAXARiQXNSR1pYJQVaB14meloFUQxWR3l9Aw
IP 108.157.229.31:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash 66ff1f3bd9d59c348aa3443d073a2d54
154846b27b67b83725b044f48ee22f15e228b2aa
98b6062edf4993f8f42e89fad393b28c07e8c995ed72d068b3a23971c9b0f37d
GET /NDU2VThVV1U4B1UIVHNNRlkLcApyEAQTXAZEWGVcXlcAOk1eWUJ7W1haQzFeRlpYIRZaUEJwCnJMbC9yflRcDH1sZlUYe2Z7VBluV3puIkwNYEEfemNxWRNvdlZmHwlcUHAdeVpiWhAdBnduEVdZU2IQbWRndAZvU39AF1RXf2ANanlgQTlqUHNFBHpYbEQDT353ZD9Tcm1gJVt7dHwRfgRgABdUYXlwEU94dkElXHlCeDR7BXtFAnB2Zn4dVGR3cDZZZFJ4DHkFBRNnenNneAN5XVZTEAlhdlMTV21jTjEOf3d4A3leAXICfnFyVBNUBGRRFw1xUnQBfgcYWTp9BWB1GkBDYWAddgBiURtydVh0BXpyUWAZeVhRdRdcA3l3B2B1Blo0egVWcjd+U3J3A0sDcQcUcWdYTgxbcmx1M31lcmcAXARiQXNSR1pYJQVaB14meloFUQxWR3l9Aw HTTP/1.1
Host: placeofres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1194
date: Wed, 01 Feb 2023 22:24:35 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ce3c66cc97e84e18b943362365d9ba66.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: SH2sZARf7eT6GUPIfFDsWDj5NNyvHXBvy7wY9aYvFO0ymrmHxbotfA==
X-Firefox-Spdy: h2
placeofres.com/utx?cb=1GN3JLymqEU1&top=exeo.app&tid=889494
108.157.229.31204 No Content 0 B URL HTTP/2 placeofres.com/utx?cb=1GN3JLymqEU1&top=exeo.app&tid=889494
IP 108.157.229.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=1GN3JLymqEU1&top=exeo.app&tid=889494 HTTP/1.1
Host: placeofres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 01 Feb 2023 22:24:35 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 01 Feb 2023 22:25:35 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ce3c66cc97e84e18b943362365d9ba66.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: fBxFbZ-Td8_HxRYUYhjhMNCTds5cxgarDK3WS7oq6g_Q8U6u4wS6oQ==
X-Firefox-Spdy: h2
placeofres.com/c1BjaUcSMgAEeBJtAU8yATxeTHU1dVEvI0EhDVkjGTJVBjIZPBdHJB8/Fg0hAT8NHWkdNRdMdTUIAFsNKwo0IBY3BAgtHyIzLyR2GzExWAEfBVInETATMiIDMh4FJy4UKjEOKCYeICQPPxIpPgsfBTQlFjU2MlkWRBIiHhIrYyYoAzESBTMsPhQlHgUCBTY4ADJiDCADIjsvJjAYFDUFBiEFJhEDIWI1PxQUAS8mFjYeISsBCgZSICM1PikxEhgaMAwRJRgyKgUKBlIgAjAqDz0RHwoxLxIxATIRNxsFNg0GOhgpMRIUFTYKKyo6MgUNGgNSIyYhYk4/ETECOisXMiArOBQhPDU/CTcFDjMRJmE5OB0EHS8oFhAoIAE3JAUhLxImOzkkHUMdOz0rPnYJGigdIF4ICiJlCyoWMiQtLHQ/
108.157.229.31200 OK 1.2 kB URL HTTP/2 placeofres.com/c1BjaUcSMgAEeBJtAU8yATxeTHU1dVEvI0EhDVkjGTJVBjIZPBdHJB8/Fg0hAT8NHWkdNRdMdTUIAFsNKwo0IBY3BAgtHyIzLyR2GzExWAEfBVInETATMiIDMh4FJy4UKjEOKCYeICQPPxIpPgsfBTQlFjU2MlkWRBIiHhIrYyYoAzESBTMsPhQlHgUCBTY4ADJiDCADIjsvJjAYFDUFBiEFJhEDIWI1PxQUAS8mFjYeISsBCgZSICM1PikxEhgaMAwRJRgyKgUKBlIgAjAqDz0RHwoxLxIxATIRNxsFNg0GOhgpMRIUFTYKKyo6MgUNGgNSIyYhYk4/ETECOisXMiArOBQhPDU/CTcFDjMRJmE5OB0EHS8oFhAoIAE3JAUhLxImOzkkHUMdOz0rPnYJGigdIF4ICiJlCyoWMiQtLHQ/
IP 108.157.229.31:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3023), with no line terminators
Hash c55507d1734409648b492ff33a11b279
57cb1e31b6b676ffe60342c6a1be8434aa4ecc5a
2dcf363df3a28d0313c9362dd98cea16df29f7d1a6ed3867420ab7f2203d49dc
GET /c1BjaUcSMgAEeBJtAU8yATxeTHU1dVEvI0EhDVkjGTJVBjIZPBdHJB8/Fg0hAT8NHWkdNRdMdTUIAFsNKwo0IBY3BAgtHyIzLyR2GzExWAEfBVInETATMiIDMh4FJy4UKjEOKCYeICQPPxIpPgsfBTQlFjU2MlkWRBIiHhIrYyYoAzESBTMsPhQlHgUCBTY4ADJiDCADIjsvJjAYFDUFBiEFJhEDIWI1PxQUAS8mFjYeISsBCgZSICM1PikxEhgaMAwRJRgyKgUKBlIgAjAqDz0RHwoxLxIxATIRNxsFNg0GOhgpMRIUFTYKKyo6MgUNGgNSIyYhYk4/ETECOisXMiArOBQhPDU/CTcFDjMRJmE5OB0EHS8oFhAoIAE3JAUhLxImOzkkHUMdOz0rPnYJGigdIF4ICiJlCyoWMiQtLHQ/ HTTP/1.1
Host: placeofres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1177
date: Wed, 01 Feb 2023 22:24:35 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ce3c66cc97e84e18b943362365d9ba66.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: nkKERcfjuWPknBAbZBGiAxtCZnRDBKgNy4Jnbkj_3QbnKx0VEPDF8Q==
X-Firefox-Spdy: h2
placeofres.com/NVJLd1NUMCgabFRvKVEmRz52UmFzd3kxNwcjJUc3XzB9GCZfPj9ZMFk9PhM1Rz0lA31bNz9SYXMwGUUZfwYhJjhxASgYEE8fBzsLeB8vIRENNAo1O3YWJB8EXzYtOCRdFC8fI00WegcpYwVzQQdcHC0SBF0LARAkQDEzPjpxETsNEWIXDzsAQhgoRwIMAicEIG0rKFJhcwoPPgBlOHouGXRnPThiY2QPDgoFChgEHH4VODASYzYlETtzYx4aFgAKGBwUfzgnPwpZEH4+Fnc7Hj8/EGANNRRZASk/YgcLJzVmegR7BwV9Yzk1JGMaLkRmeDEdLSBTChEeBn1/IE8CWBgZNBsNFygcKwAIMzFiYDt/BQVMJQUVG00rLyEZATQsJWFgPCMFEVsxDj4XTQACJmNNMzwuEWBhJ0AUWzYOJxt4FG0dIFo8O0ohcyN6D2t0PH9A
108.157.229.31200 OK 1.2 kB URL HTTP/2 placeofres.com/NVJLd1NUMCgabFRvKVEmRz52UmFzd3kxNwcjJUc3XzB9GCZfPj9ZMFk9PhM1Rz0lA31bNz9SYXMwGUUZfwYhJjhxASgYEE8fBzsLeB8vIRENNAo1O3YWJB8EXzYtOCRdFC8fI00WegcpYwVzQQdcHC0SBF0LARAkQDEzPjpxETsNEWIXDzsAQhgoRwIMAicEIG0rKFJhcwoPPgBlOHouGXRnPThiY2QPDgoFChgEHH4VODASYzYlETtzYx4aFgAKGBwUfzgnPwpZEH4+Fnc7Hj8/EGANNRRZASk/YgcLJzVmegR7BwV9Yzk1JGMaLkRmeDEdLSBTChEeBn1/IE8CWBgZNBsNFygcKwAIMzFiYDt/BQVMJQUVG00rLyEZATQsJWFgPCMFEVsxDj4XTQACJmNNMzwuEWBhJ0AUWzYOJxt4FG0dIFo8O0ohcyN6D2t0PH9A
IP 108.157.229.31:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash 9061429eef0fade0d7c46a13cdb639f0
2763c6c3ad2158aa752639a74b6f821e7d9ef21b
9ea130863836a5d070a48819d09a54d19ea426d737be2fa3d760316b1f8ce89c
GET /NVJLd1NUMCgabFRvKVEmRz52UmFzd3kxNwcjJUc3XzB9GCZfPj9ZMFk9PhM1Rz0lA31bNz9SYXMwGUUZfwYhJjhxASgYEE8fBzsLeB8vIRENNAo1O3YWJB8EXzYtOCRdFC8fI00WegcpYwVzQQdcHC0SBF0LARAkQDEzPjpxETsNEWIXDzsAQhgoRwIMAicEIG0rKFJhcwoPPgBlOHouGXRnPThiY2QPDgoFChgEHH4VODASYzYlETtzYx4aFgAKGBwUfzgnPwpZEH4+Fnc7Hj8/EGANNRRZASk/YgcLJzVmegR7BwV9Yzk1JGMaLkRmeDEdLSBTChEeBn1/IE8CWBgZNBsNFygcKwAIMzFiYDt/BQVMJQUVG00rLyEZATQsJWFgPCMFEVsxDj4XTQACJmNNMzwuEWBhJ0AUWzYOJxt4FG0dIFo8O0ohcyN6D2t0PH9A HTTP/1.1
Host: placeofres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1190
date: Wed, 01 Feb 2023 22:24:35 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ce3c66cc97e84e18b943362365d9ba66.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: jAfN5wnD4MjTKXgXgWNGNanYc2AXbQsAVSiw_qJP9_H6y3ddJ3rAgg==
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 21:49:05 GMT
age: 2130
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
qj.wimplesbooklet.com/1clkn/29529
172.255.6.87200 OK 26 B URL HTTP/1.1 qj.wimplesbooklet.com/1clkn/29529
IP 172.255.6.87:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: qj.wimplesbooklet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 22:24:35 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Thu, 02-Feb-2023 22:24:35 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Thu, 02-Feb-2023 22:24:35 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
copcaneersand.xyz/NkdscWMZeA8CXlcqGEEuWgUJJlNjCzVAKVAVGxUKbhEcNCJhFkoFClJ6VENRA3VYVxNfI1FARUUzDQUWRXpdVwpYIQNMRUB6XV9QAmlfQE0EYRlMUhAzHBAEC3ZKARdCK1FAVQFyXkhTBH5VQVAA
172.67.166.15204 No Content 0 B URL HTTP/2 copcaneersand.xyz/NkdscWMZeA8CXlcqGEEuWgUJJlNjCzVAKVAVGxUKbhEcNCJhFkoFClJ6VENRA3VYVxNfI1FARUUzDQUWRXpdVwpYIQNMRUB6XV9QAmlfQE0EYRlMUhAzHBAEC3ZKARdCK1FAVQFyXkhTBH5VQVAA
IP 172.67.166.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NkdscWMZeA8CXlcqGEEuWgUJJlNjCzVAKVAVGxUKbhEcNCJhFkoFClJ6VENRA3VYVxNfI1FARUUzDQUWRXpdVwpYIQNMRUB6XV9QAmlfQE0EYRlMUhAzHBAEC3ZKARdCK1FAVQFyXkhTBH5VQVAA HTTP/1.1
Host: copcaneersand.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 01 Feb 2023 22:24:35 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TEZCyDoh9XvvtMMNjgPiOCJnINCDVHn6kxgL3ja%2B6iKdAv%2FgYCb7rLCZnTECLfDM8suzLLdSUiTv4VxBrt5HTgpzmTzUndTtonI30EUPJ%2BjuNZkjLTRuC%2B%2FsTp1XSX1WDlMXfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792e19204de2b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
copcaneersand.xyz/SnVpQndlSgoxSigtBRcTIR08ERoAOg9zJQssWSZAHTARKCUkBk82Hi5IUXZEeENYZAcjEVRzT2wGHSMDPwZUc1EjGw8tSmwDVHNZeltbbEVsAFRzUT4FCCVKe1MZNgMmSFh0QH9HUHJFc0xYckA
172.67.166.15204 No Content 0 B URL HTTP/2 copcaneersand.xyz/SnVpQndlSgoxSigtBRcTIR08ERoAOg9zJQssWSZAHTARKCUkBk82Hi5IUXZEeENYZAcjEVRzT2wGHSMDPwZUc1EjGw8tSmwDVHNZeltbbEVsAFRzUT4FCCVKe1MZNgMmSFh0QH9HUHJFc0xYckA
IP 172.67.166.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /SnVpQndlSgoxSigtBRcTIR08ERoAOg9zJQssWSZAHTARKCUkBk82Hi5IUXZEeENYZAcjEVRzT2wGHSMDPwZUc1EjGw8tSmwDVHNZeltbbEVsAFRzUT4FCCVKe1MZNgMmSFh0QH9HUHJFc0xYckA HTTP/1.1
Host: copcaneersand.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 01 Feb 2023 22:24:36 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2RzH1Oi%2F1S8Z2rY3CY%2F1mC7AKk%2FET0r%2BKlj7Qr3tpqq5xbXSxp3mxzIJvgIcUZOYvyD0gypstkoy0v13FJll8r5r6VnjWCD2VwbvlNHPt6OrRSH1Ds4PF6w0tI7sgk%2FAaS2TuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792e19205deeb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
copcaneersand.xyz/TkFHWVVhfiQqaBhwJGsAFhstADIMLhZrAzgAKjUaFBZ/GDQbGGEtPCp8f2FsenhzfyUnJXpocz01Ji0gPXx2fzwgJyhkczh8dndmem90aHt8ZzJkZGg1Nzgyc3BhKSE6LXpoY3l0dWBlfHh+aW13
172.67.166.15204 No Content 0 B URL HTTP/2 copcaneersand.xyz/TkFHWVVhfiQqaBhwJGsAFhstADIMLhZrAzgAKjUaFBZ/GDQbGGEtPCp8f2FsenhzfyUnJXpocz01Ji0gPXx2fzwgJyhkczh8dndmem90aHt8ZzJkZGg1Nzgyc3BhKSE6LXpoY3l0dWBlfHh+aW13
IP 172.67.166.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TkFHWVVhfiQqaBhwJGsAFhstADIMLhZrAzgAKjUaFBZ/GDQbGGEtPCp8f2FsenhzfyUnJXpocz01Ji0gPXx2fzwgJyhkczh8dndmem90aHt8ZzJkZGg1Nzgyc3BhKSE6LXpoY3l0dWBlfHh+aW13 HTTP/1.1
Host: copcaneersand.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 01 Feb 2023 22:24:36 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vt7Q7J09SHsu9jwOcBsg%2BlZ0YYbGrp1l%2Bqj3A3c9zw9Cw6Za4WfHgpT96c7sQMvzEFQz3gao7U2ZTMpdy6d68zEatcV6JA9mXqzE%2Fzjg7fY6fjUxkQwoTNby4LIwjtS8SLWdeA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792e19206df5b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.198.35200 OK 532 B IP 172.64.198.35:0
File type ASCII text, with no line terminators
Hash 2888b4af3df73ff3a52c9247e284879e
1f813782a9f7d6763ce5aa850dd18126d7f252e7
9e0ed39cfc584676135329203896ed4c06ae01b459f329629fe03c0ea23f6aa5
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:35 GMT
content-type: text/plain
set-cookie: csu=1045923499539538@1@1675290275; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W2RV0VyNdpJLhNlujcoo%2FFgG46Hjsy8X7%2FIMk5g9tiS%2FFV%2FOCpnwDUsZIFtpmJdM88AKI70WmM60hrxtSwRqOmKxDL1NgH%2B%2BOSqWAkZHEZKLRMTvKzsIHy9Y2Es8iG6O"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792e19207ad23866-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b1a7b37ab41ab2c241ca4b4a3bb3319a
daf83e4a20f0849dc16777ed18d21806f978c555
4b423ec7676253213ed3bab15af479edcfa43ee8bd23da39b5ee34589020e033
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "4B423EC7676253213ED3BAB15AF479EDCFA43EE8BD23DA39B5EE34589020E033"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8273
Expires: Thu, 02 Feb 2023 00:42:29 GMT
Date: Wed, 01 Feb 2023 22:24:36 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 818aabfbdacbf4adf5ca54d94315ad07
3b7132aa8efee54eb2d5e040aad8e73814df4852
afa41c3be2600f18445cab220e00c5d621b403983d7f601f6a6b70c916005f8b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AFA41C3BE2600F18445CAB220E00C5D621B403983D7F601F6A6B70C916005F8B"
Last-Modified: Wed, 01 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10153
Expires: Thu, 02 Feb 2023 01:13:49 GMT
Date: Wed, 01 Feb 2023 22:24:36 GMT
Connection: keep-alive
d2qn0djb6oujlt.cloudfront.net/Xc2JXZWIQDTkDXQcLM1haR1FlU1NVCCQKDANfNigzRgoUNCMHLBJWLlUWLQFfQ0Q7BAwUX3EADBBfZkMDFwBqUUQGA2oIDQkLOwkDVlARUExDR2VVSgQLOQENBBFyV1IdFnJXUkJSeVVHQCByV1IECzlTVlZRFUBQQxphUUdAIHJXUgEUclYjQlJiS1JaR2-VVBRYBPApHQSRlVVNDUmZVU1ZQZwMLAQcxChpWUBFUUkZMZ0MXTlM
54.230.245.28200 OK 190 B URL HTTP/2 d2qn0djb6oujlt.cloudfront.net/Xc2JXZWIQDTkDXQcLM1haR1FlU1NVCCQKDANfNigzRgoUNCMHLBJWLlUWLQFfQ0Q7BAwUX3EADBBfZkMDFwBqUUQGA2oIDQkLOwkDVlARUExDR2VVSgQLOQENBBFyV1IdFnJXUkJSeVVHQCByV1IECzlTVlZRFUBQQxphUUdAIHJXUgEUclYjQlJiS1JaR2-VVBRYBPApHQSRlVVNDUmZVU1ZQZwMLAQcxChpWUBFUUkZMZ0MXTlM
IP 54.230.245.28:0
File type ASCII text, with no line terminators
Hash 4f6227a9f3606c4d5eec9f3d267dfd37
2eacdde6c06abc35717e8131043d2001ab7b4caa
c24e533e29bc8f7578c6181e50c3c9eacefbef6ee82a4c3220c70f15e6be1be3
GET /Xc2JXZWIQDTkDXQcLM1haR1FlU1NVCCQKDANfNigzRgoUNCMHLBJWLlUWLQFfQ0Q7BAwUX3EADBBfZkMDFwBqUUQGA2oIDQkLOwkDVlARUExDR2VVSgQLOQENBBFyV1IdFnJXUkJSeVVHQCByV1IECzlTVlZRFUBQQxphUUdAIHJXUgEUclYjQlJiS1JaR2-VVBRYBPApHQSRlVVNDUmZVU1ZQZwMLAQcxChpWUBFUUkZMZ0MXTlM HTTP/1.1
Host: d2qn0djb6oujlt.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://placeofres.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 190
date: Wed, 01 Feb 2023 22:24:36 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WmtIZzbhf4gGjE7tuqL-fXoUJgYKNzSY4MY7c7LiX27xJ4anWUOUCg==
X-Firefox-Spdy: h2
d2qn0djb6oujlt.cloudfront.net/yZzJJajYEXScMCRNbLVcOXwt9UwJBWDoFWBcPJ1heFHAnWlE+XDomfTEUPRBSWgJvBlcJVXRMUwlRdFsQBlYrVwJBRjkFXVpcOAJDF0U6BlULFDwLCwpdMwNaC1NsWHBSHHlPBFcaPgNYA10+GRNVAiceE1UCeFoYVxd6KBNVAj4DWFEGbFl0QgB5EgBTF3-ooE1UCOxwTVHN4WgNJAmBPBFdVLAldCBd7LARXA3laB1cDbFgGAVs7D1AISmxYcFYCfEQGQUd0Ww
54.230.245.28200 OK 598 B URL HTTP/2 d2qn0djb6oujlt.cloudfront.net/yZzJJajYEXScMCRNbLVcOXwt9UwJBWDoFWBcPJ1heFHAnWlE+XDomfTEUPRBSWgJvBlcJVXRMUwlRdFsQBlYrVwJBRjkFXVpcOAJDF0U6BlULFDwLCwpdMwNaC1NsWHBSHHlPBFcaPgNYA10+GRNVAiceE1UCeFoYVxd6KBNVAj4DWFEGbFl0QgB5EgBTF3-ooE1UCOxwTVHN4WgNJAmBPBFdVLAldCBd7LARXA3laB1cDbFgGAVs7D1AISmxYcFYCfEQGQUd0Ww
IP 54.230.245.28:0
File type ASCII text, with very long lines (862), with no line terminators
Hash 9ba7c5416387e98d911e7488c970323e
b04d3612a176ecc67cde7c7cad23918ef0408d41
e228a3958524f297f3f28750d72a0fd045335364b410782f8e6962fccd9c7158
GET /yZzJJajYEXScMCRNbLVcOXwt9UwJBWDoFWBcPJ1heFHAnWlE+XDomfTEUPRBSWgJvBlcJVXRMUwlRdFsQBlYrVwJBRjkFXVpcOAJDF0U6BlULFDwLCwpdMwNaC1NsWHBSHHlPBFcaPgNYA10+GRNVAiceE1UCeFoYVxd6KBNVAj4DWFEGbFl0QgB5EgBTF3-ooE1UCOxwTVHN4WgNJAmBPBFdVLAldCBd7LARXA3laB1cDbFgGAVs7D1AISmxYcFYCfEQGQUd0Ww HTTP/1.1
Host: d2qn0djb6oujlt.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://placeofres.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 598
date: Wed, 01 Feb 2023 22:24:36 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SDe4dE_1UBqIVP21e2AAMnX6ddDhWKLMpdU1_cZXMAjkyb2GVMzzUQ==
X-Firefox-Spdy: h2
d2qn0djb6oujlt.cloudfront.net/bR2JJTjQkDScoCzMLLXMMdVB8fABhCDohWjdfOwhFdhpxD1pzVW86TiNfeWhYJgwucxIiDCpzBWEDLSwJc0Q9PlssXyc/XDISPj1YJA5vO1V6DyY0XSsOKGsGAVdnfhF1UmE5XSkGJjlHYlB5IEBiUHl/BGlSbH12YlB5OV0pVH1rBwVHe35McVZsfXZiUH-k8QmJRCH8Eckx5ZxF1Ui4rVywNbHxydVJ4fgR2UnhrBncEIDxRIQ0xawYBU3l7GndEPHMF
54.230.245.28200 OK 511 B URL HTTP/2 d2qn0djb6oujlt.cloudfront.net/bR2JJTjQkDScoCzMLLXMMdVB8fABhCDohWjdfOwhFdhpxD1pzVW86TiNfeWhYJgwucxIiDCpzBWEDLSwJc0Q9PlssXyc/XDISPj1YJA5vO1V6DyY0XSsOKGsGAVdnfhF1UmE5XSkGJjlHYlB5IEBiUHl/BGlSbH12YlB5OV0pVH1rBwVHe35McVZsfXZiUH-k8QmJRCH8Eckx5ZxF1Ui4rVywNbHxydVJ4fgR2UnhrBncEIDxRIQ0xawYBU3l7GndEPHMF
IP 54.230.245.28:0
File type ASCII text, with very long lines (686), with no line terminators
Hash c2a47f76cb80a207ee7cb5a0e9768f70
55632ffc2651b74d1b60a142d41da96489e0585a
92c3841762675ef81cf347305a168f3fc743934a7d8b6bb6b71723f03a27eb9a
GET /bR2JJTjQkDScoCzMLLXMMdVB8fABhCDohWjdfOwhFdhpxD1pzVW86TiNfeWhYJgwucxIiDCpzBWEDLSwJc0Q9PlssXyc/XDISPj1YJA5vO1V6DyY0XSsOKGsGAVdnfhF1UmE5XSkGJjlHYlB5IEBiUHl/BGlSbH12YlB5OV0pVH1rBwVHe35McVZsfXZiUH-k8QmJRCH8Eckx5ZxF1Ui4rVywNbHxydVJ4fgR2UnhrBncEIDxRIQ0xawYBU3l7GndEPHMF HTTP/1.1
Host: d2qn0djb6oujlt.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://placeofres.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 511
date: Wed, 01 Feb 2023 22:24:36 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PMLouv_nEFzK9Y_nnjTW8K4apiVSeLQxGOl9oZ_wgsTANf5P60jJKg==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash bda3d713baaaa0779dd2c269b6c07acd
d71c6cdc46db77b9843356369a599eceb32ebfca
74081dde1f5df4a1859246e794b0727a011540271fb869ab8ada6512b5d77588
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4447
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:36 GMT
Last-Modified: Wed, 01 Feb 2023 21:10:29 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280
live.demand.supply/e/e.js?e=ll&d=639&cs=c&dsReferer=ZXhlby5hcHAvaDZj
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/e/e.js?e=ll&d=639&cs=c&dsReferer=ZXhlby5hcHAvaDZj
IP 104.16.134.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /e/e.js?e=ll&d=639&cs=c&dsReferer=ZXhlby5hcHAvaDZj HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:36 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
etag: "e11f25735db9ddc62adb36e2e1846234-ssl"
x-nf-request-id: 01GPGADBNXCHVSK51WK5YVFSDJ
cf-cache-status: HIT
age: 1810402
accept-ranges: bytes
set-cookie: __cf_bm=62boREiBhKUODRud_jiDwe5KXxoVfm.PEaN5OHar7Tc-1675290276-0-AdaHeuaHNmsB+UcPxWjJRJke+fbwg7HvlwttpzyRIuCLqzTjX6YvbWZOwQnmY20zmkImYuHDqc3hR63gHR4N1c0=; path=/; expires=Wed, 01-Feb-23 22:54:36 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 792e1922dbbc0b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
live.demand.supply/x/e.js?ce=fs&dsReferer=ZXhlby5hcHAvaDZj
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/x/e.js?ce=fs&dsReferer=ZXhlby5hcHAvaDZj
IP 104.16.134.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /x/e.js?ce=fs&dsReferer=ZXhlby5hcHAvaDZj HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:36 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
etag: "e11f25735db9ddc62adb36e2e1846234-ssl"
x-nf-request-id: 01GPGADFRB8VQ9MK9FGPGE3HDW
cf-cache-status: HIT
age: 1810402
accept-ranges: bytes
set-cookie: __cf_bm=KR8H_DORNnPh1eKOyMiUjSFV7rgG1vtrpIClkuDWvd0-1675290276-0-AdcFZlte75YzYW98Nv+jenPcie4hwN+Gh9mI1OSTrz7m1vCs1IBEJ4BTHmB9ph+GxEhd13AUD1kQsyLU+yvEDGg=; path=/; expires=Wed, 01-Feb-23 22:54:36 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 792e1922fbcf0b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.160.69.117101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.69.117:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6nAvPtfhmLdHPAauLwLwmQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Xznon5AWrH90egqct45QImR1UsQ=
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash c434a7cfded6a018becef840f7c0e47b
fe3dbdd9d3406e64f37afcdddd94e8f1f597e456
930b6523e6ddbee15b210bf338079de71fa1a67b7a330d58991cf916f4a63293
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 30 Jan 2023 02:07:08 GMT
Expires: Mon, 06 Feb 2023 02:07:07 GMT
Etag: "fe3dbdd9d3406e64f37afcdddd94e8f1f597e456"
Cache-Control: max-age=358350,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792e19225f09b527-OSL
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
139.45.195.253200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 897
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 01 Feb 2023 22:24:36 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exeo.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
pogothere.xyz/asd100.bin
172.64.198.35200 OK 122 kB IP 172.64.198.35:0
Size 122 kB (122514 bytes)
Hash 0b0a293d9896931fd7b7fc1332190085
0f29ed10df8bc9e03a7ebae5887c9eb3cb4718d0
067859636891a65d4d7ee5d0620c1dfc02c6c851fc15d55c06b5378f2767d8f3
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:35 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5873
last-modified: Wed, 01 Feb 2023 20:46:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6XOOui%2Fa6l%2BKjxMnyhZaLEzJ2XukhCYzi%2Fot1%2FE6Cf7VNdRnFJ7m40qSlz4wZ6oAHe68KKShH7VUf8C0IXj7hWu6KvHAJW7uCVIQvfMviYJSkMsQS1g8q7Nd%2Fhp9lrVV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792e19206ac23866-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash d5aa8840f812da83fc823da528a74c1a
9e7bad3462506164bd4bdb87a761352ef8131ba9
abaa07021a967e89f7786ac14efa3ce48f24e4c032376a36421cca12f5ecaeeb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bae868356becb6470806e213f97e8aa6
1a3c7ffdce0f4e9c1f59aa0cd7715f22bade5117
c9930f2471f9a8a87fddfe3989391d65e1c41b3457a3f0fbf2e2357566f81a1b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6470
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:36 GMT
Last-Modified: Wed, 01 Feb 2023 20:36:46 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash d5aa8840f812da83fc823da528a74c1a
9e7bad3462506164bd4bdb87a761352ef8131ba9
abaa07021a967e89f7786ac14efa3ce48f24e4c032376a36421cca12f5ecaeeb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j99&a=785764015&t=pageview&_s=1&dl=https%3A%2F%2Fexeo.app%2Fh6c&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=365814440&gjid=1602243117&cid=1985258631.1675290300&tid=UA-135952122-1&_gid=778874053.1675290300&_r=1&_slc=1>m=2ou1u0&z=1556203606
142.250.74.46200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=785764015&t=pageview&_s=1&dl=https%3A%2F%2Fexeo.app%2Fh6c&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=365814440&gjid=1602243117&cid=1985258631.1675290300&tid=UA-135952122-1&_gid=778874053.1675290300&_r=1&_slc=1>m=2ou1u0&z=1556203606
IP 142.250.74.46:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j99&a=785764015&t=pageview&_s=1&dl=https%3A%2F%2Fexeo.app%2Fh6c&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=365814440&gjid=1602243117&cid=1985258631.1675290300&tid=UA-135952122-1&_gid=778874053.1675290300&_r=1&_slc=1>m=2ou1u0&z=1556203606 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://exeo.app
date: Wed, 01 Feb 2023 22:24:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash c32082223d6e012032e8f5d8627b1cb4
88d7a6691129ec0e660a18725d52bd57b25aeea2
d68076da60e5990f28003c8fa68ec985ec63cef05691a39774d6545c264d612e
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Feb 2023 22:24:36 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-888371536%3A1675290276552371&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHdF2YA7WgLxMPskGYOyrWo1IUgoAFzCdaqw6bokuihZeRKBSMjXd-O2mb6NAXtO-4iNMMiSGA
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-7QGjOPzDsWZWpayw_72uhw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:DVn2aUt6RbLpLNAYDbMZrJ4S68L9wg:C4gmlml3LNTnmpBj;Path=/;Expires=Fri, 31-Jan-2025 22:24:36 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.130200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (39375)
Hash 547d65b05c44fc81c52b3598c990cef2
e9a14195456c115d76b272524a1194e9ba934deb
c8f161ca5047c961150ac366698e114022381b97178a8bcf2baed83da11ec83a
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27568
date: Wed, 01 Feb 2023 22:24:36 GMT
expires: Wed, 01 Feb 2023 22:24:36 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1470 / 837 of 1000 / last-modified: 1675253181"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash d06fd066caf4dfa1e21a722a5c468158
acb765577662906ae8e11242bed487ce1051db28
4b45760de269e60345d43ff2da6c5803722f7c052edd0a9f5258ce69b2ffa32f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 601 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
Hash ea9c803fc53c97ad5085690ba5bb0386
d10929971232896cf95010c5a959ac1c322b3fb0
105c8c3f6bb27de6098a77e6b6ebed6495088a56d9ea47949b8bbf2b7d83f1f5
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Feb 2023 22:24:36 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S671897445%3A1675290276606699&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeWcPxcj45-ezfudugNL3Gjn-DsPoUdvB-y6bVD0zgV33I0iIAIdo5YOzldWhF7a84BRmsUZw
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-WTpkVCptmzvGnBjQ8Olb6w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:1hPrQcL3vnCTR-gCuSRa-uwbsbMM1Q:9YnU1fvpEI5qpEBP;Path=/;Expires=Fri, 31-Jan-2025 22:24:36 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bae868356becb6470806e213f97e8aa6
1a3c7ffdce0f4e9c1f59aa0cd7715f22bade5117
c9930f2471f9a8a87fddfe3989391d65e1c41b3457a3f0fbf2e2357566f81a1b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6470
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:36 GMT
Last-Modified: Wed, 01 Feb 2023 20:36:46 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
accounts.google.com/v3/signin/identifier?dsh=S-888371536%3A1675290276552371&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHdF2YA7WgLxMPskGYOyrWo1IUgoAFzCdaqw6bokuihZeRKBSMjXd-O2mb6NAXtO-4iNMMiSGA
142.250.74.109403 Forbidden 1.2 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-888371536%3A1675290276552371&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHdF2YA7WgLxMPskGYOyrWo1IUgoAFzCdaqw6bokuihZeRKBSMjXd-O2mb6NAXtO-4iNMMiSGA
IP 142.250.74.109:0
Hash c7cbb14e990136e862ae341c867fff0d
6c6ef7abce4f819c5075881ea1123aae80683578
47aab1399d12e5ffd08f188c9794cc07e8292033088fb6b599a05efde6185123
GET /v3/signin/identifier?dsh=S-888371536%3A1675290276552371&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHdF2YA7WgLxMPskGYOyrWo1IUgoAFzCdaqw6bokuihZeRKBSMjXd-O2mb6NAXtO-4iNMMiSGA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Feb 2023 22:24:36 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-twezHEe1SA801AzWGpFnAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pyoungstersofto.xyz/UUJLWUF+fSgqfAsvLxMbYiYYD3I5JxkfdAUnJxMHBBQRbBcUD20tKDV/c2tzZHB/fzE4JnZoZyI2Ki00In94aXFgZCI3Jz5/e2lxYGQ9ZHB/cX93cmBseX80bHZ5aXNodnNheWJwf2x3Y2Q/KSA2f3p/MSU2J2RwZ3V+a3hhcXtpcWV1
104.21.45.19204 No Content 35 B URL HTTP/2 pyoungstersofto.xyz/UUJLWUF+fSgqfAsvLxMbYiYYD3I5JxkfdAUnJxMHBBQRbBcUD20tKDV/c2tzZHB/fzE4JnZoZyI2Ki00In94aXFgZCI3Jz5/e2lxYGQ9ZHB/cX93cmBseX80bHZ5aXNodnNheWJwf2x3Y2Q/KSA2f3p/MSU2J2RwZ3V+a3hhcXtpcWV1
IP 104.21.45.19:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
POST /UUJLWUF+fSgqfAsvLxMbYiYYD3I5JxkfdAUnJxMHBBQRbBcUD20tKDV/c2tzZHB/fzE4JnZoZyI2Ki00In94aXFgZCI3Jz5/e2lxYGQ9ZHB/cX93cmBseX80bHZ5aXNodnNheWJwf2x3Y2Q/KSA2f3p/MSU2J2RwZ3V+a3hhcXtpcWV1 HTTP/1.1
Host: pyoungstersofto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
date: Wed, 01 Feb 2023 22:24:36 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s9OyTxfcav5nJermGpiQ%2F6Vsy2koSDX0wYFRB2N6gNI8AEuuebiWoiy4B5WcJgxACgwLYp0TaI%2Fncy5TpqXDgDd9V3ChrN%2BcwowhDmIHp84Xudy%2FOzzboijF9vlA1OmUoSUT818t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792e1925a9600b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash a4253e662d539c01b8656dbb6d73aab1
08f71eead367b6fa76b99f7f590680a5f5650b62
f05b99f6b0c8fb5c38221d02c0c9ed96389fbd5105d6329cdc733d1fae411df2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash d06fd066caf4dfa1e21a722a5c468158
acb765577662906ae8e11242bed487ce1051db28
4b45760de269e60345d43ff2da6c5803722f7c052edd0a9f5258ce69b2ffa32f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7d9658ab51d515dc13f1c7f42f955b42
0cdcccbd462b02685a2fb7621b7a2b89b89688cf
6166e834b5baf8925b4a5cbe92c65cde09a87910fbe73c3834e1d3ac0409fe1f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6166E834B5BAF8925B4A5CBE92C65CDE09A87910FBE73C3834E1D3AC0409FE1F"
Last-Modified: Wed, 01 Feb 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21006
Expires: Thu, 02 Feb 2023 04:14:42 GMT
Date: Wed, 01 Feb 2023 22:24:36 GMT
Connection: keep-alive
adservice.google.no/adsid/integrator.js?domain=exeo.app
172.217.21.162200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=exeo.app
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exeo.app HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 01 Feb 2023 22:24:36 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.205.35200 OK 5.9 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.205.35:0
Hash e6b239085627f8de89ff21e330ccfba9
af7d696233481594c2a2dd8630180144c5bd2cad
7f792a0ed7c04b2418d9a16ab2274d653092c4243768f2434f16e46f2564b40d
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: TG5VgrMTu5u2d4giPNKTT5eNCihn4IfsiKjmrOwgQI8ZXyVgO8Se4bUIJoBfpelcaQXOKGldaQA4s0el/ItAmw==
date: Wed, 01 Feb 2023 22:24:36 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash a4253e662d539c01b8656dbb6d73aab1
08f71eead367b6fa76b99f7f590680a5f5650b62
f05b99f6b0c8fb5c38221d02c0c9ed96389fbd5105d6329cdc733d1fae411df2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
142.250.74.97200 OK 2.7 kB URL HTTP/2 fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Wed, 01 Feb 2023 22:24:37 GMT
expires: Thu, 01 Feb 2024 22:24:37 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023012601&st=env
216.58.207.226200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023012601&st=env
IP 216.58.207.226:0
File type JSON data\012- , ASCII text, with very long lines (14810), with no line terminators
Hash 1c68837de96526dcc3fbd9f4088f7269
35c8887c969ea98f9921025c3f984645959979cd
2efb885359543ce2531d06fca50af50112878a2b1ab456586cc3bbc997694371
GET /getconfig/sodar?sv=200&tid=gpt&tv=2023012601&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Wed, 01 Feb 2023 22:24:37 GMT
server: cafe
content-length: 11180
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash b204f3abe06417a75a9703b1ed69bb37
f636ae39c412c40c3737e9c3c99a5e2e30a7e861
209edba54e970905fc4efd62b8736ef3f5d5021ccb82ea63e7ebfe0baf3e1896
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
216.58.207.193200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Wed, 01 Feb 2023 22:24:37 GMT
expires: Wed, 01 Feb 2023 22:24:37 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
216.58.207.193200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 20:43:30 GMT
expires: Fri, 26 Jan 2024 20:43:30 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 524467
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash df4a6d84addba49571d9f6ae44c61a3f
28c8093de27e27645cf6dfd5ae93a62fc77b9be5
cb6623b08b6245ea11bb871729613e453046d427d738a8c6431c5da8347e6e05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 515 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 75665b0f4384c8d30f588692a65911a6
8c0eaffc251954438d32862b736cd42f51ee5848
68f2c15c15db41d881da4342ef16dcdb97058bcb7556093fb3bd4ef7418aa8f1
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 01 Feb 2023 22:24:37 GMT
date: Wed, 01 Feb 2023 22:24:37 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-kZJ5tqZSfuF2KQUX9-dfZA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 6ed8529cb0121dfada69c1912efb936c
8684642f27eeeea9cc31d84114e21037e1dfc0ee
26a4346640b34deea357f81d3d08f831729318df2ec7b59f3cdbd652307c065c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4601
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:37 GMT
Last-Modified: Wed, 01 Feb 2023 21:07:56 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY-ueEvQEwAQ&v=APEucNXR-_I2vqbrBtyUF4T7jz7RfD2K8gMTay7YV4dmJ5P3kwzYFTip2ZgKzint2bkNhQcnvSTYbXC2Z_UCdXhEaUtVkexcH5CsyJtZ5S84jlrG8YA_XZyNme1skHhi5iSvzRadxDZpVmDbvi6V1u7xzRsDC19PGQ69lsmxypjvabbUwg7OHejrsch3vKx4LEaADTHjE49r4M3Hx-lxKyhv3gLwJjDn3g
142.250.74.98200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY-ueEvQEwAQ&v=APEucNXR-_I2vqbrBtyUF4T7jz7RfD2K8gMTay7YV4dmJ5P3kwzYFTip2ZgKzint2bkNhQcnvSTYbXC2Z_UCdXhEaUtVkexcH5CsyJtZ5S84jlrG8YA_XZyNme1skHhi5iSvzRadxDZpVmDbvi6V1u7xzRsDC19PGQ69lsmxypjvabbUwg7OHejrsch3vKx4LEaADTHjE49r4M3Hx-lxKyhv3gLwJjDn3g
IP 142.250.74.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CJfnugEQpvPq4AIY-ueEvQEwAQ&v=APEucNXR-_I2vqbrBtyUF4T7jz7RfD2K8gMTay7YV4dmJ5P3kwzYFTip2ZgKzint2bkNhQcnvSTYbXC2Z_UCdXhEaUtVkexcH5CsyJtZ5S84jlrG8YA_XZyNme1skHhi5iSvzRadxDZpVmDbvi6V1u7xzRsDC19PGQ69lsmxypjvabbUwg7OHejrsch3vKx4LEaADTHjE49r4M3Hx-lxKyhv3gLwJjDn3g HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 01 Feb 2023 22:24:37 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 01-Feb-2023 22:39:37 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 01 Feb 2023 22:24:37 GMT
cache-control: private
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5756bc733e4179462fdc087a13f43c42
6c9b825935568255fb15a1f5c440af9a2f98570c
a5c2fa35cdc38abfad58fe7a79a39f997c00ddb2f33951d614e6a4006f47f47d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A5C2FA35CDC38ABFAD58FE7A79A39F997C00DDB2F33951D614E6A4006F47F47D"
Last-Modified: Mon, 30 Jan 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7299
Expires: Thu, 02 Feb 2023 00:26:16 GMT
Date: Wed, 01 Feb 2023 22:24:37 GMT
Connection: keep-alive
cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=5182866&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hd1OXxuD3pZlmdzHOV9YiR&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/h6c&DVP_PP_BUNDLE_ID=
95.101.11.115200 OK 1.9 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=5182866&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hd1OXxuD3pZlmdzHOV9YiR&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/h6c&DVP_PP_BUNDLE_ID=
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type HTML document, ASCII text, with very long lines (536)
Hash 87b6182d03ee779aa68e37632f67656e
fac511e36df5215ae95ad7d03c4984e5ffcb7f6e
e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7
GET /dvbs_src.js?ctx=1828362&cmp=115750&plc=5182866&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hd1OXxuD3pZlmdzHOV9YiR&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/h6c&DVP_PP_BUNDLE_ID= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-GUploader-UploadID: ADPycds6p1jm1dM37ZrGE7degj1PHtVHSCOhkWg3tNxtDa8jls04Qf_pWilJX59SK2PF90mCXMWOvLDiSS4yJ4B9Ex0-uw
Cache-Control: max-age=86400
Expires: Wed, 18 Jan 2023 15:48:02 GMT
Last-Modified: Tue, 10 Jan 2023 11:02:09 GMT
ETag: "87b6182d03ee779aa68e37632f67656e"
x-goog-generation: 1673348529482061
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1922
x-goog-meta-pipeline-id: 742670731
x-goog-meta-previous-generation-number: 1673253614982549
Content-Type: application/javascript
x-goog-hash: crc32c=lOOx4w==, md5=h7YYLQPud5qmjjdjL2dlbg==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Content-Length: 1922
Server: UploadServer
Date: Wed, 01 Feb 2023 22:24:37 GMT
Connection: keep-alive
cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hd1OXxuD3pZlmdzHOV9YiR&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/h6c&DVP_PP_BUNDLE_ID=
95.101.11.115200 OK 3.3 kB URL HTTP/1.1 cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hd1OXxuD3pZlmdzHOV9YiR&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/h6c&DVP_PP_BUNDLE_ID=
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (8016)
Hash 558236d14c2aba66c3914c13a1854592
6f67ca562bf15c1a23254b80111d11d99260eff7
ae734998083e7b4a03942d17ae10e83c9d5ff2a75ad66fadfe7eb8acab3bf23f
GET /dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hd1OXxuD3pZlmdzHOV9YiR&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/h6c&DVP_PP_BUNDLE_ID= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 01 Feb 2023 10:02:56 GMT
Accept-Ranges: bytes
ETag: "0c8245b2436d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 3338
Date: Wed, 01 Feb 2023 22:24:37 GMT
Connection: keep-alive
id5-sync.com/api/esp/increment?counter=no-config
162.19.138.120204 0 B URL HTTP/1.1 id5-sync.com/api/esp/increment?counter=no-config
IP 162.19.138.120:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/esp/increment?counter=no-config HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
date: Wed, 01 Feb 2023 22:24:37 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=5182866&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hwReg15mq0ttyCjp-H5y3T&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/h6c&DVP_PP_BUNDLE_ID=
95.101.11.115200 OK 1.9 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=5182866&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hwReg15mq0ttyCjp-H5y3T&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/h6c&DVP_PP_BUNDLE_ID=
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type HTML document, ASCII text, with very long lines (536)
Hash 87b6182d03ee779aa68e37632f67656e
fac511e36df5215ae95ad7d03c4984e5ffcb7f6e
e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7
GET /dvbs_src.js?ctx=1828362&cmp=115750&plc=5182866&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hwReg15mq0ttyCjp-H5y3T&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/h6c&DVP_PP_BUNDLE_ID= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-GUploader-UploadID: ADPycds6p1jm1dM37ZrGE7degj1PHtVHSCOhkWg3tNxtDa8jls04Qf_pWilJX59SK2PF90mCXMWOvLDiSS4yJ4B9Ex0-uw
Cache-Control: max-age=86400
Expires: Wed, 18 Jan 2023 15:48:02 GMT
Last-Modified: Tue, 10 Jan 2023 11:02:09 GMT
ETag: "87b6182d03ee779aa68e37632f67656e"
x-goog-generation: 1673348529482061
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1922
x-goog-meta-pipeline-id: 742670731
x-goog-meta-previous-generation-number: 1673253614982549
Content-Type: application/javascript
x-goog-hash: crc32c=lOOx4w==, md5=h7YYLQPud5qmjjdjL2dlbg==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Content-Length: 1922
Server: UploadServer
Date: Wed, 01 Feb 2023 22:24:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4728
Expires: Wed, 01 Feb 2023 23:43:25 GMT
Date: Wed, 01 Feb 2023 22:24:37 GMT
Connection: keep-alive
cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hwReg15mq0ttyCjp-H5y3T&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/h6c&DVP_PP_BUNDLE_ID=
95.101.11.115200 OK 3.3 kB URL HTTP/1.1 cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hwReg15mq0ttyCjp-H5y3T&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/h6c&DVP_PP_BUNDLE_ID=
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (8016)
Hash 558236d14c2aba66c3914c13a1854592
6f67ca562bf15c1a23254b80111d11d99260eff7
ae734998083e7b4a03942d17ae10e83c9d5ff2a75ad66fadfe7eb8acab3bf23f
GET /dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hwReg15mq0ttyCjp-H5y3T&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/h6c&DVP_PP_BUNDLE_ID= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 01 Feb 2023 10:02:56 GMT
Accept-Ranges: bytes
ETag: "0c8245b2436d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 3338
Date: Wed, 01 Feb 2023 22:24:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4728
Expires: Wed, 01 Feb 2023 23:43:25 GMT
Date: Wed, 01 Feb 2023 22:24:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4728
Expires: Wed, 01 Feb 2023 23:43:25 GMT
Date: Wed, 01 Feb 2023 22:24:37 GMT
Connection: keep-alive
cdn.doubleverify.com/dvbs_src_internal117.js
95.101.11.115200 OK 19 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src_internal117.js
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2636), with CRLF, LF line terminators
Hash cf93b15de9d1c76c1bc6fdaee5382496
26e52f0a242bff375cc54d8d33a1a416d89e2813
c290ae68279e0685c13650d1534a0cd86997420399bb67288046e61b13defb53
GET /dvbs_src_internal117.js HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=946080000
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 11:00:18 GMT
Accept-Ranges: bytes
ETag: "0cda5b9e224d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 18840
Date: Wed, 01 Feb 2023 22:24:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4728
Expires: Wed, 01 Feb 2023 23:43:25 GMT
Date: Wed, 01 Feb 2023 22:24:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 86664b4d1fc27ba7b5bff8a245604326
b8c7ef73101a497b6c78ad59aafe66a391fdc3fa
e4596faadf14051299036a79632951d90183dd0635293687edef11985799a752
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4814
x-amzn-requestid: 90da23ab-2c54-40ec-8e26-bdf4eeb1e27b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKWFpvoAMFyPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-70c4cb89413ed6bd44731d76;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: axFfTgcGtvqt1RcbyLpovD5Fr7J2Wx9pNwb92m2rwTdj-sGp0bIq-Q==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:59:10 GMT
age: 1527
etag: "b8c7ef73101a497b6c78ad59aafe66a391fdc3fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79ec7db4-9aef-4e9e-a8d9-431c9085df2a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79ec7db4-9aef-4e9e-a8d9-431c9085df2a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b0ca0ccee69fbee57aac373f94120bb4
5d6309502ffd0c33f6199d46f0d14d0a22e3c752
bed9d4689ff57fa636ee08dab3eef3cdf6c4e0a7103e5185151afe8ddfb755f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79ec7db4-9aef-4e9e-a8d9-431c9085df2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11552
x-amzn-requestid: 611f63cb-f058-493b-ac86-7e268b866fd0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdTvG9VIAMFgPg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadc17-78de7563537b111924100346;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:39:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lHLm3IkJRn59US_8SXKXQnNDUiCLIWnQ7QN-DWB3jkot9Ub3b6FUgA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:59:35 GMT
age: 1502
etag: "5d6309502ffd0c33f6199d46f0d14d0a22e3c752"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23ac16a6-b0c6-4c81-9bd1-78ee332bf49a.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23ac16a6-b0c6-4c81-9bd1-78ee332bf49a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0ceb09fa3caa0fcda4a6314141e2d019
d08f43956f6859e4c2385231bb5506262257445f
a2100701c69f86920b14714b19ec14db9ebfd91000f0ec2397b8f27d981bc1ee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23ac16a6-b0c6-4c81-9bd1-78ee332bf49a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14593
x-amzn-requestid: 796fc590-5a08-4765-b861-e5f707e4d7f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdLoFHQoAMFaAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbe3-3f93635c337e77e453bba394;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gYo5IyA5mM2B5nw6O2QkkZ6-go2CzG8Nwb_pWSixGplAl7LsbmWUiQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:55:43 GMT
age: 1734
etag: "d08f43956f6859e4c2385231bb5506262257445f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b9af1fd56c0de8f128ddce88d49c1b4d
e3bb3d4950f7c0267f4476eef21872da332831aa
908153182f76362ff329803d9c11c06c66181e85e8e51dabd927f1f1ac630d5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8944
x-amzn-requestid: 07495184-ede8-485c-94e8-5302ec348ea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: freiLHRPoAMFYbw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dade0d-275437a54eceb40e302a7f55;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:47:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: e0zaXjoBKOmsY4fPEbl1SWCBxetMssmszZug0-epLq-X5rGb5zKHZw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:59:36 GMT
age: 1501
etag: "e3bb3d4950f7c0267f4476eef21872da332831aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 91987222-d376-4099-a4e9-5f877b5212be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLzO2FSDIAMFktg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce325e-281a7e062ee3039d42ae8f83;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:08:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SEH32iK4aCkxhxQyu3fSlW8uVM1Oj5hwnl2U09k_THEOdAqdEeVMJw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:03:43 GMT
age: 1254
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f8260f-0039-4dd4-be49-93afef573ecb.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f8260f-0039-4dd4-be49-93afef573ecb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c56d08c13f357f91a14309b48d75e88
739ff0319e25b99fbf69b6a1c12159d4dda7549b
7f2a2004b2b587a18e99bae5ef216de0a0a12f4ab8e7c817df8eb8aa41f4be73
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f8260f-0039-4dd4-be49-93afef573ecb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5011
x-amzn-requestid: 0760d4c6-1e6b-4e68-8c90-37229f8110e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5JE0AIAMFn8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6d-43fb25a727dd969b6219bd6f;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zQlfIcpWrJw9N6I7WNmV5feaR9QNy3FUSCOJQeyAnYS0oEH12dtzqg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:59:35 GMT
age: 1502
etag: "739ff0319e25b99fbf69b6a1c12159d4dda7549b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash c37e7fcc4fb11ee997043d99b464fa23
068d742ef2391730d4f6839e222cf6175776aa5b
30917aaddec747005f35157115e4bd759bf324532502d884f455925d1e2896af
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 01 Feb 2023 22:24:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 01 Feb 2023 20:45:20 GMT
Expires: Thu, 02 Feb 2023 20:45:20 GMT
ETag: "068d742ef2391730d4f6839e222cf6175776aa5b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_245926346240&jsTagObjCallback=__tagObject_callback_245926346240&num=6&ctx=1828362&cmp=115750&plc=5182866&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=245926346240&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=2.00&dvpx_strhd=2.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/h6c&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hd1OXxuD3pZlmdzHOV9YiR&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=6&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&dvp_exetime=14.00&callbackName=__verify_callback_245926346240
34.149.12.213200 OK 266 B URL HTTP/1.1 rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_245926346240&jsTagObjCallback=__tagObject_callback_245926346240&num=6&ctx=1828362&cmp=115750&plc=5182866&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=245926346240&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=2.00&dvpx_strhd=2.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/h6c&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hd1OXxuD3pZlmdzHOV9YiR&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=6&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&dvp_exetime=14.00&callbackName=__verify_callback_245926346240
IP 34.149.12.213:0
Hash d273c8a1a700ef38ce675cada9235db9
c313b0ea1f348573706f30a7a0a9896b5e46bfab
980fdb7916e3a1e28c69bfcac59004e4c9f3593848f2d1714ce6c5f4f1f9e19a
GET /verify.js?flvr=0&jsCallback=__verify_callback_245926346240&jsTagObjCallback=__tagObject_callback_245926346240&num=6&ctx=1828362&cmp=115750&plc=5182866&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=245926346240&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=2.00&dvpx_strhd=2.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/h6c&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hd1OXxuD3pZlmdzHOV9YiR&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=6&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&dvp_exetime=14.00&callbackName=__verify_callback_245926346240 HTTP/1.1
Host: rtb0.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:38 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 01/31/2023 22:24:38
Pragma: no-cache
Vary: Accept-Encoding
X-DV-Response: 0
cdn.doubleverify.com/dv-measurements3497.js
95.101.11.115200 OK 109 kB URL HTTP/1.1 cdn.doubleverify.com/dv-measurements3497.js
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 109 kB (109099 bytes)
Hash 4773cb5cfa2ad0e71d21f43c56c76ae3
39d66090c14e1b5d2f0f3413a34e087b5969d054
76206ee41bcfae347cef25b03589639e616747c9f77e2b3378387ee9e14f3a00
GET /dv-measurements3497.js HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=946080900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 01 Feb 2023 08:37:17 GMT
Accept-Ranges: bytes
ETag: "809cf641836d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 109099
Date: Wed, 01 Feb 2023 22:24:38 GMT
Connection: keep-alive
servedby.flashtalking.com/imp/8/115750;5182866;201;jsappend;DV360;DV360FY20AcrobatCTXInMarketHighReachNODSKBAN728x90/?ftOBA=1&ft_domain=exeo.app&ft_ifb=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fexeo.app%2F&us_privacy=${US_PRIVACY}&cachebuster=29860.255185853777&ft_dv=%5B%25ft_dv%25%5D
2.23.132.54200 OK 770 B URL HTTP/1.1 servedby.flashtalking.com/imp/8/115750;5182866;201;jsappend;DV360;DV360FY20AcrobatCTXInMarketHighReachNODSKBAN728x90/?ftOBA=1&ft_domain=exeo.app&ft_ifb=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fexeo.app%2F&us_privacy=${US_PRIVACY}&cachebuster=29860.255185853777&ft_dv=%5B%25ft_dv%25%5D
IP 2.23.132.54:0
ASN #1299 Telia Company AB
File type ASCII text, with CRLF, CR, LF line terminators
Hash 650fca761ea16d2fb1b454a5af02de1b
43f0bd64eaa32fad0549a3c906f4c47ea5fd8158
cda7624f18fc92a37a3abd30305c084faf04f83e3883e3b08765a7b75d87e42c
GET /imp/8/115750;5182866;201;jsappend;DV360;DV360FY20AcrobatCTXInMarketHighReachNODSKBAN728x90/?ftOBA=1&ft_domain=exeo.app&ft_ifb=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fexeo.app%2F&us_privacy=${US_PRIVACY}&cachebuster=29860.255185853777&ft_dv=%5B%25ft_dv%25%5D HTTP/1.1
Host: servedby.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=ISO-8859-1
Server: prod-xre-app2.frk11
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Wed, 01 Feb 2023 22:24:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 01 Feb 2023 22:24:38 GMT
Content-Length: 770
Connection: keep-alive
Strict-Transport-Security: max-age=86400
cdn.flashtalking.com/xre/518/5182866/4069576/js/j-5182866-4069576.js
205.185.216.42200 OK 17 kB URL HTTP/1.1 cdn.flashtalking.com/xre/518/5182866/4069576/js/j-5182866-4069576.js
IP 205.185.216.42:0
File type ASCII text, with very long lines (2897), with CRLF, CR, LF line terminators
Hash a3bbb7eb6e07a11ebe599221998b0898
532c8d5b42b34fb258f56bd0c0d89261f2ae7abd
43e666441289348bd9d18e9385dd72bdbd38fb97850bae62fd0a236a4abc50b9
GET /xre/518/5182866/4069576/js/j-5182866-4069576.js HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:38 GMT
Connection: Keep-Alive
ETag: "1664998068"
Cache-Control: max-age=8
Content-Encoding: gzip
Content-Length: 17006
Content-Type: text/javascript; charset=utf-8
Last-Modified: Wed, 05 Oct 2022 19:27:48 GMT
Accept-Ranges: bytes
x-amz-id-2: X7WWBL9vEXVudbKR/T7YnWavvl85nBffBWDlDiN/TsU+NNNoTA6DX9BWQvzSH6FkH2eIIPNNGBY=
x-amz-request-id: X427F4E83W8TKFN1
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1675290278.dop017.sk1.t,1675290278.cds009.sk1.shn,1675290278.dop017.sk1.t,1675290278.cds261.sk1.c
cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182866&num=&adid=&advid=&adsrv=29&btreg=5182866&btadsrv=flashtalking&crt=4069576&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=38A7AE36-3531-A875-F8DF-56464FFAF7A9&auevent=&111939995
95.101.11.115200 OK 3.3 kB URL HTTP/1.1 cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182866&num=&adid=&advid=&adsrv=29&btreg=5182866&btadsrv=flashtalking&crt=4069576&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=38A7AE36-3531-A875-F8DF-56464FFAF7A9&auevent=&111939995
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (8016)
Hash 558236d14c2aba66c3914c13a1854592
6f67ca562bf15c1a23254b80111d11d99260eff7
ae734998083e7b4a03942d17ae10e83c9d5ff2a75ad66fadfe7eb8acab3bf23f
GET /dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182866&num=&adid=&advid=&adsrv=29&btreg=5182866&btadsrv=flashtalking&crt=4069576&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=38A7AE36-3531-A875-F8DF-56464FFAF7A9&auevent=&111939995 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 01 Feb 2023 10:02:56 GMT
Accept-Ranges: bytes
ETag: "0c8245b2436d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 3338
Date: Wed, 01 Feb 2023 22:24:38 GMT
Connection: keep-alive
cdn.flashtalking.com/116327/4069576/index.html
205.185.216.42200 OK 19 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/index.html
IP 205.185.216.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1453), with CRLF, LF line terminators
Hash 30b926c7796145ac24d4991241a8f2ee
e945b3ea3f707052b17a2ac17fe71dc046b73b64
abc7edc3b542d9d84563119646042401ce118992da7e5a60c397ebb82fa84a47
GET /116327/4069576/index.html HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:38 GMT
Connection: Keep-Alive
ETag: "1664411225"
Cache-Control: max-age=458
Content-Encoding: gzip
Content-Length: 19164
Content-Type: text/html
Last-Modified: Thu, 29 Sep 2022 00:27:05 GMT
Accept-Ranges: bytes
x-amz-id-2: RoMbOCX7YG3WgnkxXkEQDSY9CWAdIp1SB2YByUa65Fpj54+PxrpGGEgSxKIgoEvVvAqfz+GPTIM=
x-amz-request-id: VB0RRNNNX56KY1WK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1675290278.dop017.sk1.t,1675290278.cds009.sk1.shn,1675290278.dop017.sk1.t,1675290278.cds246.sk1.c
secure.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
23.38.200.44200 OK 1.3 kB URL HTTP/1.1 secure.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
IP 23.38.200.44:0
File type PNG image data, 19 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash db320ef6f3c45ab5c90887ef618de2bb
7d4bd175166545ea775fcb69b406eba11f7fa3ec
f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025
GET /oba/icon/iconc.png?EDAA_icon=y HTTP/1.1
Host: secure.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Sat, 12 Apr 2014 19:14:32 GMT
Content-Type: image/png
ETag: W/"db320ef6f3c45ab5c90887ef618de2bb"
X-Varnish: 440713868 434560932
Accept-Ranges: bytes
Content-Length: 1308
Cache-Control: max-age=1854641
Expires: Thu, 23 Feb 2023 09:35:19 GMT
Date: Wed, 01 Feb 2023 22:24:38 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 87880a834c6e05683c05059871185712
e346e0fc2994475670b359c300550ae45b50a6d5
333a712e0bd0c2015649a74e25267d8218afa423278e72058a13e8a2fe0bc67c
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 01 Feb 2023 22:24:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 01 Feb 2023 02:56:33 GMT
Expires: Thu, 02 Feb 2023 02:56:33 GMT
ETag: "e346e0fc2994475670b359c300550ae45b50a6d5"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=189&ttfrms=45&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&srcurlD=0&aUrlD=-1&ssl=https:&uid=1675290301882901&jsCallback=dvCallback_1675290301882455&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=1&fcifrms=5&brh=2&sdf=2&dvp_epl=80&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://exeo.app/h6c&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hd1OXxuD3pZlmdzHOV9YiR&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=341993041727.7233&dvp_tukv=102781736782.78877&dvp_tuid=999327444554&jurtd=3420994982
34.149.12.213200 OK 681 B URL HTTP/1.1 tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=189&ttfrms=45&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&srcurlD=0&aUrlD=-1&ssl=https:&uid=1675290301882901&jsCallback=dvCallback_1675290301882455&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=1&fcifrms=5&brh=2&sdf=2&dvp_epl=80&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://exeo.app/h6c&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hd1OXxuD3pZlmdzHOV9YiR&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=341993041727.7233&dvp_tukv=102781736782.78877&dvp_tuid=999327444554&jurtd=3420994982
IP 34.149.12.213:0
File type ASCII text, with very long lines (1184), with no line terminators
Hash 382fae1d56a63525dfe0d24dcef37005
e956f94c224c43f22b85706b6b36a846f75d47c3
359f6c1b1a28f5b7f50db294448a8933f70a094839fc529e997f74daecbddef6
GET /visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=189&ttfrms=45&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&srcurlD=0&aUrlD=-1&ssl=https:&uid=1675290301882901&jsCallback=dvCallback_1675290301882455&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=1&fcifrms=5&brh=2&sdf=2&dvp_epl=80&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://exeo.app/h6c&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hd1OXxuD3pZlmdzHOV9YiR&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=341993041727.7233&dvp_tukv=102781736782.78877&dvp_tuid=999327444554&jurtd=3420994982 HTTP/1.1
Host: tps.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:38 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 01/31/2023 22:24:38
Pragma: no-cache
Vary: Accept-Encoding
cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=144091b770c5479d939eccc8ad255152&dup=&eoid=1000&cbust=1675290302252860
95.101.11.115302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=144091b770c5479d939eccc8ad255152&dup=&eoid=1000&cbust=1675290302252860
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-eu3¶m=akipv6&impid=144091b770c5479d939eccc8ad255152&dup=&eoid=1000&cbust=1675290302252860 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-eu3.doubleverify.com/event.png?impid=144091b770c5479d939eccc8ad255152&akipv6=&dup=&eoid=1000
Date: Wed, 01 Feb 2023 22:24:38 GMT
Connection: keep-alive
tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=165&ttfrms=19&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1282&ddur=18&uid=1675290302221313&jsCallback=dvCallback_1675290302221245&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=1&fcifrms=5&brh=2&sdf=2&dvp_epl=80&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182866&crt=4069576&btreg=5182866&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=38A7AE36-3531-A875-F8DF-56464FFAF7A9&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=341993041727.7233&dvp_tukv=2265110056.063074&dvp_tuid=1279273186283&jurtd=1982011531
34.149.12.213200 OK 1.2 kB URL HTTP/1.1 tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=165&ttfrms=19&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1282&ddur=18&uid=1675290302221313&jsCallback=dvCallback_1675290302221245&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=1&fcifrms=5&brh=2&sdf=2&dvp_epl=80&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182866&crt=4069576&btreg=5182866&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=38A7AE36-3531-A875-F8DF-56464FFAF7A9&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=341993041727.7233&dvp_tukv=2265110056.063074&dvp_tuid=1279273186283&jurtd=1982011531
IP 34.149.12.213:0
File type ASCII text, with very long lines (3044), with no line terminators
Hash 78a476066144af64020ff8dd5a9d5307
e58178fd18d09e2303284c59bfb44dca9a0abd72
4e85496f9d8acad28a4dad50bdaf39e45b5e14dc35b559200acb8ce822adcd0a
GET /visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=165&ttfrms=19&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1282&ddur=18&uid=1675290302221313&jsCallback=dvCallback_1675290302221245&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=1&fcifrms=5&brh=2&sdf=2&dvp_epl=80&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182866&crt=4069576&btreg=5182866&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=38A7AE36-3531-A875-F8DF-56464FFAF7A9&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=341993041727.7233&dvp_tukv=2265110056.063074&dvp_tuid=1279273186283&jurtd=1982011531 HTTP/1.1
Host: tps.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:38 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 01/31/2023 22:24:38
Pragma: no-cache
Vary: Accept-Encoding
cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=c9769d8d6b1f4dfcaee3f618b0f9823b&dup=&eoid=1000&cbust=1675290302285890
95.101.11.115302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=c9769d8d6b1f4dfcaee3f618b0f9823b&dup=&eoid=1000&cbust=1675290302285890
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-eu3¶m=akipv6&impid=c9769d8d6b1f4dfcaee3f618b0f9823b&dup=&eoid=1000&cbust=1675290302285890 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-eu3.doubleverify.com/event.png?impid=c9769d8d6b1f4dfcaee3f618b0f9823b&akipv6=&dup=&eoid=1000
Date: Wed, 01 Feb 2023 22:24:38 GMT
Connection: keep-alive
cdn.flashtalking.com/116327/4069576/images/acrobat_create_2.jpg
205.185.216.42200 OK 15 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/images/acrobat_create_2.jpg
IP 205.185.216.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 710x444, components 3\012- data
Hash 296f9ed86795c8b1f2a1554742a0485a
8899d835a9478a5161299ba357c50b3598501f40
f07b31ea4c345d978d4748fb71a680ef2861368279ccb491f78fc86380c0e37a
GET /116327/4069576/images/acrobat_create_2.jpg HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069576/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:38 GMT
Connection: Keep-Alive
ETag: "1664411224"
Cache-Control: max-age=440
Content-Length: 15071
Content-Type: image/jpeg
Last-Modified: Thu, 29 Sep 2022 00:27:04 GMT
Accept-Ranges: bytes
x-amz-id-2: vAl5bO1kI+eq7uSbH1G88h/smLj6xlVcd1SxeedgR91COuWWVTpZPVKLaJZMuKdU99xwHf6jkks=
x-amz-request-id: 81Z2JHJSXVGSP664
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1675290278.dop017.sk1.t,1675290278.cds009.sk1.shn,1675290278.dop017.sk1.t,1675290278.cds219.sk1.c
secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
23.38.200.44200 OK 6.0 kB URL HTTP/1.1 secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
IP 23.38.200.44:0
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash d675694ab4d4d2eb56cca854c25d9c36
34174b9397a3cb289f892f1f98ccc51a63698360
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98
GET /oba/icon/consumer-privacy-logo.png HTTP/1.1
Host: secure.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Thu, 11 Feb 2021 15:39:51 GMT
Content-Type: image/png
ETag: W/"d675694ab4d4d2eb56cca854c25d9c36"
X-Varnish: 721542519 721664610
Accept-Ranges: bytes
Content-Length: 5953
Cache-Control: max-age=165
Expires: Wed, 01 Feb 2023 22:27:23 GMT
Date: Wed, 01 Feb 2023 22:24:38 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
cdn.flashtalking.com/116327/4069576/images/acrobat_screen_large_2.jpg
205.185.216.42200 OK 180 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/images/acrobat_screen_large_2.jpg
IP 205.185.216.42:0
File type JPEG image data, progressive, precision 8, 926x531, components 3\012- data
Size 180 kB (179684 bytes)
Hash 64376c876f34130eb00d7c0338667dcf
2d77b890330e48c93dac67fbcceb3a89fa7ad24e
7e1d65ca11e16f00cba0b4870172a6a854e7f6d73e88b4691e80e25ecdf3161c
GET /116327/4069576/images/acrobat_screen_large_2.jpg HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069576/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:38 GMT
Connection: Keep-Alive
ETag: "1664411224"
Cache-Control: max-age=465
Content-Length: 179684
Content-Type: image/jpeg
Last-Modified: Thu, 29 Sep 2022 00:27:04 GMT
Accept-Ranges: bytes
x-amz-id-2: H5XWK1PNFpW4tNGciRni+ZapgfSo6ohYBR7+5VRYO4i7flTt33iyiLrIUpMFGyVg9timfEv6XuU=
x-amz-request-id: 81ZFMRYSAWT0BQQ9
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1675290278.dop017.sk1.t,1675290278.cds009.sk1.shn,1675290278.dop017.sk1.t,1675290278.cds227.sk1.c
cdn.flashtalking.com/116327/4069576/images/Image2.png
205.185.216.42200 OK 5.2 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/images/Image2.png
IP 205.185.216.42:0
File type PNG image data, 92 x 131, 8-bit/color RGBA, non-interlaced\012- data
Hash 36b54eb1631f1be795a0567fc7f6034f
c574b46865c60d9e654333e29b070ea802a54a2d
8856deebcedfa5f528c116f29edc1d31e54f16f7cc4841f9875b4910703d4445
GET /116327/4069576/images/Image2.png HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069576/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:39 GMT
Connection: Keep-Alive
ETag: "1664411224"
Cache-Control: max-age=473
Content-Length: 5192
Content-Type: image/png
Last-Modified: Thu, 29 Sep 2022 00:27:04 GMT
Accept-Ranges: bytes
x-amz-id-2: mj+Rn2zb90Fim0qqtQlgwyzbqlVHUDMhifNh7AjY+KXhCY/aXRukXmO07hhlX2UGxeU8lO59Kto=
x-amz-request-id: 81Z1BACBTVGCMYH9
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1675290278.dop017.sk1.t,1675290278.cds009.sk1.shn,1675290279.dop017.sk1.t,1675290279.cds262.sk1.c
tpsc-eu3.doubleverify.com/event.png?impid=c9769d8d6b1f4dfcaee3f618b0f9823b&akipv6=&dup=&eoid=1000
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=c9769d8d6b1f4dfcaee3f618b0f9823b&akipv6=&dup=&eoid=1000
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=c9769d8d6b1f4dfcaee3f618b0f9823b&akipv6=&dup=&eoid=1000 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Wed, 01 Feb 2023 22:24:39 GMT
Connection: keep-alive
Cache-Control: max-age=0
Expires: 01/31/2023 22:24:39
Pragma: no-cache
tpsc-eu3.doubleverify.com/event.png?impid=144091b770c5479d939eccc8ad255152&akipv6=&dup=&eoid=1000
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=144091b770c5479d939eccc8ad255152&akipv6=&dup=&eoid=1000
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=144091b770c5479d939eccc8ad255152&akipv6=&dup=&eoid=1000 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Wed, 01 Feb 2023 22:24:39 GMT
Connection: keep-alive
Cache-Control: max-age=0
Expires: 01/31/2023 22:24:39
Pragma: no-cache
cdn.flashtalking.com/116327/4069576/images/notebook.png
205.185.216.42200 OK 99 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069576/images/notebook.png
IP 205.185.216.42:0
File type PNG image data, 1102 x 1102, 8-bit/color RGBA, non-interlaced\012- data
Hash 6072c623d256e1ede016076a14baa64b
754753da0a2a3202d775f71277a77417466bef14
01f6632e73c7e0f8ab3448cc32d557a93f469a4bd2db2e6a1a128af59344f74d
GET /116327/4069576/images/notebook.png HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069576/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:39 GMT
Connection: Keep-Alive
ETag: "1664411224"
Cache-Control: max-age=473
Content-Length: 98859
Content-Type: image/png
Last-Modified: Thu, 29 Sep 2022 00:27:04 GMT
Accept-Ranges: bytes
x-amz-id-2: vpjQf57YVXIvYcTATWaayw2QnRS78eCpma8r3JRyD5RQOaksWY1kPwALCkhXS1X0sYu5qSuK4SI=
x-amz-request-id: 81ZFM5F8EBX8AX5V
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1675290278.dop017.sk1.t,1675290278.cds009.sk1.shn,1675290279.dop017.sk1.t,1675290279.cds255.sk1.c
rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_794426344291&jsTagObjCallback=__tagObject_callback_794426344291&num=6&ctx=1828362&cmp=115750&plc=5182866&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=794426344291&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=0.00&dvpx_strhd=0.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/h6c&chro=0&hist=2&winh=280&winw=940&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hwReg15mq0ttyCjp-H5y3T&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=6&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&dvp_exetime=5.00&callbackName=__verify_callback_794426344291
34.149.12.213200 OK 266 B URL HTTP/1.1 rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_794426344291&jsTagObjCallback=__tagObject_callback_794426344291&num=6&ctx=1828362&cmp=115750&plc=5182866&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=794426344291&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=0.00&dvpx_strhd=0.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/h6c&chro=0&hist=2&winh=280&winw=940&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hwReg15mq0ttyCjp-H5y3T&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=6&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&dvp_exetime=5.00&callbackName=__verify_callback_794426344291
IP 34.149.12.213:0
Hash a2a6f7fc6056cd1612da94dc20850a6e
4378d523af240a5403754ad7c3dbd8eb4d253e03
8d1ed2488d1fc6efb79bf9af25d624bf65890e76dc45ad0fba157a6020beb9f0
GET /verify.js?flvr=0&jsCallback=__verify_callback_794426344291&jsTagObjCallback=__tagObject_callback_794426344291&num=6&ctx=1828362&cmp=115750&plc=5182866&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=794426344291&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=0.00&dvpx_strhd=0.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/h6c&chro=0&hist=2&winh=280&winw=940&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hwReg15mq0ttyCjp-H5y3T&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=6&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&dvp_exetime=5.00&callbackName=__verify_callback_794426344291 HTTP/1.1
Host: rtb0.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:39 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 01/31/2023 22:24:39
Pragma: no-cache
Vary: Accept-Encoding
X-DV-Response: 0
cdn.id5-sync.com/api/1.0/esp.js
104.22.53.86200 OK 17 kB URL HTTP/2 cdn.id5-sync.com/api/1.0/esp.js
IP 104.22.53.86:0
Hash f9e536ab912e634e7cc87c50e8cb70a0
969b724b5041c7ae49b6f115c2919c084d69419d
d2c5d17f1ec4a9007d673716424bd6c1db8c1b085dd9b4fe3c4b299e6b3baa74
GET /api/1.0/esp.js HTTP/1.1
Host: cdn.id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:37 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: FVMlFSmcD0Wn/+rph/xJPSMD8h1xLItGxMiFojs1e+J1f7LO28QsQCtM5wu1mlkwy4pwPQtZ0SQ=
x-amz-request-id: H5PSQWN45SZ0RJ5Q
last-modified: Wed, 18 Jan 2023 10:47:58 GMT
etag: W/"854d94282c6b6d99cd8ba33bb311e621"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 1393
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 792e192a1857b4ed-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=171&ttfrms=20&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&srcurlD=0&aUrlD=-1&ssl=https:&uid=1675290302736398&jsCallback=dvCallback_1675290302736972&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=2&fcifrms=5&brh=2&sdf=2&dvp_epl=80&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://exeo.app/h6c&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hwReg15mq0ttyCjp-H5y3T&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=72068096792.77164&dvp_tukv=235123687605.29474&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=1135158145686&jurtd=2135574235
34.149.12.213200 OK 683 B URL HTTP/1.1 tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=171&ttfrms=20&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&srcurlD=0&aUrlD=-1&ssl=https:&uid=1675290302736398&jsCallback=dvCallback_1675290302736972&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=2&fcifrms=5&brh=2&sdf=2&dvp_epl=80&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://exeo.app/h6c&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hwReg15mq0ttyCjp-H5y3T&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=72068096792.77164&dvp_tukv=235123687605.29474&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=1135158145686&jurtd=2135574235
IP 34.149.12.213:0
File type ASCII text, with very long lines (1184), with no line terminators
Hash 99e43964253f772872d2e5ac69de2a40
9180d4b979b0843df9fb346caea196ca8cf2757a
c0d01406181979002cb368255e5a4afd061da8af8fbae71978531e42b0bb8ca9
GET /visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=171&ttfrms=20&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&srcurlD=0&aUrlD=-1&ssl=https:&uid=1675290302736398&jsCallback=dvCallback_1675290302736972&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=2&fcifrms=5&brh=2&sdf=2&dvp_epl=80&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://exeo.app/h6c&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hwReg15mq0ttyCjp-H5y3T&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=72068096792.77164&dvp_tukv=235123687605.29474&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=1135158145686&jurtd=2135574235 HTTP/1.1
Host: tps.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:39 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 01/31/2023 22:24:39
Pragma: no-cache
Vary: Accept-Encoding
servedby.flashtalking.com/imp/8/115750;5182866;201;jsappend;DV360;DV360FY20AcrobatCTXInMarketHighReachNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Ffcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&us_privacy=${US_PRIVACY}&cachebuster=306417.8172594011&ft_dv=%5B%25ft_dv%25%5D
2.23.132.54200 OK 821 B URL HTTP/1.1 servedby.flashtalking.com/imp/8/115750;5182866;201;jsappend;DV360;DV360FY20AcrobatCTXInMarketHighReachNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Ffcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&us_privacy=${US_PRIVACY}&cachebuster=306417.8172594011&ft_dv=%5B%25ft_dv%25%5D
IP 2.23.132.54:0
ASN #1299 Telia Company AB
File type ASCII text, with CRLF, CR, LF line terminators
Hash d2f89e9d7fefe3b4ab797334e2ba9ec4
2419768f8e071f8a02ebaca7bbcf436450b73095
6ad7074f9d52bf91e421e6ddd2f2d05a1dd2776bdedf2bd3066019a892061175
GET /imp/8/115750;5182866;201;jsappend;DV360;DV360FY20AcrobatCTXInMarketHighReachNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Ffcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&us_privacy=${US_PRIVACY}&cachebuster=306417.8172594011&ft_dv=%5B%25ft_dv%25%5D HTTP/1.1
Host: servedby.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=ISO-8859-1
Server: prod-xre-app5.frk11
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Wed, 01 Feb 2023 22:24:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 01 Feb 2023 22:24:39 GMT
Content-Length: 821
Connection: keep-alive
Strict-Transport-Security: max-age=86400
cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=1f6bbd1f35c84dd7b703cee8a8362f79&dup=&eoid=1000&cbust=1675290302800773
95.101.11.115302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=1f6bbd1f35c84dd7b703cee8a8362f79&dup=&eoid=1000&cbust=1675290302800773
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-eu3¶m=akipv6&impid=1f6bbd1f35c84dd7b703cee8a8362f79&dup=&eoid=1000&cbust=1675290302800773 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-eu3.doubleverify.com/event.png?impid=1f6bbd1f35c84dd7b703cee8a8362f79&akipv6=&dup=&eoid=1000
Date: Wed, 01 Feb 2023 22:24:39 GMT
Connection: keep-alive
cdn.flashtalking.com/xre/518/5182866/3801681/js/j-5182866-3801681.js
205.185.216.42200 OK 15 kB URL HTTP/1.1 cdn.flashtalking.com/xre/518/5182866/3801681/js/j-5182866-3801681.js
IP 205.185.216.42:0
File type ASCII text, with very long lines (2897), with CRLF, CR, LF line terminators
Hash feb5aa7245e198f2b173e1f673511766
5b49cb53694684474964a33d57bf48b57986fddd
bcd277a8c983a1ffb1c3826ddd8661a1746208a9dfa1200e0723e95bc81ea029
GET /xre/518/5182866/3801681/js/j-5182866-3801681.js HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:39 GMT
Connection: Keep-Alive
ETag: "1664967543"
Cache-Control: max-age=190
Content-Encoding: gzip
Content-Length: 15174
Content-Type: text/javascript; charset=utf-8
Last-Modified: Wed, 05 Oct 2022 10:59:03 GMT
Accept-Ranges: bytes
x-amz-id-2: t+UJVsPEN2O/e4HmRLfup9jSP8/uf7A21QbxVhyWWxW8Hub10mBMxNMwOntsC362NpWp3B++LS0=
x-amz-request-id: QFEMNESP6AHA7C6N
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1675290278.dop017.sk1.t,1675290278.cds009.sk1.shn,1675290279.dop017.sk1.t,1675290279.cds232.sk1.c
cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182866&num=&adid=&advid=&adsrv=29&btreg=5182866&btadsrv=flashtalking&crt=3801681&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=BC8F3CA7-6F5A-5363-A6A4-78E6931DF8AF&auevent=&816380020
95.101.11.115200 OK 3.3 kB URL HTTP/1.1 cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182866&num=&adid=&advid=&adsrv=29&btreg=5182866&btadsrv=flashtalking&crt=3801681&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=BC8F3CA7-6F5A-5363-A6A4-78E6931DF8AF&auevent=&816380020
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (8016)
Hash 558236d14c2aba66c3914c13a1854592
6f67ca562bf15c1a23254b80111d11d99260eff7
ae734998083e7b4a03942d17ae10e83c9d5ff2a75ad66fadfe7eb8acab3bf23f
GET /dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182866&num=&adid=&advid=&adsrv=29&btreg=5182866&btadsrv=flashtalking&crt=3801681&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=BC8F3CA7-6F5A-5363-A6A4-78E6931DF8AF&auevent=&816380020 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 01 Feb 2023 10:02:56 GMT
Accept-Ranges: bytes
ETag: "0c8245b2436d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 3338
Date: Wed, 01 Feb 2023 22:24:39 GMT
Connection: keep-alive
cdn.flashtalking.com/xre/518/5182866/3801681/image/3801681.gif?573914939
205.185.216.42200 OK 16 kB URL HTTP/1.1 cdn.flashtalking.com/xre/518/5182866/3801681/image/3801681.gif?573914939
IP 205.185.216.42:0
File type JPEG image data, progressive, precision 8, 728x90, components 3\012- data
Hash eb35e98e3926392abf8c605e1d9f4511
8c2909a70d32ff02513f92468723c754ba77672d
2327217d364f6c612041682eb84372d236c121b9eb6cdedb0c5c02013b266f57
GET /xre/518/5182866/3801681/image/3801681.gif?573914939 HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:39 GMT
Connection: Keep-Alive
ETag: "1664967543"
Cache-Control: max-age=730
Content-Length: 15510
Content-Type: image/gif
Last-Modified: Wed, 05 Oct 2022 10:59:03 GMT
Accept-Ranges: bytes
x-amz-id-2: DNlNXKjB6jvdVx+91SGp1ndT8Kqdhi09QjZiYDdaII3GSOJWp7S1bF1mE8XNh8prX3LH2Ktajb8=
x-amz-request-id: M6E4QTMN7X265VM1
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1675290278.dop017.sk1.t,1675290278.cds009.sk1.shn,1675290279.dop017.sk1.t,1675290279.cds208.sk1.c
tpsc-eu3.doubleverify.com/event.png?impid=1f6bbd1f35c84dd7b703cee8a8362f79&akipv6=&dup=&eoid=1000
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=1f6bbd1f35c84dd7b703cee8a8362f79&akipv6=&dup=&eoid=1000
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=1f6bbd1f35c84dd7b703cee8a8362f79&akipv6=&dup=&eoid=1000 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Wed, 01 Feb 2023 22:24:39 GMT
Connection: keep-alive
Cache-Control: max-age=0
Expires: 01/31/2023 22:24:39
Pragma: no-cache
tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=133&ttfrms=15&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1785&ddur=5&uid=1675290303010651&jsCallback=dvCallback_1675290303010907&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=2&fcifrms=5&brh=2&sdf=2&dvp_epl=80&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182866&crt=3801681&btreg=5182866&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=BC8F3CA7-6F5A-5363-A6A4-78E6931DF8AF&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=72068096792.77164&dvp_tukv=2319956006.1052213&dvp_tuid=922933585413&jurtd=2963478651
34.149.12.213200 OK 1.2 kB URL HTTP/1.1 tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=133&ttfrms=15&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1785&ddur=5&uid=1675290303010651&jsCallback=dvCallback_1675290303010907&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=2&fcifrms=5&brh=2&sdf=2&dvp_epl=80&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182866&crt=3801681&btreg=5182866&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=BC8F3CA7-6F5A-5363-A6A4-78E6931DF8AF&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=72068096792.77164&dvp_tukv=2319956006.1052213&dvp_tuid=922933585413&jurtd=2963478651
IP 34.149.12.213:0
File type ASCII text, with very long lines (3044), with no line terminators
Hash 5bc15ab319480cf2a420d69b38865240
b1d8a44fadf3aa9eb05b0b5509750a095ceac964
089ea944ccf7efb0aa42972dff7516e00694d1d84d409310e451cdf3deb07473
GET /visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=133&ttfrms=15&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATau9e4&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1785&ddur=5&uid=1675290303010651&jsCallback=dvCallback_1675290303010907&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=2&fcifrms=5&brh=2&sdf=2&dvp_epl=80&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182866&crt=3801681&btreg=5182866&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=BC8F3CA7-6F5A-5363-A6A4-78E6931DF8AF&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=72068096792.77164&dvp_tukv=2319956006.1052213&dvp_tuid=922933585413&jurtd=2963478651 HTTP/1.1
Host: tps.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 22:24:39 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 01/31/2023 22:24:39
Pragma: no-cache
Vary: Accept-Encoding
cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=48c6543c1897409da1cd28dd4c7766b4&dup=&eoid=1000&cbust=1675290303070313
95.101.11.115302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=48c6543c1897409da1cd28dd4c7766b4&dup=&eoid=1000&cbust=1675290303070313
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-eu3¶m=akipv6&impid=48c6543c1897409da1cd28dd4c7766b4&dup=&eoid=1000&cbust=1675290303070313 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-eu3.doubleverify.com/event.png?impid=48c6543c1897409da1cd28dd4c7766b4&akipv6=&dup=&eoid=1000
Date: Wed, 01 Feb 2023 22:24:39 GMT
Connection: keep-alive
tpsc-eu3.doubleverify.com/event.png?impid=48c6543c1897409da1cd28dd4c7766b4&akipv6=&dup=&eoid=1000
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=48c6543c1897409da1cd28dd4c7766b4&akipv6=&dup=&eoid=1000
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=48c6543c1897409da1cd28dd4c7766b4&akipv6=&dup=&eoid=1000 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Wed, 01 Feb 2023 22:24:39 GMT
Connection: keep-alive
Cache-Control: max-age=0
Expires: 01/31/2023 22:24:39
Pragma: no-cache
ocsp.starfieldtech.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash c37e7fcc4fb11ee997043d99b464fa23
068d742ef2391730d4f6839e222cf6175776aa5b
30917aaddec747005f35157115e4bd759bf324532502d884f455925d1e2896af
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 01 Feb 2023 22:24:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 01 Feb 2023 20:45:20 GMT
Expires: Thu, 02 Feb 2023 20:45:20 GMT
ETag: "068d742ef2391730d4f6839e222cf6175776aa5b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstusHQh1YKkhCye1WNjo6gkvWX6YYlZSGLg8EKh-rGLMBKRS1DUb1f62cbo614ft09d6HFB8dEz2grihLzGHcwIhSOE4EwBsbOoxOwuJzq1ShOdGUb7E1UQ3tBA2N7dnLL2E0qjTw&sai=AMfl-YSDC7rhsWHN6kqjgACdxKuhuWdmrHH1yCz391wk1G00_4fcfZeQ2S5Kkv0pZg2ciVLAM8a4jXCVm9CeHSSIOvb5vCuBZSYcfInriGKIb8vzdkcJ0zNaXoXXzv39ygedlifR95WfURS1zy0D&sig=Cg0ArKJSzJW-xvIFc79rEAE&cid=CAQSSwDUE5ym-tW7nVQHbF7SkDVn_QB2y5_wuIrz9-ir-_YlBVwmCQ1qx3v6KCtiHunoyhA2CqCOeVb5qBylpB4spJHCaStaH4sdlYHdEhgB&id=lidar2&mcvt=1000&p=145,164,235,892&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230130&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2328792604&rs=4&la=0&cr=0&vs=4&r=v&rst=1675290301062&rpt=1616&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0
216.58.207.226200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstusHQh1YKkhCye1WNjo6gkvWX6YYlZSGLg8EKh-rGLMBKRS1DUb1f62cbo614ft09d6HFB8dEz2grihLzGHcwIhSOE4EwBsbOoxOwuJzq1ShOdGUb7E1UQ3tBA2N7dnLL2E0qjTw&sai=AMfl-YSDC7rhsWHN6kqjgACdxKuhuWdmrHH1yCz391wk1G00_4fcfZeQ2S5Kkv0pZg2ciVLAM8a4jXCVm9CeHSSIOvb5vCuBZSYcfInriGKIb8vzdkcJ0zNaXoXXzv39ygedlifR95WfURS1zy0D&sig=Cg0ArKJSzJW-xvIFc79rEAE&cid=CAQSSwDUE5ym-tW7nVQHbF7SkDVn_QB2y5_wuIrz9-ir-_YlBVwmCQ1qx3v6KCtiHunoyhA2CqCOeVb5qBylpB4spJHCaStaH4sdlYHdEhgB&id=lidar2&mcvt=1000&p=145,164,235,892&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230130&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2328792604&rs=4&la=0&cr=0&vs=4&r=v&rst=1675290301062&rpt=1616&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0
IP 216.58.207.226:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjstusHQh1YKkhCye1WNjo6gkvWX6YYlZSGLg8EKh-rGLMBKRS1DUb1f62cbo614ft09d6HFB8dEz2grihLzGHcwIhSOE4EwBsbOoxOwuJzq1ShOdGUb7E1UQ3tBA2N7dnLL2E0qjTw&sai=AMfl-YSDC7rhsWHN6kqjgACdxKuhuWdmrHH1yCz391wk1G00_4fcfZeQ2S5Kkv0pZg2ciVLAM8a4jXCVm9CeHSSIOvb5vCuBZSYcfInriGKIb8vzdkcJ0zNaXoXXzv39ygedlifR95WfURS1zy0D&sig=Cg0ArKJSzJW-xvIFc79rEAE&cid=CAQSSwDUE5ym-tW7nVQHbF7SkDVn_QB2y5_wuIrz9-ir-_YlBVwmCQ1qx3v6KCtiHunoyhA2CqCOeVb5qBylpB4spJHCaStaH4sdlYHdEhgB&id=lidar2&mcvt=1000&p=145,164,235,892&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230130&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2328792604&rs=4&la=0&cr=0&vs=4&r=v&rst=1675290301062&rpt=1616&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Wed, 01 Feb 2023 22:24:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash a456cd9684a2ff020b854f178c06b509
b5a9e34f112cbe6d41b695ce7234cfe83de1356e
75b3ff1ea527598880cd41f65ebc03440b0ed019d53f8de1b4588de04bc4919e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash a456cd9684a2ff020b854f178c06b509
b5a9e34f112cbe6d41b695ce7234cfe83de1356e
75b3ff1ea527598880cd41f65ebc03440b0ed019d53f8de1b4588de04bc4919e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1675290304390169
216.58.207.230302 Found 0 B URL HTTP/2 ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1675290304390169
IP 216.58.207.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1675290304390169 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 22:24:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/p/src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1%7Chttps://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1675290304390169&~oref=https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 01-Feb-2023 22:39:41 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
code.createjs.com/1.0.0/createjs.min.js
23.36.76.98200 OK 64 kB URL HTTP/2 code.createjs.com/1.0.0/createjs.min.js
IP 23.36.76.98:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32043)
Hash 292a7144ac6076827ee286446a70333b
c44f65af003ad27b49ee90ecb3c8b1788ae0ddf6
650a416042a408cbbe2448fb2ef009e0a3cab8c6344d32a52c1ae3d9a70dbe61
GET /1.0.0/createjs.min.js HTTP/1.1
Host: code.createjs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
accept-ranges: bytes
content-type: text/javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=900
expires: Wed, 01 Feb 2023 22:39:38 GMT
date: Wed, 01 Feb 2023 22:24:38 GMT
x-n: S
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash a456cd9684a2ff020b854f178c06b509
b5a9e34f112cbe6d41b695ce7234cfe83de1356e
75b3ff1ea527598880cd41f65ebc03440b0ed019d53f8de1b4588de04bc4919e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 22:24:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpsc-eu3.doubleverify.com/event.png?impid=144091b770c5479d939eccc8ad255152&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=339&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=18&tetms=4&msltms=27&vltms=339&sei=145&vetms=34&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=904&msrcannum=3&ismms=1082&isumms=1081&nvr=6&isgmmims=1082&isgmv4mims=1082&elmtp=1&isbxdms=2514&b0=100&b11=1434&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1534&sftb=1534&msrdp=2&naral=640&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2113&isuiabvms=2113&isgmpims=1199&isgmv4dpims=2113&ispmxpms=2113&engalms=1080&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3417&cbust=1675290305255137
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=144091b770c5479d939eccc8ad255152&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=339&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=18&tetms=4&msltms=27&vltms=339&sei=145&vetms=34&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=904&msrcannum=3&ismms=1082&isumms=1081&nvr=6&isgmmims=1082&isgmv4mims=1082&elmtp=1&isbxdms=2514&b0=100&b11=1434&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1534&sftb=1534&msrdp=2&naral=640&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2113&isuiabvms=2113&isgmpims=1199&isgmv4dpims=2113&ispmxpms=2113&engalms=1080&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3417&cbust=1675290305255137
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /event.png?impid=144091b770c5479d939eccc8ad255152&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=339&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=18&tetms=4&msltms=27&vltms=339&sei=145&vetms=34&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=904&msrcannum=3&ismms=1082&isumms=1081&nvr=6&isgmmims=1082&isgmv4mims=1082&elmtp=1&isbxdms=2514&b0=100&b11=1434&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1534&sftb=1534&msrdp=2&naral=640&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2113&isuiabvms=2113&isgmpims=1199&isgmv4dpims=2113&ispmxpms=2113&engalms=1080&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3417&cbust=1675290305255137 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Wed, 01 Feb 2023 22:24:42 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 01/31/2023 22:24:42
Pragma: no-cache
tpsc-eu3.doubleverify.com/event.png?impid=c9769d8d6b1f4dfcaee3f618b0f9823b&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=56&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=18&tetms=3&msltms=23&vltms=56&sei=146&vetms=10&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=968&msrcannum=4&ismms=26&isumms=25&nvr=6&isgmmims=26&isgmv4mims=26&elmtp=1&isbxdms=2182&b0=100&b11=2158&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2258&sftb=2258&msrdp=0&naral=704&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1073&isuiabvms=1073&isgmpims=135&isgmv4dpims=1073&ispmxpms=1073&engalms=24&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3080&cbust=1675290305284709
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=c9769d8d6b1f4dfcaee3f618b0f9823b&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=56&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=18&tetms=3&msltms=23&vltms=56&sei=146&vetms=10&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=968&msrcannum=4&ismms=26&isumms=25&nvr=6&isgmmims=26&isgmv4mims=26&elmtp=1&isbxdms=2182&b0=100&b11=2158&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2258&sftb=2258&msrdp=0&naral=704&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1073&isuiabvms=1073&isgmpims=135&isgmv4dpims=1073&ispmxpms=1073&engalms=24&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3080&cbust=1675290305284709
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /event.png?impid=c9769d8d6b1f4dfcaee3f618b0f9823b&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=56&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=18&tetms=3&msltms=23&vltms=56&sei=146&vetms=10&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=968&msrcannum=4&ismms=26&isumms=25&nvr=6&isgmmims=26&isgmv4mims=26&elmtp=1&isbxdms=2182&b0=100&b11=2158&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2258&sftb=2258&msrdp=0&naral=704&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1073&isuiabvms=1073&isgmpims=135&isgmv4dpims=1073&ispmxpms=1073&engalms=24&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3080&cbust=1675290305284709 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Wed, 01 Feb 2023 22:24:42 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 01/31/2023 22:24:42
Pragma: no-cache
tpsc-eu3.doubleverify.com/event.png?impid=1f6bbd1f35c84dd7b703cee8a8362f79&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=53&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=0&tetms=4&msltms=32&vltms=53&sei=145&vetms=12&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=392&msrcannum=3&ismms=1038&isumms=1037&nvr=6&isgmmims=1038&isgmv4mims=1038&elmtp=6&isbxdms=2144&b0=100&b11=1107&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1207&sftb=1207&msrdp=3&naral=128&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2044&isuiabvms=2044&isgmpims=1139&isgmv4dpims=2044&ispmxpms=2044&engalms=1036&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3084&cbust=1675290305801613
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=1f6bbd1f35c84dd7b703cee8a8362f79&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=53&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=0&tetms=4&msltms=32&vltms=53&sei=145&vetms=12&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=392&msrcannum=3&ismms=1038&isumms=1037&nvr=6&isgmmims=1038&isgmv4mims=1038&elmtp=6&isbxdms=2144&b0=100&b11=1107&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1207&sftb=1207&msrdp=3&naral=128&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2044&isuiabvms=2044&isgmpims=1139&isgmv4dpims=2044&ispmxpms=2044&engalms=1036&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3084&cbust=1675290305801613
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /event.png?impid=1f6bbd1f35c84dd7b703cee8a8362f79&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=53&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=0&tetms=4&msltms=32&vltms=53&sei=145&vetms=12&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=392&msrcannum=3&ismms=1038&isumms=1037&nvr=6&isgmmims=1038&isgmv4mims=1038&elmtp=6&isbxdms=2144&b0=100&b11=1107&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1207&sftb=1207&msrdp=3&naral=128&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2044&isuiabvms=2044&isgmpims=1139&isgmv4dpims=2044&ispmxpms=2044&engalms=1036&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3084&cbust=1675290305801613 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Wed, 01 Feb 2023 22:24:43 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 01/31/2023 22:24:43
Pragma: no-cache
tpsc-eu3.doubleverify.com/event.png?impid=48c6543c1897409da1cd28dd4c7766b4&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=47&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=5&msltms=4&vltms=47&sei=146&vetms=12&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=456&msrcannum=4&ismms=28&isumms=27&nvr=6&isgmmims=28&isgmv4mims=28&elmtp=6&isbxdms=2139&b0=100&b11=2112&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2212&sftb=2212&msrdp=1&naral=192&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1032&isuiabvms=1032&isgmpims=130&isgmv4dpims=1032&ispmxpms=1032&engalms=26&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3073&cbust=1675290306070354
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=48c6543c1897409da1cd28dd4c7766b4&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=47&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=5&msltms=4&vltms=47&sei=146&vetms=12&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=456&msrcannum=4&ismms=28&isumms=27&nvr=6&isgmmims=28&isgmv4mims=28&elmtp=6&isbxdms=2139&b0=100&b11=2112&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2212&sftb=2212&msrdp=1&naral=192&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1032&isuiabvms=1032&isgmpims=130&isgmv4dpims=1032&ispmxpms=1032&engalms=26&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3073&cbust=1675290306070354
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /event.png?impid=48c6543c1897409da1cd28dd4c7766b4&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=47&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=5&msltms=4&vltms=47&sei=146&vetms=12&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=456&msrcannum=4&ismms=28&isumms=27&nvr=6&isgmmims=28&isgmv4mims=28&elmtp=6&isbxdms=2139&b0=100&b11=2112&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2212&sftb=2212&msrdp=1&naral=192&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1032&isuiabvms=1032&isgmpims=130&isgmv4dpims=1032&ispmxpms=1032&engalms=26&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3073&cbust=1675290306070354 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://fcf44f51d4394178f4b2ece65b9df946.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Wed, 01 Feb 2023 22:24:43 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 01/31/2023 22:24:43
Pragma: no-cache
live.demand.supply/up.js
104.16.134.22200 OK 0 B IP 104.16.134.22:0
GET /up.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:36 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 792e191ee9b80b39-OSL
age: 832
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
etag: W/"30cd4982b290dd406327b3dd39f1ea22-ssl-df"
link: <https://live.demand.supply/impl.v16.3.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v16-2-0/ZXhlby5hcHAv>; rel=preload; as=script
vary: Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
cf-polished: origSize=4391
timing-allow-origin: *
x-nf-request-id: 01GMX2WC7DDRK600SK19DPWQGC
set-cookie: demandSupplyTi=19191754-ce8a-4c8d-b5c8-1e4267f9d5d3; demandSupplyTc = null; demandSupplyTcI = null; SameSite=None; Secure; Max-Age=63072000
__cf_bm=MBya3v.DhJiE5yOrYvPK3dMsE.._EPJrH2uZk6e4Q7s-1675290276-0-AfGLQUf/uj+KRSiJV6IuxUEMhJnHVU9Fp3ihGIkGD9D0ABKKIoJeC/PC04wv2i2bkd6S917A1oofzI55gT3N9c4=; path=/; expires=Wed, 01-Feb-23 22:54:36 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exeo.app/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675281600
104.26.8.233200 OK 0 B URL HTTP/2 exeo.app/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675281600
IP 104.26.8.233:0
GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675281600 HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: AppSession=7ed0f003bb490896b0465f3de530ebda; csrfToken=f821eb30901de00e8671e02a8a501097e3dd25a5fa6a9f56ea0f7469cf2581d6ae38eca516cfd8e50d6a43d899b9b33c124d08d497471f9c82936f0f8db58005
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:35 GMT
content-type: application/javascript; charset=UTF-8
x-control-type-options: nosniff
vary: accept-encoding
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7DsOQmLClMJfXSQYYImjEm0wlAe4DEK7ZJDGs8huXMnUQ%2FjHjwch5uBghB50VvUZCWnUn%2BP6tPPrI1n9DDaaBnEED6%2FrZfre%2FHhuC50TQhWLbaEECaq6mDFA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792e19205f45b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.198.35200 OK 0 B IP 172.64.198.35:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:35 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5873
last-modified: Wed, 01 Feb 2023 20:46:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sMZh1dgfUkKFTBCtqyKx94t6Urq6hVwL1b2npoLhi4wj1Z3LbreqdmUV%2FzygkeCnm%2FFhyfEmupSEG%2BM2uWYgV23r4MNzhY6Sul6p21UAjIpULvR0ZN2sGZGr%2Fumuof6J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792e19206aaa3866-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
live.demand.supply/impl.v16.3.0.js
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/impl.v16.3.0.js
IP 104.16.134.22:0
GET /impl.v16.3.0.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Cookie: demandSupplyTi=19191754-ce8a-4c8d-b5c8-1e4267f9d5d3; __cf_bm=MBya3v.DhJiE5yOrYvPK3dMsE.._EPJrH2uZk6e4Q7s-1675290276-0-AfGLQUf/uj+KRSiJV6IuxUEMhJnHVU9Fp3ihGIkGD9D0ABKKIoJeC/PC04wv2i2bkd6S917A1oofzI55gT3N9c4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:36 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=74953
etag: W/"b19940580c70e30455a2254a785a8919-ssl-df"
timing-allow-origin: *
vary: Accept-Encoding
x-nf-request-id: 01GMX2V689ENQZTBQ4NFCNSXD1
cf-cache-status: HIT
age: 979901
server: cloudflare
cf-ray: 792e1922bcb50b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
live.demand.supply/ds.2.html
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/ds.2.html
IP 104.16.134.22:0
GET /ds.2.html HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:36 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
x-nf-request-id: 01GPGAFB7A85YK1WPYW7SQCTTM
cf-cache-status: HIT
age: 1810402
set-cookie: __cf_bm=KKap9nHq66RzitVwqgS0953s5rBhHu9WgbgROBl1RZI-1675290276-0-AUSRsfm7qxCnO5iZp8L6lmhCRaFBReEzV0DRYzq3iGXR5pvVrggsaO2rJiUttZH51V6qkLXffFHs0lr2Y5bMfl4=; path=/; expires=Wed, 01-Feb-23 22:54:36 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 792e1922bcc10b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
live.demand.supply/p4/v16-2-0/ZXhlby5hcHAvaDZj
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/p4/v16-2-0/ZXhlby5hcHAvaDZj
IP 104.16.134.22:0
GET /p4/v16-2-0/ZXhlby5hcHAvaDZj HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Cookie: demandSupplyTi=19191754-ce8a-4c8d-b5c8-1e4267f9d5d3; __cf_bm=MBya3v.DhJiE5yOrYvPK3dMsE.._EPJrH2uZk6e4Q7s-1675290276-0-AfGLQUf/uj+KRSiJV6IuxUEMhJnHVU9Fp3ihGIkGD9D0ABKKIoJeC/PC04wv2i2bkd6S917A1oofzI55gT3N9c4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:36 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
vary: Accept-Encoding
server: cloudflare
cf-ray: 792e1922bcbd0b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exeo.app/fv.ico
104.26.8.233200 OK 0 B IP 104.26.8.233:0
GET /fv.ico HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/h6c
Cookie: AppSession=7ed0f003bb490896b0465f3de530ebda; csrfToken=f821eb30901de00e8671e02a8a501097e3dd25a5fa6a9f56ea0f7469cf2581d6ae38eca516cfd8e50d6a43d899b9b33c124d08d497471f9c82936f0f8db58005
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:36 GMT
content-type: image/x-icon
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Aug 2019 06:50:33 GMT
cache-control: max-age=31536000
expires: Tue, 12 Dec 2023 22:59:02 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4404334
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YJDSJh0duxvMtuIauGJqS50TgK5SGDDQueRSLhZKtm8kU7fi9cNMBPRBcVuUYTb%2BeXPBXIIdMTPJKbuK6e3Z30oExYsSH4rTk4%2Fio6BnPUjvZSry7QB1%2B4cc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792e1923eb59b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
exeo.app/h6c
104.26.8.233200 OK 0 B IP 104.26.8.233:0
GET /h6c HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 01 Feb 2023 22:24:35 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=7ed0f003bb490896b0465f3de530ebda; path=/; HttpOnly
csrfToken=f821eb30901de00e8671e02a8a501097e3dd25a5fa6a9f56ea0f7469cf2581d6ae38eca516cfd8e50d6a43d899b9b33c124d08d497471f9c82936f0f8db58005; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yv913jBaV7l6lahkT50S%2F%2BLbLz%2FkCsOfEp31xRdrsXpahkSzUzWXu%2B%2FiJqxTlhax7J88fcKk9QzDy%2BhX1Gijf7RfvQmgGGmp3yF5JiVC1mV0uGqckw1%2FdCia"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792e191c1a9db4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.106:0
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 01 Feb 2023 22:24:35 GMT
date: Wed, 01 Feb 2023 22:24:35 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2