exe.io/SIeg
104.26.2.103301 Moved Permanently 0 B IP 104.26.2.103:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /SIeg HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 30 Dec 2022 09:15:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 30 Dec 2022 10:15:11 GMT
Location: https://exe.io/SIeg
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0AjjA4PSlT%2BmH3r9gbGZPrJ2Sr%2FuiLhJndQprT39lKhABfPhAUYxqAfhejPJBJkokulejJLGi96r6Z9OBjys%2BPwLqV8Pybcugiqi6NlqMBXlpOEpLidfmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7819ab66bc260afa-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e717435470c9f4f06b174d7100c6a98f
292150251495b243c384e0c676a258597ba7f4d8
91ce8257662cb8cea9cc3c74cda1d95dba421daa466b0ac231fa433e0c58e6c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91CE8257662CB8CEA9CC3C74CDA1D95DBA421DAA466B0AC231FA433E0C58E6C6"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8769
Expires: Fri, 30 Dec 2022 11:41:21 GMT
Date: Fri, 30 Dec 2022 09:15:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 78f1f94544ef06b96bb43283f59d100f
fa2f1a3730a98c6fa5ebf976143fb6093a7298be
889af22ee304adea2e23491acbc89ebdcaf322e8c45af2bebf7520e3e9b0a6a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "889AF22EE304ADEA2E23491ACBC89EBDCAF322E8C45AF2BEBF7520E3E9B0A6A9"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5848
Expires: Fri, 30 Dec 2022 10:52:40 GMT
Date: Fri, 30 Dec 2022 09:15:12 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 30 Dec 2022 08:46:58 GMT
content-type: application/json
age: 1694
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 428881081ad357fb55af33ebf9d12c16
29b7be72f76da07db4a03fb1bc57ffe16d520a22
9adff7f91b147b0d93166bc4ece0dd31fd19fd8b2c269a6a596a1e902f49a1fe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9ADFF7F91B147B0D93166BC4ECE0DD31FD19FD8B2C269A6A596A1E902F49A1FE"
Last-Modified: Wed, 28 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10541
Expires: Fri, 30 Dec 2022 12:10:53 GMT
Date: Fri, 30 Dec 2022 09:15:12 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash d2849fc3dc7ae49f55ed7de93bbe08cd
8f2fd1793a9c1328810f9855018db2cc8c85733c
e4f73aacde0c36503deb594211550f165e4a51cf41c855f51590228b8be1fea7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1981
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:12 GMT
Etag: "63ae002f-116"
Last-Modified: Fri, 30 Dec 2022 08:42:11 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: RRsrxe7aaLyJBuWb37iEFJq8+1vezmIGQyakq/aLTH9Lglqx4QdRMFnib4YWlxkwo21b5fBMQJE=
x-amz-request-id: EJBHDGHGJEXJWZVS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 30 Dec 2022 08:56:57 GMT
age: 1095
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 30 Dec 2022 09:15:12 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash d2849fc3dc7ae49f55ed7de93bbe08cd
8f2fd1793a9c1328810f9855018db2cc8c85733c
e4f73aacde0c36503deb594211550f165e4a51cf41c855f51590228b8be1fea7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1981
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:12 GMT
Etag: "63ae002f-116"
Last-Modified: Fri, 30 Dec 2022 08:42:11 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6d6969323a7cdc14e448db43536d0e48
1416386f1e59afec5a825eb607d6e74087ddbfc2
983ee34758a87963f8dbac2ead34dd14f6178732838bf9feae5d853aa68bef6a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "983EE34758A87963F8DBAC2EAD34DD14F6178732838BF9FEAE5D853AA68BEF6A"
Last-Modified: Tue, 27 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12614
Expires: Fri, 30 Dec 2022 12:45:26 GMT
Date: Fri, 30 Dec 2022 09:15:12 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash d2849fc3dc7ae49f55ed7de93bbe08cd
8f2fd1793a9c1328810f9855018db2cc8c85733c
e4f73aacde0c36503deb594211550f165e4a51cf41c855f51590228b8be1fea7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1981
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:12 GMT
Etag: "63ae002f-116"
Last-Modified: Fri, 30 Dec 2022 08:42:11 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Alert, ETag, Content-Type, Last-Modified, Cache-Control, Expires, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 30 Dec 2022 09:08:08 GMT
age: 424
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
exe.io/img/logo_sm.png
104.26.3.103200 OK 7.3 kB IP 104.26.3.103:0
File type PNG image data, 262 x 110, 8-bit/color RGBA, non-interlaced\012- data
Hash 8c6ea820184e2fed66d46bea0961727b
3f4c8a3b29ec92470986f0073faf93f6d5cb8c35
7b5909e1e74fbd27e91e37fb276c6a440ee23d05cf4a03fb6af5455e0812686c
GET /img/logo_sm.png HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:12 GMT
content-type: image/png
content-length: 7266
cache-control: max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10989, status=vary_header_present
expires: Tue, 12 Dec 2023 17:30:47 GMT
last-modified: Sun, 28 Mar 2021 18:01:57 GMT
vary: User-Agent, Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1525465
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BE7IurydqlsZhQZ5lsL4zycQ4kjUBvwDWAFY1MqSjrXeLm%2F%2FCG4Hq5D8gyPGE4WZEILuikjcDvapKmrnl4aaLIrkEjh5%2FyAq7QgfWp74IUxaIUmIEFWN2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7819ab6d2fceb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 76cbec9f16aa86443ee15e71d84ff8ee
5553f619cf45df21a74d1b5b0fb65e1a5717be45
0afb9710c22630969ad33eece17100dfb136820bd2ccad92c47435e5d3969ab0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f9470f5c8a231f657a6f7d935a4946cc
d301aea9a620161d224ca417d4483b19edc43895
9244d582f8e01055e71e13468b4ca7cbce79556e968696885348219ba5066424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0a08dc71eb7ba3512abb4d29505eb034
e66404bda80b355bae30b0d4db3daa193a6e4276
357891f99263d30eaded85985217d9627cd60369ee8d01a7eacdb2d0f2d8b2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2499
Cache-Control: max-age=88394
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:12 GMT
Etag: "63ad58a7-1d7"
Expires: Sat, 31 Dec 2022 09:48:26 GMT
Last-Modified: Thu, 29 Dec 2022 09:06:47 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
www.googletagmanager.com/gtag/js?id=UA-135952122-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash de157c6e983faeccc8c640464a118a6c
7a274ddce5a77da0bd35b3b9a7e3beae5fb1d3fd
d8beed1f1b1d9c4f39271761a2f4e5abb3007e1802fdbca3ac7c7e4c39dc1a45
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 30 Dec 2022 09:15:12 GMT
expires: Fri, 30 Dec 2022 09:15:12 GMT
cache-control: private, max-age=900
last-modified: Fri, 30 Dec 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43567
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 800e7c107cfc303e5c59cbf84fb5bae3
cac3cfd30fcab4b2243b89d98e9d077e5b956926
41a6283492b0fa458a8e2392b6e1723640a3aad5703bbecdf73bd35e635564d7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41A6283492B0FA458A8E2392B6E1723640A3AAD5703BBECDF73BD35E635564D7"
Last-Modified: Wed, 28 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8185
Expires: Fri, 30 Dec 2022 11:31:37 GMT
Date: Fri, 30 Dec 2022 09:15:12 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 76cbec9f16aa86443ee15e71d84ff8ee
5553f619cf45df21a74d1b5b0fb65e1a5717be45
0afb9710c22630969ad33eece17100dfb136820bd2ccad92c47435e5d3969ab0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f9470f5c8a231f657a6f7d935a4946cc
d301aea9a620161d224ca417d4483b19edc43895
9244d582f8e01055e71e13468b4ca7cbce79556e968696885348219ba5066424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d05cf8bc733f1d23b3cd589c3ffc2a71
9ed10a42608329e3feab28fbe719641d46700613
f458b0b7111484d65c4c2d3522528cabb4a37cbc77cb0c765324edbdf964a8e2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3057
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:12 GMT
Last-Modified: Fri, 30 Dec 2022 08:24:15 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 29fbef0b14da54c5eb6b04110b747d76
a15bee296b09d19f27ac4cd0f2173eea5f9cd82d
b2a027d7bc1cc3762c6df3a4b2dca058bd46196a1194096b7ca38f114d698d6c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B2A027D7BC1CC3762C6DF3A4B2DCA058BD46196A1194096B7CA38F114D698D6C"
Last-Modified: Tue, 27 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3373
Expires: Fri, 30 Dec 2022 10:11:25 GMT
Date: Fri, 30 Dec 2022 09:15:12 GMT
Connection: keep-alive
qj.wimplesbooklet.com/1clkn/29529
172.255.6.228200 OK 26 B URL HTTP/1.1 qj.wimplesbooklet.com/1clkn/29529
IP 172.255.6.228:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: qj.wimplesbooklet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 09:15:12 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sat, 31-Dec-2022 09:15:12 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sat, 31-Dec-2022 09:15:12 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 29fbef0b14da54c5eb6b04110b747d76
a15bee296b09d19f27ac4cd0f2173eea5f9cd82d
b2a027d7bc1cc3762c6df3a4b2dca058bd46196a1194096b7ca38f114d698d6c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B2A027D7BC1CC3762C6DF3A4B2DCA058BD46196A1194096B7CA38F114D698D6C"
Last-Modified: Tue, 27 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3372
Expires: Fri, 30 Dec 2022 10:11:25 GMT
Date: Fri, 30 Dec 2022 09:15:13 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c01ec5e07dbe046b735f9c99bb14aa12
2ff3b5a56cbd14daa3f030b8e0155911e540fc60
2aa5e1d9163a70e14b198bbde17e740330d36283b9e04ec54ba23d84f5025d33
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c01ec5e07dbe046b735f9c99bb14aa12
2ff3b5a56cbd14daa3f030b8e0155911e540fc60
2aa5e1d9163a70e14b198bbde17e740330d36283b9e04ec54ba23d84f5025d33
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Dec 2022 18:52:41 GMT
expires: Tue, 26 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 310952
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 381c053b6840190de8a6ebc8c2500782
49663365030bd703d447a34b644c1c42e04de4b9
a86a02a7c5e7d80b3a9b5b904af454ad1066b5778cabf7c0aafdb3412797c80e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A86A02A7C5E7D80B3A9B5B904AF454AD1066B5778CABF7C0AAFDB3412797C80E"
Last-Modified: Fri, 30 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11049
Expires: Fri, 30 Dec 2022 12:19:22 GMT
Date: Fri, 30 Dec 2022 09:15:13 GMT
Connection: keep-alive
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
142.250.74.35200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Dec 2022 18:56:10 GMT
expires: Tue, 26 Dec 2023 18:56:10 GMT
cache-control: public, max-age=31536000
age: 310743
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 381c053b6840190de8a6ebc8c2500782
49663365030bd703d447a34b644c1c42e04de4b9
a86a02a7c5e7d80b3a9b5b904af454ad1066b5778cabf7c0aafdb3412797c80e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A86A02A7C5E7D80B3A9B5B904AF454AD1066B5778CABF7C0AAFDB3412797C80E"
Last-Modified: Fri, 30 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11049
Expires: Fri, 30 Dec 2022 12:19:22 GMT
Date: Fri, 30 Dec 2022 09:15:13 GMT
Connection: keep-alive
push.services.mozilla.com/
52.41.91.37101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.91.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WZSfX5miEtngiLA6r4uQ3A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 55PT9scpXC5tcwt6sKSarZb6Zt4=
dledthebarrowb.xyz/utx?cb=kHa7vPNXVAUq&top=exeo.app&tid=822524
65.9.44.50204 No Content 0 B URL HTTP/2 dledthebarrowb.xyz/utx?cb=kHa7vPNXVAUq&top=exeo.app&tid=822524
IP 65.9.44.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=kHa7vPNXVAUq&top=exeo.app&tid=822524 HTTP/1.1
Host: dledthebarrowb.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 30 Dec 2022 09:15:13 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 30 Dec 2022 09:16:13 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b862e3687b36a4ee0dbc1b9352fbfbb2.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: YNMed9jINvhfTeuqdYEDed_eMPUSK628YMrNkuzBsTHHhLEMXWsc-w==
X-Firefox-Spdy: h2
dledthebarrowb.xyz/aXA1aHUIElYFSghNV04AGxwITUcvVQcuEVsFAQ4bXBNUXBhaBgNGFgUfQAwTGx9bHFsHFUFNRy8/YC9MHhVwLQ8oMgENEwAhci4wP0VvLg0qJFsqRysheDA5EDJmIQ0zQW8ERV05XTEeIiV8GjAqMXspRF1Bfg8BJyNyC00tGAEOEyEpfiAdHUhsPR47OHYmAT5BbCY8LkB2IAIgH2UpODsobSUiPhwAIS8uOlM/NFEfZQ8GDzRPIkQxJXQ/OzEmUTkwBQhTBEw/I0ImRDEldDg+LUVvOjNYCXADBSojcQQYPkFjJDRaJlE5NAZDUT4CESNtLhk4JRgqJzM3fw4zEUBcJwIrJmYPEQAoBS48CidzDiQ/QU8xNAIqdgEkWzF0ABEKCG8NJCxBQzEwAjZnMDRPGkYHGxlNZgZBX0J9MiIdNgc7JBkSRg
65.9.44.50200 OK 1.2 kB URL HTTP/2 dledthebarrowb.xyz/aXA1aHUIElYFSghNV04AGxwITUcvVQcuEVsFAQ4bXBNUXBhaBgNGFgUfQAwTGx9bHFsHFUFNRy8/YC9MHhVwLQ8oMgENEwAhci4wP0VvLg0qJFsqRysheDA5EDJmIQ0zQW8ERV05XTEeIiV8GjAqMXspRF1Bfg8BJyNyC00tGAEOEyEpfiAdHUhsPR47OHYmAT5BbCY8LkB2IAIgH2UpODsobSUiPhwAIS8uOlM/NFEfZQ8GDzRPIkQxJXQ/OzEmUTkwBQhTBEw/I0ImRDEldDg+LUVvOjNYCXADBSojcQQYPkFjJDRaJlE5NAZDUT4CESNtLhk4JRgqJzM3fw4zEUBcJwIrJmYPEQAoBS48CidzDiQ/QU8xNAIqdgEkWzF0ABEKCG8NJCxBQzEwAjZnMDRPGkYHGxlNZgZBX0J9MiIdNgc7JBkSRg
IP 65.9.44.50:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3030), with no line terminators
Hash 93dd630789cb5f579c3be4db6e53abdd
549a78dd1fc701bbb03ac80a375038947284b2f1
bbf81db03296db5f545f8c3fea7d8d122f5ed6efcf6ef990a21cbe73cc8af170
GET /aXA1aHUIElYFSghNV04AGxwITUcvVQcuEVsFAQ4bXBNUXBhaBgNGFgUfQAwTGx9bHFsHFUFNRy8/YC9MHhVwLQ8oMgENEwAhci4wP0VvLg0qJFsqRysheDA5EDJmIQ0zQW8ERV05XTEeIiV8GjAqMXspRF1Bfg8BJyNyC00tGAEOEyEpfiAdHUhsPR47OHYmAT5BbCY8LkB2IAIgH2UpODsobSUiPhwAIS8uOlM/NFEfZQ8GDzRPIkQxJXQ/OzEmUTkwBQhTBEw/I0ImRDEldDg+LUVvOjNYCXADBSojcQQYPkFjJDRaJlE5NAZDUT4CESNtLhk4JRgqJzM3fw4zEUBcJwIrJmYPEQAoBS48CidzDiQ/QU8xNAIqdgEkWzF0ABEKCG8NJCxBQzEwAjZnMDRPGkYHGxlNZgZBX0J9MiIdNgc7JBkSRg HTTP/1.1
Host: dledthebarrowb.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1182
date: Fri, 30 Dec 2022 09:15:13 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b862e3687b36a4ee0dbc1b9352fbfbb2.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: wUmtCstRzUqwBxOo5FuRCbI_PxejWj9YBfyopJWwVhGff-ihXZkNdg==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 381c053b6840190de8a6ebc8c2500782
49663365030bd703d447a34b644c1c42e04de4b9
a86a02a7c5e7d80b3a9b5b904af454ad1066b5778cabf7c0aafdb3412797c80e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A86A02A7C5E7D80B3A9B5B904AF454AD1066B5778CABF7C0AAFDB3412797C80E"
Last-Modified: Fri, 30 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11049
Expires: Fri, 30 Dec 2022 12:19:22 GMT
Date: Fri, 30 Dec 2022 09:15:13 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/6FGEW7CDSpU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/6FGEW7CDSpU
IP 142.250.74.131:0
Hash c3c1904b26f8c4b29ef7234665284202
e5b7a66c0b735e97d25025c325b48f58eb651349
9d03bd67d63e7a7933ed40d0f81c6e073ea4b3223d59aff739e1b7da80825f71
POST /s/gts1p5/6FGEW7CDSpU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dledthebarrowb.xyz/OUtvSmFYKQwnXlh2DWwUSydSb1N/bl0MBQs+WywPDCgOfgwKPVlkAlUkGi4HSyQBPk9XLhtvU39+DiEJTwVcGytzPCkYMkF/BwkWSQY6JCdbDwQILHAjFxMmUTteCQpwfSoLLHUoLRw4eHo1BTFTcx8ZNHQEKyQ3Xw49LS1zLAgBNF5zAg4gSQ07CQp1HTomBFsjGwImTg1eDScJCCgzKFwcGBsxcx4DCSdvKAMLJAkvLSMwdg4EExJfHioCNG8jWxhReC8tCRZ4Gi4uMVwnVhAgfHJZEhZjDj0CCXIJKxAxXCdWCyloGUp4I24zJQIqfnoLCBZBKAkPTFYOISFYDxNfHyJteBw/I1IZCRANAS46HAkNCCkDOXgYCwEjbQE2LycNAz0MFQ0TBwAmbiJbDTNrDiIAGVoYPSMZDBMYAABuJlsrIlIeSSASViUfdwRMBRUBBX4qXQFYQAE6Kw
65.9.44.50200 OK 1.2 kB URL HTTP/2 dledthebarrowb.xyz/OUtvSmFYKQwnXlh2DWwUSydSb1N/bl0MBQs+WywPDCgOfgwKPVlkAlUkGi4HSyQBPk9XLhtvU39+DiEJTwVcGytzPCkYMkF/BwkWSQY6JCdbDwQILHAjFxMmUTteCQpwfSoLLHUoLRw4eHo1BTFTcx8ZNHQEKyQ3Xw49LS1zLAgBNF5zAg4gSQ07CQp1HTomBFsjGwImTg1eDScJCCgzKFwcGBsxcx4DCSdvKAMLJAkvLSMwdg4EExJfHioCNG8jWxhReC8tCRZ4Gi4uMVwnVhAgfHJZEhZjDj0CCXIJKxAxXCdWCyloGUp4I24zJQIqfnoLCBZBKAkPTFYOISFYDxNfHyJteBw/I1IZCRANAS46HAkNCCkDOXgYCwEjbQE2LycNAz0MFQ0TBwAmbiJbDTNrDiIAGVoYPSMZDBMYAABuJlsrIlIeSSASViUfdwRMBRUBBX4qXQFYQAE6Kw
IP 65.9.44.50:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Hash ebdac96d82c20375ae98e4be49b97de2
5eadc5a5d7f5c4a2b08fa0f77106b9ba3565a4c0
04be3cefb09cf3f24d808d6de7273629990f0fa3844cb2cadd1d636412d0b312
GET /OUtvSmFYKQwnXlh2DWwUSydSb1N/bl0MBQs+WywPDCgOfgwKPVlkAlUkGi4HSyQBPk9XLhtvU39+DiEJTwVcGytzPCkYMkF/BwkWSQY6JCdbDwQILHAjFxMmUTteCQpwfSoLLHUoLRw4eHo1BTFTcx8ZNHQEKyQ3Xw49LS1zLAgBNF5zAg4gSQ07CQp1HTomBFsjGwImTg1eDScJCCgzKFwcGBsxcx4DCSdvKAMLJAkvLSMwdg4EExJfHioCNG8jWxhReC8tCRZ4Gi4uMVwnVhAgfHJZEhZjDj0CCXIJKxAxXCdWCyloGUp4I24zJQIqfnoLCBZBKAkPTFYOISFYDxNfHyJteBw/I1IZCRANAS46HAkNCCkDOXgYCwEjbQE2LycNAz0MFQ0TBwAmbiJbDTNrDiIAGVoYPSMZDBMYAABuJlsrIlIeSSASViUfdwRMBRUBBX4qXQFYQAE6Kw HTTP/1.1
Host: dledthebarrowb.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1199
date: Fri, 30 Dec 2022 09:15:13 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b862e3687b36a4ee0dbc1b9352fbfbb2.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: WxdQQJmV8vmZjY_Xz25B2sN1oZAQccmsPAcj-Zy4_6DWLOQK82ntDg==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/6FGEW7CDSpU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/6FGEW7CDSpU
IP 142.250.74.131:0
Hash c3c1904b26f8c4b29ef7234665284202
e5b7a66c0b735e97d25025c325b48f58eb651349
9d03bd67d63e7a7933ed40d0f81c6e073ea4b3223d59aff739e1b7da80825f71
POST /s/gts1p5/6FGEW7CDSpU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d05cf8bc733f1d23b3cd589c3ffc2a71
9ed10a42608329e3feab28fbe719641d46700613
f458b0b7111484d65c4c2d3522528cabb4a37cbc77cb0c765324edbdf964a8e2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3058
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Last-Modified: Fri, 30 Dec 2022 08:24:15 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c01ec5e07dbe046b735f9c99bb14aa12
2ff3b5a56cbd14daa3f030b8e0155911e540fc60
2aa5e1d9163a70e14b198bbde17e740330d36283b9e04ec54ba23d84f5025d33
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
live.demand.supply/e/e.js?e=ll&d=311&cs=c&dsReferer=ZXhlby5hcHAvU0llZw==
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/e/e.js?e=ll&d=311&cs=c&dsReferer=ZXhlby5hcHAvU0llZw==
IP 104.16.134.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /e/e.js?e=ll&d=311&cs=c&dsReferer=ZXhlby5hcHAvU0llZw== HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:13 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
etag: "9664438fc0db5c4deed9238aef210660-ssl"
x-nf-request-id: 01GM32FRGGARDGXY1X31YKZ3XW
cf-cache-status: HIT
age: 1504855
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7819ab6ffb5c0af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dledthebarrowb.xyz/Sm1selcrDw8XaCtQDlwiOAFRX2UMSF48M3gYWBw5fw4NTjp5G1pUNCYCGR4xOAICDnkkCBhfZQwmDRAVOiABTh0SGggvAhhYNj4Gczo7Ox0pLCoKGh0FHB4WCAIiMDkbNSs8IxM6CzsaLj4tNhszOCouZxM4KB1mECstMxsSClgqBAtUCTkwcws4PBIEOCo0MgwFXTkWGygiMjstNCtLOBM1BE4HEjhVMhN7CQg4PC0lLhYgAytdDSQIOA85BHsKLSsCHyUuPAYNPz5LBwsBABkQIVUvLQYECD47FQcsPwIHCwEAPBU9PCsiBS4JJzgBKCwEIDQIKEENFQYoVDkAHyw1LiAHAi1LYiwlABE1GVwLOxMmDiI7AXMgLTk/EywqHRQSAR87AAgJDy07Eyw9OyQHNRQ/DxIuGzgAGwktLT8TDihLb2wHHxU5OlAjPC44Bl0SOSwoJUMWBVg
65.9.44.50200 OK 1.2 kB URL HTTP/2 dledthebarrowb.xyz/Sm1selcrDw8XaCtQDlwiOAFRX2UMSF48M3gYWBw5fw4NTjp5G1pUNCYCGR4xOAICDnkkCBhfZQwmDRAVOiABTh0SGggvAhhYNj4Gczo7Ox0pLCoKGh0FHB4WCAIiMDkbNSs8IxM6CzsaLj4tNhszOCouZxM4KB1mECstMxsSClgqBAtUCTkwcws4PBIEOCo0MgwFXTkWGygiMjstNCtLOBM1BE4HEjhVMhN7CQg4PC0lLhYgAytdDSQIOA85BHsKLSsCHyUuPAYNPz5LBwsBABkQIVUvLQYECD47FQcsPwIHCwEAPBU9PCsiBS4JJzgBKCwEIDQIKEENFQYoVDkAHyw1LiAHAi1LYiwlABE1GVwLOxMmDiI7AXMgLTk/EywqHRQSAR87AAgJDy07Eyw9OyQHNRQ/DxIuGzgAGwktLT8TDihLb2wHHxU5OlAjPC44Bl0SOSwoJUMWBVg
IP 65.9.44.50:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Hash bcd5e76de6c9c66308e60c4a33cb8219
170ed0d544c194421a64273df604667506a0a0bf
9719dee81e859b7098dbe3301f68dd422396e107b09f606a82e816ddd1dfe3f0
GET /Sm1selcrDw8XaCtQDlwiOAFRX2UMSF48M3gYWBw5fw4NTjp5G1pUNCYCGR4xOAICDnkkCBhfZQwmDRAVOiABTh0SGggvAhhYNj4Gczo7Ox0pLCoKGh0FHB4WCAIiMDkbNSs8IxM6CzsaLj4tNhszOCouZxM4KB1mECstMxsSClgqBAtUCTkwcws4PBIEOCo0MgwFXTkWGygiMjstNCtLOBM1BE4HEjhVMhN7CQg4PC0lLhYgAytdDSQIOA85BHsKLSsCHyUuPAYNPz5LBwsBABkQIVUvLQYECD47FQcsPwIHCwEAPBU9PCsiBS4JJzgBKCwEIDQIKEENFQYoVDkAHyw1LiAHAi1LYiwlABE1GVwLOxMmDiI7AXMgLTk/EywqHRQSAR87AAgJDy07Eyw9OyQHNRQ/DxIuGzgAGwktLT8TDihLb2wHHxU5OlAjPC44Bl0SOSwoJUMWBVg HTTP/1.1
Host: dledthebarrowb.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1196
date: Fri, 30 Dec 2022 09:15:13 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b862e3687b36a4ee0dbc1b9352fbfbb2.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: EGxQLHDV3PG_nQZmeOa64YY9fJDFZnaIpcIu7GtOKKmFWqngOi58Cw==
X-Firefox-Spdy: h2
dledthebarrowb.xyz/utx?cb=BKbJPKUdCQiD&top=exeo.app&tid=889494
65.9.44.50204 No Content 0 B URL HTTP/2 dledthebarrowb.xyz/utx?cb=BKbJPKUdCQiD&top=exeo.app&tid=889494
IP 65.9.44.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=BKbJPKUdCQiD&top=exeo.app&tid=889494 HTTP/1.1
Host: dledthebarrowb.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 30 Dec 2022 09:15:13 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 30 Dec 2022 09:16:13 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b862e3687b36a4ee0dbc1b9352fbfbb2.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: aCEptQgyVt-k5tLcFtLEZI-qGGc4PX-jjwbKwXhKW-Qc1WZGI7RgXA==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 381c053b6840190de8a6ebc8c2500782
49663365030bd703d447a34b644c1c42e04de4b9
a86a02a7c5e7d80b3a9b5b904af454ad1066b5778cabf7c0aafdb3412797c80e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A86A02A7C5E7D80B3A9B5B904AF454AD1066B5778CABF7C0AAFDB3412797C80E"
Last-Modified: Fri, 30 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11049
Expires: Fri, 30 Dec 2022 12:19:22 GMT
Date: Fri, 30 Dec 2022 09:15:13 GMT
Connection: keep-alive
toottuleringv.info/dWhDU0daVyAgeiIDOxkmGT4qNg8BCxoECVBaATV2DQMhYDNQWgELdTxONzojSFBxYXJHXGUjLhFVcnU0AQk3JjRIWWU6KRMHfnUxSFltYHNbW3J9dVMdfmJhARgiNHpETjMnMxlVcmVwR1t6YnBFX3Nifw
104.21.54.163204 No Content 0 B URL HTTP/2 toottuleringv.info/dWhDU0daVyAgeiIDOxkmGT4qNg8BCxoECVBaATV2DQMhYDNQWgELdTxONzojSFBxYXJHXGUjLhFVcnU0AQk3JjRIWWU6KRMHfnUxSFltYHNbW3J9dVMdfmJhARgiNHpETjMnMxlVcmVwR1t6YnBFX3Nifw
IP 104.21.54.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dWhDU0daVyAgeiIDOxkmGT4qNg8BCxoECVBaATV2DQMhYDNQWgELdTxONzojSFBxYXJHXGUjLhFVcnU0AQk3JjRIWWU6KRMHfnUxSFltYHNbW3J9dVMdfmJhARgiNHpETjMnMxlVcmVwR1t6YnBFX3Nifw HTTP/1.1
Host: toottuleringv.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 30 Dec 2022 09:15:13 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=158qqTQWf%2FW%2B%2BktMRXRJdFiTT3RVkELePpEqCOpEfj7WC3WKyubFr1kk2%2FESZLK1MquFwrNbNzfYgEUc%2F09NaSE3PbRM8J2v3g9Qn%2B8edBWWh82nfWW18pV71d77ekdphHnWEhA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7819ab6fc8721bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
toottuleringv.info/UTFYcTd+DjsCCjJmAkNUB3cRJFw1eQIaYQBgaCtQAAAWNWU8dH4FXjUMYEUEYwdpV0c4VWVAD3dCLBBDJEJlQBE4Xz4eCndHZUAZYR9qXwV3RGVAESVBORYKYBcoBUM9DGlHAGMCYUAAYQZoSAU
104.21.54.163204 No Content 0 B URL HTTP/2 toottuleringv.info/UTFYcTd+DjsCCjJmAkNUB3cRJFw1eQIaYQBgaCtQAAAWNWU8dH4FXjUMYEUEYwdpV0c4VWVAD3dCLBBDJEJlQBE4Xz4eCndHZUAZYR9qXwV3RGVAESVBORYKYBcoBUM9DGlHAGMCYUAAYQZoSAU
IP 104.21.54.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UTFYcTd+DjsCCjJmAkNUB3cRJFw1eQIaYQBgaCtQAAAWNWU8dH4FXjUMYEUEYwdpV0c4VWVAD3dCLBBDJEJlQBE4Xz4eCndHZUAZYR9qXwV3RGVAESVBORYKYBcoBUM9DGlHAGMCYUAAYQZoSAU HTTP/1.1
Host: toottuleringv.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 30 Dec 2022 09:15:13 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9xQ6X6%2BZ33Dq21ytiV3ShpoTetinjC54GIXSukvQNSdqDi8PxNoLqIM3IVl5GGM7zidrXcAOkffvMpDNFKlNys8nUoL0tzchh%2BaTvHPupZx7L%2FOncTkFeuOfs%2BN%2Fni9%2FQx%2Bdn0A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7819ab6fc8791bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
toottuleringv.info/S0FLZ1hkfigUZRIWGRM9JQsYPx5+ERoxChgXHi0cHRcFMQweIm0TMS98c19hf3h/QSgiJXZWfjg1KhMtOHx6QTElJyRafj18eklrf294VnZ5Zz5aaW01OwY/dnBtFyw/LXZWbnxzeF5pfHF8V296
104.21.54.163204 No Content 0 B URL HTTP/2 toottuleringv.info/S0FLZ1hkfigUZRIWGRM9JQsYPx5+ERoxChgXHi0cHRcFMQweIm0TMS98c19hf3h/QSgiJXZWfjg1KhMtOHx6QTElJyRafj18eklrf294VnZ5Zz5aaW01OwY/dnBtFyw/LXZWbnxzeF5pfHF8V296
IP 104.21.54.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /S0FLZ1hkfigUZRIWGRM9JQsYPx5+ERoxChgXHi0cHRcFMQweIm0TMS98c19hf3h/QSgiJXZWfjg1KhMtOHx6QTElJyRafj18eklrf294VnZ5Zz5aaW01OwY/dnBtFyw/LXZWbnxzeF5pfHF8V296 HTTP/1.1
Host: toottuleringv.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 30 Dec 2022 09:15:13 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=isbtKsspdwskpvNR3GS%2B5%2BbI0iJi5iXk7G%2BZKP0WuASak6RZ%2B7sJavApbs7467PjEpPennRfY4xfDJBZ5WsGgjW9Ux%2BOsntOP7t3Exmtc41T3bij8W50VAjKHVqPh6WV%2BYdD14s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7819ab6ff8a01bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/6FGEW7CDSpU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/6FGEW7CDSpU
IP 142.250.74.131:0
Hash c3c1904b26f8c4b29ef7234665284202
e5b7a66c0b735e97d25025c325b48f58eb651349
9d03bd67d63e7a7933ed40d0f81c6e073ea4b3223d59aff739e1b7da80825f71
POST /s/gts1p5/6FGEW7CDSpU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d2u4fn5ca4m3v6.cloudfront.net/OUG9weEEzAB4efiQGFEV5ZFxCTnB2BQMXLyBSIxZ1Zl04IhYkKUIrECANA141KgtNSGc8Dh4ffHYKHht8YUkRHCNtW1YNIG0CHwIoPAMRXXMWWl5IZGJfWA8oPgsfDzJ1XUAWNXVdQElxfl9VSwN1XUAPKD5ZRF1yEkpCSDlmW1VLA3VdQAo3dVwxSXFlQU-BRZGJfFx0iOwBVSgdiX0FIcWFfQV1zYAkZCiQ2AAhdcxZeQE1vYEkFRXA
143.204.42.77200 OK 195 B URL HTTP/2 d2u4fn5ca4m3v6.cloudfront.net/OUG9weEEzAB4efiQGFEV5ZFxCTnB2BQMXLyBSIxZ1Zl04IhYkKUIrECANA141KgtNSGc8Dh4ffHYKHht8YUkRHCNtW1YNIG0CHwIoPAMRXXMWWl5IZGJfWA8oPgsfDzJ1XUAWNXVdQElxfl9VSwN1XUAPKD5ZRF1yEkpCSDlmW1VLA3VdQAo3dVwxSXFlQU-BRZGJfFx0iOwBVSgdiX0FIcWFfQV1zYAkZCiQ2AAhdcxZeQE1vYEkFRXA
IP 143.204.42.77:0
File type ASCII text, with no line terminators
Hash e6bd17f3d77cc52530de972b6a59e46b
f7abd23c5342dcb099987a6f84d624edb1763867
c134d0bf01bccf8db116129ed078826d3d9067fa690b0d8321d3142a9959fc5b
GET /OUG9weEEzAB4efiQGFEV5ZFxCTnB2BQMXLyBSIxZ1Zl04IhYkKUIrECANA141KgtNSGc8Dh4ffHYKHht8YUkRHCNtW1YNIG0CHwIoPAMRXXMWWl5IZGJfWA8oPgsfDzJ1XUAWNXVdQElxfl9VSwN1XUAPKD5ZRF1yEkpCSDlmW1VLA3VdQAo3dVwxSXFlQU-BRZGJfFx0iOwBVSgdiX0FIcWFfQV1zYAkZCiQ2AAhdcxZeQE1vYEkFRXA HTTP/1.1
Host: d2u4fn5ca4m3v6.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dledthebarrowb.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 195
date: Fri, 30 Dec 2022 09:15:13 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: KTTpWbwg6IIKWHDFn0zSXNdNJiI5eiYoS0mAQb5rvKSlkFQ95KCy2A==
X-Firefox-Spdy: h2
d2u4fn5ca4m3v6.cloudfront.net/5akhvN3QJJwFRSx4hCwpMUnFbDkBMIhxYGhp1CkI6EAMLcBVYA1ZOPj8pSUMODnVfERgLJggKUg8mDApFTCkLVUlebhtHGwF1GF0CGyIeWwQPJUlCFVclAE0dBiQOEkYsfUEHUVh4R0AdBCwAQAdPel9ZAE96XwZERHhKBDZPel9AHQR+WxJHKG1dBwxcfE-oENk96X0UCT3suBkRfZl8eUVh4CFIXASdKBTJYeF4HRFt4XhJGWi4GRREMJxcSRix5XwJaWm4aCkU
143.204.42.77200 OK 618 B URL HTTP/2 d2u4fn5ca4m3v6.cloudfront.net/5akhvN3QJJwFRSx4hCwpMUnFbDkBMIhxYGhp1CkI6EAMLcBVYA1ZOPj8pSUMODnVfERgLJggKUg8mDApFTCkLVUlebhtHGwF1GF0CGyIeWwQPJUlCFVclAE0dBiQOEkYsfUEHUVh4R0AdBCwAQAdPel9ZAE96XwZERHhKBDZPel9AHQR+WxJHKG1dBwxcfE-oENk96X0UCT3suBkRfZl8eUVh4CFIXASdKBTJYeF4HRFt4XhJGWi4GRREMJxcSRix5XwJaWm4aCkU
IP 143.204.42.77:0
File type ASCII text, with very long lines (883), with no line terminators
Hash 727584cb8c15541f49b6163adb1d9de3
30d9c03cf0a947247b959d51e0f30ef417810d23
d74a066119890c2566696f06e67c0552e8f000fa30f27982abf6198853c22d59
GET /5akhvN3QJJwFRSx4hCwpMUnFbDkBMIhxYGhp1CkI6EAMLcBVYA1ZOPj8pSUMODnVfERgLJggKUg8mDApFTCkLVUlebhtHGwF1GF0CGyIeWwQPJUlCFVclAE0dBiQOEkYsfUEHUVh4R0AdBCwAQAdPel9ZAE96XwZERHhKBDZPel9AHQR+WxJHKG1dBwxcfE-oENk96X0UCT3suBkRfZl8eUVh4CFIXASdKBTJYeF4HRFt4XhJGWi4GRREMJxcSRix5XwJaWm4aCkU HTTP/1.1
Host: d2u4fn5ca4m3v6.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dledthebarrowb.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 618
date: Fri, 30 Dec 2022 09:15:13 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: H1hMzzrViVGkV3lAv6yhYCmix9fidNwqWmOeHLSebtqaq0n54ZcrHQ==
X-Firefox-Spdy: h2
d2u4fn5ca4m3v6.cloudfront.net/KajBpMm4JXwdUUR5ZDQ9WWAJcAFpMWhpdABoNJnQXGFtYWgAMdSALLyUFT0YUDg1ZFAILXg4PSA9eCg9fTFENUFNeFh1CAQENHlgYG1oYXh4PXU9HD1ddBkgHBlwIF1wsBUcCS1gAQUUHBFQGRR1PAllcGk8CWQNeRABMASxPAllFBwQGXRddKBVbAhZcBE-wBLE8CWUAYTwMoA15fHlkbS1gADlcNAV9MAChYAFgCXlsAWBdcWlYAQAsMXxEXXCwBWQdAWhYcD18
143.204.42.77200 OK 517 B URL HTTP/2 d2u4fn5ca4m3v6.cloudfront.net/KajBpMm4JXwdUUR5ZDQ9WWAJcAFpMWhpdABoNJnQXGFtYWgAMdSALLyUFT0YUDg1ZFAILXg4PSA9eCg9fTFENUFNeFh1CAQENHlgYG1oYXh4PXU9HD1ddBkgHBlwIF1wsBUcCS1gAQUUHBFQGRR1PAllcGk8CWQNeRABMASxPAllFBwQGXRddKBVbAhZcBE-wBLE8CWUAYTwMoA15fHlkbS1gADlcNAV9MAChYAFgCXlsAWBdcWlYAQAsMXxEXXCwBWQdAWhYcD18
IP 143.204.42.77:0
File type ASCII text, with very long lines (707), with no line terminators
Hash ec5170e5aa299d59316aa99bf00f7a96
c2736c53f75a1de71820b744d66df2166cd97335
652c0398e54fbe3da74391c91af9120afb14d9faab28cc74d6ea7c7c77bd8b2f
GET /KajBpMm4JXwdUUR5ZDQ9WWAJcAFpMWhpdABoNJnQXGFtYWgAMdSALLyUFT0YUDg1ZFAILXg4PSA9eCg9fTFENUFNeFh1CAQENHlgYG1oYXh4PXU9HD1ddBkgHBlwIF1wsBUcCS1gAQUUHBFQGRR1PAllcGk8CWQNeRABMASxPAllFBwQGXRddKBVbAhZcBE-wBLE8CWUAYTwMoA15fHlkbS1gADlcNAV9MAChYAFgCXlsAWBdcWlYAQAsMXxEXXCwBWQdAWhYcD18 HTTP/1.1
Host: d2u4fn5ca4m3v6.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dledthebarrowb.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 517
date: Fri, 30 Dec 2022 09:15:13 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: irA3zc86IY10f9axizXPUX9y9aTLP-VVDyXC9GvxQyBrikFY6gpsGQ==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 133370016aafb0f320de2fd65516d2a7
8ebfbd7dae30fdb38a67936ff5a5eb34cafc99d0
1e971d11eea31624c3f0ca554819be5d5ad15728a6a282a4dd34c606cbd59131
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5729
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Last-Modified: Fri, 30 Dec 2022 07:39:44 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 0ee81048da85cdf50a31ac7ea2e33d9e
795881c544fefe5b89fc005297f3087bb4ae4c7e
aa49c808f83ffe4b04a341dd21ded3205e13f8da59659ce17e8a0d33eb17cb6d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.14200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 30 Dec 2022 07:34:02 GMT
expires: Fri, 30 Dec 2022 09:34:02 GMT
cache-control: public, max-age=7200
age: 6071
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 0ee81048da85cdf50a31ac7ea2e33d9e
795881c544fefe5b89fc005297f3087bb4ae4c7e
aa49c808f83ffe4b04a341dd21ded3205e13f8da59659ce17e8a0d33eb17cb6d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f9886f7d939bc5ceabc7979a8c88c551
f8b60ed626d10fdaf357a3b14218d2063683a8cb
d57a2b9931924a5bd3637b13a45226115633a2193424483ec8136aa9b3e66c51
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.130200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (39504)
Hash 73b3f83b0602a979865fc4865f93dcfc
07bd887f10cbb9e297403a7d16acca7419e278d2
5b6bf915a1589ddfc229a2a4f13a056a973a07a8cedb78ab898316507c8f1b0a
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27666
date: Fri, 30 Dec 2022 09:15:13 GMT
expires: Fri, 30 Dec 2022 09:15:13 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1436 / 705 of 1000 / last-modified: 1670587582"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.173.27200 OK 499 B IP 172.64.173.27:0
File type ASCII text, with no line terminators
Hash 6559ae6b72aa9ea3ed019c538e273474
6c3cd1f485781f11fce0b6012e54c1ab58750220
07d545725f77f08b205515d5a03a6dfaa21e8b30c553892dadc2933af17f6815
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:13 GMT
content-type: text/plain
set-cookie: csu=2013995753614485@1@1672391713; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XafM7LPE5kj0xXvR1zKIrzll7d3%2FMM18PgOWFbOwAzWVbe7oBRmmOh%2BN%2BbQvpz55bfuybnsKaovAaiIRzpt3eydiet8W6cGadiP2Lk%2BhvwM0EEY7a6XsKu7pXWYYV%2BqH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7819ab70891a7797-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash f86fbc2aada903b5b5e211c77d9bef80
ce170406edd04af34b591aa36c237e35d2644bdc
9dc9382ff8482c51087ce925590f5e06efc9a55c7deb685279e0dd4d8e4adeae
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 30 Dec 2022 09:15:13 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-217967322%3A1672391713662358&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4w4cyeSbzbO_9hJfau_hgCq_W4cWZ97I6sPV1der-AW6DhrBrp96vz3muoj5S4-xL0VM4mPg
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-37pKOaG_pFQqfkGMpaO38w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:sS4XzpwBnT0bV6uCxwqpll_WnGg3YA:TesGPNFIuvxT6uGw;Path=/;Expires=Sun, 29-Dec-2024 09:15:13 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 398 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 896692acf651d3a7dbd8e6a725053515
d893003a402ea2072f8534fec472081a78281f5b
a596c762d169724d3067110fd011cca08c39f7922a9f2cd57b9fc51a195a2c60
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 30 Dec 2022 09:15:13 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1326265701%3A1672391713690084&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4_xW-oivfQPyvykxLwCCfkAeDK_4uUF4d7pZQ5LjkWZ2NA6NEgZjG1W-wMJQom7JzuNxzaog
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-y98XHahD78cRrbs46aCo9A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:BVCct3thST4-YJefyrS6uYi7JqChJg:JWVyEDs0uX_VgSnt;Path=/;Expires=Sun, 29-Dec-2024 09:15:13 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
37.48.68.71200 OK 1.6 kB URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash c38032c7f7b5e6cd39d609bc0a34753a
1ab71500c3cde41d8f6939acbd20e7ccc247e6bb
997cc300ae6ef044c046ecd9a63e649d6cf3d3ef74e58c05746092804f45d3b0
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 898
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 30 Dec 2022 09:15:13 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exeo.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f9886f7d939bc5ceabc7979a8c88c551
f8b60ed626d10fdaf357a3b14218d2063683a8cb
d57a2b9931924a5bd3637b13a45226115633a2193424483ec8136aa9b3e66c51
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c9a6a4c5ca0c5f3edafc44366269c44a
9d5e3d681a413142372bd90d7a52a333b5051f0f
ddaa67b57bc244d6eeb7dc8e0b9f0fb4a46876df61cd612c74442e7f328a5101
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js?cb=31071295
142.250.74.130200 OK 132 kB URL HTTP/2 securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js?cb=31071295
IP 142.250.74.130:0
File type ASCII text, with very long lines (65395)
Size 132 kB (132306 bytes)
Hash 4bb5c05eee04fec4e851c63be4754945
87e1f8c31e4843f44a5032aa38ca930c65ea95d3
6104ebabbe0df8dbd510114b06ddacf583769bba79906a34662fe34abbaf9d27
GET /gpt/pubads_impl_2022120801.js?cb=31071295 HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 132306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Dec 2022 20:56:47 GMT
expires: Fri, 29 Dec 2023 20:56:47 GMT
cache-control: public, immutable, max-age=31536000
age: 44306
last-modified: Thu, 08 Dec 2022 09:38:55 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/pagead/ppub_config?ippd=exeo.app
142.250.74.130200 OK 83 B URL HTTP/2 securepubads.g.doubleclick.net/pagead/ppub_config?ippd=exeo.app
IP 142.250.74.130:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 42db709d990530a635023e6e242b3273
f9b004c815075f3fadca3e0e2029f110eb672c4f
b8ca032699938ca453bb0ac6fea21f41f1ebc62e894c8ee16d8e3be6f9cb9897
GET /pagead/ppub_config?ippd=exeo.app HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
date: Fri, 30 Dec 2022 09:15:13 GMT
expires: Fri, 30 Dec 2022 09:15:13 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 83
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 30-Dec-2022 09:30:13 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 2.0 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
Hash d11b955cd93a2554255b9a8bc6ea4c51
a72022855d7e2cfd718311233e031acffc08859b
a8839cf8473c5554bc45a7df4270f0a7e7c68061e845492c6730d6a22b716b4c
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: pUAr7dE6i3gylvHJtGhYdJZyc4MH7o37wUQchlZrNh6XJXwCTeOu6tgHG4IJOdYa7M44vMaw6mYxIjXjvoOaSQ==
date: Fri, 30 Dec 2022 09:15:13 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
exeo.app/fv.ico
172.67.74.139200 OK 1.5 kB IP 172.67.74.139:0
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 1b12ae2d6e3927db8f3d6776e7d2e75a
3a85b5c6f48a69dab955c794726c877bbe44acbb
0402d2fe87278cf0f06982a0e2e6a8cbb7836e6bf1f0d40c8459c30e328c066e
Analyzer Verdict Alert fortinet Malware
GET /fv.ico HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/SIeg
Cookie: AppSession=6640eec8c9e21754d850d5f6d6bf6489; csrfToken=95fddd3bc70d34045f6a5f8b051c15b60339eeb6a90a04ab5f93629d07352aa8fa1f047bbc96df47604d95cc5d72fea8f27f5ae2aa8e2f791d9165f431dd5d9e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:13 GMT
content-type: image/x-icon
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Aug 2019 06:50:33 GMT
cache-control: max-age=31536000
expires: Tue, 12 Dec 2023 22:59:02 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1505771
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mC5j8r87kapXcqRP%2F7obpcVw%2B7bo0fYbYK6feszTFNgZeoDrVZl76ODpM3mRdsEjIHvVe3XaURaYVDTS3gk2m4cysJa5wQtWGzeCPF5uGmksrw%2Fsxef6Vl4h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7819ab71dd46b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c9a6a4c5ca0c5f3edafc44366269c44a
9d5e3d681a413142372bd90d7a52a333b5051f0f
ddaa67b57bc244d6eeb7dc8e0b9f0fb4a46876df61cd612c74442e7f328a5101
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8b09274f35f179f5864c1239bc5cab72
bdcba81321107acec70cf2473bdd19b4b99590e1
8fa4c07e35ccbf18d0821d7f84d680401fc0e3ffb7ec21d98afce1a10ff31679
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=exeo.app
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exeo.app
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exeo.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 30 Dec 2022 09:15:13 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-217967322%3A1672391713662358&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4w4cyeSbzbO_9hJfau_hgCq_W4cWZ97I6sPV1der-AW6DhrBrp96vz3muoj5S4-xL0VM4mPg
142.250.74.109403 Forbidden 905 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-217967322%3A1672391713662358&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4w4cyeSbzbO_9hJfau_hgCq_W4cWZ97I6sPV1der-AW6DhrBrp96vz3muoj5S4-xL0VM4mPg
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1751), with no line terminators
Hash c000cd4ab2679409089ac64d8c734a04
2f9c5789892822e947bc4edd503756480ebb3fb7
4c09e57edfca1106588782f554f0efa39fe690f58f18a8e9b11f5977022d0f45
GET /v3/signin/identifier?dsh=S-217967322%3A1672391713662358&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4w4cyeSbzbO_9hJfau_hgCq_W4cWZ97I6sPV1der-AW6DhrBrp96vz3muoj5S4-xL0VM4mPg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 30 Dec 2022 09:15:13 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-76XqwW6adCOgTlzlg1n6Zg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8b09274f35f179f5864c1239bc5cab72
bdcba81321107acec70cf2473bdd19b4b99590e1
8fa4c07e35ccbf18d0821d7f84d680401fc0e3ffb7ec21d98afce1a10ff31679
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
216.58.207.193200 OK 2.7 kB URL HTTP/2 e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Fri, 30 Dec 2022 09:15:14 GMT
expires: Sat, 30 Dec 2023 09:15:14 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120801&st=env
142.250.74.34200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120801&st=env
IP 142.250.74.34:0
File type JSON data\012- , ASCII text, with very long lines (14570), with no line terminators
Hash 017252979a14dc921c243a69ba46438f
6cea0dbfb0b5fe7226c64b58ca1ecef306695f1b
982ed1b748684e62b15306ecaa07c1483a507d151dada424a473cbf2e8990d55
GET /getconfig/sodar?sv=200&tid=gpt&tv=2022120801&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Fri, 30 Dec 2022 09:15:14 GMT
server: cafe
content-length: 10999
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 754cf019e3474c47b014e3a836711a24
a906a928c61650232f4a733c6d77e6f5d26f563d
7cec94a1e234f1c0c1f9f0bbad56fa596b7b1e3779d54503bbae40414630e252
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.161200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.161:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Fri, 30 Dec 2022 09:15:14 GMT
expires: Fri, 30 Dec 2022 09:15:14 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash c6e3debbec5e1e40f70fe7ea64f43677
13e87014320f5d138cc0ca8fb0c055ca6b0f857c
8d8986bdc97863ba903207f9c815453e78d8cc098c45ab60d18c4dd46ebf4e19
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5182
Cache-Control: max-age=103689
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:14 GMT
Etag: "63ad89ed-116"
Expires: Sat, 31 Dec 2022 14:03:23 GMT
Last-Modified: Thu, 29 Dec 2022 12:37:01 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 682cbddcfdb68a8e77dc78949bf5bbc1
1ea7c9b419854f0ef2e28430e885a82fc74017a1
4d721442aeafdf78f7969d62c2557a8e353e81eb9a056c393f96965aeaf90f4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.132200 OK 513 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 2d4ad56e3e60ded7cef19be461b38963
ce399dd0135fcadfd8faac60db6685700d4e941a
71acefc34b85a04e55133d2602c9e11c0223e8e49454cd99d110005836152b9c
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 30 Dec 2022 09:15:14 GMT
date: Fri, 30 Dec 2022 09:15:14 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-rUBqq8MB9V2mu6mbIOPsvA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/xbbe/pixel?d=CJeVmwEQgrX8-QMYzqb-2wEwAQ&v=APEucNVGIZI3ibjjkRKty6VoPtSB8MapAFxH2UEjE0I55jgFeovoQqrHO5_Huo6PGd6md8sAb6N-VlamWgI0jTjD-Tbe3cY5lR9g9sJDpQfw2YND4kB8nQYtqPOLpuhyORiZeykIlR9GR-DfQmz9serz24_uULnoZA3iMrDCG86ARjvS8ELj886EE9n6uZrJeq_Bex2QinUtIOHczgtN-kp8G3h_LSSxNw
142.250.74.66200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CJeVmwEQgrX8-QMYzqb-2wEwAQ&v=APEucNVGIZI3ibjjkRKty6VoPtSB8MapAFxH2UEjE0I55jgFeovoQqrHO5_Huo6PGd6md8sAb6N-VlamWgI0jTjD-Tbe3cY5lR9g9sJDpQfw2YND4kB8nQYtqPOLpuhyORiZeykIlR9GR-DfQmz9serz24_uULnoZA3iMrDCG86ARjvS8ELj886EE9n6uZrJeq_Bex2QinUtIOHczgtN-kp8G3h_LSSxNw
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CJeVmwEQgrX8-QMYzqb-2wEwAQ&v=APEucNVGIZI3ibjjkRKty6VoPtSB8MapAFxH2UEjE0I55jgFeovoQqrHO5_Huo6PGd6md8sAb6N-VlamWgI0jTjD-Tbe3cY5lR9g9sJDpQfw2YND4kB8nQYtqPOLpuhyORiZeykIlR9GR-DfQmz9serz24_uULnoZA3iMrDCG86ARjvS8ELj886EE9n6uZrJeq_Bex2QinUtIOHczgtN-kp8G3h_LSSxNw HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 30 Dec 2022 09:15:14 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 30-Dec-2022 09:30:14 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 30 Dec 2022 09:15:14 GMT
cache-control: private
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/xbbe/pixel?d=CJeVmwEQgrX8-QMYu4TL2wEwAQ&v=APEucNV14rt3T4TS5wv7UQMedHbixl-QF0Emj5zIsgxsdFgC-1-VRVGw0GsmgmGCHDKvSh5Es-CXzr8ktOBWp-RMtcfriY_mixQb-Q8hhOAZVJjmOfQCX6SSG0czwab9mOFa_oa8hWMpM_fyrAjf55dO4IxBf9yFGAjW7N502XoWG55EB48ApPeTCeO0wARfnWgWJgXFI94iEWdc_hlUlPXswqP3c5GBFA
142.250.74.66200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CJeVmwEQgrX8-QMYu4TL2wEwAQ&v=APEucNV14rt3T4TS5wv7UQMedHbixl-QF0Emj5zIsgxsdFgC-1-VRVGw0GsmgmGCHDKvSh5Es-CXzr8ktOBWp-RMtcfriY_mixQb-Q8hhOAZVJjmOfQCX6SSG0czwab9mOFa_oa8hWMpM_fyrAjf55dO4IxBf9yFGAjW7N502XoWG55EB48ApPeTCeO0wARfnWgWJgXFI94iEWdc_hlUlPXswqP3c5GBFA
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CJeVmwEQgrX8-QMYu4TL2wEwAQ&v=APEucNV14rt3T4TS5wv7UQMedHbixl-QF0Emj5zIsgxsdFgC-1-VRVGw0GsmgmGCHDKvSh5Es-CXzr8ktOBWp-RMtcfriY_mixQb-Q8hhOAZVJjmOfQCX6SSG0czwab9mOFa_oa8hWMpM_fyrAjf55dO4IxBf9yFGAjW7N502XoWG55EB48ApPeTCeO0wARfnWgWJgXFI94iEWdc_hlUlPXswqP3c5GBFA HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 30 Dec 2022 09:15:14 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 30-Dec-2022 09:30:14 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 30 Dec 2022 09:15:14 GMT
cache-control: private
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
142.250.74.66200 OK 48 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 142.250.74.66:0
File type ASCII text, with very long lines (3501)
Hash 0aea457deb170b60b680d7d723b4a6e2
3acbe700c709c2c5c07d6fb145ea7b448cc07a90
86c662679bc2508be7e8064c91055a3c5be7db2c24d58e5f27676f35702ba339
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 47725
date: Fri, 30 Dec 2022 09:15:14 GMT
expires: Fri, 30 Dec 2022 09:15:14 GMT
cache-control: private, max-age=3000
etag: "1670417373259609"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ByoUSRCeXTiV7kQZ6r6Fh-MRhIteqtdT9Fw1db-OVl0b4EGs3O2b3SA8gU0XzDi0PRrEI85e3TpECTh4e2WCLlN9vhyQ&cry=1&dbm_d=AKAmf-BpT1A3ZeKc3QAsYA3OEwkOyPbMsYRb-15o0a85AIKTSGXDLqO-CJPpJ-BrhqLuGk96fStVonx2tpfy1ciM_MoJ1B1CbhwHreeqkgoCDh_ZHwFLdC66KgQK-8kWVhgJGGWa1lvHpT4q__WLZHzIcTn3ZG7VcBLe90fCP8Ukwx-nFpSj6IDw940iASpSwldlL7JzHkaCXe4fqWIpoewmYmROklscSUtshv-oriaCi5oc-Fp2OiYf1cUj4gtzzqYD45o80i8s0ZxKt9ZnmbWTmaMkobgguUIChx1WJkcHrXsBxNHeEWtZXiCUDYsJA0iTm8PKHasMGRVSjrR3dAj3XsdYH8-HZiSCRjtanzC8I2c3h7b6W355UZy-6sOuhkQz5wQKA2aHUyoL89_4L4rIRNXgtnVThqFKuBQQeCITuvOM2qtALAKgQ-mcPNRrALZU1ZVvqYpfYFV1aLesL0OSkuEQyCcLCg4qGPc09JrBLPVoUE5yPwYfYnjIMVtQObXTPzw6SQVLzQIuK02-r4x8eTZ3dy1EnZp8WWjRf3GTN79w9b8T0hQUno6QpgUOs6mYR3c2-Hepn32EY0LJ0LewnBfMA2Ql22W03bpXauzTkygtnYO4V5HitIYtFMQtKfj-0B-8svVnlwdzPn0b-PFyi2PiBJWSx7QeW78diuY22kZWJP-45nXgoAzm-bWN84mdWOZzkQ1Wl4VuTQpa7GLBQh57PFfQVN9LjIXtns0qSv6yk58x1BFclvDgPu2xxntR_qoUpUkOs0-YJyi0HEpb-eMeT8P4DaL7vbOu8rRi0q2odlW8bwW3GcaySMaYJfMs0__OlEgglUfz09JWRljTn0T_hiBJGtPrtBbZrvnKW2KRWUF1KzBuuVDLZk2a6DuG5H7VcZTnJLuveJJvflzk-X16qpt3N4BhrMV8yhCBGDK-WZsGkFv6Hf1YIW0IfHhi3k496Q53h278nUDGHBEoOm-tO1lxt1wsjuF4P4Z10arlEgihj6lkIsFENsQ8E5BhRVPvC-Ar1FEuOB-VDiRhrd9Xn8XT5S9TkO_tePL4ssPwSD9-Rvl-m1TTpg40H-d6OWMbkurmRQYl3Vlv0nTOWj1a4GZl2LaW5I4tFLSIHkS6JoEruA88CUcts5s2xeYUf7O8Ft7ZmNtTKSyEo7O3X9nPdB80qCsNQAWLMccPyo07Ds-cwh9vioTTiYqmaU0WSsS38XlMVnptXSSzgg4-2uNmgp7fFqlX8hz_7s4DJZQ5wnJv9VQTyPIwWyAkMvnfQQZDG6fhAhhJwthj58DXhQN1NCXaP3xU1OVrVD3ALaYRvF4Z6sR9NnNCQfJOG3CY46Tquc4xqxCuTJ8_8ADceEK-ujqX2cUyLh-pCGLikpNdhqGNIpz-3KauRf1wgWrK8M09f52WaArZh6gfHoW_Q9vk7Q3do6yJK9jx3QjfutCZepg0uQMRxmEuTclYx6ywPdP0lQWFS-g_xnrMjfpZAiojF3jNv9kOCBeWMJv97_ixgslxd2-w8_WcZz4wdffWs1XzUvTfchPlnTkbDKIedX3BYTBajUpUlKZuebJjyFc0mK4PnchqIb11Hp0mwD0uaY-F00IDBCaD4WvSFsEIDUW45g3sa3N4azoeZfWVKnvKY35q12ZVyj505Cv4LBqNnYZlu072-EZJGTo_V5HAnlqBl4LDUSbP-GS1kE5bhmO_RDhMHccTcXvUz8Nq2liIsUvClBG-33gPzxF6sEF2EyJvf8_LzJ6vRj_aDujXsqCcWnkIEvftgfr6N4HEcpe1CWLmn2FBrrALYSQy9GqgxSJ7S2DILgbHJPWG7mhcPm75ziSWG3cKiIAwDAAcS6Ow0ig7fMnFD3P9ARM_gCCMibvvUZczYXUMbRPtUVbXBO7hCaOUaTlmIJSt7IucZNdF8joIt85116ZizHJq-LrVOGUerDUI1nDGCC9w4BGkOxXxpU0ivvPMSZz6MtcOdBxcQpcNWaNpkXEGq2SrfOIRMV1YQkivs8Gkrd8LJ-n7j4ahh0icQTPkGwdAzMzggoJR7j-GEx6-lXsfM_GaLHlJhJFfS5pfDsAQnnPUWFEOy3Rv0XVX9JKnZSeAcXXXGFqm6KjHFl5lkXl0zECVcZa9CrHFxutQUCKiHbkLk-btDEO4Yl1zLkiHBiS6EFSx6oXQIZX_afrEgmw2UhtOaYtVr_iD9tgFR1rNjyuKd8W_K9NmAT9pGM3WFE_zc-WEjIrA0AKOnpQrS2pSaIQWFmBod8Vj0gVgG_4tvDo2b4wOGfqqbLS3XuChXEAn-AiGTbVNJkYTsBkZ_G77AnSrDFXiyocUNASBpLzkVFk24YLCALNM0HFg2iCoUhYi9tQ62RF97DyQG1Xere1J3jCgwyxe04FczpIEenzk7DKgzBe45axStZLmOVbh5Cj5AxxTMBY29ncP9tzax1f2vNStIsORWbKiUVM0epogf4Lzv-9Pbf2tw-FZfkWh_5P-oKc9wHkG9ycxZXJLjz9RVlhmNWrU66a3cd9YA4zeyrePiGvFEHkz-gNcX-S2w_PrpU_PIFwcU9SnCux1CstjGwLFSKxyn5D49zCnL0-Opo7nJDnlp98YociS1XHM48jE8r5liR8x_6a5I7_1QMS1AbaeBspRg24JKND_uVPtp6Sf7hMmYf7IUigPy1a4agWR2ik8prQfKFFKeTs4aSJX84ZeL2Tw_ziqUP2A1j4SnNyaOwXHJo9Z3Zl9VsHh8tE5D6csiqVx5ZpTu4hrfMyvk5Vvg4AQDeDolWaVe1xhkSgs-L34sYPg4qzT1bStAo3gPCNm4S4s9u72SYzcSWmA7i8TDUnha34Xh7RKIegeaz7iznb-29JzOcU5KMBpnd4Y0-5QVJtFifY-iHETym9Xl4gArMpu3uFXwwhrS3ngeO42auHhc6-oGVHJ0LLSIYYuyHEVbPXLfo904M7GyOn7K57Bo3tZoPmPKJxHehsPmn7dONvLXxoPkSRFCcfuAMLJIl925AvpYtUdIkl8QnnM_RNlcps6wca4GEyf01NX_ibdjVeTVnZfieLYsNLvZd-cVYJvzfbNZZcrNw9K52J0FeIVx1iR-diDkpj6WdsBBnn-seRt0bSTZZX0oQJNl57tDjDiQXlKr2mv2Aph5TOrZgwCYIHeYiOrzVTWmJfvMx54HaaILy7UNCDNpDa9L5fu4EBWdnn0h0OuzPZe1sEP9eMnrOwG64SsoeeN_K5LUrxxocyDYA-9vWH3QvqGOfyKiFvYWDU9kxlY7mF8uQj-4x17Zt5qXvf1Kpm4sO84tNNruiWWCysI5ecNP-G3lfeStwkDX_UI2F_juPtRrNUpGzE7n3O1JKqcYPyaRKw75E_qOctqqItCcoRJQYM&cid=CAQSSwDq26N9INF13icAWzB0PirScprQzoUO5_cdB7tYx5YGy5x-pTVQpFFjMo8HqmZ_PvmYVeTlGJH2ZpfkHXYy_bZoqMkIJwOInb_61hgBIBM&rfl=1%2Chttps%253A%252F%252Fexeo.app%252F%240
142.250.74.66200 OK 34 kB URL HTTP/2 googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ByoUSRCeXTiV7kQZ6r6Fh-MRhIteqtdT9Fw1db-OVl0b4EGs3O2b3SA8gU0XzDi0PRrEI85e3TpECTh4e2WCLlN9vhyQ&cry=1&dbm_d=AKAmf-BpT1A3ZeKc3QAsYA3OEwkOyPbMsYRb-15o0a85AIKTSGXDLqO-CJPpJ-BrhqLuGk96fStVonx2tpfy1ciM_MoJ1B1CbhwHreeqkgoCDh_ZHwFLdC66KgQK-8kWVhgJGGWa1lvHpT4q__WLZHzIcTn3ZG7VcBLe90fCP8Ukwx-nFpSj6IDw940iASpSwldlL7JzHkaCXe4fqWIpoewmYmROklscSUtshv-oriaCi5oc-Fp2OiYf1cUj4gtzzqYD45o80i8s0ZxKt9ZnmbWTmaMkobgguUIChx1WJkcHrXsBxNHeEWtZXiCUDYsJA0iTm8PKHasMGRVSjrR3dAj3XsdYH8-HZiSCRjtanzC8I2c3h7b6W355UZy-6sOuhkQz5wQKA2aHUyoL89_4L4rIRNXgtnVThqFKuBQQeCITuvOM2qtALAKgQ-mcPNRrALZU1ZVvqYpfYFV1aLesL0OSkuEQyCcLCg4qGPc09JrBLPVoUE5yPwYfYnjIMVtQObXTPzw6SQVLzQIuK02-r4x8eTZ3dy1EnZp8WWjRf3GTN79w9b8T0hQUno6QpgUOs6mYR3c2-Hepn32EY0LJ0LewnBfMA2Ql22W03bpXauzTkygtnYO4V5HitIYtFMQtKfj-0B-8svVnlwdzPn0b-PFyi2PiBJWSx7QeW78diuY22kZWJP-45nXgoAzm-bWN84mdWOZzkQ1Wl4VuTQpa7GLBQh57PFfQVN9LjIXtns0qSv6yk58x1BFclvDgPu2xxntR_qoUpUkOs0-YJyi0HEpb-eMeT8P4DaL7vbOu8rRi0q2odlW8bwW3GcaySMaYJfMs0__OlEgglUfz09JWRljTn0T_hiBJGtPrtBbZrvnKW2KRWUF1KzBuuVDLZk2a6DuG5H7VcZTnJLuveJJvflzk-X16qpt3N4BhrMV8yhCBGDK-WZsGkFv6Hf1YIW0IfHhi3k496Q53h278nUDGHBEoOm-tO1lxt1wsjuF4P4Z10arlEgihj6lkIsFENsQ8E5BhRVPvC-Ar1FEuOB-VDiRhrd9Xn8XT5S9TkO_tePL4ssPwSD9-Rvl-m1TTpg40H-d6OWMbkurmRQYl3Vlv0nTOWj1a4GZl2LaW5I4tFLSIHkS6JoEruA88CUcts5s2xeYUf7O8Ft7ZmNtTKSyEo7O3X9nPdB80qCsNQAWLMccPyo07Ds-cwh9vioTTiYqmaU0WSsS38XlMVnptXSSzgg4-2uNmgp7fFqlX8hz_7s4DJZQ5wnJv9VQTyPIwWyAkMvnfQQZDG6fhAhhJwthj58DXhQN1NCXaP3xU1OVrVD3ALaYRvF4Z6sR9NnNCQfJOG3CY46Tquc4xqxCuTJ8_8ADceEK-ujqX2cUyLh-pCGLikpNdhqGNIpz-3KauRf1wgWrK8M09f52WaArZh6gfHoW_Q9vk7Q3do6yJK9jx3QjfutCZepg0uQMRxmEuTclYx6ywPdP0lQWFS-g_xnrMjfpZAiojF3jNv9kOCBeWMJv97_ixgslxd2-w8_WcZz4wdffWs1XzUvTfchPlnTkbDKIedX3BYTBajUpUlKZuebJjyFc0mK4PnchqIb11Hp0mwD0uaY-F00IDBCaD4WvSFsEIDUW45g3sa3N4azoeZfWVKnvKY35q12ZVyj505Cv4LBqNnYZlu072-EZJGTo_V5HAnlqBl4LDUSbP-GS1kE5bhmO_RDhMHccTcXvUz8Nq2liIsUvClBG-33gPzxF6sEF2EyJvf8_LzJ6vRj_aDujXsqCcWnkIEvftgfr6N4HEcpe1CWLmn2FBrrALYSQy9GqgxSJ7S2DILgbHJPWG7mhcPm75ziSWG3cKiIAwDAAcS6Ow0ig7fMnFD3P9ARM_gCCMibvvUZczYXUMbRPtUVbXBO7hCaOUaTlmIJSt7IucZNdF8joIt85116ZizHJq-LrVOGUerDUI1nDGCC9w4BGkOxXxpU0ivvPMSZz6MtcOdBxcQpcNWaNpkXEGq2SrfOIRMV1YQkivs8Gkrd8LJ-n7j4ahh0icQTPkGwdAzMzggoJR7j-GEx6-lXsfM_GaLHlJhJFfS5pfDsAQnnPUWFEOy3Rv0XVX9JKnZSeAcXXXGFqm6KjHFl5lkXl0zECVcZa9CrHFxutQUCKiHbkLk-btDEO4Yl1zLkiHBiS6EFSx6oXQIZX_afrEgmw2UhtOaYtVr_iD9tgFR1rNjyuKd8W_K9NmAT9pGM3WFE_zc-WEjIrA0AKOnpQrS2pSaIQWFmBod8Vj0gVgG_4tvDo2b4wOGfqqbLS3XuChXEAn-AiGTbVNJkYTsBkZ_G77AnSrDFXiyocUNASBpLzkVFk24YLCALNM0HFg2iCoUhYi9tQ62RF97DyQG1Xere1J3jCgwyxe04FczpIEenzk7DKgzBe45axStZLmOVbh5Cj5AxxTMBY29ncP9tzax1f2vNStIsORWbKiUVM0epogf4Lzv-9Pbf2tw-FZfkWh_5P-oKc9wHkG9ycxZXJLjz9RVlhmNWrU66a3cd9YA4zeyrePiGvFEHkz-gNcX-S2w_PrpU_PIFwcU9SnCux1CstjGwLFSKxyn5D49zCnL0-Opo7nJDnlp98YociS1XHM48jE8r5liR8x_6a5I7_1QMS1AbaeBspRg24JKND_uVPtp6Sf7hMmYf7IUigPy1a4agWR2ik8prQfKFFKeTs4aSJX84ZeL2Tw_ziqUP2A1j4SnNyaOwXHJo9Z3Zl9VsHh8tE5D6csiqVx5ZpTu4hrfMyvk5Vvg4AQDeDolWaVe1xhkSgs-L34sYPg4qzT1bStAo3gPCNm4S4s9u72SYzcSWmA7i8TDUnha34Xh7RKIegeaz7iznb-29JzOcU5KMBpnd4Y0-5QVJtFifY-iHETym9Xl4gArMpu3uFXwwhrS3ngeO42auHhc6-oGVHJ0LLSIYYuyHEVbPXLfo904M7GyOn7K57Bo3tZoPmPKJxHehsPmn7dONvLXxoPkSRFCcfuAMLJIl925AvpYtUdIkl8QnnM_RNlcps6wca4GEyf01NX_ibdjVeTVnZfieLYsNLvZd-cVYJvzfbNZZcrNw9K52J0FeIVx1iR-diDkpj6WdsBBnn-seRt0bSTZZX0oQJNl57tDjDiQXlKr2mv2Aph5TOrZgwCYIHeYiOrzVTWmJfvMx54HaaILy7UNCDNpDa9L5fu4EBWdnn0h0OuzPZe1sEP9eMnrOwG64SsoeeN_K5LUrxxocyDYA-9vWH3QvqGOfyKiFvYWDU9kxlY7mF8uQj-4x17Zt5qXvf1Kpm4sO84tNNruiWWCysI5ecNP-G3lfeStwkDX_UI2F_juPtRrNUpGzE7n3O1JKqcYPyaRKw75E_qOctqqItCcoRJQYM&cid=CAQSSwDq26N9INF13icAWzB0PirScprQzoUO5_cdB7tYx5YGy5x-pTVQpFFjMo8HqmZ_PvmYVeTlGJH2ZpfkHXYy_bZoqMkIJwOInb_61hgBIBM&rfl=1%2Chttps%253A%252F%252Fexeo.app%252F%240
IP 142.250.74.66:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 365b5dca3e78c3590612ce375fc3ba92
a8856c1cee3b2005c7021f0c4a4e47d1506d6921
465513fc03947b4a996c84fb81264a80857a58b6871c074da3c3ac143d01edbf
GET /dbm/ad?dbm_c=AKAmf-ByoUSRCeXTiV7kQZ6r6Fh-MRhIteqtdT9Fw1db-OVl0b4EGs3O2b3SA8gU0XzDi0PRrEI85e3TpECTh4e2WCLlN9vhyQ&cry=1&dbm_d=AKAmf-BpT1A3ZeKc3QAsYA3OEwkOyPbMsYRb-15o0a85AIKTSGXDLqO-CJPpJ-BrhqLuGk96fStVonx2tpfy1ciM_MoJ1B1CbhwHreeqkgoCDh_ZHwFLdC66KgQK-8kWVhgJGGWa1lvHpT4q__WLZHzIcTn3ZG7VcBLe90fCP8Ukwx-nFpSj6IDw940iASpSwldlL7JzHkaCXe4fqWIpoewmYmROklscSUtshv-oriaCi5oc-Fp2OiYf1cUj4gtzzqYD45o80i8s0ZxKt9ZnmbWTmaMkobgguUIChx1WJkcHrXsBxNHeEWtZXiCUDYsJA0iTm8PKHasMGRVSjrR3dAj3XsdYH8-HZiSCRjtanzC8I2c3h7b6W355UZy-6sOuhkQz5wQKA2aHUyoL89_4L4rIRNXgtnVThqFKuBQQeCITuvOM2qtALAKgQ-mcPNRrALZU1ZVvqYpfYFV1aLesL0OSkuEQyCcLCg4qGPc09JrBLPVoUE5yPwYfYnjIMVtQObXTPzw6SQVLzQIuK02-r4x8eTZ3dy1EnZp8WWjRf3GTN79w9b8T0hQUno6QpgUOs6mYR3c2-Hepn32EY0LJ0LewnBfMA2Ql22W03bpXauzTkygtnYO4V5HitIYtFMQtKfj-0B-8svVnlwdzPn0b-PFyi2PiBJWSx7QeW78diuY22kZWJP-45nXgoAzm-bWN84mdWOZzkQ1Wl4VuTQpa7GLBQh57PFfQVN9LjIXtns0qSv6yk58x1BFclvDgPu2xxntR_qoUpUkOs0-YJyi0HEpb-eMeT8P4DaL7vbOu8rRi0q2odlW8bwW3GcaySMaYJfMs0__OlEgglUfz09JWRljTn0T_hiBJGtPrtBbZrvnKW2KRWUF1KzBuuVDLZk2a6DuG5H7VcZTnJLuveJJvflzk-X16qpt3N4BhrMV8yhCBGDK-WZsGkFv6Hf1YIW0IfHhi3k496Q53h278nUDGHBEoOm-tO1lxt1wsjuF4P4Z10arlEgihj6lkIsFENsQ8E5BhRVPvC-Ar1FEuOB-VDiRhrd9Xn8XT5S9TkO_tePL4ssPwSD9-Rvl-m1TTpg40H-d6OWMbkurmRQYl3Vlv0nTOWj1a4GZl2LaW5I4tFLSIHkS6JoEruA88CUcts5s2xeYUf7O8Ft7ZmNtTKSyEo7O3X9nPdB80qCsNQAWLMccPyo07Ds-cwh9vioTTiYqmaU0WSsS38XlMVnptXSSzgg4-2uNmgp7fFqlX8hz_7s4DJZQ5wnJv9VQTyPIwWyAkMvnfQQZDG6fhAhhJwthj58DXhQN1NCXaP3xU1OVrVD3ALaYRvF4Z6sR9NnNCQfJOG3CY46Tquc4xqxCuTJ8_8ADceEK-ujqX2cUyLh-pCGLikpNdhqGNIpz-3KauRf1wgWrK8M09f52WaArZh6gfHoW_Q9vk7Q3do6yJK9jx3QjfutCZepg0uQMRxmEuTclYx6ywPdP0lQWFS-g_xnrMjfpZAiojF3jNv9kOCBeWMJv97_ixgslxd2-w8_WcZz4wdffWs1XzUvTfchPlnTkbDKIedX3BYTBajUpUlKZuebJjyFc0mK4PnchqIb11Hp0mwD0uaY-F00IDBCaD4WvSFsEIDUW45g3sa3N4azoeZfWVKnvKY35q12ZVyj505Cv4LBqNnYZlu072-EZJGTo_V5HAnlqBl4LDUSbP-GS1kE5bhmO_RDhMHccTcXvUz8Nq2liIsUvClBG-33gPzxF6sEF2EyJvf8_LzJ6vRj_aDujXsqCcWnkIEvftgfr6N4HEcpe1CWLmn2FBrrALYSQy9GqgxSJ7S2DILgbHJPWG7mhcPm75ziSWG3cKiIAwDAAcS6Ow0ig7fMnFD3P9ARM_gCCMibvvUZczYXUMbRPtUVbXBO7hCaOUaTlmIJSt7IucZNdF8joIt85116ZizHJq-LrVOGUerDUI1nDGCC9w4BGkOxXxpU0ivvPMSZz6MtcOdBxcQpcNWaNpkXEGq2SrfOIRMV1YQkivs8Gkrd8LJ-n7j4ahh0icQTPkGwdAzMzggoJR7j-GEx6-lXsfM_GaLHlJhJFfS5pfDsAQnnPUWFEOy3Rv0XVX9JKnZSeAcXXXGFqm6KjHFl5lkXl0zECVcZa9CrHFxutQUCKiHbkLk-btDEO4Yl1zLkiHBiS6EFSx6oXQIZX_afrEgmw2UhtOaYtVr_iD9tgFR1rNjyuKd8W_K9NmAT9pGM3WFE_zc-WEjIrA0AKOnpQrS2pSaIQWFmBod8Vj0gVgG_4tvDo2b4wOGfqqbLS3XuChXEAn-AiGTbVNJkYTsBkZ_G77AnSrDFXiyocUNASBpLzkVFk24YLCALNM0HFg2iCoUhYi9tQ62RF97DyQG1Xere1J3jCgwyxe04FczpIEenzk7DKgzBe45axStZLmOVbh5Cj5AxxTMBY29ncP9tzax1f2vNStIsORWbKiUVM0epogf4Lzv-9Pbf2tw-FZfkWh_5P-oKc9wHkG9ycxZXJLjz9RVlhmNWrU66a3cd9YA4zeyrePiGvFEHkz-gNcX-S2w_PrpU_PIFwcU9SnCux1CstjGwLFSKxyn5D49zCnL0-Opo7nJDnlp98YociS1XHM48jE8r5liR8x_6a5I7_1QMS1AbaeBspRg24JKND_uVPtp6Sf7hMmYf7IUigPy1a4agWR2ik8prQfKFFKeTs4aSJX84ZeL2Tw_ziqUP2A1j4SnNyaOwXHJo9Z3Zl9VsHh8tE5D6csiqVx5ZpTu4hrfMyvk5Vvg4AQDeDolWaVe1xhkSgs-L34sYPg4qzT1bStAo3gPCNm4S4s9u72SYzcSWmA7i8TDUnha34Xh7RKIegeaz7iznb-29JzOcU5KMBpnd4Y0-5QVJtFifY-iHETym9Xl4gArMpu3uFXwwhrS3ngeO42auHhc6-oGVHJ0LLSIYYuyHEVbPXLfo904M7GyOn7K57Bo3tZoPmPKJxHehsPmn7dONvLXxoPkSRFCcfuAMLJIl925AvpYtUdIkl8QnnM_RNlcps6wca4GEyf01NX_ibdjVeTVnZfieLYsNLvZd-cVYJvzfbNZZcrNw9K52J0FeIVx1iR-diDkpj6WdsBBnn-seRt0bSTZZX0oQJNl57tDjDiQXlKr2mv2Aph5TOrZgwCYIHeYiOrzVTWmJfvMx54HaaILy7UNCDNpDa9L5fu4EBWdnn0h0OuzPZe1sEP9eMnrOwG64SsoeeN_K5LUrxxocyDYA-9vWH3QvqGOfyKiFvYWDU9kxlY7mF8uQj-4x17Zt5qXvf1Kpm4sO84tNNruiWWCysI5ecNP-G3lfeStwkDX_UI2F_juPtRrNUpGzE7n3O1JKqcYPyaRKw75E_qOctqqItCcoRJQYM&cid=CAQSSwDq26N9INF13icAWzB0PirScprQzoUO5_cdB7tYx5YGy5x-pTVQpFFjMo8HqmZ_PvmYVeTlGJH2ZpfkHXYy_bZoqMkIJwOInb_61hgBIBM&rfl=1%2Chttps%253A%252F%252Fexeo.app%252F%240 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 30 Dec 2022 09:15:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 34399
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 30-Dec-2022 09:30:14 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.id5-sync.com/api/1.0/esp.js
104.22.52.86200 OK 18 kB URL HTTP/2 cdn.id5-sync.com/api/1.0/esp.js
IP 104.22.52.86:0
Hash f3ee67d7af7084aef49cbf9cfec33580
7d5ee0b08208f2eae3a3ac5b67c02bcd97a7e591
eaf35505f8f638f6638bbb17bef9eb3641ced9ba814199d5dda6339c63840e65
GET /api/1.0/esp.js HTTP/1.1
Host: cdn.id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:14 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: br8ocj5fWmQgOqNy/Y5LiIH5q+MAwLmtxoIHmumKrdJnVOflpFk2DrvLlhRMxH1N156iQZCmWrRJmSpedVGlPA==
x-amz-request-id: 9KT5DTFKEWY7HC5S
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
etag: W/"91dadf6b1eddd8d91a5cc2e3be5ea8cf"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 3256
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 7819ab772c0d0b39-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2156f5045eb474b5c02d0c6f64f02c4e
5cc884658ca6b9b357478137cb431f694e773bd8
3e7eb661f6a47c44f20915b8384799874b0f0a69fcedd1d90caaed93f8fce4bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E7EB661F6A47C44F20915B8384799874B0F0A69FCEDD1D90CAAED93F8FCE4BB"
Last-Modified: Fri, 30 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18418
Expires: Fri, 30 Dec 2022 14:22:12 GMT
Date: Fri, 30 Dec 2022 09:15:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2156f5045eb474b5c02d0c6f64f02c4e
5cc884658ca6b9b357478137cb431f694e773bd8
3e7eb661f6a47c44f20915b8384799874b0f0a69fcedd1d90caaed93f8fce4bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E7EB661F6A47C44F20915B8384799874B0F0A69FCEDD1D90CAAED93F8FCE4BB"
Last-Modified: Fri, 30 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18418
Expires: Fri, 30 Dec 2022 14:22:12 GMT
Date: Fri, 30 Dec 2022 09:15:14 GMT
Connection: keep-alive
googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A1or4YS1ZPFt0Cy8odVcaDN0kDMXb7FZYJ_U_OIeywekUeOwjVVUSTkNgdy74d5ETtoH4u0gRG5SrjYEQMFyF6LiUeSw&cry=1&dbm_d=AKAmf-CN9z4bt01IqWi9ZgcjD_zpiW2HTKBiaP5fj1WiF5CDKw-kdUn7djRoJaH1RhOOGulFdut1nysamXlfn8BeLS2WIksnSYDw6RJfbNiCMZYtB6oo-OP314DIznurrlUXi5zdnbYCOFd1xpdI1TV1-yu2FoR7eJu654oageRmmPWraEy95uxQRZS4zXQVV3VAq2v4-soWrsVz7ujqBSk3xmFmlslu03X3HmJyytBi2dkN_B8HpLC4zOchJI8u_SnI9t9ov6k9-gPGyLI0xoEzAX-HZzPun8GFHDjP-otOQas6fHYv9Qs5-z2eu5hR8XJO-xeu5B60sN9ZgQw28HHx2Q8jMUWr7fVudDxOmvmE9tfP5tRxfCZuCYD59mJlEag0pY2uEuQvWJrAnwk_XZXpXNBdGwGY_fRF_oEShiBnmPGg9EnbEhNW3EWgAugxXZpoSlCYRdgdR5gO-dA08xTFK3dEl3HUw62uRHhLSySWikvl_QsdBtV9JC9atx1XYXF6lsvq5EzXoKwjSouqnTksj3X2oFWw8HRtbst4AIDqM8ElOJt4yuuaIkXtZGrpZOzj4FOhs9kuTrlvI-6vjKo9c1Th2Mv9OOvP3Xn0UBGFnN2JPRWY82p5cQ_shsoLPpzkqHQXXtQldp8x1kV8qE8R7Y6aG0iljOu05cwXez_iWBCxzLY6NDPQiAC-vAmdGS2DH3BYI6nKzcU-Wv6M8KYWnWekU1Qq2VTrHa2MiP6Q-5AvB5hJwi1dAqlYkIeaEhfwvkmbPlPra-0Bm6ub-gaoI9Y3VEDD8FwE9focq8OFHWw5mWMA5HQMXrSX0865kDihSHiWWSh2uV2In7_nQr8FIZ6mqjcutICARmw4moKNGSa94LBlKxQORirHR4RZyvJ_XBNAvgZsG8LK9NPQUZ68R0iZF_rXjw-dWrdVl2wovm9J811mEU8EnkgOBLs6kT-i-ueukSZzrVE0kMdDtqvO-b5SJa3F8eYlP4Dtl6amvkg6eT8wkZqFkI8opuCeyT-bcqRp-GkeDuROnLV7u4SImo_o8A_7GLeDY97JdCRbVX2oceoetDKy79eHZramk9HwZyMQiUV1kg_KV911ubTqGUHT1xoXqktzqHg6YsspzaKP3MIDNwzefFV2OcZP1GpDCE6x78kg-GLCS0oH0Im51HIAgXSAwa2JPQItYif7Xsd793bQ5DddWXqpcPKr60Y8igjTo07hKsb9JNfbSkfRF4vB_hdgX4y6fTdWCpLp2aOXqILNoxmDqbEWtN5kv3j2Tqc3l5Ny2uQPSnlVjfI2pQ1F-gwo94-yS97v-xNOKEXlaD3_MwcZ5uUke0U3cVotuMAoFC5Qo2DkTHooiR7L08LNUz-nx6oMSdp0Xj5wY1ouVSQTfKodUrSTwF6oKQDO6vB5sa0UUluj-C14gXC7QKdsM5qZQB5D_cS6FgXG5DyOEVvNseQjZV_8ebFP-1UZd-ulnon9NUZsK9Gp4GyxOgDObqsfspOPcISh5eAj7Yb7atxNBteb7nckIQKf22hzuAEEyzIoP65HiNnSwKAlgqzqFOIvCYMRv2-ri8A58umIrBDgyLpnuMhbBmyB-n6WMc5pIzmGKrshPweCR6tMPmHqgvqKPy2RHtwAw2b_SzbgNdIj7YyZ0z5svMVvkzhyAhSXy9gK_8nenUUs9VwwYENQhLtcJrJRBZopKOHaV4utDY_UFfHoUMkfoLd4t96nHF5eR2_o_MYVIOa93kBcV2bCaqh8_FWAos402QL6sctTFzEIztdDQCuWfrGCsVLaij4yS6ebAWaTOFpbGuanHaHOy4RQ0Sa0-ObVpiSwq92BRZ7P3-lJFeTq6SwFX9MPpJKHidEatAGDo0WyFMhwhsHralCNw3u50b22qiOI1rOjeQuQfj5SVHlXrCHsgQ1bNfSFeCIa-HERxtCTBr0uT2xVr2HYDRNEe-2NzbDYY8Sh7m7CobuMCGsO7LRNcJAfR5d9sswGxRv7IAEz8-38QK-i4FOEAEg3MFFJ0UFoYxz2DOxbau0EkPqMfnicDIoyCZjpnTH6Hdp_hTfNclA-4zwGTxlAZh7njQ1doLfgPLjz9UiZx-h9aopjalE6BTEv1TdcU9FANLe3-YdLhb4TXaU2dv_GKl1l3yXxn4QlMoZT7ZZLTUhJWgLmu2YHFzGhjg9SJ9pRO0USoyGw67e4zBvWxe5cItaqH801WxImgtNeuXdvkuJgOcVPk16B8TZdfKywkDQukiiK8Gk2YDKtUdDu-glFWHhdJxlTNS8J5_niWhOu1NCDM0iMZJNPK1Ft0k-9npHZ_Z95dBSo5bDBIKFJr6p-EQ-T0kqFqQCykxHagGG3-mjqe0smVi0qEAbOTF0MPmInjtt-Crk1Df-gQTn1IBfZXn3zWtZ91QlUIr4OQYbwKF0ojYTQNcUJa4nG5IoZzxfn3vocChUZBnNy60Owj23kOdJoetodLUEEQHPI6U_BqPZ2Vhij17FdZAd-lMUfUYmrUC2ScgvBDkFmJevjf-8oVOK37givLS4T0sCK5C_UcJe0S5IYQVt59ry-UErLs8SLdeuXNqgNl62tyxGgqaTkrCa8RmcGUcY3stDSPuDIWEMPau_l-g2wr30qV0aDh6XmI2rXB9HR07WNlGMlN4K76iT_fOZrwJBa0fBQuxSe6ZS4_Qfqz6AfgqH3Ru-vhsuzrMzgHTvk40Wz8jobf8LZgfdvyvnktuYne0rXJ0N2cDsuiSwnEMZbABJTZoNu4YGjvRc5PpKKVWc0N6k8ay9RSLAkkGakzESyRzrtQ_22t7avXCV_IJldDhEoPU_GMJPuvx4CiIwR6xbe-__j3ofnj09BKb6KtWzoArJkxIu22n8AnG-2X4PdZweScVjwoNNWb4z-baFMSL-sENtJZKhJEBxChTyVIwQB4L0GZcgBwFhUoMZoPUAgQE-getVaKOrFlsxdj_0Gth_GR43HPsYAT_JaAeUuH_599rhMfBJYYYakW6dZqOUr8BrhNflHWsDOfIDaVB4NlR1n3TGoNTGmiz9r-O3d6wCPM5yOdy8aIWYvT6T6LYyMaGmuOcgjnQdrRgvCq3x_XfKUKpW6x5sV3snmXXlmMZJjCPgtJHBymo59B-5JJ1nxd1MNLNwSS2hnwOkw-A8lCS2q8LOYhhrbqCyvTNyKEEJWvEVaXzd817SPG8GbjyZV3iPqtoG3PTv1AAkbdAI_t7QKaLWTQTJeDc0KpfpVf-RVP40g8Kf9oncXbDaLIF-Cg9Xm3sONLXE3MM-xnN4r2T3xiBYZkoU7xmCK8wLhWeuSifqZ4VSuWsL_FkgnvY7MFawEiHKm_BnixvvOHuGhdGvThGcBG3K1JVHmZfsfl63MkH0pxQg8SGw&cid=CAQSSwDq26N9zFDkLMGmaag4EcF0LwpzHK2AsUIRFIhJ7oS-Ve2ldhB82h3kpQsNrYaAD9hglU-FQYA_HcJWzezigrQwfL7cKQecKlVHJhgBIBM&rfl=2%2Chttps%253A%252F%252Fexeo.app%252F%240
142.250.74.66200 OK 503 B URL HTTP/2 googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A1or4YS1ZPFt0Cy8odVcaDN0kDMXb7FZYJ_U_OIeywekUeOwjVVUSTkNgdy74d5ETtoH4u0gRG5SrjYEQMFyF6LiUeSw&cry=1&dbm_d=AKAmf-CN9z4bt01IqWi9ZgcjD_zpiW2HTKBiaP5fj1WiF5CDKw-kdUn7djRoJaH1RhOOGulFdut1nysamXlfn8BeLS2WIksnSYDw6RJfbNiCMZYtB6oo-OP314DIznurrlUXi5zdnbYCOFd1xpdI1TV1-yu2FoR7eJu654oageRmmPWraEy95uxQRZS4zXQVV3VAq2v4-soWrsVz7ujqBSk3xmFmlslu03X3HmJyytBi2dkN_B8HpLC4zOchJI8u_SnI9t9ov6k9-gPGyLI0xoEzAX-HZzPun8GFHDjP-otOQas6fHYv9Qs5-z2eu5hR8XJO-xeu5B60sN9ZgQw28HHx2Q8jMUWr7fVudDxOmvmE9tfP5tRxfCZuCYD59mJlEag0pY2uEuQvWJrAnwk_XZXpXNBdGwGY_fRF_oEShiBnmPGg9EnbEhNW3EWgAugxXZpoSlCYRdgdR5gO-dA08xTFK3dEl3HUw62uRHhLSySWikvl_QsdBtV9JC9atx1XYXF6lsvq5EzXoKwjSouqnTksj3X2oFWw8HRtbst4AIDqM8ElOJt4yuuaIkXtZGrpZOzj4FOhs9kuTrlvI-6vjKo9c1Th2Mv9OOvP3Xn0UBGFnN2JPRWY82p5cQ_shsoLPpzkqHQXXtQldp8x1kV8qE8R7Y6aG0iljOu05cwXez_iWBCxzLY6NDPQiAC-vAmdGS2DH3BYI6nKzcU-Wv6M8KYWnWekU1Qq2VTrHa2MiP6Q-5AvB5hJwi1dAqlYkIeaEhfwvkmbPlPra-0Bm6ub-gaoI9Y3VEDD8FwE9focq8OFHWw5mWMA5HQMXrSX0865kDihSHiWWSh2uV2In7_nQr8FIZ6mqjcutICARmw4moKNGSa94LBlKxQORirHR4RZyvJ_XBNAvgZsG8LK9NPQUZ68R0iZF_rXjw-dWrdVl2wovm9J811mEU8EnkgOBLs6kT-i-ueukSZzrVE0kMdDtqvO-b5SJa3F8eYlP4Dtl6amvkg6eT8wkZqFkI8opuCeyT-bcqRp-GkeDuROnLV7u4SImo_o8A_7GLeDY97JdCRbVX2oceoetDKy79eHZramk9HwZyMQiUV1kg_KV911ubTqGUHT1xoXqktzqHg6YsspzaKP3MIDNwzefFV2OcZP1GpDCE6x78kg-GLCS0oH0Im51HIAgXSAwa2JPQItYif7Xsd793bQ5DddWXqpcPKr60Y8igjTo07hKsb9JNfbSkfRF4vB_hdgX4y6fTdWCpLp2aOXqILNoxmDqbEWtN5kv3j2Tqc3l5Ny2uQPSnlVjfI2pQ1F-gwo94-yS97v-xNOKEXlaD3_MwcZ5uUke0U3cVotuMAoFC5Qo2DkTHooiR7L08LNUz-nx6oMSdp0Xj5wY1ouVSQTfKodUrSTwF6oKQDO6vB5sa0UUluj-C14gXC7QKdsM5qZQB5D_cS6FgXG5DyOEVvNseQjZV_8ebFP-1UZd-ulnon9NUZsK9Gp4GyxOgDObqsfspOPcISh5eAj7Yb7atxNBteb7nckIQKf22hzuAEEyzIoP65HiNnSwKAlgqzqFOIvCYMRv2-ri8A58umIrBDgyLpnuMhbBmyB-n6WMc5pIzmGKrshPweCR6tMPmHqgvqKPy2RHtwAw2b_SzbgNdIj7YyZ0z5svMVvkzhyAhSXy9gK_8nenUUs9VwwYENQhLtcJrJRBZopKOHaV4utDY_UFfHoUMkfoLd4t96nHF5eR2_o_MYVIOa93kBcV2bCaqh8_FWAos402QL6sctTFzEIztdDQCuWfrGCsVLaij4yS6ebAWaTOFpbGuanHaHOy4RQ0Sa0-ObVpiSwq92BRZ7P3-lJFeTq6SwFX9MPpJKHidEatAGDo0WyFMhwhsHralCNw3u50b22qiOI1rOjeQuQfj5SVHlXrCHsgQ1bNfSFeCIa-HERxtCTBr0uT2xVr2HYDRNEe-2NzbDYY8Sh7m7CobuMCGsO7LRNcJAfR5d9sswGxRv7IAEz8-38QK-i4FOEAEg3MFFJ0UFoYxz2DOxbau0EkPqMfnicDIoyCZjpnTH6Hdp_hTfNclA-4zwGTxlAZh7njQ1doLfgPLjz9UiZx-h9aopjalE6BTEv1TdcU9FANLe3-YdLhb4TXaU2dv_GKl1l3yXxn4QlMoZT7ZZLTUhJWgLmu2YHFzGhjg9SJ9pRO0USoyGw67e4zBvWxe5cItaqH801WxImgtNeuXdvkuJgOcVPk16B8TZdfKywkDQukiiK8Gk2YDKtUdDu-glFWHhdJxlTNS8J5_niWhOu1NCDM0iMZJNPK1Ft0k-9npHZ_Z95dBSo5bDBIKFJr6p-EQ-T0kqFqQCykxHagGG3-mjqe0smVi0qEAbOTF0MPmInjtt-Crk1Df-gQTn1IBfZXn3zWtZ91QlUIr4OQYbwKF0ojYTQNcUJa4nG5IoZzxfn3vocChUZBnNy60Owj23kOdJoetodLUEEQHPI6U_BqPZ2Vhij17FdZAd-lMUfUYmrUC2ScgvBDkFmJevjf-8oVOK37givLS4T0sCK5C_UcJe0S5IYQVt59ry-UErLs8SLdeuXNqgNl62tyxGgqaTkrCa8RmcGUcY3stDSPuDIWEMPau_l-g2wr30qV0aDh6XmI2rXB9HR07WNlGMlN4K76iT_fOZrwJBa0fBQuxSe6ZS4_Qfqz6AfgqH3Ru-vhsuzrMzgHTvk40Wz8jobf8LZgfdvyvnktuYne0rXJ0N2cDsuiSwnEMZbABJTZoNu4YGjvRc5PpKKVWc0N6k8ay9RSLAkkGakzESyRzrtQ_22t7avXCV_IJldDhEoPU_GMJPuvx4CiIwR6xbe-__j3ofnj09BKb6KtWzoArJkxIu22n8AnG-2X4PdZweScVjwoNNWb4z-baFMSL-sENtJZKhJEBxChTyVIwQB4L0GZcgBwFhUoMZoPUAgQE-getVaKOrFlsxdj_0Gth_GR43HPsYAT_JaAeUuH_599rhMfBJYYYakW6dZqOUr8BrhNflHWsDOfIDaVB4NlR1n3TGoNTGmiz9r-O3d6wCPM5yOdy8aIWYvT6T6LYyMaGmuOcgjnQdrRgvCq3x_XfKUKpW6x5sV3snmXXlmMZJjCPgtJHBymo59B-5JJ1nxd1MNLNwSS2hnwOkw-A8lCS2q8LOYhhrbqCyvTNyKEEJWvEVaXzd817SPG8GbjyZV3iPqtoG3PTv1AAkbdAI_t7QKaLWTQTJeDc0KpfpVf-RVP40g8Kf9oncXbDaLIF-Cg9Xm3sONLXE3MM-xnN4r2T3xiBYZkoU7xmCK8wLhWeuSifqZ4VSuWsL_FkgnvY7MFawEiHKm_BnixvvOHuGhdGvThGcBG3K1JVHmZfsfl63MkH0pxQg8SGw&cid=CAQSSwDq26N9zFDkLMGmaag4EcF0LwpzHK2AsUIRFIhJ7oS-Ve2ldhB82h3kpQsNrYaAD9hglU-FQYA_HcJWzezigrQwfL7cKQecKlVHJhgBIBM&rfl=2%2Chttps%253A%252F%252Fexeo.app%252F%240
IP 142.250.74.66:0
Hash 2156f5045eb474b5c02d0c6f64f02c4e
5cc884658ca6b9b357478137cb431f694e773bd8
3e7eb661f6a47c44f20915b8384799874b0f0a69fcedd1d90caaed93f8fce4bb
GET /dbm/ad?dbm_c=AKAmf-A1or4YS1ZPFt0Cy8odVcaDN0kDMXb7FZYJ_U_OIeywekUeOwjVVUSTkNgdy74d5ETtoH4u0gRG5SrjYEQMFyF6LiUeSw&cry=1&dbm_d=AKAmf-CN9z4bt01IqWi9ZgcjD_zpiW2HTKBiaP5fj1WiF5CDKw-kdUn7djRoJaH1RhOOGulFdut1nysamXlfn8BeLS2WIksnSYDw6RJfbNiCMZYtB6oo-OP314DIznurrlUXi5zdnbYCOFd1xpdI1TV1-yu2FoR7eJu654oageRmmPWraEy95uxQRZS4zXQVV3VAq2v4-soWrsVz7ujqBSk3xmFmlslu03X3HmJyytBi2dkN_B8HpLC4zOchJI8u_SnI9t9ov6k9-gPGyLI0xoEzAX-HZzPun8GFHDjP-otOQas6fHYv9Qs5-z2eu5hR8XJO-xeu5B60sN9ZgQw28HHx2Q8jMUWr7fVudDxOmvmE9tfP5tRxfCZuCYD59mJlEag0pY2uEuQvWJrAnwk_XZXpXNBdGwGY_fRF_oEShiBnmPGg9EnbEhNW3EWgAugxXZpoSlCYRdgdR5gO-dA08xTFK3dEl3HUw62uRHhLSySWikvl_QsdBtV9JC9atx1XYXF6lsvq5EzXoKwjSouqnTksj3X2oFWw8HRtbst4AIDqM8ElOJt4yuuaIkXtZGrpZOzj4FOhs9kuTrlvI-6vjKo9c1Th2Mv9OOvP3Xn0UBGFnN2JPRWY82p5cQ_shsoLPpzkqHQXXtQldp8x1kV8qE8R7Y6aG0iljOu05cwXez_iWBCxzLY6NDPQiAC-vAmdGS2DH3BYI6nKzcU-Wv6M8KYWnWekU1Qq2VTrHa2MiP6Q-5AvB5hJwi1dAqlYkIeaEhfwvkmbPlPra-0Bm6ub-gaoI9Y3VEDD8FwE9focq8OFHWw5mWMA5HQMXrSX0865kDihSHiWWSh2uV2In7_nQr8FIZ6mqjcutICARmw4moKNGSa94LBlKxQORirHR4RZyvJ_XBNAvgZsG8LK9NPQUZ68R0iZF_rXjw-dWrdVl2wovm9J811mEU8EnkgOBLs6kT-i-ueukSZzrVE0kMdDtqvO-b5SJa3F8eYlP4Dtl6amvkg6eT8wkZqFkI8opuCeyT-bcqRp-GkeDuROnLV7u4SImo_o8A_7GLeDY97JdCRbVX2oceoetDKy79eHZramk9HwZyMQiUV1kg_KV911ubTqGUHT1xoXqktzqHg6YsspzaKP3MIDNwzefFV2OcZP1GpDCE6x78kg-GLCS0oH0Im51HIAgXSAwa2JPQItYif7Xsd793bQ5DddWXqpcPKr60Y8igjTo07hKsb9JNfbSkfRF4vB_hdgX4y6fTdWCpLp2aOXqILNoxmDqbEWtN5kv3j2Tqc3l5Ny2uQPSnlVjfI2pQ1F-gwo94-yS97v-xNOKEXlaD3_MwcZ5uUke0U3cVotuMAoFC5Qo2DkTHooiR7L08LNUz-nx6oMSdp0Xj5wY1ouVSQTfKodUrSTwF6oKQDO6vB5sa0UUluj-C14gXC7QKdsM5qZQB5D_cS6FgXG5DyOEVvNseQjZV_8ebFP-1UZd-ulnon9NUZsK9Gp4GyxOgDObqsfspOPcISh5eAj7Yb7atxNBteb7nckIQKf22hzuAEEyzIoP65HiNnSwKAlgqzqFOIvCYMRv2-ri8A58umIrBDgyLpnuMhbBmyB-n6WMc5pIzmGKrshPweCR6tMPmHqgvqKPy2RHtwAw2b_SzbgNdIj7YyZ0z5svMVvkzhyAhSXy9gK_8nenUUs9VwwYENQhLtcJrJRBZopKOHaV4utDY_UFfHoUMkfoLd4t96nHF5eR2_o_MYVIOa93kBcV2bCaqh8_FWAos402QL6sctTFzEIztdDQCuWfrGCsVLaij4yS6ebAWaTOFpbGuanHaHOy4RQ0Sa0-ObVpiSwq92BRZ7P3-lJFeTq6SwFX9MPpJKHidEatAGDo0WyFMhwhsHralCNw3u50b22qiOI1rOjeQuQfj5SVHlXrCHsgQ1bNfSFeCIa-HERxtCTBr0uT2xVr2HYDRNEe-2NzbDYY8Sh7m7CobuMCGsO7LRNcJAfR5d9sswGxRv7IAEz8-38QK-i4FOEAEg3MFFJ0UFoYxz2DOxbau0EkPqMfnicDIoyCZjpnTH6Hdp_hTfNclA-4zwGTxlAZh7njQ1doLfgPLjz9UiZx-h9aopjalE6BTEv1TdcU9FANLe3-YdLhb4TXaU2dv_GKl1l3yXxn4QlMoZT7ZZLTUhJWgLmu2YHFzGhjg9SJ9pRO0USoyGw67e4zBvWxe5cItaqH801WxImgtNeuXdvkuJgOcVPk16B8TZdfKywkDQukiiK8Gk2YDKtUdDu-glFWHhdJxlTNS8J5_niWhOu1NCDM0iMZJNPK1Ft0k-9npHZ_Z95dBSo5bDBIKFJr6p-EQ-T0kqFqQCykxHagGG3-mjqe0smVi0qEAbOTF0MPmInjtt-Crk1Df-gQTn1IBfZXn3zWtZ91QlUIr4OQYbwKF0ojYTQNcUJa4nG5IoZzxfn3vocChUZBnNy60Owj23kOdJoetodLUEEQHPI6U_BqPZ2Vhij17FdZAd-lMUfUYmrUC2ScgvBDkFmJevjf-8oVOK37givLS4T0sCK5C_UcJe0S5IYQVt59ry-UErLs8SLdeuXNqgNl62tyxGgqaTkrCa8RmcGUcY3stDSPuDIWEMPau_l-g2wr30qV0aDh6XmI2rXB9HR07WNlGMlN4K76iT_fOZrwJBa0fBQuxSe6ZS4_Qfqz6AfgqH3Ru-vhsuzrMzgHTvk40Wz8jobf8LZgfdvyvnktuYne0rXJ0N2cDsuiSwnEMZbABJTZoNu4YGjvRc5PpKKVWc0N6k8ay9RSLAkkGakzESyRzrtQ_22t7avXCV_IJldDhEoPU_GMJPuvx4CiIwR6xbe-__j3ofnj09BKb6KtWzoArJkxIu22n8AnG-2X4PdZweScVjwoNNWb4z-baFMSL-sENtJZKhJEBxChTyVIwQB4L0GZcgBwFhUoMZoPUAgQE-getVaKOrFlsxdj_0Gth_GR43HPsYAT_JaAeUuH_599rhMfBJYYYakW6dZqOUr8BrhNflHWsDOfIDaVB4NlR1n3TGoNTGmiz9r-O3d6wCPM5yOdy8aIWYvT6T6LYyMaGmuOcgjnQdrRgvCq3x_XfKUKpW6x5sV3snmXXlmMZJjCPgtJHBymo59B-5JJ1nxd1MNLNwSS2hnwOkw-A8lCS2q8LOYhhrbqCyvTNyKEEJWvEVaXzd817SPG8GbjyZV3iPqtoG3PTv1AAkbdAI_t7QKaLWTQTJeDc0KpfpVf-RVP40g8Kf9oncXbDaLIF-Cg9Xm3sONLXE3MM-xnN4r2T3xiBYZkoU7xmCK8wLhWeuSifqZ4VSuWsL_FkgnvY7MFawEiHKm_BnixvvOHuGhdGvThGcBG3K1JVHmZfsfl63MkH0pxQg8SGw&cid=CAQSSwDq26N9zFDkLMGmaag4EcF0LwpzHK2AsUIRFIhJ7oS-Ve2ldhB82h3kpQsNrYaAD9hglU-FQYA_HcJWzezigrQwfL7cKQecKlVHJhgBIBM&rfl=2%2Chttps%253A%252F%252Fexeo.app%252F%240 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 30 Dec 2022 09:15:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 34498
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 30-Dec-2022 09:30:14 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2156f5045eb474b5c02d0c6f64f02c4e
5cc884658ca6b9b357478137cb431f694e773bd8
3e7eb661f6a47c44f20915b8384799874b0f0a69fcedd1d90caaed93f8fce4bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E7EB661F6A47C44F20915B8384799874B0F0A69FCEDD1D90CAAED93F8FCE4BB"
Last-Modified: Fri, 30 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18418
Expires: Fri, 30 Dec 2022 14:22:12 GMT
Date: Fri, 30 Dec 2022 09:15:14 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b72d4d2-0340-4f3f-9cb2-a0ff1e1ece28.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b72d4d2-0340-4f3f-9cb2-a0ff1e1ece28.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d0f02288213f270c5a4a8944107c81e9
d17f3594e4aa86aa1b28849bbc3c7f1d45d938ea
770e6cc997aafc1c0485af4fa413fa255868a5d333e8e60e7de90b4c74bf29bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b72d4d2-0340-4f3f-9cb2-a0ff1e1ece28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8494
x-amzn-requestid: 8dc4c6ae-ecb5-427d-be0a-535585f19b03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZUXHR1IAMFn4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08e8-326ee70106b8fa9d2c4d540b;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fR6Tky8KiadgDTqrGN7QKIldTbOm8rIxJXZOtT6FyjBC6gafdCd33A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:01:38 GMT
age: 40416
etag: "d17f3594e4aa86aa1b28849bbc3c7f1d45d938ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcce559ba-ede8-48f0-8bf2-1c6a0c1d4c83.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcce559ba-ede8-48f0-8bf2-1c6a0c1d4c83.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9d21812b8907c0410fcf07b8a245fd97
f9f4289b4f79af75f646f2c72de68dcb679f0c10
7c720ceaf934e04af379535b8fe63685314abc18033e95ed24deb29b3e34e744
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcce559ba-ede8-48f0-8bf2-1c6a0c1d4c83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8101
x-amzn-requestid: cdcbc49a-d707-4123-ade4-cb15af5c87d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7a21FInoAMFfQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae0b5e-3e9cf62117217e6a1157f231;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:49:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WUUKdG7_nEJW5qtYxQBep_w_ySyzsDOIu-3ToocqJi47NWnfvGTueg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:23:09 GMT
etag: "f9f4289b4f79af75f646f2c72de68dcb679f0c10"
content-type: image/jpeg
age: 39125
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
id5-sync.com/api/esp/increment?counter=no-config
162.19.138.83204 0 B URL HTTP/1.1 id5-sync.com/api/esp/increment?counter=no-config
IP 162.19.138.83:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/esp/increment?counter=no-config HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
date: Fri, 30 Dec 2022 09:15:13 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdace6689-97a8-4bcf-90a0-c223ba35cd6d.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdace6689-97a8-4bcf-90a0-c223ba35cd6d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c0d5fb3791917c41549447f9de79803
1b2c18e9474133539ec54b2e77112256aefadda8
f81084ebe03cff7659902d1afdd44c0f95ecffa96b880550b6a0b51191348222
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdace6689-97a8-4bcf-90a0-c223ba35cd6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8071
x-amzn-requestid: 0085b429-3682-43ad-a47b-be03cbe32c53
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7Zx1FOfoAMF-DQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae09a5-450206562924e25e363b1ccc;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:41:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: S_FfIgQU5dbZ4B8xhnYGgKIWaZ03PUrzbD5qdV7ASZegKf6TWwpAgw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:29:29 GMT
age: 38745
etag: "1b2c18e9474133539ec54b2e77112256aefadda8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24cb4ce3-48b0-4438-a0c5-0c62139706b6.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24cb4ce3-48b0-4438-a0c5-0c62139706b6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a5df739293f8846ba42b9ee2748ddec0
8ae554e7a9944145b58cdf14433e382e0b09d417
2a2bbd6219432e6a451838ca1266972fb412190fbf1c96351f3f0372143eea2f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24cb4ce3-48b0-4438-a0c5-0c62139706b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9748
x-amzn-requestid: 06f61fb6-c474-4c29-8e2a-3c94086c0a96
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZmOG9DoAMFhOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae095a-731b23c915809aba62afd050;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:40:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KjGfhkZcBsccQksbbE0udUABqQ-3whKNn_2vVln0AVvrd-Uwas_O6w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:01:37 GMT
age: 40417
etag: "8ae554e7a9944145b58cdf14433e382e0b09d417"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b05264c-5ed0-4ad4-996c-58fc36048283.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b05264c-5ed0-4ad4-996c-58fc36048283.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 244b2a2a5b176fb3117248a872e2a37a
f451963e96d330a8dcd28ebcf5e63791e90b75ba
c01075e3836684e57b87d1feaf148e5c0dc35e273b8519c342c90e44dfc1e54a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b05264c-5ed0-4ad4-996c-58fc36048283.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12054
x-amzn-requestid: c24868ab-bcf2-4f9c-b7a3-83df6a1fb11a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: do5InGjRIAMFWtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a6a236-539fdd2919bdc153159156ef;Sampled=0
x-amzn-remapped-date: Sat, 24 Dec 2022 06:54:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WQ2TnGkAeLlisFSiN2rI45ImsUR0xjSsEI0pMXBFzl8dMoeVb4EnRw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 09:34:32 GMT
age: 85242
etag: "f451963e96d330a8dcd28ebcf5e63791e90b75ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9d1857128ab6a237e6854c7a3532b51
702ab1eb38be637f012e1454201b9a7561c29081
48fbf5b5aa1cf66fcdaafe68c72ac073d2ba9b6dedf76ebfaafdc88836fa0fde
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4833
x-amzn-requestid: 46ef49d7-dadb-4665-84bf-1c331ed8fce6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZU2E3IIAMFxAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08eb-28af0ab9094d7c21560a60db;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YyIKd_GHAixWYqzjn0XD2Jwal3Jt62L90StfgPkCkJWU3RQml-u6oA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:01:39 GMT
age: 40415
etag: "702ab1eb38be637f012e1454201b9a7561c29081"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9299e6d768e1e21ab697f8b441e713ee
15b921c5176f830313c4073d222b10891429091d
ef9f94d482985dec0632a8f14796ac91433fe9e1f0b66a56860fb52b0a3b32ca
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EF9F94D482985DEC0632A8F14796AC91433FE9E1F0B66A56860FB52B0A3B32CA"
Last-Modified: Wed, 28 Dec 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1445
Expires: Fri, 30 Dec 2022 09:39:19 GMT
Date: Fri, 30 Dec 2022 09:15:14 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9299e6d768e1e21ab697f8b441e713ee
15b921c5176f830313c4073d222b10891429091d
ef9f94d482985dec0632a8f14796ac91433fe9e1f0b66a56860fb52b0a3b32ca
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EF9F94D482985DEC0632A8F14796AC91433FE9E1F0B66A56860FB52B0A3B32CA"
Last-Modified: Wed, 28 Dec 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1445
Expires: Fri, 30 Dec 2022 09:39:19 GMT
Date: Fri, 30 Dec 2022 09:15:14 GMT
Connection: keep-alive
t.bung.ie/imgp/pwoksi?campaign=29070078&ad_group=545389856&ad=183468569&site_id=5376014&placement=354509085&_cbust=1119660547
104.18.21.214200 OK 43 B URL HTTP/2 t.bung.ie/imgp/pwoksi?campaign=29070078&ad_group=545389856&ad=183468569&site_id=5376014&placement=354509085&_cbust=1119660547
IP 104.18.21.214:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /imgp/pwoksi?campaign=29070078&ad_group=545389856&ad=183468569&site_id=5376014&placement=354509085&_cbust=1119660547 HTTP/1.1
Host: t.bung.ie
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:14 GMT
content-type: image/gif
content-length: 43
set-cookie: session_id=1ed88227-859b-641c-84c3-7a6dd29d398f; Max-Age=31536000; SameSite=None; Path=/; Secure; HttpOnly
session_id_pwoksi_impression=1ed88227-859b-641c-84c3-7a6dd29d398f; Max-Age=86400; SameSite=None; Path=/; Secure; HttpOnly
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
x-envoy-upstream-service-time: 3
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7819ab793a151c06-OSL
X-Firefox-Spdy: h2
t.bung.ie/imgp/pwoksi?campaign=29045618&ad_group=545198011&ad=183229178&site_id=5376014&placement=354019038&_cbust=2870554978
104.18.21.214200 OK 43 B URL HTTP/2 t.bung.ie/imgp/pwoksi?campaign=29045618&ad_group=545198011&ad=183229178&site_id=5376014&placement=354019038&_cbust=2870554978
IP 104.18.21.214:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /imgp/pwoksi?campaign=29045618&ad_group=545198011&ad=183229178&site_id=5376014&placement=354019038&_cbust=2870554978 HTTP/1.1
Host: t.bung.ie
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:14 GMT
content-type: image/gif
content-length: 43
set-cookie: session_id=1ed88227-85f4-65ee-9f81-a259c92d27b6; Max-Age=31536000; SameSite=None; Path=/; Secure; HttpOnly
session_id_pwoksi_impression=1ed88227-85f4-65ee-9f81-a259c92d27b6; Max-Age=86400; SameSite=None; Path=/; Secure; HttpOnly
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
x-envoy-upstream-service-time: 34
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7819ab793a241c06-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2a9024fa75c3c63cdcb4d4c3202ad4f7
29695b5e8165ede3c2ea4ea4c8cac4977c8dbf18
3d719eb0e661050fdf39cb695ada3e6bfb5baf90e72aaee6457b48e8ec97f7bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2a9024fa75c3c63cdcb4d4c3202ad4f7
29695b5e8165ede3c2ea4ea4c8cac4977c8dbf18
3d719eb0e661050fdf39cb695ada3e6bfb5baf90e72aaee6457b48e8ec97f7bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsumjnbDv8lwHH3DqeFCjjPWLyOQ55UQl8Csm7q_Hju1DcGUwFAHVnNgF-fcQDmDkzO4NtEJthrVdoMLBCqkSTlSAx6lcSqIL0d_Pjk3ka3y9cUrPsDMOgZiKKjM4pb33OLXDE0HCquEwFlwehTqDT6FpdNHxDrLrV86G0ZT8shtyVtwF-gcoY8rwKIQKbnILdvgIa_vjjmpuj1rr23SRmhoRc4qdUhc3fCfsnoZUJ9vyM_BOZAEC-rWLiz5SQhU9LFYKLB480-SqptcpyH717h145Yxuf9JXgqteN7R_mSOXHYK4z2IvAxwyYRhBBBKhnK8M9SQmaVE-Xgpt0R_Wa8WIxjV5sQzM3PK6fHuLc-PzRalU5SRtjX6IqLiFMvQzLdlx8A_-pKUnVp_SaQs73SpQavSGCYy-kemRvD1B_XMsf_02CvG1lJeh8dWwpWysUQEa3fDYEV8Ona5_SytpczW_y6Oquwa6abGh6jCK41zw9x1HLW3rv30Kq8VDxBU7w1_1UiJtK6iNgPyQZGSN8pIkQCBg6fwq-FBYxiwA7_ck8bdQ3bZ_ZHkeRZZHgSP2Ksn2uqrN8gUsgxy36PgX3rVa7NcN-wi5JlLvf7OmCvv30rXKrDsDC7MylXIGsDnD1HLpO84-0psvOEIw9qQBQQsIsJrQPr-LgzdCly4uhK_f1J4_uwapV0F0e9M6AiBGoLx6Ew6faakDWclmZtlS1keYbInFdFh02QCmP65iwcunmelxg6UQr8tXJLqNu05pMRLq4Tm0RtIdY9mZ_NfoohbryfnOcRyZnhs0N7xfEo9T1yqRvNVAu4vLtSLwPxQqrgijaOM-0Ta1zHxB_QvIYUCEKM_NRvif_Yk0f9E0wQx9AsKmmhy8v6Xoj-1AsBqQDLv8rCZhxuUeEc7sU0APpm5cp8pZ960h1PuxkqIOZUy6RhtoqZdZ_S7W4a2_ZP92s0vRHpGG3RYUX59j922P6TmSRLUh9oiBko3xr_uIyr0RW3OSemN5U32kQ5Yyk1J3o_6y45aVuuhgIkKQvq8YXNj38zoDaBMFjqblUspIKEbdqTHSrT4aM4UFIzXQVVAKBtgLYq1RvLiUx025WpBQfiqfWKx6jPidePiN7Mbf5rTnNO_FXJTzP4HAMK32XDZnCM1edwrYk0fBXdGRqyJ4hTMgk-gMQwe0jDm4PhaLamz4CvQ8vs3dmPRI0Oywe-8mIkiqB_4co7xZaUZHyu68ze10Buv0sRY7DQhr_6ESD30nx5u223UFznaqA&sai=AMfl-YTy8vDlp4gKQY7zClzuiqJCofgYcw6EMOG-TxldWuPL4smbl14nPWKxk9Iqav-uf-yba2_dQ2X-MH2czBV_VJr5nBtqOPy-o13QSVhR2qMnl3EGVuG3G2KHZ01Q1JmPSkNi_vgdb-hra5YdvPbQF5b5j_2qtHpjSwtxsEQcPL56crudL7Xl-neRuyIOdrMjtx3hkyXiRuGJD0It5w8a5zKLS83YTfhpcY9tb7LjIfeHaJfRGFY0SSAygjbtzbcHqBQC58NkSh65JasCZzEGcok9iHEodcbI7CVuydjbcDzXnCOu&sig=Cg0ArKJSzDjiYGKwAMSUEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20221207.85004&arae=0&ftch=1&adurl=
142.250.74.98200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsumjnbDv8lwHH3DqeFCjjPWLyOQ55UQl8Csm7q_Hju1DcGUwFAHVnNgF-fcQDmDkzO4NtEJthrVdoMLBCqkSTlSAx6lcSqIL0d_Pjk3ka3y9cUrPsDMOgZiKKjM4pb33OLXDE0HCquEwFlwehTqDT6FpdNHxDrLrV86G0ZT8shtyVtwF-gcoY8rwKIQKbnILdvgIa_vjjmpuj1rr23SRmhoRc4qdUhc3fCfsnoZUJ9vyM_BOZAEC-rWLiz5SQhU9LFYKLB480-SqptcpyH717h145Yxuf9JXgqteN7R_mSOXHYK4z2IvAxwyYRhBBBKhnK8M9SQmaVE-Xgpt0R_Wa8WIxjV5sQzM3PK6fHuLc-PzRalU5SRtjX6IqLiFMvQzLdlx8A_-pKUnVp_SaQs73SpQavSGCYy-kemRvD1B_XMsf_02CvG1lJeh8dWwpWysUQEa3fDYEV8Ona5_SytpczW_y6Oquwa6abGh6jCK41zw9x1HLW3rv30Kq8VDxBU7w1_1UiJtK6iNgPyQZGSN8pIkQCBg6fwq-FBYxiwA7_ck8bdQ3bZ_ZHkeRZZHgSP2Ksn2uqrN8gUsgxy36PgX3rVa7NcN-wi5JlLvf7OmCvv30rXKrDsDC7MylXIGsDnD1HLpO84-0psvOEIw9qQBQQsIsJrQPr-LgzdCly4uhK_f1J4_uwapV0F0e9M6AiBGoLx6Ew6faakDWclmZtlS1keYbInFdFh02QCmP65iwcunmelxg6UQr8tXJLqNu05pMRLq4Tm0RtIdY9mZ_NfoohbryfnOcRyZnhs0N7xfEo9T1yqRvNVAu4vLtSLwPxQqrgijaOM-0Ta1zHxB_QvIYUCEKM_NRvif_Yk0f9E0wQx9AsKmmhy8v6Xoj-1AsBqQDLv8rCZhxuUeEc7sU0APpm5cp8pZ960h1PuxkqIOZUy6RhtoqZdZ_S7W4a2_ZP92s0vRHpGG3RYUX59j922P6TmSRLUh9oiBko3xr_uIyr0RW3OSemN5U32kQ5Yyk1J3o_6y45aVuuhgIkKQvq8YXNj38zoDaBMFjqblUspIKEbdqTHSrT4aM4UFIzXQVVAKBtgLYq1RvLiUx025WpBQfiqfWKx6jPidePiN7Mbf5rTnNO_FXJTzP4HAMK32XDZnCM1edwrYk0fBXdGRqyJ4hTMgk-gMQwe0jDm4PhaLamz4CvQ8vs3dmPRI0Oywe-8mIkiqB_4co7xZaUZHyu68ze10Buv0sRY7DQhr_6ESD30nx5u223UFznaqA&sai=AMfl-YTy8vDlp4gKQY7zClzuiqJCofgYcw6EMOG-TxldWuPL4smbl14nPWKxk9Iqav-uf-yba2_dQ2X-MH2czBV_VJr5nBtqOPy-o13QSVhR2qMnl3EGVuG3G2KHZ01Q1JmPSkNi_vgdb-hra5YdvPbQF5b5j_2qtHpjSwtxsEQcPL56crudL7Xl-neRuyIOdrMjtx3hkyXiRuGJD0It5w8a5zKLS83YTfhpcY9tb7LjIfeHaJfRGFY0SSAygjbtzbcHqBQC58NkSh65JasCZzEGcok9iHEodcbI7CVuydjbcDzXnCOu&sig=Cg0ArKJSzDjiYGKwAMSUEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20221207.85004&arae=0&ftch=1&adurl=
IP 142.250.74.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsumjnbDv8lwHH3DqeFCjjPWLyOQ55UQl8Csm7q_Hju1DcGUwFAHVnNgF-fcQDmDkzO4NtEJthrVdoMLBCqkSTlSAx6lcSqIL0d_Pjk3ka3y9cUrPsDMOgZiKKjM4pb33OLXDE0HCquEwFlwehTqDT6FpdNHxDrLrV86G0ZT8shtyVtwF-gcoY8rwKIQKbnILdvgIa_vjjmpuj1rr23SRmhoRc4qdUhc3fCfsnoZUJ9vyM_BOZAEC-rWLiz5SQhU9LFYKLB480-SqptcpyH717h145Yxuf9JXgqteN7R_mSOXHYK4z2IvAxwyYRhBBBKhnK8M9SQmaVE-Xgpt0R_Wa8WIxjV5sQzM3PK6fHuLc-PzRalU5SRtjX6IqLiFMvQzLdlx8A_-pKUnVp_SaQs73SpQavSGCYy-kemRvD1B_XMsf_02CvG1lJeh8dWwpWysUQEa3fDYEV8Ona5_SytpczW_y6Oquwa6abGh6jCK41zw9x1HLW3rv30Kq8VDxBU7w1_1UiJtK6iNgPyQZGSN8pIkQCBg6fwq-FBYxiwA7_ck8bdQ3bZ_ZHkeRZZHgSP2Ksn2uqrN8gUsgxy36PgX3rVa7NcN-wi5JlLvf7OmCvv30rXKrDsDC7MylXIGsDnD1HLpO84-0psvOEIw9qQBQQsIsJrQPr-LgzdCly4uhK_f1J4_uwapV0F0e9M6AiBGoLx6Ew6faakDWclmZtlS1keYbInFdFh02QCmP65iwcunmelxg6UQr8tXJLqNu05pMRLq4Tm0RtIdY9mZ_NfoohbryfnOcRyZnhs0N7xfEo9T1yqRvNVAu4vLtSLwPxQqrgijaOM-0Ta1zHxB_QvIYUCEKM_NRvif_Yk0f9E0wQx9AsKmmhy8v6Xoj-1AsBqQDLv8rCZhxuUeEc7sU0APpm5cp8pZ960h1PuxkqIOZUy6RhtoqZdZ_S7W4a2_ZP92s0vRHpGG3RYUX59j922P6TmSRLUh9oiBko3xr_uIyr0RW3OSemN5U32kQ5Yyk1J3o_6y45aVuuhgIkKQvq8YXNj38zoDaBMFjqblUspIKEbdqTHSrT4aM4UFIzXQVVAKBtgLYq1RvLiUx025WpBQfiqfWKx6jPidePiN7Mbf5rTnNO_FXJTzP4HAMK32XDZnCM1edwrYk0fBXdGRqyJ4hTMgk-gMQwe0jDm4PhaLamz4CvQ8vs3dmPRI0Oywe-8mIkiqB_4co7xZaUZHyu68ze10Buv0sRY7DQhr_6ESD30nx5u223UFznaqA&sai=AMfl-YTy8vDlp4gKQY7zClzuiqJCofgYcw6EMOG-TxldWuPL4smbl14nPWKxk9Iqav-uf-yba2_dQ2X-MH2czBV_VJr5nBtqOPy-o13QSVhR2qMnl3EGVuG3G2KHZ01Q1JmPSkNi_vgdb-hra5YdvPbQF5b5j_2qtHpjSwtxsEQcPL56crudL7Xl-neRuyIOdrMjtx3hkyXiRuGJD0It5w8a5zKLS83YTfhpcY9tb7LjIfeHaJfRGFY0SSAygjbtzbcHqBQC58NkSh65JasCZzEGcok9iHEodcbI7CVuydjbcDzXnCOu&sig=Cg0ArKJSzDjiYGKwAMSUEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20221207.85004&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Fri, 30 Dec 2022 09:15:15 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 30-Dec-2022 09:30:15 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 30 Dec 2022 09:15:15 GMT
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssnBsVvTWXd3kVE0G-5RPCZre7loE58-YTAck2DxxgFR-KXcc4JDENDLYjcqVXbMDCS4wbdpTbEJODjWA3fxhfqGgp2rokIwBoWR29GOOqPsK8NPdG3KUIEWw7WihiRHwSG6Rwhky6mqomVV8V7nb_aScteUFxRjhKiuf9o5rDrTGG7GVkvpWekA0zJiiApbT4AcKWDiz6Ew4Gy6oVQbopQgLkUkTdZPOh0t-4eG4LKCyC-cjNAn8N0htokJatei5Nz3fQmBiqQcpGPh4FRn-yOQDKNOQueGuE9W94gCfpbfzYC8Ka_gqZbb76oIDE4ZA5CGDfAs0O0EJ3GSdIbiBxwc4uZcIIbU3-Ihjt7K2WaB1JC8rH-dK1jfERkk4z8XIJNjTto9daG3ISsagzjHNDlq5p_AGwAt2M6Vch1PpieDltnChVchhz2XzZraJO2ZzSOebFgd2_atiUL_wl7iD7vBbPcKtXmb_d_JDXKAfyOAQsFxqOaIdJAqedNB8l5jGYtxSPKdSHCUUELfx4bC2ZQm2vHpX298AEKqFwMJBDwgikttvLSUiKDSmJ-FC1kpO_t6pmzYjiVaE5yPhit-zwUMOP6dSE6nQq-2-AAxQmrv4nSLZZknKTRoeGCou2e1LgdgymXWSNBmu1_yZKDBKUGvnj4wC1Fryon4on_zra-dlYy66xo6mEmd0tNn14cZuQWzN9MCcRK-VMql-O6S6kKre5a8HqU5GXW4tFrK6amXRlDZrNDIqFZTo5zZE0pVaAT_QvNpbyIxeR5QK_XZqDV4hqr1h-0r755JmVtdbOOdVABY16r9eemnqKwCfMXBlogqn0Zsl7z_tj8jwkLuC7Dh4S2q0zM8iqMYyJ3H_prR4DmZ7f18PsjyKvohqw1w-Nn89qmDS0GOIe5bILHH55srMytIG0dkHMCyOxWP6KUjoH58u-VGWLXgClB6X4fKJbM5gx78KoULZcAkgUQUQhGsHd3y2erQelc0iU1z_RAWsI0hdiY_g2dol9uxij5JLmovYm9Ggdx3S_k_N7pDfRpa8FpRD575JBVAtugBbkyNqEDeJ8ykIcjZwAR8G0G-FdyrFgSNbTtDlFBvvFSgmlmsIJUFyJMv1wTe2um-aUIOx09E96FkNXGJBgjtIPIfc4EBLaGNdQsZ5A4umphZlXdsX4tsLFhOO9l6Tzl94TqpNiADKpys4ooOAVrBzXf8WGOLXhrW023T0LD1OkEUGh44T4BE48WyhKx2BcCSl9Sia4ARjWv9zsO7KUc&sai=AMfl-YS4bzkxzajv1vSoDLCbNWLZhcimTGF84wkSd62NWxLSwVwHDhgU8qQfT41RDy9BYdOgBN1OFkSOh9uNjJ_fa9vkI_8RiaGKktPUShj5m1vxtoMq0HKykvwIZMxa6Y13JVeW0oxJvXJ_TwthM4J2scJpthyln4nz2YNn_8i5Ehd0axrlJQPe4hitUNIBjE9qCOzOgy3UiUG9WLzdOcZMvHyIBX-X133zsWy82B0sBYxPIXorZPwWDZo5FO-WufPpOhw7ecjUXpHEC3kPZslO5ibKYnt40l0vtdwtkdzyXp_5Zaw8&sig=Cg0ArKJSzD_1U4C4AKT6EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221207.86058&arae=0&ftch=1&adurl=
142.250.74.98200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssnBsVvTWXd3kVE0G-5RPCZre7loE58-YTAck2DxxgFR-KXcc4JDENDLYjcqVXbMDCS4wbdpTbEJODjWA3fxhfqGgp2rokIwBoWR29GOOqPsK8NPdG3KUIEWw7WihiRHwSG6Rwhky6mqomVV8V7nb_aScteUFxRjhKiuf9o5rDrTGG7GVkvpWekA0zJiiApbT4AcKWDiz6Ew4Gy6oVQbopQgLkUkTdZPOh0t-4eG4LKCyC-cjNAn8N0htokJatei5Nz3fQmBiqQcpGPh4FRn-yOQDKNOQueGuE9W94gCfpbfzYC8Ka_gqZbb76oIDE4ZA5CGDfAs0O0EJ3GSdIbiBxwc4uZcIIbU3-Ihjt7K2WaB1JC8rH-dK1jfERkk4z8XIJNjTto9daG3ISsagzjHNDlq5p_AGwAt2M6Vch1PpieDltnChVchhz2XzZraJO2ZzSOebFgd2_atiUL_wl7iD7vBbPcKtXmb_d_JDXKAfyOAQsFxqOaIdJAqedNB8l5jGYtxSPKdSHCUUELfx4bC2ZQm2vHpX298AEKqFwMJBDwgikttvLSUiKDSmJ-FC1kpO_t6pmzYjiVaE5yPhit-zwUMOP6dSE6nQq-2-AAxQmrv4nSLZZknKTRoeGCou2e1LgdgymXWSNBmu1_yZKDBKUGvnj4wC1Fryon4on_zra-dlYy66xo6mEmd0tNn14cZuQWzN9MCcRK-VMql-O6S6kKre5a8HqU5GXW4tFrK6amXRlDZrNDIqFZTo5zZE0pVaAT_QvNpbyIxeR5QK_XZqDV4hqr1h-0r755JmVtdbOOdVABY16r9eemnqKwCfMXBlogqn0Zsl7z_tj8jwkLuC7Dh4S2q0zM8iqMYyJ3H_prR4DmZ7f18PsjyKvohqw1w-Nn89qmDS0GOIe5bILHH55srMytIG0dkHMCyOxWP6KUjoH58u-VGWLXgClB6X4fKJbM5gx78KoULZcAkgUQUQhGsHd3y2erQelc0iU1z_RAWsI0hdiY_g2dol9uxij5JLmovYm9Ggdx3S_k_N7pDfRpa8FpRD575JBVAtugBbkyNqEDeJ8ykIcjZwAR8G0G-FdyrFgSNbTtDlFBvvFSgmlmsIJUFyJMv1wTe2um-aUIOx09E96FkNXGJBgjtIPIfc4EBLaGNdQsZ5A4umphZlXdsX4tsLFhOO9l6Tzl94TqpNiADKpys4ooOAVrBzXf8WGOLXhrW023T0LD1OkEUGh44T4BE48WyhKx2BcCSl9Sia4ARjWv9zsO7KUc&sai=AMfl-YS4bzkxzajv1vSoDLCbNWLZhcimTGF84wkSd62NWxLSwVwHDhgU8qQfT41RDy9BYdOgBN1OFkSOh9uNjJ_fa9vkI_8RiaGKktPUShj5m1vxtoMq0HKykvwIZMxa6Y13JVeW0oxJvXJ_TwthM4J2scJpthyln4nz2YNn_8i5Ehd0axrlJQPe4hitUNIBjE9qCOzOgy3UiUG9WLzdOcZMvHyIBX-X133zsWy82B0sBYxPIXorZPwWDZo5FO-WufPpOhw7ecjUXpHEC3kPZslO5ibKYnt40l0vtdwtkdzyXp_5Zaw8&sig=Cg0ArKJSzD_1U4C4AKT6EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221207.86058&arae=0&ftch=1&adurl=
IP 142.250.74.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjssnBsVvTWXd3kVE0G-5RPCZre7loE58-YTAck2DxxgFR-KXcc4JDENDLYjcqVXbMDCS4wbdpTbEJODjWA3fxhfqGgp2rokIwBoWR29GOOqPsK8NPdG3KUIEWw7WihiRHwSG6Rwhky6mqomVV8V7nb_aScteUFxRjhKiuf9o5rDrTGG7GVkvpWekA0zJiiApbT4AcKWDiz6Ew4Gy6oVQbopQgLkUkTdZPOh0t-4eG4LKCyC-cjNAn8N0htokJatei5Nz3fQmBiqQcpGPh4FRn-yOQDKNOQueGuE9W94gCfpbfzYC8Ka_gqZbb76oIDE4ZA5CGDfAs0O0EJ3GSdIbiBxwc4uZcIIbU3-Ihjt7K2WaB1JC8rH-dK1jfERkk4z8XIJNjTto9daG3ISsagzjHNDlq5p_AGwAt2M6Vch1PpieDltnChVchhz2XzZraJO2ZzSOebFgd2_atiUL_wl7iD7vBbPcKtXmb_d_JDXKAfyOAQsFxqOaIdJAqedNB8l5jGYtxSPKdSHCUUELfx4bC2ZQm2vHpX298AEKqFwMJBDwgikttvLSUiKDSmJ-FC1kpO_t6pmzYjiVaE5yPhit-zwUMOP6dSE6nQq-2-AAxQmrv4nSLZZknKTRoeGCou2e1LgdgymXWSNBmu1_yZKDBKUGvnj4wC1Fryon4on_zra-dlYy66xo6mEmd0tNn14cZuQWzN9MCcRK-VMql-O6S6kKre5a8HqU5GXW4tFrK6amXRlDZrNDIqFZTo5zZE0pVaAT_QvNpbyIxeR5QK_XZqDV4hqr1h-0r755JmVtdbOOdVABY16r9eemnqKwCfMXBlogqn0Zsl7z_tj8jwkLuC7Dh4S2q0zM8iqMYyJ3H_prR4DmZ7f18PsjyKvohqw1w-Nn89qmDS0GOIe5bILHH55srMytIG0dkHMCyOxWP6KUjoH58u-VGWLXgClB6X4fKJbM5gx78KoULZcAkgUQUQhGsHd3y2erQelc0iU1z_RAWsI0hdiY_g2dol9uxij5JLmovYm9Ggdx3S_k_N7pDfRpa8FpRD575JBVAtugBbkyNqEDeJ8ykIcjZwAR8G0G-FdyrFgSNbTtDlFBvvFSgmlmsIJUFyJMv1wTe2um-aUIOx09E96FkNXGJBgjtIPIfc4EBLaGNdQsZ5A4umphZlXdsX4tsLFhOO9l6Tzl94TqpNiADKpys4ooOAVrBzXf8WGOLXhrW023T0LD1OkEUGh44T4BE48WyhKx2BcCSl9Sia4ARjWv9zsO7KUc&sai=AMfl-YS4bzkxzajv1vSoDLCbNWLZhcimTGF84wkSd62NWxLSwVwHDhgU8qQfT41RDy9BYdOgBN1OFkSOh9uNjJ_fa9vkI_8RiaGKktPUShj5m1vxtoMq0HKykvwIZMxa6Y13JVeW0oxJvXJ_TwthM4J2scJpthyln4nz2YNn_8i5Ehd0axrlJQPe4hitUNIBjE9qCOzOgy3UiUG9WLzdOcZMvHyIBX-X133zsWy82B0sBYxPIXorZPwWDZo5FO-WufPpOhw7ecjUXpHEC3kPZslO5ibKYnt40l0vtdwtkdzyXp_5Zaw8&sig=Cg0ArKJSzD_1U4C4AKT6EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221207.86058&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Fri, 30 Dec 2022 09:15:15 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 30-Dec-2022 09:30:15 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 30 Dec 2022 09:15:15 GMT
X-Firefox-Spdy: h2
s0.2mdn.net/simgad/12032556397620314093
142.250.74.70200 OK 72 kB URL HTTP/2 s0.2mdn.net/simgad/12032556397620314093
IP 142.250.74.70:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 728x90, components 3\012- data
Hash dd10a52f047c3cdc24ced6fa50649776
e1523829892bc944fd40590ad3d984f6ed69ebd7
90bd892df9285475f174bf2425bc5bcb1b3f916f4c577b2c422143b16e468ae3
GET /simgad/12032556397620314093 HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 71739
x-content-type-options: nosniff
x-dns-prefetch-control: off
server: sffe
x-xss-protection: 0
date: Wed, 28 Dec 2022 00:57:38 GMT
expires: Thu, 28 Dec 2023 00:57:38 GMT
cache-control: public, max-age=31536000
age: 202657
last-modified: Sat, 03 Dec 2022 01:10:09 GMT
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s0.2mdn.net/simgad/17858203630023646058
142.250.74.70200 OK 51 kB URL HTTP/2 s0.2mdn.net/simgad/17858203630023646058
IP 142.250.74.70:0
File type JPEG image data, baseline, precision 8, 728x90, components 3\012- data
Hash f4f942bccdfc2e4a981dd9b94c409585
2ed1edddee77fb32f86102b9a3adcad2eb96e6a4
e8e7d584218b9a27bdcd05f9f83e5dce45187fcb61d27d78702a12632646276b
GET /simgad/17858203630023646058 HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 51234
x-content-type-options: nosniff
x-dns-prefetch-control: off
server: sffe
x-xss-protection: 0
date: Sat, 24 Dec 2022 16:00:06 GMT
expires: Sun, 24 Dec 2023 16:00:06 GMT
cache-control: public, max-age=31536000
age: 494109
last-modified: Thu, 08 Dec 2022 01:41:15 GMT
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2a9024fa75c3c63cdcb4d4c3202ad4f7
29695b5e8165ede3c2ea4ea4c8cac4977c8dbf18
3d719eb0e661050fdf39cb695ada3e6bfb5baf90e72aaee6457b48e8ec97f7bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 09:15:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsumjnbDv8lwHH3DqeFCjjPWLyOQ55UQl8Csm7q_Hju1DcGUwFAHVnNgF-fcQDmDkzO4NtEJthrVdoMLBCqkSTlSAx6lcSqIL0d_Pjk3ka3y9cUrPsDMOgZiKKjM4pb33OLXDE0HCquEwFlwehTqDT6FpdNHxDrLrV86G0ZT8shtyVtwF-gcoY8rwKIQKbnILdvgIa_vjjmpuj1rr23SRmhoRc4qdUhc3fCfsnoZUJ9vyM_BOZAEC-rWLiz5SQhU9LFYKLB480-SqptcpyH717h145Yxuf9JXgqteN7R_mSOXHYK4z2IvAxwyYRhBBBKhnK8M9SQmaVE-Xgpt0R_Wa8WIxjV5sQzM3PK6fHuLc-PzRalU5SRtjX6IqLiFMvQzLdlx8A_-pKUnVp_SaQs73SpQavSGCYy-kemRvD1B_XMsf_02CvG1lJeh8dWwpWysUQEa3fDYEV8Ona5_SytpczW_y6Oquwa6abGh6jCK41zw9x1HLW3rv30Kq8VDxBU7w1_1UiJtK6iNgPyQZGSN8pIkQCBg6fwq-FBYxiwA7_ck8bdQ3bZ_ZHkeRZZHgSP2Ksn2uqrN8gUsgxy36PgX3rVa7NcN-wi5JlLvf7OmCvv30rXKrDsDC7MylXIGsDnD1HLpO84-0psvOEIw9qQBQQsIsJrQPr-LgzdCly4uhK_f1J4_uwapV0F0e9M6AiBGoLx6Ew6faakDWclmZtlS1keYbInFdFh02QCmP65iwcunmelxg6UQr8tXJLqNu05pMRLq4Tm0RtIdY9mZ_NfoohbryfnOcRyZnhs0N7xfEo9T1yqRvNVAu4vLtSLwPxQqrgijaOM-0Ta1zHxB_QvIYUCEKM_NRvif_Yk0f9E0wQx9AsKmmhy8v6Xoj-1AsBqQDLv8rCZhxuUeEc7sU0APpm5cp8pZ960h1PuxkqIOZUy6RhtoqZdZ_S7W4a2_ZP92s0vRHpGG3RYUX59j922P6TmSRLUh9oiBko3xr_uIyr0RW3OSemN5U32kQ5Yyk1J3o_6y45aVuuhgIkKQvq8YXNj38zoDaBMFjqblUspIKEbdqTHSrT4aM4UFIzXQVVAKBtgLYq1RvLiUx025WpBQfiqfWKx6jPidePiN7Mbf5rTnNO_FXJTzP4HAMK32XDZnCM1edwrYk0fBXdGRqyJ4hTMgk-gMQwe0jDm4PhaLamz4CvQ8vs3dmPRI0Oywe-8mIkiqB_4co7xZaUZHyu68ze10Buv0sRY7DQhr_6ESD30nx5u223UFznaqA&sai=AMfl-YTy8vDlp4gKQY7zClzuiqJCofgYcw6EMOG-TxldWuPL4smbl14nPWKxk9Iqav-uf-yba2_dQ2X-MH2czBV_VJr5nBtqOPy-o13QSVhR2qMnl3EGVuG3G2KHZ01Q1JmPSkNi_vgdb-hra5YdvPbQF5b5j_2qtHpjSwtxsEQcPL56crudL7Xl-neRuyIOdrMjtx3hkyXiRuGJD0It5w8a5zKLS83YTfhpcY9tb7LjIfeHaJfRGFY0SSAygjbtzbcHqBQC58NkSh65JasCZzEGcok9iHEodcbI7CVuydjbcDzXnCOu&sig=Cg0ArKJSzDjiYGKwAMSUEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=347&vt=11&dtpt=345&dett=2&cstd=0&cisv=r20221207.85004&arae=0&ftch=1&adurl=
142.250.74.98200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsumjnbDv8lwHH3DqeFCjjPWLyOQ55UQl8Csm7q_Hju1DcGUwFAHVnNgF-fcQDmDkzO4NtEJthrVdoMLBCqkSTlSAx6lcSqIL0d_Pjk3ka3y9cUrPsDMOgZiKKjM4pb33OLXDE0HCquEwFlwehTqDT6FpdNHxDrLrV86G0ZT8shtyVtwF-gcoY8rwKIQKbnILdvgIa_vjjmpuj1rr23SRmhoRc4qdUhc3fCfsnoZUJ9vyM_BOZAEC-rWLiz5SQhU9LFYKLB480-SqptcpyH717h145Yxuf9JXgqteN7R_mSOXHYK4z2IvAxwyYRhBBBKhnK8M9SQmaVE-Xgpt0R_Wa8WIxjV5sQzM3PK6fHuLc-PzRalU5SRtjX6IqLiFMvQzLdlx8A_-pKUnVp_SaQs73SpQavSGCYy-kemRvD1B_XMsf_02CvG1lJeh8dWwpWysUQEa3fDYEV8Ona5_SytpczW_y6Oquwa6abGh6jCK41zw9x1HLW3rv30Kq8VDxBU7w1_1UiJtK6iNgPyQZGSN8pIkQCBg6fwq-FBYxiwA7_ck8bdQ3bZ_ZHkeRZZHgSP2Ksn2uqrN8gUsgxy36PgX3rVa7NcN-wi5JlLvf7OmCvv30rXKrDsDC7MylXIGsDnD1HLpO84-0psvOEIw9qQBQQsIsJrQPr-LgzdCly4uhK_f1J4_uwapV0F0e9M6AiBGoLx6Ew6faakDWclmZtlS1keYbInFdFh02QCmP65iwcunmelxg6UQr8tXJLqNu05pMRLq4Tm0RtIdY9mZ_NfoohbryfnOcRyZnhs0N7xfEo9T1yqRvNVAu4vLtSLwPxQqrgijaOM-0Ta1zHxB_QvIYUCEKM_NRvif_Yk0f9E0wQx9AsKmmhy8v6Xoj-1AsBqQDLv8rCZhxuUeEc7sU0APpm5cp8pZ960h1PuxkqIOZUy6RhtoqZdZ_S7W4a2_ZP92s0vRHpGG3RYUX59j922P6TmSRLUh9oiBko3xr_uIyr0RW3OSemN5U32kQ5Yyk1J3o_6y45aVuuhgIkKQvq8YXNj38zoDaBMFjqblUspIKEbdqTHSrT4aM4UFIzXQVVAKBtgLYq1RvLiUx025WpBQfiqfWKx6jPidePiN7Mbf5rTnNO_FXJTzP4HAMK32XDZnCM1edwrYk0fBXdGRqyJ4hTMgk-gMQwe0jDm4PhaLamz4CvQ8vs3dmPRI0Oywe-8mIkiqB_4co7xZaUZHyu68ze10Buv0sRY7DQhr_6ESD30nx5u223UFznaqA&sai=AMfl-YTy8vDlp4gKQY7zClzuiqJCofgYcw6EMOG-TxldWuPL4smbl14nPWKxk9Iqav-uf-yba2_dQ2X-MH2czBV_VJr5nBtqOPy-o13QSVhR2qMnl3EGVuG3G2KHZ01Q1JmPSkNi_vgdb-hra5YdvPbQF5b5j_2qtHpjSwtxsEQcPL56crudL7Xl-neRuyIOdrMjtx3hkyXiRuGJD0It5w8a5zKLS83YTfhpcY9tb7LjIfeHaJfRGFY0SSAygjbtzbcHqBQC58NkSh65JasCZzEGcok9iHEodcbI7CVuydjbcDzXnCOu&sig=Cg0ArKJSzDjiYGKwAMSUEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=347&vt=11&dtpt=345&dett=2&cstd=0&cisv=r20221207.85004&arae=0&ftch=1&adurl=
IP 142.250.74.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsumjnbDv8lwHH3DqeFCjjPWLyOQ55UQl8Csm7q_Hju1DcGUwFAHVnNgF-fcQDmDkzO4NtEJthrVdoMLBCqkSTlSAx6lcSqIL0d_Pjk3ka3y9cUrPsDMOgZiKKjM4pb33OLXDE0HCquEwFlwehTqDT6FpdNHxDrLrV86G0ZT8shtyVtwF-gcoY8rwKIQKbnILdvgIa_vjjmpuj1rr23SRmhoRc4qdUhc3fCfsnoZUJ9vyM_BOZAEC-rWLiz5SQhU9LFYKLB480-SqptcpyH717h145Yxuf9JXgqteN7R_mSOXHYK4z2IvAxwyYRhBBBKhnK8M9SQmaVE-Xgpt0R_Wa8WIxjV5sQzM3PK6fHuLc-PzRalU5SRtjX6IqLiFMvQzLdlx8A_-pKUnVp_SaQs73SpQavSGCYy-kemRvD1B_XMsf_02CvG1lJeh8dWwpWysUQEa3fDYEV8Ona5_SytpczW_y6Oquwa6abGh6jCK41zw9x1HLW3rv30Kq8VDxBU7w1_1UiJtK6iNgPyQZGSN8pIkQCBg6fwq-FBYxiwA7_ck8bdQ3bZ_ZHkeRZZHgSP2Ksn2uqrN8gUsgxy36PgX3rVa7NcN-wi5JlLvf7OmCvv30rXKrDsDC7MylXIGsDnD1HLpO84-0psvOEIw9qQBQQsIsJrQPr-LgzdCly4uhK_f1J4_uwapV0F0e9M6AiBGoLx6Ew6faakDWclmZtlS1keYbInFdFh02QCmP65iwcunmelxg6UQr8tXJLqNu05pMRLq4Tm0RtIdY9mZ_NfoohbryfnOcRyZnhs0N7xfEo9T1yqRvNVAu4vLtSLwPxQqrgijaOM-0Ta1zHxB_QvIYUCEKM_NRvif_Yk0f9E0wQx9AsKmmhy8v6Xoj-1AsBqQDLv8rCZhxuUeEc7sU0APpm5cp8pZ960h1PuxkqIOZUy6RhtoqZdZ_S7W4a2_ZP92s0vRHpGG3RYUX59j922P6TmSRLUh9oiBko3xr_uIyr0RW3OSemN5U32kQ5Yyk1J3o_6y45aVuuhgIkKQvq8YXNj38zoDaBMFjqblUspIKEbdqTHSrT4aM4UFIzXQVVAKBtgLYq1RvLiUx025WpBQfiqfWKx6jPidePiN7Mbf5rTnNO_FXJTzP4HAMK32XDZnCM1edwrYk0fBXdGRqyJ4hTMgk-gMQwe0jDm4PhaLamz4CvQ8vs3dmPRI0Oywe-8mIkiqB_4co7xZaUZHyu68ze10Buv0sRY7DQhr_6ESD30nx5u223UFznaqA&sai=AMfl-YTy8vDlp4gKQY7zClzuiqJCofgYcw6EMOG-TxldWuPL4smbl14nPWKxk9Iqav-uf-yba2_dQ2X-MH2czBV_VJr5nBtqOPy-o13QSVhR2qMnl3EGVuG3G2KHZ01Q1JmPSkNi_vgdb-hra5YdvPbQF5b5j_2qtHpjSwtxsEQcPL56crudL7Xl-neRuyIOdrMjtx3hkyXiRuGJD0It5w8a5zKLS83YTfhpcY9tb7LjIfeHaJfRGFY0SSAygjbtzbcHqBQC58NkSh65JasCZzEGcok9iHEodcbI7CVuydjbcDzXnCOu&sig=Cg0ArKJSzDjiYGKwAMSUEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=347&vt=11&dtpt=345&dett=2&cstd=0&cisv=r20221207.85004&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Fri, 30 Dec 2022 09:15:15 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 30-Dec-2022 09:30:15 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 30 Dec 2022 09:15:15 GMT
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssnBsVvTWXd3kVE0G-5RPCZre7loE58-YTAck2DxxgFR-KXcc4JDENDLYjcqVXbMDCS4wbdpTbEJODjWA3fxhfqGgp2rokIwBoWR29GOOqPsK8NPdG3KUIEWw7WihiRHwSG6Rwhky6mqomVV8V7nb_aScteUFxRjhKiuf9o5rDrTGG7GVkvpWekA0zJiiApbT4AcKWDiz6Ew4Gy6oVQbopQgLkUkTdZPOh0t-4eG4LKCyC-cjNAn8N0htokJatei5Nz3fQmBiqQcpGPh4FRn-yOQDKNOQueGuE9W94gCfpbfzYC8Ka_gqZbb76oIDE4ZA5CGDfAs0O0EJ3GSdIbiBxwc4uZcIIbU3-Ihjt7K2WaB1JC8rH-dK1jfERkk4z8XIJNjTto9daG3ISsagzjHNDlq5p_AGwAt2M6Vch1PpieDltnChVchhz2XzZraJO2ZzSOebFgd2_atiUL_wl7iD7vBbPcKtXmb_d_JDXKAfyOAQsFxqOaIdJAqedNB8l5jGYtxSPKdSHCUUELfx4bC2ZQm2vHpX298AEKqFwMJBDwgikttvLSUiKDSmJ-FC1kpO_t6pmzYjiVaE5yPhit-zwUMOP6dSE6nQq-2-AAxQmrv4nSLZZknKTRoeGCou2e1LgdgymXWSNBmu1_yZKDBKUGvnj4wC1Fryon4on_zra-dlYy66xo6mEmd0tNn14cZuQWzN9MCcRK-VMql-O6S6kKre5a8HqU5GXW4tFrK6amXRlDZrNDIqFZTo5zZE0pVaAT_QvNpbyIxeR5QK_XZqDV4hqr1h-0r755JmVtdbOOdVABY16r9eemnqKwCfMXBlogqn0Zsl7z_tj8jwkLuC7Dh4S2q0zM8iqMYyJ3H_prR4DmZ7f18PsjyKvohqw1w-Nn89qmDS0GOIe5bILHH55srMytIG0dkHMCyOxWP6KUjoH58u-VGWLXgClB6X4fKJbM5gx78KoULZcAkgUQUQhGsHd3y2erQelc0iU1z_RAWsI0hdiY_g2dol9uxij5JLmovYm9Ggdx3S_k_N7pDfRpa8FpRD575JBVAtugBbkyNqEDeJ8ykIcjZwAR8G0G-FdyrFgSNbTtDlFBvvFSgmlmsIJUFyJMv1wTe2um-aUIOx09E96FkNXGJBgjtIPIfc4EBLaGNdQsZ5A4umphZlXdsX4tsLFhOO9l6Tzl94TqpNiADKpys4ooOAVrBzXf8WGOLXhrW023T0LD1OkEUGh44T4BE48WyhKx2BcCSl9Sia4ARjWv9zsO7KUc&sai=AMfl-YS4bzkxzajv1vSoDLCbNWLZhcimTGF84wkSd62NWxLSwVwHDhgU8qQfT41RDy9BYdOgBN1OFkSOh9uNjJ_fa9vkI_8RiaGKktPUShj5m1vxtoMq0HKykvwIZMxa6Y13JVeW0oxJvXJ_TwthM4J2scJpthyln4nz2YNn_8i5Ehd0axrlJQPe4hitUNIBjE9qCOzOgy3UiUG9WLzdOcZMvHyIBX-X133zsWy82B0sBYxPIXorZPwWDZo5FO-WufPpOhw7ecjUXpHEC3kPZslO5ibKYnt40l0vtdwtkdzyXp_5Zaw8&sig=Cg0ArKJSzD_1U4C4AKT6EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=405&vt=11&dtpt=404&dett=2&cstd=0&cisv=r20221207.86058&arae=0&ftch=1&adurl=
142.250.74.98200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssnBsVvTWXd3kVE0G-5RPCZre7loE58-YTAck2DxxgFR-KXcc4JDENDLYjcqVXbMDCS4wbdpTbEJODjWA3fxhfqGgp2rokIwBoWR29GOOqPsK8NPdG3KUIEWw7WihiRHwSG6Rwhky6mqomVV8V7nb_aScteUFxRjhKiuf9o5rDrTGG7GVkvpWekA0zJiiApbT4AcKWDiz6Ew4Gy6oVQbopQgLkUkTdZPOh0t-4eG4LKCyC-cjNAn8N0htokJatei5Nz3fQmBiqQcpGPh4FRn-yOQDKNOQueGuE9W94gCfpbfzYC8Ka_gqZbb76oIDE4ZA5CGDfAs0O0EJ3GSdIbiBxwc4uZcIIbU3-Ihjt7K2WaB1JC8rH-dK1jfERkk4z8XIJNjTto9daG3ISsagzjHNDlq5p_AGwAt2M6Vch1PpieDltnChVchhz2XzZraJO2ZzSOebFgd2_atiUL_wl7iD7vBbPcKtXmb_d_JDXKAfyOAQsFxqOaIdJAqedNB8l5jGYtxSPKdSHCUUELfx4bC2ZQm2vHpX298AEKqFwMJBDwgikttvLSUiKDSmJ-FC1kpO_t6pmzYjiVaE5yPhit-zwUMOP6dSE6nQq-2-AAxQmrv4nSLZZknKTRoeGCou2e1LgdgymXWSNBmu1_yZKDBKUGvnj4wC1Fryon4on_zra-dlYy66xo6mEmd0tNn14cZuQWzN9MCcRK-VMql-O6S6kKre5a8HqU5GXW4tFrK6amXRlDZrNDIqFZTo5zZE0pVaAT_QvNpbyIxeR5QK_XZqDV4hqr1h-0r755JmVtdbOOdVABY16r9eemnqKwCfMXBlogqn0Zsl7z_tj8jwkLuC7Dh4S2q0zM8iqMYyJ3H_prR4DmZ7f18PsjyKvohqw1w-Nn89qmDS0GOIe5bILHH55srMytIG0dkHMCyOxWP6KUjoH58u-VGWLXgClB6X4fKJbM5gx78KoULZcAkgUQUQhGsHd3y2erQelc0iU1z_RAWsI0hdiY_g2dol9uxij5JLmovYm9Ggdx3S_k_N7pDfRpa8FpRD575JBVAtugBbkyNqEDeJ8ykIcjZwAR8G0G-FdyrFgSNbTtDlFBvvFSgmlmsIJUFyJMv1wTe2um-aUIOx09E96FkNXGJBgjtIPIfc4EBLaGNdQsZ5A4umphZlXdsX4tsLFhOO9l6Tzl94TqpNiADKpys4ooOAVrBzXf8WGOLXhrW023T0LD1OkEUGh44T4BE48WyhKx2BcCSl9Sia4ARjWv9zsO7KUc&sai=AMfl-YS4bzkxzajv1vSoDLCbNWLZhcimTGF84wkSd62NWxLSwVwHDhgU8qQfT41RDy9BYdOgBN1OFkSOh9uNjJ_fa9vkI_8RiaGKktPUShj5m1vxtoMq0HKykvwIZMxa6Y13JVeW0oxJvXJ_TwthM4J2scJpthyln4nz2YNn_8i5Ehd0axrlJQPe4hitUNIBjE9qCOzOgy3UiUG9WLzdOcZMvHyIBX-X133zsWy82B0sBYxPIXorZPwWDZo5FO-WufPpOhw7ecjUXpHEC3kPZslO5ibKYnt40l0vtdwtkdzyXp_5Zaw8&sig=Cg0ArKJSzD_1U4C4AKT6EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=405&vt=11&dtpt=404&dett=2&cstd=0&cisv=r20221207.86058&arae=0&ftch=1&adurl=
IP 142.250.74.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjssnBsVvTWXd3kVE0G-5RPCZre7loE58-YTAck2DxxgFR-KXcc4JDENDLYjcqVXbMDCS4wbdpTbEJODjWA3fxhfqGgp2rokIwBoWR29GOOqPsK8NPdG3KUIEWw7WihiRHwSG6Rwhky6mqomVV8V7nb_aScteUFxRjhKiuf9o5rDrTGG7GVkvpWekA0zJiiApbT4AcKWDiz6Ew4Gy6oVQbopQgLkUkTdZPOh0t-4eG4LKCyC-cjNAn8N0htokJatei5Nz3fQmBiqQcpGPh4FRn-yOQDKNOQueGuE9W94gCfpbfzYC8Ka_gqZbb76oIDE4ZA5CGDfAs0O0EJ3GSdIbiBxwc4uZcIIbU3-Ihjt7K2WaB1JC8rH-dK1jfERkk4z8XIJNjTto9daG3ISsagzjHNDlq5p_AGwAt2M6Vch1PpieDltnChVchhz2XzZraJO2ZzSOebFgd2_atiUL_wl7iD7vBbPcKtXmb_d_JDXKAfyOAQsFxqOaIdJAqedNB8l5jGYtxSPKdSHCUUELfx4bC2ZQm2vHpX298AEKqFwMJBDwgikttvLSUiKDSmJ-FC1kpO_t6pmzYjiVaE5yPhit-zwUMOP6dSE6nQq-2-AAxQmrv4nSLZZknKTRoeGCou2e1LgdgymXWSNBmu1_yZKDBKUGvnj4wC1Fryon4on_zra-dlYy66xo6mEmd0tNn14cZuQWzN9MCcRK-VMql-O6S6kKre5a8HqU5GXW4tFrK6amXRlDZrNDIqFZTo5zZE0pVaAT_QvNpbyIxeR5QK_XZqDV4hqr1h-0r755JmVtdbOOdVABY16r9eemnqKwCfMXBlogqn0Zsl7z_tj8jwkLuC7Dh4S2q0zM8iqMYyJ3H_prR4DmZ7f18PsjyKvohqw1w-Nn89qmDS0GOIe5bILHH55srMytIG0dkHMCyOxWP6KUjoH58u-VGWLXgClB6X4fKJbM5gx78KoULZcAkgUQUQhGsHd3y2erQelc0iU1z_RAWsI0hdiY_g2dol9uxij5JLmovYm9Ggdx3S_k_N7pDfRpa8FpRD575JBVAtugBbkyNqEDeJ8ykIcjZwAR8G0G-FdyrFgSNbTtDlFBvvFSgmlmsIJUFyJMv1wTe2um-aUIOx09E96FkNXGJBgjtIPIfc4EBLaGNdQsZ5A4umphZlXdsX4tsLFhOO9l6Tzl94TqpNiADKpys4ooOAVrBzXf8WGOLXhrW023T0LD1OkEUGh44T4BE48WyhKx2BcCSl9Sia4ARjWv9zsO7KUc&sai=AMfl-YS4bzkxzajv1vSoDLCbNWLZhcimTGF84wkSd62NWxLSwVwHDhgU8qQfT41RDy9BYdOgBN1OFkSOh9uNjJ_fa9vkI_8RiaGKktPUShj5m1vxtoMq0HKykvwIZMxa6Y13JVeW0oxJvXJ_TwthM4J2scJpthyln4nz2YNn_8i5Ehd0axrlJQPe4hitUNIBjE9qCOzOgy3UiUG9WLzdOcZMvHyIBX-X133zsWy82B0sBYxPIXorZPwWDZo5FO-WufPpOhw7ecjUXpHEC3kPZslO5ibKYnt40l0vtdwtkdzyXp_5Zaw8&sig=Cg0ArKJSzD_1U4C4AKT6EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=405&vt=11&dtpt=404&dett=2&cstd=0&cisv=r20221207.86058&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e0d7b1dd55cab540a7fc98cf2daa271e.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Fri, 30 Dec 2022 09:15:15 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 30-Dec-2022 09:30:15 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 30 Dec 2022 09:15:15 GMT
X-Firefox-Spdy: h2
exe.io/SIeg
172.67.71.40302 Found 0 B IP 172.67.71.40:0
Analyzer Verdict Alert fortinet Malware
GET /SIeg HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Fri, 30 Dec 2022 09:15:12 GMT
content-type: text/html; charset=UTF-8
location: https://exeo.app/SIeg
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=5e4bde83d275e3131929a77f82c2ee89; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4q4laM61834Tgul8lLpvPcoJYhaapE07C%2B76P%2BE2iO2q2deZks5yRzIf0xeb79YClYmwhr8xxNtKwycM1GotQqYNowo0MmLqK15fL6wMaRejEBw7OCtvtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7819ab68ca70b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exeo.app/css/continue.css
172.67.74.139200 OK 0 B URL HTTP/2 exeo.app/css/continue.css
IP 172.67.74.139:0
GET /css/continue.css HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/SIeg
Cookie: AppSession=6640eec8c9e21754d850d5f6d6bf6489; csrfToken=95fddd3bc70d34045f6a5f8b051c15b60339eeb6a90a04ab5f93629d07352aa8fa1f047bbc96df47604d95cc5d72fea8f27f5ae2aa8e2f791d9165f431dd5d9e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:12 GMT
content-type: text/css
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=211688
expires: Wed, 11 Jan 2023 22:59:01 GMT
last-modified: Mon, 12 Dec 2022 17:28:40 GMT
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1505771
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BeYLNFEke1DBgr73%2B%2B8eMUBti0cPzrh4zcd6Hm23JWz%2FUUK%2Bzc65hiPnl20DT%2BVlXILbFecUTnM3hPmUx7E%2FZDpbpOcqvhl971AwrY4EwVKd5uKfqxByuuat"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7819ab6ccf74b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
188.114.97.1200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP 188.114.97.1:0
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:12 GMT
content-type: application/javascript
last-modified: Thu, 29 Dec 2022 16:01:22 GMT
etag: W/"63adb9d2-331f"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2473
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AX0IUHDuahNJZGGW2NSjDFbnzV4fxTzcAOOSruZ1%2BA4mQLZ0SIAxQYZH%2BI1%2FRyYexjPuZUM5j8pZ8WqTtOg4X7idxS1GKmKJX0A4Q3kju17W8mjLt9wNdX0QSYl5%2BuoYWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7819ab6e3d270b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
216.58.207.202200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 216.58.207.202:0
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 30 Dec 2022 09:15:12 GMT
date: Fri, 30 Dec 2022 09:15:12 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:13 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 296
last-modified: Fri, 30 Dec 2022 09:10:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J9F4KL79y%2BYW1nTPv5RQR7q4B26H8V3KdVyJHl78YZznPx2L5XdRJTOGDs6ONXZfPJRruUDXDpt5eaYeMy%2F%2Bivm5bX0%2FTzXFjjxG9plPNHjNBhsctM3D8g5koJFWltK5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7819ab6f982b7797-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
live.demand.supply/ds.2.html
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/ds.2.html
IP 104.16.134.22:0
GET /ds.2.html HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:13 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
x-nf-request-id: 01GM32FRGGXY91P3W7PAZSC246
cf-cache-status: HIT
age: 1504855
vary: Accept-Encoding
server: cloudflare
cf-ray: 7819ab6fdc12b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exeo.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1672387200
172.67.74.139200 OK 0 B URL HTTP/2 exeo.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1672387200
IP 172.67.74.139:0
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1672387200 HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: AppSession=6640eec8c9e21754d850d5f6d6bf6489; csrfToken=95fddd3bc70d34045f6a5f8b051c15b60339eeb6a90a04ab5f93629d07352aa8fa1f047bbc96df47604d95cc5d72fea8f27f5ae2aa8e2f791d9165f431dd5d9e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:13 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
cache-control: max-age=14400, public
x-control-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=72M%2BVSs42xz7MvWpXpe02X0SWuKAmmC3WUXo%2B794SR6zP8Iv4swCOLz2qaJQTXGmSHvOHyRlsheLysD0fRLMMAnE%2Bfv9gIDlK7ne6gyy3j8Rt0cxG9%2F5FEQ5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7819ab6ec99cb4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
live.demand.supply/impl.v16.3.0.js
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/impl.v16.3.0.js
IP 104.16.134.22:0
GET /impl.v16.3.0.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Cookie: demandSupplyTi=c7d15f51-3d7b-488d-9d4a-f909de04f60e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:13 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=74953
etag: W/"b19940580c70e30455a2254a785a8919-ssl-df"
timing-allow-origin: *
vary: Accept-Encoding
x-nf-request-id: 01GMX2V689ENQZTBQ4NFCNSXD1
cf-cache-status: HIT
age: 673341
server: cloudflare
cf-ray: 7819ab6fcbf1b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:13 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 296
last-modified: Fri, 30 Dec 2022 09:10:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eZadLU2amOjzHi1gyi3fCNAioeaRv98%2FWH3BpCx3vzK%2FoPQvYRCFTU833TcrjzqbbmsocjpTnhTzsQgWN6BhnjkltjHCqa2o%2Ft6X06qOjsK7cb3ZYNCu75zIfL1rvA6X"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7819ab6fd86f7797-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
live.demand.supply/p4/v16-2-0/ZXhlby5hcHAvU0llZw==
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/p4/v16-2-0/ZXhlby5hcHAvU0llZw==
IP 104.16.134.22:0
GET /p4/v16-2-0/ZXhlby5hcHAvU0llZw== HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Cookie: demandSupplyTi=c7d15f51-3d7b-488d-9d4a-f909de04f60e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:13 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
vary: Accept-Encoding
server: cloudflare
cf-ray: 7819ab6fdc11b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:13 GMT
content-type: text/plain
set-cookie: csu=1606835577060074@1@1672391713; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I8wQJWRW6ssgVJ%2BliDH0W3VzAy1AtI4GDaI6ZDdmIpE4K0MpatCmU3M7Cjf7r%2FhK9Em6Wnk0%2FaRwjg9ilKEk%2ByWxvAZRq65UcHpLXFu1nI4mt9M20MyctVn%2FjtPS6deA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7819ab6fd8787797-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.demand.supply/v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvU0llZw==
104.16.134.22200 OK 0 B URL HTTP/2 api.demand.supply/v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvU0llZw==
IP 104.16.134.22:0
GET /v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvU0llZw== HTTP/1.1
Host: api.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 09:15:13 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
etag: W/"130-oGXOsrrI+dpLGwqLiHurKtn9hLA"
cf-cache-status: HIT
age: 5664
vary: Accept-Encoding
server: cloudflare
cf-ray: 7819ab70ac0c0af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2