exe.io/st?api=f7c1724294337686fddc64d196d06fbbaeed080f&url=ouo.io/qs/irsDdjT0?s=https://www25.zippyshare.com/v/9fpS98Bt/file.html
301 Moved Permanently 0 B URL HTTP/1.1 exe.io/st?api=f7c1724294337686fddc64d196d06fbbaeed080f&url=ouo.io/qs/irsDdjT0?s=https://www25.zippyshare.com/v/9fpS98Bt/file.html
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?api=f7c1724294337686fddc64d196d06fbbaeed080f&url=ouo.io/qs/irsDdjT0?s=https://www25.zippyshare.com/v/9fpS98Bt/file.html HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 04 Dec 2022 22:19:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 04 Dec 2022 23:19:40 GMT
Location: https://exe.io/st?api=f7c1724294337686fddc64d196d06fbbaeed080f&url=ouo.io/qs/irsDdjT0?s=https://www25.zippyshare.com/v/9fpS98Bt/file.html
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Xg%2BtiIewPP0qO%2FhFEzuz%2BXovJlT%2FnjO3%2FwVeJSap4UDvmZA7rjLvwl4Si8p%2FqGqSjTPrOJ5%2BJikWqQ69kKc%2FfFInqbi4OdXZ3gCkBLKsrtut437Qgb5eg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7747ecc8ec680afa-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5005
Expires: Sun, 04 Dec 2022 23:43:05 GMT
Date: Sun, 04 Dec 2022 22:19:40 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1065
Cache-Control: max-age=131362
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:40 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 10:49:02 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5524
Expires: Sun, 04 Dec 2022 23:51:44 GMT
Date: Sun, 04 Dec 2022 22:19:40 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 21:20:09 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3571
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash ab05ff1b32d7373ef42e4e5edd2ee8a9
60faac295492205325f1664d7cd2af0a70820d1b
81a8cde362b4a4ef179e3818b753d3239d66e4b2f8d0834fba4d48904cfdb8e1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6412
Cache-Control: max-age=88126
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:40 GMT
Etag: "638bb92e-117"
Expires: Mon, 05 Dec 2022 22:48:26 GMT
Last-Modified: Sat, 03 Dec 2022 21:01:34 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: e6Bw3d31x2xvq5Z6qXBTAeaJtmc/qPm8fVkfkB7PmZ1cRorgQMZCc/WOoghaN/lYM3/MI5wKI2Q=
x-amz-request-id: DF9KXXXGE7590P4S
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 21:47:08 GMT
age: 1952
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 22:19:40 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash ab05ff1b32d7373ef42e4e5edd2ee8a9
60faac295492205325f1664d7cd2af0a70820d1b
81a8cde362b4a4ef179e3818b753d3239d66e4b2f8d0834fba4d48904cfdb8e1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6412
Cache-Control: max-age=88126
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:40 GMT
Etag: "638bb92e-117"
Expires: Mon, 05 Dec 2022 22:48:26 GMT
Last-Modified: Sat, 03 Dec 2022 21:01:34 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash cf63cc9384c4b13a6f3771895f2064ee
d17ce35de783535ee12d83f5fdfe54280dc0ac63
1fd99df19eab4f93db2fac982c690665ace51e4167e140e39edd642523eaa746
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1FD99DF19EAB4F93DB2FAC982C690665ACE51E4167E140E39EDD642523EAA746"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18534
Expires: Mon, 05 Dec 2022 03:28:35 GMT
Date: Sun, 04 Dec 2022 22:19:41 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 22:11:19 GMT
cache-control: public,max-age=3600
age: 502
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1049
Cache-Control: max-age=126279
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:41 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 09:24:20 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash cf63cc9384c4b13a6f3771895f2064ee
d17ce35de783535ee12d83f5fdfe54280dc0ac63
1fd99df19eab4f93db2fac982c690665ace51e4167e140e39edd642523eaa746
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1FD99DF19EAB4F93DB2FAC982C690665ACE51E4167E140E39EDD642523EAA746"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18534
Expires: Mon, 05 Dec 2022 03:28:35 GMT
Date: Sun, 04 Dec 2022 22:19:41 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash bab3e161e3f3854daf7dc364769decd5
48869547ffc9c4481f49a32528f2bbe9d7038bf0
02df2293bba89b1251e3dc7e75df671314cab849e0bc367507cdc10b35dbb4aa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "02DF2293BBA89B1251E3DC7E75DF671314CAB849E0BC367507CDC10B35DBB4AA"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8771
Expires: Mon, 05 Dec 2022 00:45:52 GMT
Date: Sun, 04 Dec 2022 22:19:41 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 279 B IP
Hash 386801404fe941446915391bc9a2850b
2b586d763d09b990598ad61b0923ebb58ed92f6f
35245b7d0fd1ac022e8ffe6bc43722f66de86647eaebe2631f10435430e0e295
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4810
Cache-Control: max-age=133640
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:41 GMT
Etag: "638c713b-117"
Expires: Tue, 06 Dec 2022 11:27:01 GMT
Last-Modified: Sun, 04 Dec 2022 10:06:51 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: i4JFkDqIlU8o4t6hCwtHfQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xkIAzzdlVFS7iYxIWj+3GDMj5XY=
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash bab3e161e3f3854daf7dc364769decd5
48869547ffc9c4481f49a32528f2bbe9d7038bf0
02df2293bba89b1251e3dc7e75df671314cab849e0bc367507cdc10b35dbb4aa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "02DF2293BBA89B1251E3DC7E75DF671314CAB849E0BC367507CDC10B35DBB4AA"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8771
Expires: Mon, 05 Dec 2022 00:45:52 GMT
Date: Sun, 04 Dec 2022 22:19:41 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 5e178f3b526edee352d9b28af2257f11
07b38a86e9afe9a3aa168eacb99ae717d54829f4
d9ecd0706d265906b70d78272c9ddeec7bc96e61f7e5554372d08e019a91e4ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D9ECD0706D265906B70D78272C9DDEEC7BC96E61F7E5554372D08E019A91E4CE"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17244
Expires: Mon, 05 Dec 2022 03:07:05 GMT
Date: Sun, 04 Dec 2022 22:19:41 GMT
Connection: keep-alive
exe.io/st?api=f7c1724294337686fddc64d196d06fbbaeed080f&url=ouo.io/qs/irsDdjT0?s=https://www25.zippyshare.com/v/9fpS98Bt/file.html
200 OK 1.3 kB URL HTTP/2 exe.io/st?api=f7c1724294337686fddc64d196d06fbbaeed080f&url=ouo.io/qs/irsDdjT0?s=https://www25.zippyshare.com/v/9fpS98Bt/file.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1199)
Hash 8571fdd67494971a033c68d59df8f3ba
d2cdd42d66a4adef77b9acabfa37f670b2b52cdc
7c4f18d1f333045836a2cbb385c3ce47ba914123f5fdde73dc1f85937fa30c63
GET /st?api=f7c1724294337686fddc64d196d06fbbaeed080f&url=ouo.io/qs/irsDdjT0?s=https://www25.zippyshare.com/v/9fpS98Bt/file.html HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:40 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=d951f6e34786269701818b12a89ec79e; path=/; HttpOnly
csrfToken=d10ac096950749bf46eb7c994e3508f30531efcb7260db63e7c18afee4f5ce0d6742d2ee2baade605922279517615ea0bfaf0fc06a52153f9fcdfa1603a99b6b; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0xXndYDYfM%2F6shYL83ofnpHv630YIMQR%2FFwuRIRDz9JvUkcqqIBMLIqHdiVVLp3JIAn4xfSUTlKqw1YsjWGpz4CQG9lek%2FqcpX%2FLzqmeo2H5Elw5DndOew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7747eccb0f740b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP
Hash fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14
POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:41 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1073a230d073dc1d5cbaf66549aea4fd
3a28da3ca8ca23482e95640bdd3c2f329ba280cf
89aae3c578e805f972cd86699945f779de0c22302d3d4482f45706308826e47b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89AAE3C578E805F972CD86699945F779DE0C22302D3D4482F45706308826E47B"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5752
Expires: Sun, 04 Dec 2022 23:55:33 GMT
Date: Sun, 04 Dec 2022 22:19:41 GMT
Connection: keep-alive
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:56:05 GMT
expires: Tue, 28 Nov 2023 18:56:05 GMT
cache-control: public, max-age=31536000
age: 530616
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
200 OK 46 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP
Hash 4062018ffed2da8be25173facf0932aa
d8fcd9054d9bcae2805a2411b6fd8fb9a15a4c13
f6dd9aa4156d2431f1695741566d879762b10df159ec2115f31dbb482efd7e6e
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Dec 2022 22:19:41 GMT
date: Sun, 04 Dec 2022 22:19:41 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2c0eaa537febf786b6a069279ccc1d1a
f5b69d57e54ce41dc24fdd3e4920781cf62f1799
eb12e227487951251e095e95973e2a8cad197e00fad27f02a7293ef598b7eb4c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB12E227487951251E095E95973E2A8CAD197E00FAD27F02A7293EF598B7EB4C"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12633
Expires: Mon, 05 Dec 2022 01:50:14 GMT
Date: Sun, 04 Dec 2022 22:19:41 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 279 B IP
Hash 386801404fe941446915391bc9a2850b
2b586d763d09b990598ad61b0923ebb58ed92f6f
35245b7d0fd1ac022e8ffe6bc43722f66de86647eaebe2631f10435430e0e295
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4810
Cache-Control: max-age=133640
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:41 GMT
Etag: "638c713b-117"
Expires: Tue, 06 Dec 2022 11:27:01 GMT
Last-Modified: Sun, 04 Dec 2022 10:06:51 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fn.deulspoorn.com/1clkn/29529
200 OK 26 B URL HTTP/1.1 fn.deulspoorn.com/1clkn/29529
IP
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: fn.deulspoorn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 22:19:41 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 05-Dec-2022 22:19:41 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Mon, 05-Dec-2022 22:19:41 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
exee.app/aOSiT
200 OK 168 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61735)
Size 168 kB (167698 bytes)
Hash 96375b740f836d1bb43669186f8a24f7
061a49e78477fb7e7672a36d33326589986494a8
feab528124fff45c35977784673e7a277bd20dcc018d6913e269f04629f3612f
GET /aOSiT HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exe.io/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:41 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=fd4d2efdca9528b31c065dee8d067525; path=/; HttpOnly
csrfToken=92bd3ea2b42b1fd7dfb1ddf38d07debc6f6431211ee8297f0f30ef2b1ef8e6c1b8ca845018f3a28048b34716fd65b951daed6ba75f117ecd90b59de9c9dd2f6e; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x5I9r4UBiOj550ttPdj6IPO0o3RaToAn6cKBWWhNhRHu7sVjol9GFixqTXKo%2FTEoRequFUbgIE5YN73VAZ6CfAppqCMMBrj9CBbRf%2FwurbEX6A7sMf0eJM9fUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7747eccf2c46b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lynormationpas.com/TWpJVHliVSonRC9acBguCBoqMBcDHCwCFWhYDzIUPRARHAl6CwFkXzkDLWlBeVl7YkhrGiAwRHxSbycNLB48J0R8TCA6HyJXbyJEfER5ektjWG8hRHxMPSQYKld4cgk5HiVpSHtdeWVAf1l+bUt1XA
204 No Content 0 B URL HTTP/2 lynormationpas.com/TWpJVHliVSonRC9acBguCBoqMBcDHCwCFWhYDzIUPRARHAl6CwFkXzkDLWlBeVl7YkhrGiAwRHxSbycNLB48J0R8TCA6HyJXbyJEfER5ektjWG8hRHxMPSQYKld4cgk5HiVpSHtdeWVAf1l+bUt1XA
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TWpJVHliVSonRC9acBguCBoqMBcDHCwCFWhYDzIUPRARHAl6CwFkXzkDLWlBeVl7YkhrGiAwRHxSbycNLB48J0R8TCA6HyJXbyJEfER5ektjWG8hRHxMPSQYKld4cgk5HiVpSHtdeWVAf1l+bUt1XA HTTP/1.1
Host: lynormationpas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 22:19:41 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0sQUizbDCZDTqV6nv1Q1tDVcS7loiX76rjvbn8L%2BbGMwLJCTohUKebMWS0ojxtxXjez0VY%2B458d24gBYJZz9aKOuUGvrejQXRafhRzs0pW2aQM%2FY6WEw5bGSqwjH9Iu7RoL%2Fq7w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7747ecd2a959b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 5e178f3b526edee352d9b28af2257f11
07b38a86e9afe9a3aa168eacb99ae717d54829f4
d9ecd0706d265906b70d78272c9ddeec7bc96e61f7e5554372d08e019a91e4ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D9ECD0706D265906B70D78272C9DDEEC7BC96E61F7E5554372D08E019A91E4CE"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17244
Expires: Mon, 05 Dec 2022 03:07:05 GMT
Date: Sun, 04 Dec 2022 22:19:41 GMT
Connection: keep-alive
cdntechone.com/stattag.js
200 OK 5.2 kB URL HTTP/2 cdntechone.com/stattag.js
IP
File type ASCII text, with very long lines (12932), with no line terminators
Hash f95c022a04e2db37f1c70a2aaa22b40e
51a3a1c1478758643f5d7640d4e47aaa7ca2706e
abae49d4662d898deb06ea45753842e4b4288b67107574b0ed74a99d44e2a136
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:41 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 7086
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p5hLrGLTTgvRcZrgNS7bRiZC%2FQDEWrMj4PAPk3g4LDyoaEqyqMN5HjbW5kfAtcl%2FsHggL%2BXBotPLHdCX4syuQqnEvLs7dV3mfb0s7UZjweLvGXIhQd6bw7OfhC%2B7NAne2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747ecd1b8491c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP
File type ASCII text, with very long lines (37174), with no line terminators
Hash 643abe7a5449d38e54d0fd3ffbdd2934
5be0f076595d4a55390412c2eab049b43fadfde8
9caabf17e654f64ec032319309f33a2c2450970259afd15f568fc414ca33748a
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 22:19:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 490b8b4c7cde691c03962a2262ef06d5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
analytics.vdo.ai/logger
200 OK 472 B IP
Hash d8a64de4ac46b21b1bdfe15c1c47a3b7
6b7e609ee1bde286138de31fb932174d8ae5bac6
f514b1d3b194e7b107a69ebf19146c303cb2603e463e539c6ef40a0058ef9cc5
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 124
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:41 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mkPDGG6fYuAkxXYPbuLnZ1ziTL8WiYRfbAiHQVFjPZ%2F8Gux%2FOS6ZFYU3p6wEdeg2UQCfS14JjEq5hteFgcex%2BHaSnLGv4ZvKlzL5KsODS4r1H14whDJnegTnRk8mX5Z%2FBdks"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7747ecd3284a74a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash ffb1fa188f11f4b1ec69136d1920502b
8aac404d7cf025e415c22f6170fea74bf537c603
7beabb9b7af824e542dc5f62308e6d44c4a38dee34d69836ca4c1cf966592b82
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "7BEABB9B7AF824E542DC5F62308E6D44C4A38DEE34D69836CA4C1CF966592B82"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14129
Expires: Mon, 05 Dec 2022 02:15:11 GMT
Date: Sun, 04 Dec 2022 22:19:42 GMT
Connection: keep-alive
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FaOSiT&tag=v-exee-app&domain=exee.app
200 OK 2.2 kB URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2FaOSiT&tag=v-exee-app&domain=exee.app
IP
File type JSON data\012- , ASCII text, with very long lines (8589)
Hash f4df7357676f64795a8a0ded450af07f
a0a19d7e7311e444ec9b3b305a2aa78fbbc1ad4b
c50d0dacf54819fcb8c755ecc0aa73dbf41837c3b6916a69560ffd9338893df5
GET /allowed_url.php?type=json&url=exee.app%2FaOSiT&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:41 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n3Yxq1g9P0qw%2F9mjVqzSviPgILJgPshXw3OiBWGzBq576aomVRb2YMlv0i3sACxdr9%2BZEEjGfLNroAdjLl6t1yqehdh32NyCxIkg3XIdnG%2FBcwEUJYkXyS8cQ%2BYY%2FNGcwryT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7747ecd3588974a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 915
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 04 Dec 2022 22:19:42 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 47b644210e1185da967b593c2fb4f3df
e80aff46867604ff4b94607ea082361940b89715
244f29ea97060fe1a6746bbc12e7d8b288cb0820c85213f1f13628b19c8d05a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "244F29EA97060FE1A6746BBC12E7D8B288CB0820C85213F1F13628B19C8D05A9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3520
Expires: Sun, 04 Dec 2022 23:18:22 GMT
Date: Sun, 04 Dec 2022 22:19:42 GMT
Connection: keep-alive
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 9d26948f6c4dc88e58968f386ba8b799
e45c3796e11c13b37a7102ea6b35403be3440b51
27a0d07c3ed4f869f1822925ffa44458dffb91654b4b98f0e957b0c9ac423e53
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:42 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=90635a2a-bcb3-4ce4-963c-4a33b5cb851d:2:1; expires=Wed, 01 Dec 2032 22:19:42 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 129 kB IP
ASN #20940 Akamai International B.V.
Size 129 kB (129275 bytes)
Hash f697ce7ead702538271b9ed3e07a91e8
3bb5397321d8fc8a631d4ef21b8282548311453b
9c979f444efb8b2c0ad5f111bab2b95cad646f20c2734532c16990b246d2fa6a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "7BEABB9B7AF824E542DC5F62308E6D44C4A38DEE34D69836CA4C1CF966592B82"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14129
Expires: Mon, 05 Dec 2022 02:15:11 GMT
Date: Sun, 04 Dec 2022 22:19:42 GMT
Connection: keep-alive
specialistinsensitive.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
200 OK 29 kB URL HTTP/1.1 specialistinsensitive.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 6a3a86422ba6a14ff687e1ed44cd17fd
a2e530ac882d3e941b76307528ddcb02f4b7aa11
6da8465899e777d7202782d705c2cea60e7daf1392941b7fbfc9d02c8e080017
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/ed/da/e3edda287db626ee1ba52321f203a61e.js HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 22:19:42 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c88602b03ea0a55542640464f1387c28
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
edvforeveretest.com/utx?cb=SRtdQF6mlCFY&top=exee.app&tid=889494
204 No Content 0 B URL HTTP/2 edvforeveretest.com/utx?cb=SRtdQF6mlCFY&top=exee.app&tid=889494
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=SRtdQF6mlCFY&top=exee.app&tid=889494 HTTP/1.1
Host: edvforeveretest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 22:19:42 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 04 Dec 2022 22:20:42 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a74acf906b8953821b0336dce1aa98b0.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: NzmW4u9DDMOzoVP-pQX4RBW5ldry8-5LTacOqCEIIh-xDTU7HlIFDQ==
X-Firefox-Spdy: h2
edvforeveretest.com/MUEwU2xQI1M+U1B8UnUZQy0Ndl53ZAIVCANxBTkeW3RYYloAd0h9D10uRTcKQy5eJ0JfJER2Xnc2ZWM2BxZeGht6E2FrOGIiRhsBVQpRYFV+GAAJXX0AW2Ikcg8HFwRSK3EbOXAgYTsHdTgAZCR5FEkSKAQRaWEtZg5IJFxUcEd2XncJdBFbYnJHByJIE3gxAGAvfjs5SRVKZxt0FXEyPFgIcx4Le3B9KxhfCUokVHQ7aTYhXA95GylVeFQ/VV4QXiAUdDthBDx1BHo1XHMrexJZFHN2Ait/cmM9PnIlXgZYV3FyOSFjDAABK1UrYwEEaRhoCi9TBGphCGVsWHZedxB3Hlx1CQkRKV8lezFdSStSYlVeEFoCBnYVdTcIXxAIMil7KFQ4HEMQXRkGYgZfBiNbEFYDLgEzaWMLUhACHRZnBkAGJl81fHUGQi5eI1FFDGEAX0tySmQlZiBe
200 OK 1.2 kB URL HTTP/2 edvforeveretest.com/MUEwU2xQI1M+U1B8UnUZQy0Ndl53ZAIVCANxBTkeW3RYYloAd0h9D10uRTcKQy5eJ0JfJER2Xnc2ZWM2BxZeGht6E2FrOGIiRhsBVQpRYFV+GAAJXX0AW2Ikcg8HFwRSK3EbOXAgYTsHdTgAZCR5FEkSKAQRaWEtZg5IJFxUcEd2XncJdBFbYnJHByJIE3gxAGAvfjs5SRVKZxt0FXEyPFgIcx4Le3B9KxhfCUokVHQ7aTYhXA95GylVeFQ/VV4QXiAUdDthBDx1BHo1XHMrexJZFHN2Ait/cmM9PnIlXgZYV3FyOSFjDAABK1UrYwEEaRhoCi9TBGphCGVsWHZedxB3Hlx1CQkRKV8lezFdSStSYlVeEFoCBnYVdTcIXxAIMil7KFQ4HEMQXRkGYgZfBiNbEFYDLgEzaWMLUhACHRZnBkAGJl81fHUGQi5eI1FFDGEAX0tySmQlZiBe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Hash 612ae37c9146da30e44e71267d201216
344b6fb047a0528d86b60db250538f75a1b0e830
49bb0986a308e4e449623fbd0494120867655f378133edcad4a3cf3ec57b623d
GET /MUEwU2xQI1M+U1B8UnUZQy0Ndl53ZAIVCANxBTkeW3RYYloAd0h9D10uRTcKQy5eJ0JfJER2Xnc2ZWM2BxZeGht6E2FrOGIiRhsBVQpRYFV+GAAJXX0AW2Ikcg8HFwRSK3EbOXAgYTsHdTgAZCR5FEkSKAQRaWEtZg5IJFxUcEd2XncJdBFbYnJHByJIE3gxAGAvfjs5SRVKZxt0FXEyPFgIcx4Le3B9KxhfCUokVHQ7aTYhXA95GylVeFQ/VV4QXiAUdDthBDx1BHo1XHMrexJZFHN2Ait/cmM9PnIlXgZYV3FyOSFjDAABK1UrYwEEaRhoCi9TBGphCGVsWHZedxB3Hlx1CQkRKV8lezFdSStSYlVeEFoCBnYVdTcIXxAIMil7KFQ4HEMQXRkGYgZfBiNbEFYDLgEzaWMLUhACHRZnBkAGJl81fHUGQi5eI1FFDGEAX0tySmQlZiBe HTTP/1.1
Host: edvforeveretest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Sun, 04 Dec 2022 22:19:42 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a74acf906b8953821b0336dce1aa98b0.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: WRL3MnDO5ZjdqobxTfX26jNgyqa_oQheH3BlDL461KFVrJ1ZA5feag==
X-Firefox-Spdy: h2
edvforeveretest.com/NXlsb2xUGw8CU1REDkkZRxVRSl5zXF4pCAdJWQUeX0wEXloETxRBD1kWGQsKRxYCG0JbHBhKXnNLDgI9TDdcPiJ2SBQ9CU0WIjkLRUE0KTV9OzQtJXESKjYnXUw2PAd8KCM+LnkaCwQtdi4hPSF3KC0rG1EQLQg6ViwkAyV0LxQ6CWNALzpdeBQ5Xi1gKBY+LnEOVQ4hUiwjOABaHioIFHY8OCo8Yi9VNjxSGiU3AG8RNCwlfT40PSBjHiUJIUIaJzkAUgMkOil0OxUADWQoLScIY0wnLgR/SiAqKXQ7FiIkdh49KzVjSQEpG2NJKgMlcjwCDB9kKEEuJHsRBC0tbSNdNwBwGi5dXXkvCyU9fChcPzRnM14kKmw6LgE+UC89JitsLxQ6OnNNXiwbfx04XSpWMAsiJFYsLjoqcDNZNxsTEx8AAkVEFBo4Yh0VKiFbFD0
200 OK 1.2 kB URL HTTP/2 edvforeveretest.com/NXlsb2xUGw8CU1REDkkZRxVRSl5zXF4pCAdJWQUeX0wEXloETxRBD1kWGQsKRxYCG0JbHBhKXnNLDgI9TDdcPiJ2SBQ9CU0WIjkLRUE0KTV9OzQtJXESKjYnXUw2PAd8KCM+LnkaCwQtdi4hPSF3KC0rG1EQLQg6ViwkAyV0LxQ6CWNALzpdeBQ5Xi1gKBY+LnEOVQ4hUiwjOABaHioIFHY8OCo8Yi9VNjxSGiU3AG8RNCwlfT40PSBjHiUJIUIaJzkAUgMkOil0OxUADWQoLScIY0wnLgR/SiAqKXQ7FiIkdh49KzVjSQEpG2NJKgMlcjwCDB9kKEEuJHsRBC0tbSNdNwBwGi5dXXkvCyU9fChcPzRnM14kKmw6LgE+UC89JitsLxQ6OnNNXiwbfx04XSpWMAsiJFYsLjoqcDNZNxsTEx8AAkVEFBo4Yh0VKiFbFD0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3040), with no line terminators
Hash b36cd9c504500b28ba58883624297af0
536c1bc9261152d4f346c607fd0df921d48b3c52
7d157db2d393f1d4977b72f86e2cbff364ed2d89817debbe22067eaac30fd4eb
GET /NXlsb2xUGw8CU1REDkkZRxVRSl5zXF4pCAdJWQUeX0wEXloETxRBD1kWGQsKRxYCG0JbHBhKXnNLDgI9TDdcPiJ2SBQ9CU0WIjkLRUE0KTV9OzQtJXESKjYnXUw2PAd8KCM+LnkaCwQtdi4hPSF3KC0rG1EQLQg6ViwkAyV0LxQ6CWNALzpdeBQ5Xi1gKBY+LnEOVQ4hUiwjOABaHioIFHY8OCo8Yi9VNjxSGiU3AG8RNCwlfT40PSBjHiUJIUIaJzkAUgMkOil0OxUADWQoLScIY0wnLgR/SiAqKXQ7FiIkdh49KzVjSQEpG2NJKgMlcjwCDB9kKEEuJHsRBC0tbSNdNwBwGi5dXXkvCyU9fChcPzRnM14kKmw6LgE+UC89JitsLxQ6OnNNXiwbfx04XSpWMAsiJFYsLjoqcDNZNxsTEx8AAkVEFBo4Yh0VKiFbFD0 HTTP/1.1
Host: edvforeveretest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1191
date: Sun, 04 Dec 2022 22:19:42 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a74acf906b8953821b0336dce1aa98b0.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: ZpP8yz7-bGVY8QPMSzOQ6bPvfDo2LwTkAx3jcG3wu87wSjhwuRhY7A==
X-Firefox-Spdy: h2
exee.app/css/continue.css
200 OK 44 kB URL HTTP/2 exee.app/css/continue.css
IP
File type assembler source, ASCII text
Hash 2fe0b4f5774fd5b4b36cad9f963eb167
f750e08a538dcbec543fbed170ade833873b8e5d
d5819072dadb8856a666ab79c2ee8595ab765def876942b862692a4987ffde21
GET /css/continue.css HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/aOSiT
Cookie: AppSession=fd4d2efdca9528b31c065dee8d067525; csrfToken=92bd3ea2b42b1fd7dfb1ddf38d07debc6f6431211ee8297f0f30ef2b1ef8e6c1b8ca845018f3a28048b34716fd65b951daed6ba75f117ecd90b59de9c9dd2f6e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:41 GMT
content-type: text/css
x-frame-options: SAMEORIGIN
last-modified: Fri, 20 Nov 2020 17:25:47 GMT
cache-control: max-age=2592000
expires: Fri, 16 Dec 2022 15:46:33 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1578788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qqWY4kqV3ctODXZd68pvOXB8SrI4tHbvFB9wtvJgBspmqZByctVFFVevCmW6DLubNXl5uZT7lkAfCBmzp0ECIjWCEIfgOhiKa43tJgpdaqd%2BgByE%2BlBQ%2FWntkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7747ecd05de4b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
edvforeveretest.com/Umg1RngzClYrRzNVV2ANIAQIY0oUTQcAHGBYACwKOF1dd05jXk1oGz4HQCIeIAdbMlY8DUFjShQZYgNJFCVjF08bAUEeGSsfXg8pKhtXDk1hKgcQXWAqfzwiNydcLg8aKWR3OygbcRAfAB53DkgKIXYPCDcpcz82ER9HEBU+TQcEMxEcZicvPhp/AC1gMm0qEgAsYyoxERh5FiwDAH8EKj8gWy4KEzBzNx4FWXIWLAsYfi0hPA5tf0kKEXd/HmE9dBwwCFFsBzEFDm1/SQACBXQdYS1gHAAiB1ExPSEKWyofEwBvfx5hPnEPFmNNBwQ6EypeJC8cWXIOPiMOZmsyByZPCxELKXgVGTxZBQcvABhTHikHMlghCh4teD4oOyEMAD8LDVMOLRcNWC4KHylNKl44G1ooCG8xACcrJC5SFk8bUA
200 OK 1.2 kB URL HTTP/2 edvforeveretest.com/Umg1RngzClYrRzNVV2ANIAQIY0oUTQcAHGBYACwKOF1dd05jXk1oGz4HQCIeIAdbMlY8DUFjShQZYgNJFCVjF08bAUEeGSsfXg8pKhtXDk1hKgcQXWAqfzwiNydcLg8aKWR3OygbcRAfAB53DkgKIXYPCDcpcz82ER9HEBU+TQcEMxEcZicvPhp/AC1gMm0qEgAsYyoxERh5FiwDAH8EKj8gWy4KEzBzNx4FWXIWLAsYfi0hPA5tf0kKEXd/HmE9dBwwCFFsBzEFDm1/SQACBXQdYS1gHAAiB1ExPSEKWyofEwBvfx5hPnEPFmNNBwQ6EypeJC8cWXIOPiMOZmsyByZPCxELKXgVGTxZBQcvABhTHikHMlghCh4teD4oOyEMAD8LDVMOLRcNWC4KHylNKl44G1ooCG8xACcrJC5SFk8bUA
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3018), with no line terminators
Hash dce462e441aa4009f3d58560a4db9f1e
410a5b21305401cb484f14ad57f53dcc23c2bb92
e7a61e426ddb9336c10fecaf9dd54d754016f808e0f71dd0c88fbe6a3d523078
GET /Umg1RngzClYrRzNVV2ANIAQIY0oUTQcAHGBYACwKOF1dd05jXk1oGz4HQCIeIAdbMlY8DUFjShQZYgNJFCVjF08bAUEeGSsfXg8pKhtXDk1hKgcQXWAqfzwiNydcLg8aKWR3OygbcRAfAB53DkgKIXYPCDcpcz82ER9HEBU+TQcEMxEcZicvPhp/AC1gMm0qEgAsYyoxERh5FiwDAH8EKj8gWy4KEzBzNx4FWXIWLAsYfi0hPA5tf0kKEXd/HmE9dBwwCFFsBzEFDm1/SQACBXQdYS1gHAAiB1ExPSEKWyofEwBvfx5hPnEPFmNNBwQ6EypeJC8cWXIOPiMOZmsyByZPCxELKXgVGTxZBQcvABhTHikHMlghCh4teD4oOyEMAD8LDVMOLRcNWC4KHylNKl44G1ooCG8xACcrJC5SFk8bUA HTTP/1.1
Host: edvforeveretest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1173
date: Sun, 04 Dec 2022 22:19:42 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a74acf906b8953821b0336dce1aa98b0.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: u_nY81sCiMbzfOkkBSHp9lXOG8RdB4ixjvnrlrZpZ06ksx2n42ucsw==
X-Firefox-Spdy: h2
specialistinsensitive.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=90635a2a-bcb3-4ce4-963c-4a33b5cb851d%3A2%3A1
200 OK 6.9 kB URL HTTP/1.1 specialistinsensitive.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=90635a2a-bcb3-4ce4-963c-4a33b5cb851d%3A2%3A1
IP
File type JSON data\012- , ASCII text, with very long lines (16656), with no line terminators
Hash 681c80d282e141c5ab2f2cc4bbab3a87
6a031d1d0cae8d7aa3afa772e8f96d8991258b02
cc49127f8f393e3c5d6c5a1e5f10ea28892f51ed4694690dc6b8ea0692633c7a
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=90635a2a-bcb3-4ce4-963c-4a33b5cb851d%3A2%3A1 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 22:19:42 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://exee.app
Access-Control-Allow-Origin: https://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Mon, 05 Dec 2022 22:19:42 GMT; secure; SameSite=None
uid_id2=90635a2a-bcb3-4ce4-963c-4a33b5cb851d:2:1; expires=Sun, 11 Dec 2022 22:19:42 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 05 Dec 2022 22:19:42 GMT; secure; SameSite=None
uncs=1; expires=Mon, 05 Dec 2022 22:19:42 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 05 Dec 2022 22:19:42 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 05 Dec 2022 22:19:42 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 800261f1e861b535b3b8ce5c463c4f15
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ce48a4450bc9ac5b2d58787e83c002c7
a5d9e7f7227f496bcac66b6c4671cee438efa0dd
e3df452f4397b612584e550d519dc205d4826eb38a4232a5ea15cc7dd3108021
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3DF452F4397B612584E550D519DC205D4826EB38A4232A5EA15CC7DD3108021"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9143
Expires: Mon, 05 Dec 2022 00:52:05 GMT
Date: Sun, 04 Dec 2022 22:19:42 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d616b0b14e0c5cda5c98d0b99cccbaf3
657299c8f642a892045dbfe2a6958133e6b57f99
3590d6a37989c47a5d082655909defed76f2f4a467d3f6700134bba4ffb130f7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3590D6A37989C47A5D082655909DEFED76F2F4A467D3F6700134BBA4FFB130F7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5562
Expires: Sun, 04 Dec 2022 23:52:24 GMT
Date: Sun, 04 Dec 2022 22:19:42 GMT
Connection: keep-alive
d205jrj5h1616x.cloudfront.net/2bmQyN0QNC1xRexoNVgp8XFYHBXBIDkFYKh5ZSkIQOQBLcgkACWMRMBQADwdiAgVcUHlIAVxUeV9CU1MmU1AUQzQBDw9aMgUOWlogFgxCETEPWV9YPgcIXlZhXCIHGXRLVgIfMwcKVlgzHUEAByoaQQAHdV5KAhJ3LEEABzMHCgQDYV0mFwV0FlIGEncsQQ-AHNhhBAXZ1XlEcB21LVgJQIQ0PXRJ2KFYCBnReVQIGYVxUVF42CwJdT2FcIgMHcUBUFEJ5Xw
200 OK 541 B URL HTTP/2 d205jrj5h1616x.cloudfront.net/2bmQyN0QNC1xRexoNVgp8XFYHBXBIDkFYKh5ZSkIQOQBLcgkACWMRMBQADwdiAgVcUHlIAVxUeV9CU1MmU1AUQzQBDw9aMgUOWlogFgxCETEPWV9YPgcIXlZhXCIHGXRLVgIfMwcKVlgzHUEAByoaQQAHdV5KAhJ3LEEABzMHCgQDYV0mFwV0FlIGEncsQQ-AHNhhBAXZ1XlEcB21LVgJQIQ0PXRJ2KFYCBnReVQIGYVxUVF42CwJdT2FcIgMHcUBUFEJ5Xw
IP
Hash 4750b2ed729b26590a2ce93f74f9a053
d1c59bd48bfeb318ed7790f88bcfb2fdf64c2db5
8e817e5e6d02283405789368cc9d5c99afd7c925135f7c0e1af6ae300ef413c3
GET /2bmQyN0QNC1xRexoNVgp8XFYHBXBIDkFYKh5ZSkIQOQBLcgkACWMRMBQADwdiAgVcUHlIAVxUeV9CU1MmU1AUQzQBDw9aMgUOWlogFgxCETEPWV9YPgcIXlZhXCIHGXRLVgIfMwcKVlgzHUEAByoaQQAHdV5KAhJ3LEEABzMHCgQDYV0mFwV0FlIGEncsQQ-AHNhhBAXZ1XlEcB21LVgJQIQ0PXRJ2KFYCBnReVQIGYVxUVF42CwJdT2FcIgMHcUBUFEJ5Xw HTTP/1.1
Host: d205jrj5h1616x.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edvforeveretest.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 506
date: Sun, 04 Dec 2022 22:19:42 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0562d7d213bde9a129ec458c631f9cee.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C1
x-amz-cf-id: VGQJL4aRT21HW1wW0rVCsLn1SzPHK15ucDTE745mfEbuOWcNK7HsVQ==
X-Firefox-Spdy: h2
d205jrj5h1616x.cloudfront.net/wU0Z6WnIwKRQ8TScvHmdKa39OY0Z1LAk1HCN7DhcjAHUAaQhkDy07HHUyAD5PY2AWOxw0e1w/HDB7S3wTNyRHblQnNhUxTz4wETAaPiICMgJ1MxtnHzw8EzYeMmNIHEd9dl9oQnsxEzQWPDEJf0BjKA5/QGN3SnRCdnU4f0BjMRM0RGdjSRhXYXYCbEZ2dT-h/QGM0DH9BEndKb1xjb19oQjQjGTEddnQ8aEJidkprQmJjSGoUOjQfPB0rY0gcQ2NzVGpUJntL
200 OK 621 B URL HTTP/2 d205jrj5h1616x.cloudfront.net/wU0Z6WnIwKRQ8TScvHmdKa39OY0Z1LAk1HCN7DhcjAHUAaQhkDy07HHUyAD5PY2AWOxw0e1w/HDB7S3wTNyRHblQnNhUxTz4wETAaPiICMgJ1MxtnHzw8EzYeMmNIHEd9dl9oQnsxEzQWPDEJf0BjKA5/QGN3SnRCdnU4f0BjMRM0RGdjSRhXYXYCbEZ2dT-h/QGM0DH9BEndKb1xjb19oQjQjGTEddnQ8aEJidkprQmJjSGoUOjQfPB0rY0gcQ2NzVGpUJntL
IP
File type ASCII text, with very long lines (877), with no line terminators
Hash 5511bd20a463a6b8655a87e893892d08
b8a39bc6b5d719a917a06c41a290194d8987bf0b
f6b29e69466275c8fbfac34c5ec5e8bb42ce814bc268aa8e3bebe61e5b634b1d
GET /wU0Z6WnIwKRQ8TScvHmdKa39OY0Z1LAk1HCN7DhcjAHUAaQhkDy07HHUyAD5PY2AWOxw0e1w/HDB7S3wTNyRHblQnNhUxTz4wETAaPiICMgJ1MxtnHzw8EzYeMmNIHEd9dl9oQnsxEzQWPDEJf0BjKA5/QGN3SnRCdnU4f0BjMRM0RGdjSRhXYXYCbEZ2dT-h/QGM0DH9BEndKb1xjb19oQjQjGTEddnQ8aEJidkprQmJjSGoUOjQfPB0rY0gcQ2NzVGpUJntL HTTP/1.1
Host: d205jrj5h1616x.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edvforeveretest.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 621
date: Sun, 04 Dec 2022 22:19:42 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0562d7d213bde9a129ec458c631f9cee.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C1
x-amz-cf-id: izJpbIZFuZytPvwAeA12TOmtVWuDCKYAwvc_Bq1IhzQaYGE1SeCvyA==
X-Firefox-Spdy: h2
d205jrj5h1616x.cloudfront.net/qWE1FMVQ7IitXaywkIQxsbH53B2V+JzZeOihwHAQ1CzsDVgRvBH0XICIpeAFyNCwrVml+KCtSaWlrJFU2ZXljRDVlICpLPTQhJBRmHnhrAXFqfW1GPTYpKkYnfX91XyB9f3UAZHZ9YAIWfX91Rj02e3EUZxpodwEsbnlgAhZ9f3VDIn1+BABkbWN1GHFqfS-JUNzMiYAMSan10AWRpfXQUZmgrLEMxPiI9FGYefHUEemhrMAxl
200 OK 189 B URL HTTP/2 d205jrj5h1616x.cloudfront.net/qWE1FMVQ7IitXaywkIQxsbH53B2V+JzZeOihwHAQ1CzsDVgRvBH0XICIpeAFyNCwrVml+KCtSaWlrJFU2ZXljRDVlICpLPTQhJBRmHnhrAXFqfW1GPTYpKkYnfX91XyB9f3UAZHZ9YAIWfX91Rj02e3EUZxpodwEsbnlgAhZ9f3VDIn1+BABkbWN1GHFqfS-JUNzMiYAMSan10AWRpfXQUZmgrLEMxPiI9FGYefHUEemhrMAxl
IP
File type ASCII text, with no line terminators
Hash f9d60943cae4e2814c59724e786cc9c9
290bfbd54cc7e8818141ac0b264d4caac4fd2579
f11b78e1bfc52e2e3bdf043d575cbc86b8cef4ca7d701c6f439ea76eb8448b4b
GET /qWE1FMVQ7IitXaywkIQxsbH53B2V+JzZeOihwHAQ1CzsDVgRvBH0XICIpeAFyNCwrVml+KCtSaWlrJFU2ZXljRDVlICpLPTQhJBRmHnhrAXFqfW1GPTYpKkYnfX91XyB9f3UAZHZ9YAIWfX91Rj02e3EUZxpodwEsbnlgAhZ9f3VDIn1+BABkbWN1GHFqfS-JUNzMiYAMSan10AWRpfXQUZmgrLEMxPiI9FGYefHUEemhrMAxl HTTP/1.1
Host: d205jrj5h1616x.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edvforeveretest.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 189
date: Sun, 04 Dec 2022 22:19:42 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0562d7d213bde9a129ec458c631f9cee.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C1
x-amz-cf-id: EGuDU7EEYPPuRUO56-UUUY8ev1Kx6xB1PcgzAq2FbbmSdLTjfBBzxA==
X-Firefox-Spdy: h2
specialistinsensitive.com/ren.gif?sid=H4sIAAAAAAAC%2F3yWS6gkS1rHq3quILpRmY2icLjHHhSsU%2FmKfNzL0FRmvR9ZWe8HjWU%2BIjOj8lkZ%2BaoEYXBEZjPQrsaVnI7ue9t5oF5BXAly2o00iHNcaF%2BwxY0bNz5wliLndEuPcO98JBlfxBeL%2BOL7%2FYPv955mb2oUyfTX2iSqkO%2FrTXBFXfzaBoVWVOALdXlBU1fUxxcbFPLcxxfl3S%2FJP6IpcEX9%2BkUPml7UZCiaomiKvuiiBNpR2byPEhT%2FQKKvJOqKY65owJEy%2Bf9znNUJ1uvEyt%2FUfoEg6%2Fan3L%2F5jCDzhoTBn7Yh9tIo%2Fo1OkPl6GiUkt16sQi%2BMipAE7107qRM7fPFuN4nwba32Bw9IFL54lwGJ8ud3GRAD3dbq%2F0ATI3zx7pjEyD95e1LDJzAkhvWzpMhvCPRvCNJviBl9kyDrhzVCTIuoUxIGn6pRUujnt1H9Lnpb%2B%2BBH%2F0VQcVv74J%2B%2BSsLgj2UflReLyM9SFIWYlPY1QeUNQc4NibOXJK3qBBUviZn%2BDkHW39aaPxqTMHg%2BxX5EkPX6VyWKZ4HO6A3DNNgGZ0KuIfGs2eB0ljWAaYiAtu6vCKEbguwb4sMnRMcPSIbrJEN1ktl1ksV1ElivL3Qg2RQl2IbNsiJnmibLmiYQeQtYLCfaFMnMuxyekDR%2BQkz%2FCTGTb5A4%2BQbx0BOSZH9FsHtNsFUnOK2R3LomBayRAtdIoddIgWqkSGukyK8%2FsXzM4OtPLR9nBv1uZN6N7PWzKHWe6p9EqQPD2tP4Te3n7y6u%2FnPf%2Byrx4OsLG4jA5oHJmzygGdaQgGVRkgFZhrMgaxgEo2uC8AOi4zqp0G3tK7%2F9byRGt7UHcpMY%2BkuC%2FZfERB8SPfsVohfPBIYiuvuMEylShZ%2FCEl6hiFjRNYnTD0h6rj%2F139R%2B8b507Nf%2Bm0Dz1aM%2F%2B86%2FMH%2F%2Bm%2F9JzOSaxMk1OaK%2FrhHH%2F9azeVTUns%2BjAtc%2Bm8YpClCl35V1keoprH1vBM9FlFiDNn7y3ZZ5F7hzf7CEOB3roYVCB9e%2BLyPLgkk3SkxY%2B8sB3kBDy7ArZ0mYxWNN6Q6COIEYoyi8ITr6obEmJrqt%2FfTLn7kH9pesPyQoeUmS7PP6f7hpGn%2FUbOoWLE1XDx3o6Cm8MqOgaUVN8yp240c41QM9%2FXrwUFAeMndfi%2Bmedkf1FPVWrDyUen3K6lh9jS21KyhaDxklX4np9uAqO0qQPM7PTFfvTU7TLTcepoOJnDgmHiFOKCcLC4d5e5HDdUFvDrPsTJ%2BUcK2tl31v3QCDcbDuFCqICnEWVPisdgb9UcAwMk4rnQkCd8Q1JnlBiXKj24Vdxu90fU8auitlqBgwM0ccOKxLsZSzkZUdF5CZNxJK2CtWnlS5R9Nz5cBXVmIivl1qhzEPjltD2tGn3gxLXNUTzxjO58yhdMGiMDT%2BpBfLrdQSCmsKpmDaHuDTFhee4GSL9XC5sAFcbEf9jXccNjp2H25kddnK9y002ri93GS7oHu2xKzXCTdInqtrypu1mcyjkDyqApSvl4ORNjIPy2XanecyaEUdSm0EZkX3K1Pdp4N1pw%2FDrp3kS9YYhNuu0%2B7FZTpOzNTDswqPRF3d%2BzvLdl2lM0%2FLioEYU7F%2FTs4u1Y8D2HpbPBJkrx79e%2B3eCIpuiBn%2F7ncvL5eD5bhzefl9FULrQr9Ya%2BqjP7m8bHcWynygLQdT9fLyL5QoiPUEXqQuvDAgTu92XV1dfXZ5qU0XS7mljA6r%2BXhxefn5g3%2F88B6sx83HX4DW3Vr5uBnFMExS43GTedwsUPjFrDnMhFePULhnDTR%2BnDWdZh4yyga42qkBW%2Bwwn3GTqK3YbTC02damAmE6n5%2B9tmzm495ouLPlxp7il%2F7Gaa3nWrjwKLBeRcfzZGq1dpqBeHfczhe6lbq6Uuyi7aAvexUXD9Lxgt9W1F4WhwdFYpdBQi%2BlabYTnLnCtSdbk9qkffrIcOl%2B2OhwxmG%2FBzDRt95CYBYCsA%2BzvOsVQbsdQGqqtueAsc5aW8So5zlxF012NDbPo8Z%2BsV%2FII2joFKMK%2BcHcnlM3G49otcz07opdjTi1kXp7uPMsVvD758U48FpbcWwPURC4GOwn3rGhunK%2F3dkqlFZ1FThOcti3eXDmrJ4paKotTen1fswWZ4ezdM%2F2Q0ZH555Dm%2F60mulWJrfGgUOJIb9raDPTogC72gbrcrvZg8n81NoKh0xZHdXJQJEj3jnwUrQTmfXaFIKGfBRYy9k53oqqRnLiajq3Zju9UNpsyqPYXx%2BjY5mliVNI0XjYOVVzo%2FRnMy7qUd1Jo1hNDmd23nPV1dJx54P5aD4CvR076qiN%2FSpqz%2FaD1bqwdiCnJIVx82132MBgL9Lb1kRSl%2BqJZrUsWO8WcrKaVpG0YvtZow0atGQNT31zI2tsotCavZpujxM3Fc6KoW72i4lwOi%2FKhXZGGNjs2ONipxq1AMhnb%2BH7mm6VhzhBJvw6dUUJDM9%2B%2BEeXlwPlTg2vf%2BuOcPxRs2kmCYyj%2BzcTlqmhh02W4iVGpBiqaSZQT1EOcZNhAcdQAtcEgs5ZPEMxUGRtnTFEipJ4A1oWBDwQbOsg8Bx1FYcOwfGr2jsjOKqRxH8%2FN%2BI6KbLPH%2Fzdlz%2FgulX%2Bn8aazE9QGDtlBsxk8QUKsw32IaMck95EROXQBRN%2Bqsg9HJoyv%2BtSk0M5746ktYE6SeY3%2Bj6nhqGkUb5LN5INNCuPnYTJzs5gedwd16NkHy8XA9buAC6swMAujelKrFbBLOEd3djaSGwtlwHGp4FKtaxqvp8X2o4JTklV%2Bhuj1TJiIR%2BVKByr2bYLZGq%2BmdBrNzyF6rlwY8yrzl4uex6dqgdz6K4NSs9MLeaMzbgDDt2dRc9C6twRy1UvYkL7UIq8FuVg0h%2B38i015Oh4sXQUd145YYYNaLek1a4D%2Ff5guji2YrmdmS0%2FSFVamA4ODX285tlluydYwZC1%2FUU58sFSDXpG23TjlGcbYaThfWew1zeHjPe86XS1bDnGhKI8pFahzbiMOtMSOepvuem605qplextkFLm%2B2g6WvazolUpw8GGSzW%2BqxWn1swE%2BshsJEtvEIE2gvSY1gpjtCpdkwLC4MBBB%2BCkM59XiMadJElpuWdrYrWJupOEhXQ07jT4cJZkIB7inq3x48SfZzIlrtP%2BZJGYfVY8HPmyre6lbnt0Wh73Ke5KLcrfrpbA5MTGtmWVw%2FNyOu%2B3BQFUp%2BFkRym2IvM2ZKNtZdM9sOemPdkRt0ASB0mk%2BMjwqyFqSN5yO%2BjIWJ6exIner2b7Xdl1vkxhzxLGeN89%2Bei2Jv1rnfjw1aPvfHv6zx9be6Ib1wTDH5PCe%2F8p%2FhZxkjrR02%2BSMLgmeXJNcv%2Ba6P4TgrOvPEvj5NWjv2fvjRh%2B%2FZnhJ%2FXnhp%2F4v%2F%2B2c8Po9QUENmVDioGGLRm2oFOWZHOSoUs0FAyg0yTFt%2Ba3f%2Fl%2F%2FhcAAP%2F%2FAQAA%2F%2F%2FHy7615wwAAA%3D%3D
200 OK 7 B URL HTTP/1.1 specialistinsensitive.com/ren.gif?sid=H4sIAAAAAAAC%2F3yWS6gkS1rHq3quILpRmY2icLjHHhSsU%2FmKfNzL0FRmvR9ZWe8HjWU%2BIjOj8lkZ%2BaoEYXBEZjPQrsaVnI7ue9t5oF5BXAly2o00iHNcaF%2BwxY0bNz5wliLndEuPcO98JBlfxBeL%2BOL7%2FYPv955mb2oUyfTX2iSqkO%2FrTXBFXfzaBoVWVOALdXlBU1fUxxcbFPLcxxfl3S%2FJP6IpcEX9%2BkUPml7UZCiaomiKvuiiBNpR2byPEhT%2FQKKvJOqKY65owJEy%2Bf9znNUJ1uvEyt%2FUfoEg6%2Fan3L%2F5jCDzhoTBn7Yh9tIo%2Fo1OkPl6GiUkt16sQi%2BMipAE7107qRM7fPFuN4nwba32Bw9IFL54lwGJ8ud3GRAD3dbq%2F0ATI3zx7pjEyD95e1LDJzAkhvWzpMhvCPRvCNJviBl9kyDrhzVCTIuoUxIGn6pRUujnt1H9Lnpb%2B%2BBH%2F0VQcVv74J%2B%2BSsLgj2UflReLyM9SFIWYlPY1QeUNQc4NibOXJK3qBBUviZn%2BDkHW39aaPxqTMHg%2BxX5EkPX6VyWKZ4HO6A3DNNgGZ0KuIfGs2eB0ljWAaYiAtu6vCKEbguwb4sMnRMcPSIbrJEN1ktl1ksV1ElivL3Qg2RQl2IbNsiJnmibLmiYQeQtYLCfaFMnMuxyekDR%2BQkz%2FCTGTb5A4%2BQbx0BOSZH9FsHtNsFUnOK2R3LomBayRAtdIoddIgWqkSGukyK8%2FsXzM4OtPLR9nBv1uZN6N7PWzKHWe6p9EqQPD2tP4Te3n7y6u%2FnPf%2Byrx4OsLG4jA5oHJmzygGdaQgGVRkgFZhrMgaxgEo2uC8AOi4zqp0G3tK7%2F9byRGt7UHcpMY%2BkuC%2FZfERB8SPfsVohfPBIYiuvuMEylShZ%2FCEl6hiFjRNYnTD0h6rj%2F139R%2B8b507Nf%2Bm0Dz1aM%2F%2B86%2FMH%2F%2Bm%2F9JzOSaxMk1OaK%2FrhHH%2F9azeVTUns%2BjAtc%2Bm8YpClCl35V1keoprH1vBM9FlFiDNn7y3ZZ5F7hzf7CEOB3roYVCB9e%2BLyPLgkk3SkxY%2B8sB3kBDy7ArZ0mYxWNN6Q6COIEYoyi8ITr6obEmJrqt%2FfTLn7kH9pesPyQoeUmS7PP6f7hpGn%2FUbOoWLE1XDx3o6Cm8MqOgaUVN8yp240c41QM9%2FXrwUFAeMndfi%2Bmedkf1FPVWrDyUen3K6lh9jS21KyhaDxklX4np9uAqO0qQPM7PTFfvTU7TLTcepoOJnDgmHiFOKCcLC4d5e5HDdUFvDrPsTJ%2BUcK2tl31v3QCDcbDuFCqICnEWVPisdgb9UcAwMk4rnQkCd8Q1JnlBiXKj24Vdxu90fU8auitlqBgwM0ccOKxLsZSzkZUdF5CZNxJK2CtWnlS5R9Nz5cBXVmIivl1qhzEPjltD2tGn3gxLXNUTzxjO58yhdMGiMDT%2BpBfLrdQSCmsKpmDaHuDTFhee4GSL9XC5sAFcbEf9jXccNjp2H25kddnK9y002ri93GS7oHu2xKzXCTdInqtrypu1mcyjkDyqApSvl4ORNjIPy2XanecyaEUdSm0EZkX3K1Pdp4N1pw%2FDrp3kS9YYhNuu0%2B7FZTpOzNTDswqPRF3d%2BzvLdl2lM0%2FLioEYU7F%2FTs4u1Y8D2HpbPBJkrx79e%2B3eCIpuiBn%2F7ncvL5eD5bhzefl9FULrQr9Ya%2BqjP7m8bHcWynygLQdT9fLyL5QoiPUEXqQuvDAgTu92XV1dfXZ5qU0XS7mljA6r%2BXhxefn5g3%2F88B6sx83HX4DW3Vr5uBnFMExS43GTedwsUPjFrDnMhFePULhnDTR%2BnDWdZh4yyga42qkBW%2Bwwn3GTqK3YbTC02damAmE6n5%2B9tmzm495ouLPlxp7il%2F7Gaa3nWrjwKLBeRcfzZGq1dpqBeHfczhe6lbq6Uuyi7aAvexUXD9Lxgt9W1F4WhwdFYpdBQi%2BlabYTnLnCtSdbk9qkffrIcOl%2B2OhwxmG%2FBzDRt95CYBYCsA%2BzvOsVQbsdQGqqtueAsc5aW8So5zlxF012NDbPo8Z%2BsV%2FII2joFKMK%2BcHcnlM3G49otcz07opdjTi1kXp7uPMsVvD758U48FpbcWwPURC4GOwn3rGhunK%2F3dkqlFZ1FThOcti3eXDmrJ4paKotTen1fswWZ4ezdM%2F2Q0ZH555Dm%2F60mulWJrfGgUOJIb9raDPTogC72gbrcrvZg8n81NoKh0xZHdXJQJEj3jnwUrQTmfXaFIKGfBRYy9k53oqqRnLiajq3Zju9UNpsyqPYXx%2BjY5mliVNI0XjYOVVzo%2FRnMy7qUd1Jo1hNDmd23nPV1dJx54P5aD4CvR076qiN%2FSpqz%2FaD1bqwdiCnJIVx82132MBgL9Lb1kRSl%2BqJZrUsWO8WcrKaVpG0YvtZow0atGQNT31zI2tsotCavZpujxM3Fc6KoW72i4lwOi%2FKhXZGGNjs2ONipxq1AMhnb%2BH7mm6VhzhBJvw6dUUJDM9%2B%2BEeXlwPlTg2vf%2BuOcPxRs2kmCYyj%2BzcTlqmhh02W4iVGpBiqaSZQT1EOcZNhAcdQAtcEgs5ZPEMxUGRtnTFEipJ4A1oWBDwQbOsg8Bx1FYcOwfGr2jsjOKqRxH8%2FN%2BI6KbLPH%2Fzdlz%2FgulX%2Bn8aazE9QGDtlBsxk8QUKsw32IaMck95EROXQBRN%2Bqsg9HJoyv%2BtSk0M5746ktYE6SeY3%2Bj6nhqGkUb5LN5INNCuPnYTJzs5gedwd16NkHy8XA9buAC6swMAujelKrFbBLOEd3djaSGwtlwHGp4FKtaxqvp8X2o4JTklV%2Bhuj1TJiIR%2BVKByr2bYLZGq%2BmdBrNzyF6rlwY8yrzl4uex6dqgdz6K4NSs9MLeaMzbgDDt2dRc9C6twRy1UvYkL7UIq8FuVg0h%2B38i015Oh4sXQUd145YYYNaLek1a4D%2Ff5guji2YrmdmS0%2FSFVamA4ODX285tlluydYwZC1%2FUU58sFSDXpG23TjlGcbYaThfWew1zeHjPe86XS1bDnGhKI8pFahzbiMOtMSOepvuem605qplextkFLm%2B2g6WvazolUpw8GGSzW%2BqxWn1swE%2BshsJEtvEIE2gvSY1gpjtCpdkwLC4MBBB%2BCkM59XiMadJElpuWdrYrWJupOEhXQ07jT4cJZkIB7inq3x48SfZzIlrtP%2BZJGYfVY8HPmyre6lbnt0Wh73Ke5KLcrfrpbA5MTGtmWVw%2FNyOu%2B3BQFUp%2BFkRym2IvM2ZKNtZdM9sOemPdkRt0ASB0mk%2BMjwqyFqSN5yO%2BjIWJ6exIner2b7Xdl1vkxhzxLGeN89%2Bei2Jv1rnfjw1aPvfHv6zx9be6Ib1wTDH5PCe%2F8p%2FhZxkjrR02%2BSMLgmeXJNcv%2Ba6P4TgrOvPEvj5NWjv2fvjRh%2B%2FZnhJ%2FXnhp%2F4v%2F%2B2c8Po9QUENmVDioGGLRm2oFOWZHOSoUs0FAyg0yTFt%2Ba3f%2Fl%2F%2FhcAAP%2F%2FAQAA%2F%2F%2FHy7615wwAAA%3D%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F3yWS6gkS1rHq3quILpRmY2icLjHHhSsU%2FmKfNzL0FRmvR9ZWe8HjWU%2BIjOj8lkZ%2BaoEYXBEZjPQrsaVnI7ue9t5oF5BXAly2o00iHNcaF%2BwxY0bNz5wliLndEuPcO98JBlfxBeL%2BOL7%2FYPv955mb2oUyfTX2iSqkO%2FrTXBFXfzaBoVWVOALdXlBU1fUxxcbFPLcxxfl3S%2FJP6IpcEX9%2BkUPml7UZCiaomiKvuiiBNpR2byPEhT%2FQKKvJOqKY65owJEy%2Bf9znNUJ1uvEyt%2FUfoEg6%2Fan3L%2F5jCDzhoTBn7Yh9tIo%2Fo1OkPl6GiUkt16sQi%2BMipAE7107qRM7fPFuN4nwba32Bw9IFL54lwGJ8ud3GRAD3dbq%2F0ATI3zx7pjEyD95e1LDJzAkhvWzpMhvCPRvCNJviBl9kyDrhzVCTIuoUxIGn6pRUujnt1H9Lnpb%2B%2BBH%2F0VQcVv74J%2B%2BSsLgj2UflReLyM9SFIWYlPY1QeUNQc4NibOXJK3qBBUviZn%2BDkHW39aaPxqTMHg%2BxX5EkPX6VyWKZ4HO6A3DNNgGZ0KuIfGs2eB0ljWAaYiAtu6vCKEbguwb4sMnRMcPSIbrJEN1ktl1ksV1ElivL3Qg2RQl2IbNsiJnmibLmiYQeQtYLCfaFMnMuxyekDR%2BQkz%2FCTGTb5A4%2BQbx0BOSZH9FsHtNsFUnOK2R3LomBayRAtdIoddIgWqkSGukyK8%2FsXzM4OtPLR9nBv1uZN6N7PWzKHWe6p9EqQPD2tP4Te3n7y6u%2FnPf%2Byrx4OsLG4jA5oHJmzygGdaQgGVRkgFZhrMgaxgEo2uC8AOi4zqp0G3tK7%2F9byRGt7UHcpMY%2BkuC%2FZfERB8SPfsVohfPBIYiuvuMEylShZ%2FCEl6hiFjRNYnTD0h6rj%2F139R%2B8b507Nf%2Bm0Dz1aM%2F%2B86%2FMH%2F%2Bm%2F9JzOSaxMk1OaK%2FrhHH%2F9azeVTUns%2BjAtc%2Bm8YpClCl35V1keoprH1vBM9FlFiDNn7y3ZZ5F7hzf7CEOB3roYVCB9e%2BLyPLgkk3SkxY%2B8sB3kBDy7ArZ0mYxWNN6Q6COIEYoyi8ITr6obEmJrqt%2FfTLn7kH9pesPyQoeUmS7PP6f7hpGn%2FUbOoWLE1XDx3o6Cm8MqOgaUVN8yp240c41QM9%2FXrwUFAeMndfi%2Bmedkf1FPVWrDyUen3K6lh9jS21KyhaDxklX4np9uAqO0qQPM7PTFfvTU7TLTcepoOJnDgmHiFOKCcLC4d5e5HDdUFvDrPsTJ%2BUcK2tl31v3QCDcbDuFCqICnEWVPisdgb9UcAwMk4rnQkCd8Q1JnlBiXKj24Vdxu90fU8auitlqBgwM0ccOKxLsZSzkZUdF5CZNxJK2CtWnlS5R9Nz5cBXVmIivl1qhzEPjltD2tGn3gxLXNUTzxjO58yhdMGiMDT%2BpBfLrdQSCmsKpmDaHuDTFhee4GSL9XC5sAFcbEf9jXccNjp2H25kddnK9y002ri93GS7oHu2xKzXCTdInqtrypu1mcyjkDyqApSvl4ORNjIPy2XanecyaEUdSm0EZkX3K1Pdp4N1pw%2FDrp3kS9YYhNuu0%2B7FZTpOzNTDswqPRF3d%2BzvLdl2lM0%2FLioEYU7F%2FTs4u1Y8D2HpbPBJkrx79e%2B3eCIpuiBn%2F7ncvL5eD5bhzefl9FULrQr9Ya%2BqjP7m8bHcWynygLQdT9fLyL5QoiPUEXqQuvDAgTu92XV1dfXZ5qU0XS7mljA6r%2BXhxefn5g3%2F88B6sx83HX4DW3Vr5uBnFMExS43GTedwsUPjFrDnMhFePULhnDTR%2BnDWdZh4yyga42qkBW%2Bwwn3GTqK3YbTC02damAmE6n5%2B9tmzm495ouLPlxp7il%2F7Gaa3nWrjwKLBeRcfzZGq1dpqBeHfczhe6lbq6Uuyi7aAvexUXD9Lxgt9W1F4WhwdFYpdBQi%2BlabYTnLnCtSdbk9qkffrIcOl%2B2OhwxmG%2FBzDRt95CYBYCsA%2BzvOsVQbsdQGqqtueAsc5aW8So5zlxF012NDbPo8Z%2BsV%2FII2joFKMK%2BcHcnlM3G49otcz07opdjTi1kXp7uPMsVvD758U48FpbcWwPURC4GOwn3rGhunK%2F3dkqlFZ1FThOcti3eXDmrJ4paKotTen1fswWZ4ezdM%2F2Q0ZH555Dm%2F60mulWJrfGgUOJIb9raDPTogC72gbrcrvZg8n81NoKh0xZHdXJQJEj3jnwUrQTmfXaFIKGfBRYy9k53oqqRnLiajq3Zju9UNpsyqPYXx%2BjY5mliVNI0XjYOVVzo%2FRnMy7qUd1Jo1hNDmd23nPV1dJx54P5aD4CvR076qiN%2FSpqz%2FaD1bqwdiCnJIVx82132MBgL9Lb1kRSl%2BqJZrUsWO8WcrKaVpG0YvtZow0atGQNT31zI2tsotCavZpujxM3Fc6KoW72i4lwOi%2FKhXZGGNjs2ONipxq1AMhnb%2BH7mm6VhzhBJvw6dUUJDM9%2B%2BEeXlwPlTg2vf%2BuOcPxRs2kmCYyj%2BzcTlqmhh02W4iVGpBiqaSZQT1EOcZNhAcdQAtcEgs5ZPEMxUGRtnTFEipJ4A1oWBDwQbOsg8Bx1FYcOwfGr2jsjOKqRxH8%2FN%2BI6KbLPH%2Fzdlz%2FgulX%2Bn8aazE9QGDtlBsxk8QUKsw32IaMck95EROXQBRN%2Bqsg9HJoyv%2BtSk0M5746ktYE6SeY3%2Bj6nhqGkUb5LN5INNCuPnYTJzs5gedwd16NkHy8XA9buAC6swMAujelKrFbBLOEd3djaSGwtlwHGp4FKtaxqvp8X2o4JTklV%2Bhuj1TJiIR%2BVKByr2bYLZGq%2BmdBrNzyF6rlwY8yrzl4uex6dqgdz6K4NSs9MLeaMzbgDDt2dRc9C6twRy1UvYkL7UIq8FuVg0h%2B38i015Oh4sXQUd145YYYNaLek1a4D%2Ff5guji2YrmdmS0%2FSFVamA4ODX285tlluydYwZC1%2FUU58sFSDXpG23TjlGcbYaThfWew1zeHjPe86XS1bDnGhKI8pFahzbiMOtMSOepvuem605qplextkFLm%2B2g6WvazolUpw8GGSzW%2BqxWn1swE%2BshsJEtvEIE2gvSY1gpjtCpdkwLC4MBBB%2BCkM59XiMadJElpuWdrYrWJupOEhXQ07jT4cJZkIB7inq3x48SfZzIlrtP%2BZJGYfVY8HPmyre6lbnt0Wh73Ke5KLcrfrpbA5MTGtmWVw%2FNyOu%2B3BQFUp%2BFkRym2IvM2ZKNtZdM9sOemPdkRt0ASB0mk%2BMjwqyFqSN5yO%2BjIWJ6exIner2b7Xdl1vkxhzxLGeN89%2Bei2Jv1rnfjw1aPvfHv6zx9be6Ib1wTDH5PCe%2F8p%2FhZxkjrR02%2BSMLgmeXJNcv%2Ba6P4TgrOvPEvj5NWjv2fvjRh%2B%2FZnhJ%2FXnhp%2F4v%2F%2B2c8Po9QUENmVDioGGLRm2oFOWZHOSoUs0FAyg0yTFt%2Ba3f%2Fl%2F%2FhcAAP%2F%2FAQAA%2F%2F%2FHy7615wwAAA%3D%3D HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=90635a2a-bcb3-4ce4-963c-4a33b5cb851d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 22:19:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 14e8a83b54acc0bbd7685d72c74851b8
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10236
Expires: Mon, 05 Dec 2022 01:10:19 GMT
Date: Sun, 04 Dec 2022 22:19:43 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10236
Expires: Mon, 05 Dec 2022 01:10:19 GMT
Date: Sun, 04 Dec 2022 22:19:43 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10236
Expires: Mon, 05 Dec 2022 01:10:19 GMT
Date: Sun, 04 Dec 2022 22:19:43 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10236
Expires: Mon, 05 Dec 2022 01:10:19 GMT
Date: Sun, 04 Dec 2022 22:19:43 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10236
Expires: Mon, 05 Dec 2022 01:10:19 GMT
Date: Sun, 04 Dec 2022 22:19:43 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:41 GMT
age: 1622
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kRs3oBWnSs5asyPdvz6kkooy7pqm2Yr8R_2x8EXCVn3dBz_aEJurRQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 07:26:41 GMT
age: 53582
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kmki-SBINSx1kbiIkaSGebdCLrnDeHVhYeotAWzE__CevkNDdfzRGg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:44:01 GMT
age: 2142
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2636f91bb8fa4d9bb7bef114c248a9ae
8637105f41058bc0d2b259d462b560881928adb6
3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: S6Xknz1l6TuuYButc4p3tl4nIZi9YzV9IP6Bag4HNFC_hfbDeWXVCA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:47:06 GMT
age: 1957
etag: "8637105f41058bc0d2b259d462b560881928adb6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a6e7b32ac999cf3c899a234c621fa91a
fc5d4f3163ebb9faf85968cbb1d194e8e68418be
f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: emlp1xilsRT2P1bLbS63ImV7rpoIInC-6mQhu7eGProt148Gj-f1zg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:50:01 GMT
age: 1782
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8ugcixaNsXG-AIHYCfoyOWa5zowv2lb4qwWc8o5_7SQc_0w5HW4mBw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:48 GMT
age: 1615
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
whiskerssituationdisturb.com/pixel/purst?dl=0&th=0&sc=0&rs=1557&rd=1557&fd=514&bv=22.10.v.10&tmpl=136
200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/purst?dl=0&th=0&sc=0&rs=1557&rd=1557&fd=514&bv=22.10.v.10&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1557&rd=1557&fd=514&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 04 Dec 2022 22:19:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash a9ff5fa0b5c4765b050f2381f57f5520
0ce842b0fbaef98e256cc66eff4615df094b9d51
95e33b8d7c38a952cbc353b5e2587cd1154da32d9ba29f010bd4b70a4ff2c487
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "95E33B8D7C38A952CBC353B5E2587CD1154DA32D9BA29F010BD4B70A4FF2C487"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7349
Expires: Mon, 05 Dec 2022 00:22:12 GMT
Date: Sun, 04 Dec 2022 22:19:43 GMT
Connection: keep-alive
specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Findex.html&l=1258&fd=106
200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Findex.html&l=1258&fd=106
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Findex.html&l=1258&fd=106 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=90635a2a-bcb3-4ce4-963c-4a33b5cb851d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 22:19:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/img/close.png
200 OK 769 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/img/close.png
IP
File type PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash 13b3b0cc6ce924780c0eec0b24c40c33
53b78225158a60f9327e135be26e365eb842f0df
7907c875d2dd81230f15826dffe1faa695cfb1f385adbb4d9480058d0d0112ad
GET /sb/notifications/rtb/os-box/1-2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:43 GMT
content-type: image/png
content-length: 769
last-modified: Wed, 30 Mar 2022 13:44:01 GMT
etag: "62445ea1-301"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1671971
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kdgeWu4ssMezFeLAfZAouvqU%2FKfC6QUb%2BYgKd%2FwdsXB5yeDwxZ13FLzkKcLq6av6IgSSMuTSqPHTCyGs1n6%2Bz7Mnzm10yaycxRBE3aphH3gTNjvDoRLfFlTzu03nfoC4Bpi7sHAs2T0l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747ecdb4f4f71e6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/css/style.css
200 OK 1.3 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/css/style.css
IP
Hash c1e5d1d2cf97bc818264faf1051e39a5
3db084b40bc8f84fb477e29a77ba6653c9111ada
3442cb7766ed4a615cc311c969be623157768168f8d3accfdc43bb4f51d65b3d
GET /sb/notifications/rtb/os-box/1-2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:43 GMT
content-type: text/css
last-modified: Wed, 30 Mar 2022 13:43:59 GMT
etag: W/"62445e9f-e6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1150069
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=od5NRTOjKHKtGZNT%2FXHr2fbEX%2BLVpMjgHeH%2FE6kYRVnkah4k83M0CtF5iBOo7PzggJPWf2ZOO%2B2HLj2uqdmwon%2FAndEBwfXTfreElHp9rADG00Yn3BCQMJ%2BIrkaZuYvVKWKfKEvTeY0W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747ecdb3f3271e6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash a9ff5fa0b5c4765b050f2381f57f5520
0ce842b0fbaef98e256cc66eff4615df094b9d51
95e33b8d7c38a952cbc353b5e2587cd1154da32d9ba29f010bd4b70a4ff2c487
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "95E33B8D7C38A952CBC353B5E2587CD1154DA32D9BA29F010BD4B70A4FF2C487"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7349
Expires: Mon, 05 Dec 2022 00:22:12 GMT
Date: Sun, 04 Dec 2022 22:19:43 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 280 B IP
Hash 96b5179aa4c419f1f702aca9784e6b2f
7cc06d4e868df2efbf65ed0a5790f99b37ec87bb
57063681f2cf30fe21e5ff01c89850b8048f11982de3fe7fe1f7f2657f231e07
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1365
Cache-Control: max-age=152145
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:43 GMT
Etag: "638cc6fb-118"
Expires: Tue, 06 Dec 2022 16:35:28 GMT
Last-Modified: Sun, 04 Dec 2022 16:12:43 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
adexchangegate.com/adx/openrtb/2/win.php?stamat=m%7C%2C%2Cg2M6Nje7oGU3B5-GH0dEdHP3xP.a12%2CW5hPq-eA3JvQ4MoDCfD5Jf3AWz5ntRRykDBcvLGKJYfB-Z06TlWgAVRPnSk05VUojyMOdAYPbi6hLDvSadthaCwYoXIHBkz4pItLS6Xz0ZB8J_C93Tmr1T9OuY7gRC4DMXc0WtH1j24tZJ-E4b_ZZ5eraXkS72S75f_QvFkwmDDme0ONDR52dyPD8siGkgpFiMY1scyK-ZSZSBKeba02N7v_cXythuLK1NxuaFU3UK4N-tkZeYkd37lHySLmkAX8LfJimmhs5ZMkj-NhBHDEXC0PzFCeLrveHf65y4dGc7PNf9O1VZL3wyg4dakfln2aiyGg1clOzQaduBALmg08n6Y-PQcd053UXmVxXWZ5MRqAX7_uCUjNMICBo6g_69oY82VVc7m-Bj73dgYgkU0zKBrhPa4V3EGn9WWxj8HVjojxutrgw9oLJEqzRbxlQQ4oG0FM-wUM_y3RGhNUTghRIRKRK5GY3KEN-ZUoDQZIUVwdY5v09C2hvXFJ-s5Z81XAM9NTNq13PumVYSBrUOzo9U3Hu-D5-19dJqHcWBP3rC1PfUOXjMht7yCbNWZSM7qySxSPyis5f3Lk4pgzKA55vQ%2C%2C&adx_price=0.07263
204 No Content 0 B URL HTTP/1.1 adexchangegate.com/adx/openrtb/2/win.php?stamat=m%7C%2C%2Cg2M6Nje7oGU3B5-GH0dEdHP3xP.a12%2CW5hPq-eA3JvQ4MoDCfD5Jf3AWz5ntRRykDBcvLGKJYfB-Z06TlWgAVRPnSk05VUojyMOdAYPbi6hLDvSadthaCwYoXIHBkz4pItLS6Xz0ZB8J_C93Tmr1T9OuY7gRC4DMXc0WtH1j24tZJ-E4b_ZZ5eraXkS72S75f_QvFkwmDDme0ONDR52dyPD8siGkgpFiMY1scyK-ZSZSBKeba02N7v_cXythuLK1NxuaFU3UK4N-tkZeYkd37lHySLmkAX8LfJimmhs5ZMkj-NhBHDEXC0PzFCeLrveHf65y4dGc7PNf9O1VZL3wyg4dakfln2aiyGg1clOzQaduBALmg08n6Y-PQcd053UXmVxXWZ5MRqAX7_uCUjNMICBo6g_69oY82VVc7m-Bj73dgYgkU0zKBrhPa4V3EGn9WWxj8HVjojxutrgw9oLJEqzRbxlQQ4oG0FM-wUM_y3RGhNUTghRIRKRK5GY3KEN-ZUoDQZIUVwdY5v09C2hvXFJ-s5Z81XAM9NTNq13PumVYSBrUOzo9U3Hu-D5-19dJqHcWBP3rC1PfUOXjMht7yCbNWZSM7qySxSPyis5f3Lk4pgzKA55vQ%2C%2C&adx_price=0.07263
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adx/openrtb/2/win.php?stamat=m%7C%2C%2Cg2M6Nje7oGU3B5-GH0dEdHP3xP.a12%2CW5hPq-eA3JvQ4MoDCfD5Jf3AWz5ntRRykDBcvLGKJYfB-Z06TlWgAVRPnSk05VUojyMOdAYPbi6hLDvSadthaCwYoXIHBkz4pItLS6Xz0ZB8J_C93Tmr1T9OuY7gRC4DMXc0WtH1j24tZJ-E4b_ZZ5eraXkS72S75f_QvFkwmDDme0ONDR52dyPD8siGkgpFiMY1scyK-ZSZSBKeba02N7v_cXythuLK1NxuaFU3UK4N-tkZeYkd37lHySLmkAX8LfJimmhs5ZMkj-NhBHDEXC0PzFCeLrveHf65y4dGc7PNf9O1VZL3wyg4dakfln2aiyGg1clOzQaduBALmg08n6Y-PQcd053UXmVxXWZ5MRqAX7_uCUjNMICBo6g_69oY82VVc7m-Bj73dgYgkU0zKBrhPa4V3EGn9WWxj8HVjojxutrgw9oLJEqzRbxlQQ4oG0FM-wUM_y3RGhNUTghRIRKRK5GY3KEN-ZUoDQZIUVwdY5v09C2hvXFJ-s5Z81XAM9NTNq13PumVYSBrUOzo9U3Hu-D5-19dJqHcWBP3rC1PfUOXjMht7yCbNWZSM7qySxSPyis5f3Lk4pgzKA55vQ%2C%2C&adx_price=0.07263 HTTP/1.1
Host: adexchangegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 204 No Content
Server: openresty
Date: Sun, 04 Dec 2022 22:19:43 GMT
Access-Control-Allow-Origin: *
Via: 1.1 google
specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Fcss%2Fanimate.css&l=79249&fd=136
200 OK 660 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Fcss%2Fanimate.css&l=79249&fd=136
IP
File type gzip compressed data, max compression\012- data
Hash 5860c780c8e9daa4f852038f02b5bdc2
c75c8b4db36bffe075ce493f06d011f855d5541a
f11b9f8e851e15c0c6abd53a9994c6dcef78ceeebd0f0b8bbde610fec8332c85
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fos-box%2F1-2%2Fcss%2Fanimate.css&l=79249&fd=136 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=90635a2a-bcb3-4ce4-963c-4a33b5cb851d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 22:19:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/js/jquery.min.js
200 OK 31 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/js/jquery.min.js
IP
File type ASCII text, with very long lines (32025)
Hash f5bd056d8d11c2f97ebebc82f566f6ad
7139d8667cfeb28add420865cf690e1c19351540
ce7c4078e0ab8b3004bad76c6b4e6c27db811d83a1c336fb9dcd593684776eb9
GET /sb/notifications/rtb/os-box/1-2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:43 GMT
content-type: application/javascript
last-modified: Wed, 30 Mar 2022 13:44:03 GMT
etag: W/"62445ea3-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1672081
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fe80y4usrHja6Gd1K8QhSmDzLh1Hmn0pCmAyVnC8mSvC13JBZ2aht9OXHHaj0h1ja5bMH5gMJ73fmfmZg2bwmbVaBdUbLUD50lgm85cAWXZuet5iavSANm5yuM4v7I3BEG2cF1Leo2uC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747ecdb4f5471e6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/js/script.js
200 OK 309 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/js/script.js
IP
Hash da424b414823ab80ab896a070da6c2d9
628eb2ae71cb59bade2e074362a2d02e1a2f3c49
d38fd6579281a81ddf58bedad8629d53c53f7fc885bc6a72585f8eda7f5fb7ae
GET /sb/notifications/rtb/os-box/1-2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:43 GMT
content-type: application/javascript
last-modified: Wed, 30 Mar 2022 13:44:03 GMT
etag: W/"62445ea3-307"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1152885
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FI5WhDiTizK0IlmLC0CbDcnlJKTHqb6EqiaD3MvkHw9XGGyNwFZAB6OXw7mfEos3LBKcjZ62Va73alNhkeK1Zf4KBnPr9GxoGLWPESYX2DaTxCKco7MuyRqrT5SmukYmUp7QtozJwMiq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747ecdbb83271e6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash cb439dd80ba82164b879c340b9778147
2bbd26b48daa0b8d2a190f7e8857c716dea279ca
3ab3afbcebe7c744b6446fbb471bda45722313cae36b3020e152e75425a3f760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash cb439dd80ba82164b879c340b9778147
2bbd26b48daa0b8d2a190f7e8857c716dea279ca
3ab3afbcebe7c744b6446fbb471bda45722313cae36b3020e152e75425a3f760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 33002e87ed87cec83ec76bdfe55cb33a
a2dafcefab949833412ab20508096c9974b9e359
f73d30247eb325d9dc9531381224e8942b39b56c264ade1618855f1fad9eda2a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6278
Cache-Control: max-age=141955
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:43 GMT
Etag: "638c8bfc-1d7"
Expires: Tue, 06 Dec 2022 13:45:38 GMT
Last-Modified: Sun, 04 Dec 2022 12:01:00 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 04 Dec 2022 20:41:08 GMT
expires: Sun, 04 Dec 2022 22:41:08 GMT
cache-control: public, max-age=7200
age: 5915
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
imasdk.googleapis.com/js/sdkloader/ima3.js
200 OK 127 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/ima3.js
IP
File type ASCII text, with very long lines (2791)
Size 127 kB (126620 bytes)
Hash f641dae66d812e803cbfc91d689e2ea8
96372a7ba661528d13bc774536d04ab3e03b82d6
e78b718ac77697fbb92e88ac394141adc4e016830eb04d53279238cbcd65435b
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 126620
date: Sun, 04 Dec 2022 22:19:43 GMT
expires: Sun, 04 Dec 2022 22:19:43 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/css/animate.css
200 OK 5.2 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/css/animate.css
IP
Hash 00fd391375602226ee94be8da36632ba
76aa7b022f8705d71d99294511aeaf1194afa057
3760b7ba0a614adc3de5150f48bae3500db6a9917ae70c95434de1bf687a1ae5
GET /sb/notifications/rtb/os-box/1-2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:43 GMT
content-type: text/css
last-modified: Wed, 30 Mar 2022 13:43:59 GMT
etag: W/"62445e9f-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1150069
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MA7jbFUB9DBTNpvXXlAv0auE6zr6vnA6su%2BQoGEM5mo2iCcbKP1x8nMV13TEJSj3e1ROGF0sywect6ZhpZxoRzRbYwTYWNxrzsyTyIsYXL8yYqocr84Nu5mM6LSW%2B4FdvtBNNFYg0Lek"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747ecdb3f2771e6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j98&a=1249819555&t=timing&_s=1&dl=https%3A%2F%2Fexee.app%2FaOSiT&dr=https%3A%2F%2Fexe.io%2F&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=226&_u=YEDAAUABCAAAACAAI~&jid=1978918729&gjid=2101101191&cid=796658362.1670192381&tid=UA-113932176-41&_gid=617744739.1670192381&_r=1>m=2oubu0&z=2007814483
200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=1249819555&t=timing&_s=1&dl=https%3A%2F%2Fexee.app%2FaOSiT&dr=https%3A%2F%2Fexe.io%2F&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=226&_u=YEDAAUABCAAAACAAI~&jid=1978918729&gjid=2101101191&cid=796658362.1670192381&tid=UA-113932176-41&_gid=617744739.1670192381&_r=1>m=2oubu0&z=2007814483
IP
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=1249819555&t=timing&_s=1&dl=https%3A%2F%2Fexee.app%2FaOSiT&dr=https%3A%2F%2Fexe.io%2F&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&utc=video&utv=load_vdo.min.js&utl=v-exee-app&utt=226&_u=YEDAAUABCAAAACAAI~&jid=1978918729&gjid=2101101191&cid=796658362.1670192381&tid=UA-113932176-41&_gid=617744739.1670192381&_r=1>m=2oubu0&z=2007814483 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://exee.app
date: Sun, 04 Dec 2022 22:19:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 397 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash 6dc575fe164d0f8d212ec05af893f5f4
073e3c6e0b0cbabec1442742ddd0e44ae85494fa
da791dff2e9ace583b49465fadd9487ab969a19d9f9f1d5a839f4363487b4e3b
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Dec 2022 22:19:43 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1240569044%3A1670192383651104&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsnoJ908uq5rsctHNfZO1G0Uj7tGLERZ0orDtQ1nT2wZAUcNb44Q6lY-Q7ny8C5r__zw9JEIg
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-aqkH7e3qC78aQt2Odfx3WA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 397
server: GSE
set-cookie: __Host-GAPS=1:qCXV3zDoXpsr005lhjNcEJ9KWyy2EQ:JZOA5XwLmTCULHex;Path=/;Expires=Tue, 03-Dec-2024 22:19:43 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f54a71942ab5d7fdc54672cf84aa76db
e03db706ad371c93ddd3cc4a3e4c329777bb5f4b
87453ee6a206085c9b82594123a30bf59f7354733d19f21e388dea70768198c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 33002e87ed87cec83ec76bdfe55cb33a
a2dafcefab949833412ab20508096c9974b9e359
f73d30247eb325d9dc9531381224e8942b39b56c264ade1618855f1fad9eda2a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6278
Cache-Control: max-age=141955
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:43 GMT
Etag: "638c8bfc-1d7"
Expires: Tue, 06 Dec 2022 13:45:38 GMT
Last-Modified: Sun, 04 Dec 2022 12:01:00 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
specialistinsensitive.com/impr.gif?sid=H4sIAAAAAAAC%2F3yWS6gkS1rHq3quILpRmY2icLjHHhSsU%2Fl%2B3MvQVGa9H1lZ7weNZWZGZGZUPisjX5UgDI7IbAba1biS09F9bzsP1CuIK0FOu5EGcY4L7Qu2uHHjxgfOUuScbukR7p2PJOOL%2BGIRX3y%2Ff%2FD93tPsTY0imfFan0QV8n2jyV9RF7%2B2QSGICnyhLS9o6or6%2BGKDQoH7%2BKK8%2ByX5RzTFX1G%2FftGDlhc1GYqmKJqiL7oogXZUNu%2BjBMU%2FkOkrmbrimCua50iZ%2FP85zuoEG3UC8je1XyAI3P6U%2BzefEWTdkDD40zbEXhrFv9EJMt9Io4Tk4MUq9MKoCEnw3rWTOrHDF%2B92kwjf1mp%2F8IBE4Yt3GZAof36XATHRba3%2BDzQxwxfvjknM%2FJO3JzV9AkNigp8lRX5DoH9DkHFDrOibBIEf1gixANGmJAw%2B1aKkMM5vo8Zd9Lb2wY%2F%2Bi6DitvbBP32VhMEfKz4qLxaRn6UoCjEp7WuCyhuCnBsSZy9JWtUJKl4SK%2F0dgsDf1po%2FGpMweD7FfkQQeP2rMiWwvMEYDdMy2QZnQa4hC6zV4AyWNXnLlHga3F8RQjcE2TfEh0%2BIgR%2BQDNdJhuoks%2Bski%2BskAK8vDF62KUq0TZtlJc6yLJa1LF4SAA9YTrIpkll3OTwhafyEWP4TYiXfIHHyDeKhJyTJ%2Fopg95pgUCc4rZEcXJMC1kiBa6QwaqRANVKkNVLk158AHzP4%2BlPg48yk343Mu5G9fhalzlPjkyh1YFh7Gr%2Bp%2FfzdxdV%2F7ntfJR58fWHzEm8LvCVYAk8zrCnzAFCyCVmGA5A1TYLRNUH4ATFwnVTotvaV3%2F43EqPb2gOlSUzjJcH%2BS2KhD4mR%2FQoximciQxHDfcZJFKnCT2EJr1BEQHRN4vQDkp7rT%2F03tV%2B8Lx37tf8m0Hr16M%2B%2B8y%2FMn%2F%2FmfxIruSZxck2O6K9rxPG%2F9WweFbXn86jAtc%2BmcYoCVBl3ZV2kRgpr3xvBcxElYNDGT77bsu4Cd%2B4PlhCnYyMEKHRw7fsKAgAm3SixYO0vB3gDTT3DrpIlYRaPdbU7COIEYoyi8IYY6IfmmljotvbTL3%2FmHthfAn9IUPKSJNnn9f9w0zT%2BqNk0ACwt1wgd6BgpvLKioAmipnUVu%2FEjnBqBkX49eCiqD5m7r8V0T7ujdop6K1YZyr0%2BBTqgr7OlfgUl8JBR85WUbg%2BuuqNE2eP8zHKN3uQ03XLjYTqYKIlj4RHixHKyADjM24scrgt6c5hlZ%2Fqkhmt9vex76wY%2FGAfrTqHxUSHNggqftc6gPwoYRsFpZTBB4I64xiQvKElpdLuwy%2Fidru%2FJQ3elDlUTZtaI4w%2FrUiqVbASy4wIy80ZCiXsV5EmVezQ9Vw9CBRILCe1SP4wF%2Frg15R196s2wzFU96YzhfM4cSpdfFKYunIxiuZVbYgGm%2FJSftgf4tMWFJzrZYj1cLmweLraj%2FsY7Dhsduw83irZs5fsWGm3cXm6xXb57BlLW64QbpMy1NeXN2kzmUUgZVQHK18vBSB9Zh%2BUy7c5zhW9FHUprBFZF9ytL26eDdacPw66d5EvWHITbrtPuxWU6TqzUw7MKjyRD2%2Fs7YLuu2pmnZcVAjKnYPydnl%2BrHAWy9LR4JsleP%2Fr12bwRFN8SKf%2Fe7l5fLwXLcubz8vgYhuDAu1rr26E8uL9udhTof6MvBVLu8%2FAs1CmIjgRepCy9MiNO7XVdXV59dXurTxVJpqaPDaj5eXF5%2B%2FuAfP7wH63Hz8RegdbdWPm5GMQyT1HzcZB43CxR%2BMWsOMxG0IxTvWeMbP86aQTMPGXXDu%2FqpAVvsMJ9xk6it2m1%2BaLOtTcWH6Xx%2B9tqKlY97o%2BHOVhp7Slj6G6e1nuvhwqP49So6nidT0NrpJhLccTtfGCB1DbXYRdtBX%2FEqLh6k44Wwrai9Ig0Pqswug4ReytNsJzpzlWtPtha1Sfv0keHS%2FbDR4czDfs%2FDxNh6C5FZiLx9mOVdrwja7QBSU6095xlw1tsSRj3PibtosqOxdR419ov9QhlB06AYTcwP1vacutl4RGtlZnRX7GrEaY3U28OdB1jR758X48BrbaWxPURB4GJ%2BP%2FGODc1V%2Bu3OVqX0qqvCcZLDvi3wZw70LFHXbHlKr%2Fdjtjg7HDA82w8ZA517Dm3502pmgExpjQOHkkJh19BnFqB4drUN1uV2s%2Bcn81NrKx4ydXXUJgNViQTnIMjRTmLWa0sMGspRZIGzc7wVVY2UxNUNbs12eqG82ZRHqb8%2BRscySxOnkKPxsHOq5mbpz2Zc1KO6k0axmhzO7Lznaqul484H89F8xPd27KijNfarqD3bD1brAuz4nJJVxs233WED83uJ3rYmsrbUTjSrZ8F6t1CS1bSK5BXbzxptvkHLYHjqWxtFZxOV1u3VdHucuKl4Vk1ts19MxNN5US70M8K8zY49LnaqUYvn89lb%2BL5mgPIQJ8iCX6euKJER2A%2F%2F6PJyoN6p4fVv3RGOP2o2rSSBcXT%2FZsIyNY2wyVKCzEgUQzWtBBopyiFuMizPMZTINXnR4IDAUAyUWNtgTImiZMGEAEBe4EUbHESBo67i0CE4flV7ZwRHNZL47%2BdmXCdF9vmDv%2FvyB9wA5f9prMn8BIWxU2bATBZfoDDbZB8y6jHpTSRUDl1%2BIkxVpYdDSxF2XWpyKOfdkbw2USfJ%2FEbf57QwlHXKd%2BlGsoFW5bGTMNnZGSyPu%2BN6lOzj5WLA2h2eCyt%2BYJfmdCVVq2CWCI5hbm0ktZbLAOPTQKNaoJrv54W%2BY4JTUpX%2Bxmy1zFjMRyUKx1q27fIKNd9M6LUbnkLtXLgxFjRnr5Q9j061gzV01yZlZJYec%2BZm3OEP3R2gZyF17kjlqhcxoX0oJUGPcn7SH7fyLTXk6HixdFR3Xjlhhk1ot%2BTVrgP9%2FmC6OLZipZ1ZLT9INVqcDg4NY7wW2GW7J4JgyNr%2Bohz5%2FFILembbcuNUYBthpON9Z7A3NodM8LzpdLVsOeaEojykVaHNuIw20xMl6m%2B56brTmmmV4m2QWub7aDpa9rOiVanDwYZLdaGrF6fWzOKNkdVIlt4g4tsI0mNaL8zRqnQtihcHBw46PE4683mFaNxJkpRWerYuVZuoO0lYSEfjTkMIZ0nGx0Pcs3VhnPjzTKGkddqfLBKrz0qHo1C2tb3cbY9Oy%2BM%2BxV25Rfnb1ZK3OKmxbYFyeF5O5%2F22KPLVaTjZUaqtKoIN2Whb2XSP33PTnuJIW16WBkmk%2Bsj0qyFqyN5yO%2BgoWJmepInRr2b7Xdl1vkxhzxLGfN89%2Bei2Jv9rnfjw1aPvfHv6zx%2BDPTHMa4Lhj0nhvf8Uf4s4SZ0Y6TdJGFyTPLkmuX9NDP8JwdlXnqVx8urR37P3Rky%2F%2Fsz0k%2Fpz00%2F833%2FbuWH0%2BoKnOSiZkmgBYEIL0CLDSixFMQBwogxpmaT41vr2L%2F%2FP%2FwIAAP%2F%2FAQAA%2F%2F%2FTwzBT5wwAAA%3D%3D
200 OK 7 B URL HTTP/1.1 specialistinsensitive.com/impr.gif?sid=H4sIAAAAAAAC%2F3yWS6gkS1rHq3quILpRmY2icLjHHhSsU%2Fl%2B3MvQVGa9H1lZ7weNZWZGZGZUPisjX5UgDI7IbAba1biS09F9bzsP1CuIK0FOu5EGcY4L7Qu2uHHjxgfOUuScbukR7p2PJOOL%2BGIRX3y%2Ff%2FD93tPsTY0imfFan0QV8n2jyV9RF7%2B2QSGICnyhLS9o6or6%2BGKDQoH7%2BKK8%2ByX5RzTFX1G%2FftGDlhc1GYqmKJqiL7oogXZUNu%2BjBMU%2FkOkrmbrimCua50iZ%2FP85zuoEG3UC8je1XyAI3P6U%2BzefEWTdkDD40zbEXhrFv9EJMt9Io4Tk4MUq9MKoCEnw3rWTOrHDF%2B92kwjf1mp%2F8IBE4Yt3GZAof36XATHRba3%2BDzQxwxfvjknM%2FJO3JzV9AkNigp8lRX5DoH9DkHFDrOibBIEf1gixANGmJAw%2B1aKkMM5vo8Zd9Lb2wY%2F%2Bi6DitvbBP32VhMEfKz4qLxaRn6UoCjEp7WuCyhuCnBsSZy9JWtUJKl4SK%2F0dgsDf1po%2FGpMweD7FfkQQeP2rMiWwvMEYDdMy2QZnQa4hC6zV4AyWNXnLlHga3F8RQjcE2TfEh0%2BIgR%2BQDNdJhuoks%2Bski%2BskAK8vDF62KUq0TZtlJc6yLJa1LF4SAA9YTrIpkll3OTwhafyEWP4TYiXfIHHyDeKhJyTJ%2Fopg95pgUCc4rZEcXJMC1kiBa6QwaqRANVKkNVLk158AHzP4%2BlPg48yk343Mu5G9fhalzlPjkyh1YFh7Gr%2Bp%2FfzdxdV%2F7ntfJR58fWHzEm8LvCVYAk8zrCnzAFCyCVmGA5A1TYLRNUH4ATFwnVTotvaV3%2F43EqPb2gOlSUzjJcH%2BS2KhD4mR%2FQoximciQxHDfcZJFKnCT2EJr1BEQHRN4vQDkp7rT%2F03tV%2B8Lx37tf8m0Hr16M%2B%2B8y%2FMn%2F%2FmfxIruSZxck2O6K9rxPG%2F9WweFbXn86jAtc%2BmcYoCVBl3ZV2kRgpr3xvBcxElYNDGT77bsu4Cd%2B4PlhCnYyMEKHRw7fsKAgAm3SixYO0vB3gDTT3DrpIlYRaPdbU7COIEYoyi8IYY6IfmmljotvbTL3%2FmHthfAn9IUPKSJNnn9f9w0zT%2BqNk0ACwt1wgd6BgpvLKioAmipnUVu%2FEjnBqBkX49eCiqD5m7r8V0T7ujdop6K1YZyr0%2BBTqgr7OlfgUl8JBR85WUbg%2BuuqNE2eP8zHKN3uQ03XLjYTqYKIlj4RHixHKyADjM24scrgt6c5hlZ%2Fqkhmt9vex76wY%2FGAfrTqHxUSHNggqftc6gPwoYRsFpZTBB4I64xiQvKElpdLuwy%2Fidru%2FJQ3elDlUTZtaI4w%2FrUiqVbASy4wIy80ZCiXsV5EmVezQ9Vw9CBRILCe1SP4wF%2Frg15R196s2wzFU96YzhfM4cSpdfFKYunIxiuZVbYgGm%2FJSftgf4tMWFJzrZYj1cLmweLraj%2FsY7Dhsduw83irZs5fsWGm3cXm6xXb57BlLW64QbpMy1NeXN2kzmUUgZVQHK18vBSB9Zh%2BUy7c5zhW9FHUprBFZF9ytL26eDdacPw66d5EvWHITbrtPuxWU6TqzUw7MKjyRD2%2Fs7YLuu2pmnZcVAjKnYPydnl%2BrHAWy9LR4JsleP%2Fr12bwRFN8SKf%2Fe7l5fLwXLcubz8vgYhuDAu1rr26E8uL9udhTof6MvBVLu8%2FAs1CmIjgRepCy9MiNO7XVdXV59dXurTxVJpqaPDaj5eXF5%2B%2FuAfP7wH63Hz8RegdbdWPm5GMQyT1HzcZB43CxR%2BMWsOMxG0IxTvWeMbP86aQTMPGXXDu%2FqpAVvsMJ9xk6it2m1%2BaLOtTcWH6Xx%2B9tqKlY97o%2BHOVhp7Slj6G6e1nuvhwqP49So6nidT0NrpJhLccTtfGCB1DbXYRdtBX%2FEqLh6k44Wwrai9Ig0Pqswug4ReytNsJzpzlWtPtha1Sfv0keHS%2FbDR4czDfs%2FDxNh6C5FZiLx9mOVdrwja7QBSU6095xlw1tsSRj3PibtosqOxdR419ov9QhlB06AYTcwP1vacutl4RGtlZnRX7GrEaY3U28OdB1jR758X48BrbaWxPURB4GJ%2BP%2FGODc1V%2Bu3OVqX0qqvCcZLDvi3wZw70LFHXbHlKr%2Fdjtjg7HDA82w8ZA517Dm3502pmgExpjQOHkkJh19BnFqB4drUN1uV2s%2Bcn81NrKx4ydXXUJgNViQTnIMjRTmLWa0sMGspRZIGzc7wVVY2UxNUNbs12eqG82ZRHqb8%2BRscySxOnkKPxsHOq5mbpz2Zc1KO6k0axmhzO7Lznaqul484H89F8xPd27KijNfarqD3bD1brAuz4nJJVxs233WED83uJ3rYmsrbUTjSrZ8F6t1CS1bSK5BXbzxptvkHLYHjqWxtFZxOV1u3VdHucuKl4Vk1ts19MxNN5US70M8K8zY49LnaqUYvn89lb%2BL5mgPIQJ8iCX6euKJER2A%2F%2F6PJyoN6p4fVv3RGOP2o2rSSBcXT%2FZsIyNY2wyVKCzEgUQzWtBBopyiFuMizPMZTINXnR4IDAUAyUWNtgTImiZMGEAEBe4EUbHESBo67i0CE4flV7ZwRHNZL47%2BdmXCdF9vmDv%2FvyB9wA5f9prMn8BIWxU2bATBZfoDDbZB8y6jHpTSRUDl1%2BIkxVpYdDSxF2XWpyKOfdkbw2USfJ%2FEbf57QwlHXKd%2BlGsoFW5bGTMNnZGSyPu%2BN6lOzj5WLA2h2eCyt%2BYJfmdCVVq2CWCI5hbm0ktZbLAOPTQKNaoJrv54W%2BY4JTUpX%2Bxmy1zFjMRyUKx1q27fIKNd9M6LUbnkLtXLgxFjRnr5Q9j061gzV01yZlZJYec%2BZm3OEP3R2gZyF17kjlqhcxoX0oJUGPcn7SH7fyLTXk6HixdFR3Xjlhhk1ot%2BTVrgP9%2FmC6OLZipZ1ZLT9INVqcDg4NY7wW2GW7J4JgyNr%2Bohz5%2FFILembbcuNUYBthpON9Z7A3NodM8LzpdLVsOeaEojykVaHNuIw20xMl6m%2B56brTmmmV4m2QWub7aDpa9rOiVanDwYZLdaGrF6fWzOKNkdVIlt4g4tsI0mNaL8zRqnQtihcHBw46PE4683mFaNxJkpRWerYuVZuoO0lYSEfjTkMIZ0nGx0Pcs3VhnPjzTKGkddqfLBKrz0qHo1C2tb3cbY9Oy%2BM%2BxV25Rfnb1ZK3OKmxbYFyeF5O5%2F22KPLVaTjZUaqtKoIN2Whb2XSP33PTnuJIW16WBkmk%2Bsj0qyFqyN5yO%2BgoWJmepInRr2b7Xdl1vkxhzxLGfN89%2Bei2Jv9rnfjw1aPvfHv6zx%2BDPTHMa4Lhj0nhvf8Uf4s4SZ0Y6TdJGFyTPLkmuX9NDP8JwdlXnqVx8urR37P3Rky%2F%2Fsz0k%2Fpz00%2F833%2FbuWH0%2BoKnOSiZkmgBYEIL0CLDSixFMQBwogxpmaT41vr2L%2F%2FP%2FwIAAP%2F%2FAQAA%2F%2F%2FTwzBT5wwAAA%3D%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F3yWS6gkS1rHq3quILpRmY2icLjHHhSsU%2Fl%2B3MvQVGa9H1lZ7weNZWZGZGZUPisjX5UgDI7IbAba1biS09F9bzsP1CuIK0FOu5EGcY4L7Qu2uHHjxgfOUuScbukR7p2PJOOL%2BGIRX3y%2Ff%2FD93tPsTY0imfFan0QV8n2jyV9RF7%2B2QSGICnyhLS9o6or6%2BGKDQoH7%2BKK8%2ByX5RzTFX1G%2FftGDlhc1GYqmKJqiL7oogXZUNu%2BjBMU%2FkOkrmbrimCua50iZ%2FP85zuoEG3UC8je1XyAI3P6U%2BzefEWTdkDD40zbEXhrFv9EJMt9Io4Tk4MUq9MKoCEnw3rWTOrHDF%2B92kwjf1mp%2F8IBE4Yt3GZAof36XATHRba3%2BDzQxwxfvjknM%2FJO3JzV9AkNigp8lRX5DoH9DkHFDrOibBIEf1gixANGmJAw%2B1aKkMM5vo8Zd9Lb2wY%2F%2Bi6DitvbBP32VhMEfKz4qLxaRn6UoCjEp7WuCyhuCnBsSZy9JWtUJKl4SK%2F0dgsDf1po%2FGpMweD7FfkQQeP2rMiWwvMEYDdMy2QZnQa4hC6zV4AyWNXnLlHga3F8RQjcE2TfEh0%2BIgR%2BQDNdJhuoks%2Bski%2BskAK8vDF62KUq0TZtlJc6yLJa1LF4SAA9YTrIpkll3OTwhafyEWP4TYiXfIHHyDeKhJyTJ%2Fopg95pgUCc4rZEcXJMC1kiBa6QwaqRANVKkNVLk158AHzP4%2BlPg48yk343Mu5G9fhalzlPjkyh1YFh7Gr%2Bp%2FfzdxdV%2F7ntfJR58fWHzEm8LvCVYAk8zrCnzAFCyCVmGA5A1TYLRNUH4ATFwnVTotvaV3%2F43EqPb2gOlSUzjJcH%2BS2KhD4mR%2FQoximciQxHDfcZJFKnCT2EJr1BEQHRN4vQDkp7rT%2F03tV%2B8Lx37tf8m0Hr16M%2B%2B8y%2FMn%2F%2FmfxIruSZxck2O6K9rxPG%2F9WweFbXn86jAtc%2BmcYoCVBl3ZV2kRgpr3xvBcxElYNDGT77bsu4Cd%2B4PlhCnYyMEKHRw7fsKAgAm3SixYO0vB3gDTT3DrpIlYRaPdbU7COIEYoyi8IYY6IfmmljotvbTL3%2FmHthfAn9IUPKSJNnn9f9w0zT%2BqNk0ACwt1wgd6BgpvLKioAmipnUVu%2FEjnBqBkX49eCiqD5m7r8V0T7ujdop6K1YZyr0%2BBTqgr7OlfgUl8JBR85WUbg%2BuuqNE2eP8zHKN3uQ03XLjYTqYKIlj4RHixHKyADjM24scrgt6c5hlZ%2Fqkhmt9vex76wY%2FGAfrTqHxUSHNggqftc6gPwoYRsFpZTBB4I64xiQvKElpdLuwy%2Fidru%2FJQ3elDlUTZtaI4w%2FrUiqVbASy4wIy80ZCiXsV5EmVezQ9Vw9CBRILCe1SP4wF%2Frg15R196s2wzFU96YzhfM4cSpdfFKYunIxiuZVbYgGm%2FJSftgf4tMWFJzrZYj1cLmweLraj%2FsY7Dhsduw83irZs5fsWGm3cXm6xXb57BlLW64QbpMy1NeXN2kzmUUgZVQHK18vBSB9Zh%2BUy7c5zhW9FHUprBFZF9ytL26eDdacPw66d5EvWHITbrtPuxWU6TqzUw7MKjyRD2%2Fs7YLuu2pmnZcVAjKnYPydnl%2BrHAWy9LR4JsleP%2Fr12bwRFN8SKf%2Fe7l5fLwXLcubz8vgYhuDAu1rr26E8uL9udhTof6MvBVLu8%2FAs1CmIjgRepCy9MiNO7XVdXV59dXurTxVJpqaPDaj5eXF5%2B%2FuAfP7wH63Hz8RegdbdWPm5GMQyT1HzcZB43CxR%2BMWsOMxG0IxTvWeMbP86aQTMPGXXDu%2FqpAVvsMJ9xk6it2m1%2BaLOtTcWH6Xx%2B9tqKlY97o%2BHOVhp7Slj6G6e1nuvhwqP49So6nidT0NrpJhLccTtfGCB1DbXYRdtBX%2FEqLh6k44Wwrai9Ig0Pqswug4ReytNsJzpzlWtPtha1Sfv0keHS%2FbDR4czDfs%2FDxNh6C5FZiLx9mOVdrwja7QBSU6095xlw1tsSRj3PibtosqOxdR419ov9QhlB06AYTcwP1vacutl4RGtlZnRX7GrEaY3U28OdB1jR758X48BrbaWxPURB4GJ%2BP%2FGODc1V%2Bu3OVqX0qqvCcZLDvi3wZw70LFHXbHlKr%2Fdjtjg7HDA82w8ZA517Dm3502pmgExpjQOHkkJh19BnFqB4drUN1uV2s%2Bcn81NrKx4ydXXUJgNViQTnIMjRTmLWa0sMGspRZIGzc7wVVY2UxNUNbs12eqG82ZRHqb8%2BRscySxOnkKPxsHOq5mbpz2Zc1KO6k0axmhzO7Lznaqul484H89F8xPd27KijNfarqD3bD1brAuz4nJJVxs233WED83uJ3rYmsrbUTjSrZ8F6t1CS1bSK5BXbzxptvkHLYHjqWxtFZxOV1u3VdHucuKl4Vk1ts19MxNN5US70M8K8zY49LnaqUYvn89lb%2BL5mgPIQJ8iCX6euKJER2A%2F%2F6PJyoN6p4fVv3RGOP2o2rSSBcXT%2FZsIyNY2wyVKCzEgUQzWtBBopyiFuMizPMZTINXnR4IDAUAyUWNtgTImiZMGEAEBe4EUbHESBo67i0CE4flV7ZwRHNZL47%2BdmXCdF9vmDv%2FvyB9wA5f9prMn8BIWxU2bATBZfoDDbZB8y6jHpTSRUDl1%2BIkxVpYdDSxF2XWpyKOfdkbw2USfJ%2FEbf57QwlHXKd%2BlGsoFW5bGTMNnZGSyPu%2BN6lOzj5WLA2h2eCyt%2BYJfmdCVVq2CWCI5hbm0ktZbLAOPTQKNaoJrv54W%2BY4JTUpX%2Bxmy1zFjMRyUKx1q27fIKNd9M6LUbnkLtXLgxFjRnr5Q9j061gzV01yZlZJYec%2BZm3OEP3R2gZyF17kjlqhcxoX0oJUGPcn7SH7fyLTXk6HixdFR3Xjlhhk1ot%2BTVrgP9%2FmC6OLZipZ1ZLT9INVqcDg4NY7wW2GW7J4JgyNr%2Bohz5%2FFILembbcuNUYBthpON9Z7A3NodM8LzpdLVsOeaEojykVaHNuIw20xMl6m%2B56brTmmmV4m2QWub7aDpa9rOiVanDwYZLdaGrF6fWzOKNkdVIlt4g4tsI0mNaL8zRqnQtihcHBw46PE4683mFaNxJkpRWerYuVZuoO0lYSEfjTkMIZ0nGx0Pcs3VhnPjzTKGkddqfLBKrz0qHo1C2tb3cbY9Oy%2BM%2BxV25Rfnb1ZK3OKmxbYFyeF5O5%2F22KPLVaTjZUaqtKoIN2Whb2XSP33PTnuJIW16WBkmk%2Bsj0qyFqyN5yO%2BgoWJmepInRr2b7Xdl1vkxhzxLGfN89%2Bei2Jv9rnfjw1aPvfHv6zx%2BDPTHMa4Lhj0nhvf8Uf4s4SZ0Y6TdJGFyTPLkmuX9NDP8JwdlXnqVx8urR37P3Rky%2F%2Fsz0k%2Fpz00%2F833%2FbuWH0%2BoKnOSiZkmgBYEIL0CLDSixFMQBwogxpmaT41vr2L%2F%2FP%2FwIAAP%2F%2FAQAA%2F%2F%2FTwzBT5wwAAA%3D%3D HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=90635a2a-bcb3-4ce4-963c-4a33b5cb851d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 22:19:43 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0d79c13b01cb19c13ca32524e114d982
Strict-Transport-Security: max-age=0; includeSubdomains
specialistinsensitive.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbs?c=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Cookie: u_pl=17869332; uid_id2=90635a2a-bcb3-4ce4-963c-4a33b5cb851d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 22:19:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 355549
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 355528
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 473 B IP
Hash 1de05e10cb273633ad6107621931e6e7
f89e0ada0fe2288ac5bfca3d787de93ee4e0a468
9028f1c2e98e9db65326795036397efc4d8d1bf8a9867d9c3851a159d26bc664
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 1.5 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
Hash 8db1c6827d8172a119b6688302c2cae0
7327cac22d99bc7561fc0977fd9f1befee64c7e9
60edf2de6c653c99defa82f8c13f0ea8cc1f5c74f8905dc535ec1c6b1168bc2d
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: n6+Zdb1PMXktBUtZ9FJzSatRjwfkauBT4pphns2z6vbucI1rv8wyZln8+BnzzMP7Mt5WEN9b0GQZ2IwLP4MUzw==
date: Sun, 04 Dec 2022 22:19:43 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 04 Dec 2022 21:43:07 GMT
expires: Sun, 04 Dec 2022 22:43:07 GMT
cache-control: public, max-age=3600
age: 2197
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash 70ed7c91c47861af2f9e6caaa3c3b856
2f053dd4b430a2b2b67e870f12a1f03d458db97a
5e58279e2c1c23fc1c048991f28d06e2c7a498241f4c81367ee50841e5726624
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 04 Dec 2022 22:19:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 04 Dec 2022 18:29:17 GMT
Expires: Mon, 05 Dec 2022 18:29:17 GMT
ETag: "2f053dd4b430a2b2b67e870f12a1f03d458db97a"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash 70ed7c91c47861af2f9e6caaa3c3b856
2f053dd4b430a2b2b67e870f12a1f03d458db97a
5e58279e2c1c23fc1c048991f28d06e2c7a498241f4c81367ee50841e5726624
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 04 Dec 2022 22:19:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 04 Dec 2022 18:29:17 GMT
Expires: Mon, 05 Dec 2022 18:29:17 GMT
ETag: "2f053dd4b430a2b2b67e870f12a1f03d458db97a"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
200 OK 58 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
IP
File type PNG image data, 320 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash cf8ffcaf217375cf9bb01c612300b25a
5d033771d013ab4364a83c6302b473c6f64ff722
2b14b918bb31b4672d92b0287ed00c91c74e5d315759da2deb6028b0b4e9f909
GET /media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 04 Dec 2022 22:19:44 GMT
Content-Type: image/png
Content-Length: 57775
Last-Modified: Fri, 01 Apr 2022 10:50:46 GMT
Connection: keep-alive
ETag: "6246d906-e1af"
Expires: Mon, 04 Dec 2023 22:19:44 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 68570b7de13c7dfdf686da25ce10d668
61c1304152f11e6a83c383fff8d5e498c4385e6f
537302c07522f4bf1e766fbb1a8da346f59526715a5fcecd3f6aa4817b6b32ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/instream/video/client.js
200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Sun, 04 Dec 2022 22:19:45 GMT
expires: Sun, 04 Dec 2022 22:19:45 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 68570b7de13c7dfdf686da25ce10d668
61c1304152f11e6a83c383fff8d5e498c4385e6f
537302c07522f4bf1e766fbb1a8da346f59526715a5fcecd3f6aa4817b6b32ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
204 No Content 807 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP
File type gzip compressed data, max compression\012- data
Hash 7481bd9599a1ac21ed64533f3f8426ed
9e5a93dbd2bfa81ef05777375085c9e804871693
15918cd584a41c8c32080b1b8c082039855e60a339bbf34d616d074e50a0c837
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sun, 04 Dec 2022 22:19:45 GMT
Connection: keep-alive
Expires: Mon, 04 Dec 2023 22:19:45 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
adservice.google.com/adsid/integrator.js?domain=exee.app
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 04 Dec 2022 22:19:45 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
200 OK 7.6 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP
Hash 328c6e3376b5f6a768ef9e2e60edc0c7
f8d239b58fe8c4674b2a74d17b0eeb7adbda5128
5326fa8f8372b7cd25ad24264f49a19cc9807b39113af68b63a30188b02778db
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 04 Dec 2022 22:19:45 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d37-bf80"
Expires: Mon, 04 Dec 2023 22:19:45 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sun, 04 Dec 2022 22:19:45 GMT
Connection: keep-alive
Expires: Mon, 04 Dec 2023 22:19:45 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FaOSiT&tfcd=0&npa=0&correlator=222066444461063&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FaOSiT&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F5d831cf7-9c91-4d74-96bb-ed0120a2620a&sid=06D9102C-C795-4C53-A36E-9AA83B5E17BC&nel=0&eid=44748969%2C44750824%2C44765701&ref=https%3A%2F%2Fexe.io%2F&dlt=1670192378989&idt=3064&dt=1670192383363&cookie_enabled=1&scor=1400596686627229&ged=ve4_td4_tt0_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
200 OK 16 kB URL HTTP/2 pubads.g.doubleclick.net/gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FaOSiT&tfcd=0&npa=0&correlator=222066444461063&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FaOSiT&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F5d831cf7-9c91-4d74-96bb-ed0120a2620a&sid=06D9102C-C795-4C53-A36E-9AA83B5E17BC&nel=0&eid=44748969%2C44750824%2C44765701&ref=https%3A%2F%2Fexe.io%2F&dlt=1670192378989&idt=3064&dt=1670192383363&cookie_enabled=1&scor=1400596686627229&ged=ve4_td4_tt0_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491
IP
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (23516)
Hash be1a3663f4d8cb5e2f5d226e182cdf04
e096c4a6351210db4c45c7a8cceed139d5da2c72
6e98cbd5e2dfe03aebc343e17561114c03d29981f2079b25c0c13920245539c3
GET /gampad/ads?env=instream&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&iu=%2F26001828%2C22794390700%2Fvdoai-dfp-parent-adunit%2Fz1_dfp_v_exee_app_v_pre_1&description_url=https%3A%2F%2Fexee.app%2FaOSiT&tfcd=0&npa=0&correlator=222066444461063&vpos=preroll&sz=800x450%7C444x250%7C635x357%7C640x360%7C400x300%7C1x1&vad_type=linear&ad_type=audio_video&url=https%3A%2F%2Fexee.app%2FaOSiT&cust_params=hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=click&vpmute=0&sdkv=h.3.547.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=110095148&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.547.0&media_url=blob%3Ahttps%253a%2F%2Fexee.app%2F5d831cf7-9c91-4d74-96bb-ed0120a2620a&sid=06D9102C-C795-4C53-A36E-9AA83B5E17BC&nel=0&eid=44748969%2C44750824%2C44765701&ref=https%3A%2F%2Fexe.io%2F&dlt=1670192378989&idt=3064&dt=1670192383363&cookie_enabled=1&scor=1400596686627229&ged=ve4_td4_tt0_pd4_la4000_er0.0.0.0_vi0.0.939.1280_vp0_eb16491 HTTP/1.1
Host: pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://imasdk.googleapis.com
google-lineitem-id: -1
google-creative-id: -1
date: Sun, 04 Dec 2022 22:19:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 16249
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 04-Dec-2022 22:34:45 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 227de73c2950d257905eda6128f90ea9
d700e7cbc5c620f274ec53c336dba15988f046d9
306cc0e4114a9e5b3f9125f9a6fe9746e2db74d94c7991c714e6abb2de046fbc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "306CC0E4114A9E5B3F9125F9A6FE9746E2DB74D94C7991C714E6ABB2DE046FBC"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10359
Expires: Mon, 05 Dec 2022 01:12:25 GMT
Date: Sun, 04 Dec 2022 22:19:46 GMT
Connection: keep-alive
googleads.g.doubleclick.net/pagead/interaction/?ai=CK__JAR2NY9veN4KQywWE06yAC7DMjdVtt4iMzugQsJAfEAEgrNaJRmDDhICAmBigAdrxgfUCyAEF4AIAqAMBmAQAqgSSAk_QyBbDEX6nws5hhE5TnkYAOEy57lcyLZcwhEIB9SfxfHBBBv1g90hqBlHGH2clOtC0kYfsPqfsFiuKZc2TX-vmZwS93DQ46BJLLkP7VNcLDWeqedjtZLOC6N7tvg7X9CNaMGZTWboZdwRt-7YhamZ21eYrZxet03yC5QxFxxdmAWf8TfPrOG-VbZS_-y3qR4O31qrnRMrehMTSOGsIIvrmeK1yPYnFo1lsTe8dknjO38tcx_aBgcr_x70FuyQaEwB83FBuZorVFtiozwKeILu3R5zjvAUDg8YgtGUjd2NHXWgpW-FhYPOmoFcrDbZj0VWejxH_PTyFtbhHNrubyz0yO-e6w8V8G4J0WvEcwSJ-oj3ABMPT4NetBOAEAaAGVIAHjo7-igGoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwGoCAHSCBIIiOGAEBABGB0yA6qCAToCgECxCTD0uqoujKqjgAoDmAsByAsB0AsOuAwBmg0BDtgTDYgUAdAVAeIWAggB-BYBgBcB&sigh=_UYduezjlu0&label=show_ad&sdkv=h.3.547.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDU3NzgzNjg3Njg1NTIMNjM4Mjg5MTMyODQ3QLoCUiMQDyUAABhCKAE6C1d2X1M2bFY4NFJvQglnb29nbGVhZHNQABgB
200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/interaction/?ai=CK__JAR2NY9veN4KQywWE06yAC7DMjdVtt4iMzugQsJAfEAEgrNaJRmDDhICAmBigAdrxgfUCyAEF4AIAqAMBmAQAqgSSAk_QyBbDEX6nws5hhE5TnkYAOEy57lcyLZcwhEIB9SfxfHBBBv1g90hqBlHGH2clOtC0kYfsPqfsFiuKZc2TX-vmZwS93DQ46BJLLkP7VNcLDWeqedjtZLOC6N7tvg7X9CNaMGZTWboZdwRt-7YhamZ21eYrZxet03yC5QxFxxdmAWf8TfPrOG-VbZS_-y3qR4O31qrnRMrehMTSOGsIIvrmeK1yPYnFo1lsTe8dknjO38tcx_aBgcr_x70FuyQaEwB83FBuZorVFtiozwKeILu3R5zjvAUDg8YgtGUjd2NHXWgpW-FhYPOmoFcrDbZj0VWejxH_PTyFtbhHNrubyz0yO-e6w8V8G4J0WvEcwSJ-oj3ABMPT4NetBOAEAaAGVIAHjo7-igGoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwGoCAHSCBIIiOGAEBABGB0yA6qCAToCgECxCTD0uqoujKqjgAoDmAsByAsB0AsOuAwBmg0BDtgTDYgUAdAVAeIWAggB-BYBgBcB&sigh=_UYduezjlu0&label=show_ad&sdkv=h.3.547.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDU3NzgzNjg3Njg1NTIMNjM4Mjg5MTMyODQ3QLoCUiMQDyUAABhCKAE6C1d2X1M2bFY4NFJvQglnb29nbGVhZHNQABgB
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/interaction/?ai=CK__JAR2NY9veN4KQywWE06yAC7DMjdVtt4iMzugQsJAfEAEgrNaJRmDDhICAmBigAdrxgfUCyAEF4AIAqAMBmAQAqgSSAk_QyBbDEX6nws5hhE5TnkYAOEy57lcyLZcwhEIB9SfxfHBBBv1g90hqBlHGH2clOtC0kYfsPqfsFiuKZc2TX-vmZwS93DQ46BJLLkP7VNcLDWeqedjtZLOC6N7tvg7X9CNaMGZTWboZdwRt-7YhamZ21eYrZxet03yC5QxFxxdmAWf8TfPrOG-VbZS_-y3qR4O31qrnRMrehMTSOGsIIvrmeK1yPYnFo1lsTe8dknjO38tcx_aBgcr_x70FuyQaEwB83FBuZorVFtiozwKeILu3R5zjvAUDg8YgtGUjd2NHXWgpW-FhYPOmoFcrDbZj0VWejxH_PTyFtbhHNrubyz0yO-e6w8V8G4J0WvEcwSJ-oj3ABMPT4NetBOAEAaAGVIAHjo7-igGoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwGoCAHSCBIIiOGAEBABGB0yA6qCAToCgECxCTD0uqoujKqjgAoDmAsByAsB0AsOuAwBmg0BDtgTDYgUAdAVAeIWAggB-BYBgBcB&sigh=_UYduezjlu0&label=show_ad&sdkv=h.3.547.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDU3NzgzNjg3Njg1NTIMNjM4Mjg5MTMyODQ3QLoCUiMQDyUAABhCKAE6C1d2X1M2bFY4NFJvQglnb29nbGVhZHNQABgB HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 22:19:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
access-control-allow-origin: *
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 04-Dec-2022 22:34:46 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 3da683e93b38aa458905ea8c3d58d1a0
0c6582eb5105b0424dd9a9c168009e988217606c
43301ff40aa19cbde7793d9413c4ab24ddb486de6f53071084241ac2e70f7031
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
unseenreport.com/pxf.gif?uuid=90635a2a-bcb3-4ce4-963c-4a33b5cb851d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=90635a2a-bcb3-4ce4-963c-4a33b5cb851d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=90635a2a-bcb3-4ce4-963c-4a33b5cb851d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 04 Dec 2022 22:19:46 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 572b8b6edbbf71f66cd4d85adb621ae2
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 3da683e93b38aa458905ea8c3d58d1a0
0c6582eb5105b0424dd9a9c168009e988217606c
43301ff40aa19cbde7793d9413c4ab24ddb486de6f53071084241ac2e70f7031
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 22:19:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
unseenreport.com/pxf.gif?uuid=90635a2a-bcb3-4ce4-963c-4a33b5cb851d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=90635a2a-bcb3-4ce4-963c-4a33b5cb851d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=90635a2a-bcb3-4ce4-963c-4a33b5cb851d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 04 Dec 2022 22:19:46 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0228f9fda88950e0a3175bbe3931a0f0
Strict-Transport-Security: max-age=0; includeSubdomains
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
206 Partial Content 454 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP
Size 454 kB (453832 bytes)
Hash b2fa66eb6fbe5a86875597aafd72688e
3f3ffb07d91b34dcbaa886bbbb50c59ab33767c8
f2985ff1aa24da33cb50632ba0daed5632c90cd761f6a53c56084988c4ae4cc2
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-453831
vdoai: true
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.20.1
Date: Sun, 04 Dec 2022 22:19:45 GMT
Content-Type: video/mp2t
Content-Length: 453832
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Connection: keep-alive
ETag: "62e47d37-cce09a8"
Expires: Mon, 04 Dec 2023 22:19:45 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-453831/214829480
pogothere.xyz/asd100.bin
200 OK 102 kB IP
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:41 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5261
last-modified: Sun, 04 Dec 2022 20:52:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DIfbW4Sibmwxg%2BhPlZiZoDmtZnNG1KKbosGdM1MluaTRu81FCZsA3GbL%2BrWW8rP%2BHP%2FV9OTuWL8xbMSQtdfmgSK%2FCi7agXsmK2wT79sFsqNY8pUqnYYQRlgYPZucNPM6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747ecd29d9ee674-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash 70ed7c91c47861af2f9e6caaa3c3b856
2f053dd4b430a2b2b67e870f12a1f03d458db97a
5e58279e2c1c23fc1c048991f28d06e2c7a498241f4c81367ee50841e5726624
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 04 Dec 2022 22:19:46 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 04 Dec 2022 18:29:17 GMT
Expires: Mon, 05 Dec 2022 18:29:17 GMT
ETag: "2f053dd4b430a2b2b67e870f12a1f03d458db97a"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
csi.gstatic.com/csi?v=2&s=ima&puid=1~lb9xf5tz&c=8097148390862&slotId=4048574195431&qqid=CJvj-b7_4PsCFQLIsgodhCkLsA&gqid=AR2NY838NY26ygX1pL3AAg&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&ghmsh_eids=44748969%2C44750824%2C44765701&met.4=ghmsh_s.lb9xf750~ghmsh_s.lb9xf756&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=xs8OBhyIyu4wFmT2
204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&puid=1~lb9xf5tz&c=8097148390862&slotId=4048574195431&qqid=CJvj-b7_4PsCFQLIsgodhCkLsA&gqid=AR2NY838NY26ygX1pL3AAg&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&ghmsh_eids=44748969%2C44750824%2C44765701&met.4=ghmsh_s.lb9xf750~ghmsh_s.lb9xf756&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=xs8OBhyIyu4wFmT2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&puid=1~lb9xf5tz&c=8097148390862&slotId=4048574195431&qqid=CJvj-b7_4PsCFQLIsgodhCkLsA&gqid=AR2NY838NY26ygX1pL3AAg&fb=ima_html5-lima&sdkv=h.3.547.0&ppt=videojs-ima&ppv=1.11.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&ghmsh_eids=44748969%2C44750824%2C44765701&met.4=ghmsh_s.lb9xf750~ghmsh_s.lb9xf756&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=xs8OBhyIyu4wFmT2 HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Sun, 04 Dec 2022 22:19:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/notifications/rtb/os-box/1-2/index.html
200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/rtb/os-box/1-2/index.html
IP
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/rtb/os-box/1-2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exee.app
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:43 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 30 Mar 2022 13:43:57 GMT
etag: W/"62445e9d-4ea"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 04 Dec 2022 23:19:43 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:41 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5261
last-modified: Sun, 04 Dec 2022 20:52:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Tcuyc10Ki%2Fno2dhjZwg2xXfwWMi5frVjE84JVdrftEW8tkxhwjtyKlSshjs4u3%2FcNvptcTs%2BsBRIP3PPykY93mJoCMC1w2t5pCq0REZsx8Lm0hS%2Fkg8Aw3Ft56XF9ai"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747ecd2bde0e674-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exee.app/
Origin: https://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:41 GMT
content-type: text/plain
set-cookie: csu=516135678927975@1@1670192381; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uJmZrIeR7S%2Ffj9iXz7AY1Ed0bU%2B1oiY8Dq%2BwmhfHz67QAVqURzcvG0k4zqSU0GO6izbiuIe%2F6DXX0DnQfswABmQ31DVQK4iyfhvO0SjSuBPR9KzaJrQjl4ptJpjSpSV7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7747ecd2add9e674-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rr1---sn-capm-vnae.googlevideo.com/videoplayback?expire=1670221186&ei=Ah2NY6-nBIvHyAXR0JmwBQ&ip=91.90.42.154&id=5affd2ea557ce11a&itag=22&source=youtube&requiressl=yes&mh=Hq&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=38.568&lmt=1662132015909572&mt=1670192018&txp=5318224&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhAMXpBz12kQnqyt5nXGK-kX4w1puez3dkGQkzHQpKs3-uAiBNaapewpyFRPqjonOeYpc9M_k686R4Zad__h-6TXw2yg==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAN5ysYaPLyI8nFnspVpACmN52CvkZPc58gsaSyVPb47tAiASaCwXJDGHQe9VarF98DJLnYuSROC7uPbdB2v4qgot_A==&cpn=xs8OBhyIyu4wFmT2
206 Partial Content 0 B URL HTTP/1.1 rr1---sn-capm-vnae.googlevideo.com/videoplayback?expire=1670221186&ei=Ah2NY6-nBIvHyAXR0JmwBQ&ip=91.90.42.154&id=5affd2ea557ce11a&itag=22&source=youtube&requiressl=yes&mh=Hq&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=38.568&lmt=1662132015909572&mt=1670192018&txp=5318224&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhAMXpBz12kQnqyt5nXGK-kX4w1puez3dkGQkzHQpKs3-uAiBNaapewpyFRPqjonOeYpc9M_k686R4Zad__h-6TXw2yg==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAN5ysYaPLyI8nFnspVpACmN52CvkZPc58gsaSyVPb47tAiASaCwXJDGHQe9VarF98DJLnYuSROC7uPbdB2v4qgot_A==&cpn=xs8OBhyIyu4wFmT2
IP
ASN #50304 Blix Solutions AS
GET /videoplayback?expire=1670221186&ei=Ah2NY6-nBIvHyAXR0JmwBQ&ip=91.90.42.154&id=5affd2ea557ce11a&itag=22&source=youtube&requiressl=yes&mh=Hq&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=38.568&lmt=1662132015909572&mt=1670192018&txp=5318224&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhAMXpBz12kQnqyt5nXGK-kX4w1puez3dkGQkzHQpKs3-uAiBNaapewpyFRPqjonOeYpc9M_k686R4Zad__h-6TXw2yg==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAN5ysYaPLyI8nFnspVpACmN52CvkZPc58gsaSyVPb47tAiASaCwXJDGHQe9VarF98DJLnYuSROC7uPbdB2v4qgot_A==&cpn=xs8OBhyIyu4wFmT2 HTTP/1.1
Host: rr1---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Last-Modified: Fri, 02 Sep 2022 15:20:15 GMT
Content-Type: video/mp4
Date: Sun, 04 Dec 2022 22:19:46 GMT
Expires: Sun, 04 Dec 2022 22:19:46 GMT
Cache-Control: private, max-age=28500
Content-Range: bytes 0-10611606/10611607
Accept-Ranges: bytes
Content-Length: 10611607
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
friendshipmale.com/sfp.js
200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:42 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 70c6f497f1e83aad0a24f7d89a6ee639
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 04 Dec 2022 22:19:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SWhzreELAHLaZ62Hiy%2F9IEWjh8X5lnIfnyOON07qX0awq%2By0Vd7YJo6NApvG8CioxliJO7cGNk8CxYCgsg%2F6z0FJ4z3BEuZ39NAyjCZSQcjh6R8kRzykyR0B%2Bcemn%2B0vPmYHHzw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747ecd46e21dd43-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.youtube.com/iframe_api
200 OK 0 B URL HTTP/2 www.youtube.com/iframe_api
IP
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Sun, 04 Dec 2022 22:19:44 GMT
date: Sun, 04 Dec 2022 22:19:44 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=QqdCIdgn6Jg; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=3OE6EkU1rts; Domain=.youtube.com; Expires=Fri, 02-Jun-2023 22:19:44 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+540; expires=Tue, 03-Dec-2024 22:19:44 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.vdo.ai/core/v-exee-app/vdo.ai.js
200 OK 0 B URL HTTP/2 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 22:19:41 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
vdo-server: Tag2
cache-control: public, max-age=1800
x-varnish: 31879328 29208444
age: 0
via: 1.1 varnish-v4
x-cache: HIT
cf-cache-status: HIT
last-modified: Sun, 04 Dec 2022 22:19:41 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OwUBZ3u5fUZeNyfcH9AL86SEpHkNNaOy5ZGedy%2BrMDwrv9ez5DnQNpTnS79T%2F9nu30cFZnaSPtGsw07Ligiwu9Nw2%2BtBgVsKcRZVk9cJS%2BS3pj8Kj%2B6EQf0JOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7747ecd22b5575cb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
104.26.3.103
91.90.45.172
157.240.221.35
104.21.234.92
52.28.211.11
188.114.97.1
15.235.114.204
172.255.6.226