exe.io/CdsgoZnx
172.67.187.171301 Moved Permanently 0 B IP 172.67.187.171:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /CdsgoZnx HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 04 Feb 2023 20:53:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 04 Feb 2023 21:53:11 GMT
Location: https://exe.io/CdsgoZnx
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HeIYdtWXNsHIx1akSecB8DNzbaj8dUPjuuiYxepekTy4%2BTUUpG1ymje5znQDHbu4hl5tkz4nCdUS78BFCnehL2A%2B54yi8TM5wl1tRdhNoifpJycgWWwb%2BBk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79464b598c41b50f-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6851
Expires: Sat, 04 Feb 2023 22:47:22 GMT
Date: Sat, 04 Feb 2023 20:53:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3723
Expires: Sat, 04 Feb 2023 21:55:14 GMT
Date: Sat, 04 Feb 2023 20:53:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14554
Expires: Sun, 05 Feb 2023 00:55:45 GMT
Date: Sat, 04 Feb 2023 20:53:11 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zO9XDdZEhMxsi13XTNEO+8TDRVXZJNSP44kiNI4FkSNfENU5qxKKPouMxQwtsTjfvxecfDPBrzr+l3CnkM8Sgw==
x-amz-request-id: 95NG53GH7KNH5JQZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 20:24:10 GMT
age: 1741
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 20:43:39 GMT
content-type: application/json
age: 572
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1a4349540094a809bce706f7bc456701
cc81b790539992a296de4646a9583029dbc2b332
81302e4e5bdbabc2535193208e39ed84eab03d7bd66d004a1ac8182bf200f43c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4048
Cache-Control: max-age=90913
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:11 GMT
Etag: "63dd7608-118"
Expires: Sun, 05 Feb 2023 22:08:24 GMT
Last-Modified: Fri, 03 Feb 2023 21:00:56 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 20:53:11 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
exe.io/CdsgoZnx
104.21.84.66302 Found 280 B IP 104.21.84.66:0
Hash 1a4349540094a809bce706f7bc456701
cc81b790539992a296de4646a9583029dbc2b332
81302e4e5bdbabc2535193208e39ed84eab03d7bd66d004a1ac8182bf200f43c
GET /CdsgoZnx HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sat, 04 Feb 2023 20:53:11 GMT
content-type: text/html; charset=UTF-8
location: https://exeo.app/CdsgoZnx
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=7c090dced539097f81194589fa0e1184; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sjKXlrOz%2FwqAd5RC3jkEugAMiU2YjvqR3dW4bpX%2FBRHNYf95HGsw%2B6%2FaBuA5ozz%2Fri0XaFq0ifUawevRykL%2BeL48Q8lF0A0VDUReGL9YyQLI0qlIXuIcOoM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79464b5bc836b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ed94ac8f1c8aeabf0f587aaebcca01e3
9c318056336af7f38992368843a882277fb73300
d48ddb720d0b2069c668a277b7298d67633dd32769e9b0386192a9756363532d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6196
Cache-Control: max-age=124032
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:11 GMT
Etag: "63ddef03-117"
Expires: Mon, 06 Feb 2023 07:20:23 GMT
Last-Modified: Sat, 04 Feb 2023 05:37:07 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
exeo.app/css/continue.css
104.26.9.233200 OK 42 kB URL HTTP/2 exeo.app/css/continue.css
IP 104.26.9.233:0
File type ASCII text, with very long lines (65079)
Hash 308291f048f38ab2a59de0c0a72e9f17
f9ad411280271d00d60d0fe061c477056883704c
9e10c27fbb309cfac177e4f3e4958bee63beaf1f427b75eb629e9f74eef36b61
GET /css/continue.css HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/CdsgoZnx
Cookie: AppSession=d5914fed55cf686efd46f65b5224c681; csrfToken=1472ba5591e21396308a5e777c93381efd8a6519188d9f0e8aba22b1f0d3f67e5651ed82425dd174ce7d55169f379ef7dcc282952cab90569cc2a6cf39fb2e50
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:12 GMT
content-type: text/css
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=211688
expires: Fri, 10 Feb 2023 22:59:15 GMT
last-modified: Mon, 12 Dec 2022 17:28:40 GMT
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 2066036
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WtEHWocOhO81HNb9Sz8q%2FgZnjOCQYRsrC0rbatDcS2IH39kKIRfK4ErTqRz27dzIwbtCOrGFFJ58LBNvw9qRG5Zl61%2BSTCfe7U%2BpC9Rt3Ky078b5bG9xzTZ6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79464b5df9f6b518-OSL
content-encoding: br
X-Firefox-Spdy: h2
exe.io/img/logo_sm.png
104.21.84.66200 OK 11 kB IP 104.21.84.66:0
File type PNG image data, 262 x 110, 8-bit/color RGBA, non-interlaced\012- data
Hash babf1df3467cca81bd9fdd5540a70b3d
ab768d826851da1b84b22e14f4facfda137500f4
c63f2781570d012d67b1e5ed27544bf90097a71ca5ddbbcd86a98a0f52871534
GET /img/logo_sm.png HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:12 GMT
content-type: image/png
content-length: 10989
x-frame-options: SAMEORIGIN
last-modified: Sun, 28 Mar 2021 18:01:57 GMT
cache-control: max-age=31536000
expires: Thu, 25 Jan 2024 22:31:11 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 858121
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ok6Xv1yldVrVXOQ6%2F5bGot8wZl7TzErTMnnrZjR3Wi292B3Ff%2BtG0gEaxm73Iuj%2BxcE8ArC%2F3Wl4Zmi5gfGdYktgFu%2BgKZOvFPRO2eE0cvSkHD%2FkSzgMNrE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79464b5e3e12b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 20:49:07 GMT
age: 245
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-135952122-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash b19fb995354ac5f9e5d47df07503c241
3cf947c11f491ce7a4b95dd8441594fab735cfc2
05bd2c821d87fe25fcaf404fb274a8f72bf10c5590967e66d58e6b83ab2a6ed4
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 Feb 2023 20:53:12 GMT
expires: Sat, 04 Feb 2023 20:53:12 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 Feb 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43937
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 09301818f05390c0fe52cfa138fd711f
4d2bd6518ffab458b3888f800951b6652a8023a7
9f610a35ab2378e71b536368d120dcacaa83b7dcc76f3d9d39bcb7bf423eee5b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2540
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Etag: "63de9a94-116"
Last-Modified: Sat, 04 Feb 2023 20:10:52 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 78f65b4461bb0665ecd4e745b9d235f5
81c9c6b2e0f24e4d16fa09891fc282ec16a1ac41
89e2d59ce289a3e107ba61c6295bf899bb1baef48d85b1be493f0502c2ed2c9d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5762
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Last-Modified: Sat, 04 Feb 2023 19:17:10 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3914
Expires: Sat, 04 Feb 2023 21:58:26 GMT
Date: Sat, 04 Feb 2023 20:53:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cb6c2cfa5a38ba74b7286d1430ce0a1c
6ed40cc022a4d64de28aa9827a1847712165083f
33c1bc5c5eea0822dbb0d784e34ad1e275380cc22a34481fe2d7d511207ca122
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "33C1BC5C5EEA0822DBB0D784E34AD1E275380CC22A34481FE2D7D511207CA122"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6369
Expires: Sat, 04 Feb 2023 22:39:21 GMT
Date: Sat, 04 Feb 2023 20:53:12 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 78f65b4461bb0665ecd4e745b9d235f5
81c9c6b2e0f24e4d16fa09891fc282ec16a1ac41
89e2d59ce289a3e107ba61c6295bf899bb1baef48d85b1be493f0502c2ed2c9d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5762
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Last-Modified: Sat, 04 Feb 2023 19:17:10 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
qj.wimplesbooklet.com/1clkn/29529
142.91.159.93200 OK 26 B URL HTTP/1.1 qj.wimplesbooklet.com/1clkn/29529
IP 142.91.159.93:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: qj.wimplesbooklet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 20:53:12 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sun, 05-Feb-2023 20:53:12 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Sun, 05-Feb-2023 20:53:12 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 89a100ea773a6223d24ca5e2df477ef8
4d64028b8df107e2ee97314fd77c1508e1556d16
064ead0181ad64406bc6506f73730f522e9d4c35f1f304f3d6ca5e3ef4a342ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "064EAD0181AD64406BC6506F73730F522E9D4C35F1F304F3D6CA5E3EF4A342AB"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8315
Expires: Sat, 04 Feb 2023 23:11:47 GMT
Date: Sat, 04 Feb 2023 20:53:12 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 89a100ea773a6223d24ca5e2df477ef8
4d64028b8df107e2ee97314fd77c1508e1556d16
064ead0181ad64406bc6506f73730f522e9d4c35f1f304f3d6ca5e3ef4a342ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "064EAD0181AD64406BC6506F73730F522E9D4C35F1F304F3D6CA5E3EF4A342AB"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8315
Expires: Sat, 04 Feb 2023 23:11:47 GMT
Date: Sat, 04 Feb 2023 20:53:12 GMT
Connection: keep-alive
cdntechone.com/stattag.js
104.21.29.183200 OK 7.2 kB URL HTTP/2 cdntechone.com/stattag.js
IP 104.21.29.183:0
File type ASCII text, with very long lines (17301), with no line terminators
Hash 28331a8de3b7041872f9a95faca4af8f
bb47d62572835bd123206a69a1983db6b19f1dbb
93dd5320bec652b566616800dbcf43ba939a35fa51aa9a2ad3ba73f51f36acfc
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:12 GMT
content-type: application/javascript
last-modified: Fri, 03 Feb 2023 16:30:45 GMT
etag: W/"63dd36b5-4395"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1021
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHY%2FmrTJ0Xs%2B7BGP6t5L00GfCuh0Hw4rsGU6AIb9nRJRKhULGiRKDyzMm6ACnTXQk7IGUV%2FQKdtgPhMkN%2BAwE%2BdMIurpmlk9wRA2rYAIgeQh168GVKG2ev4Eas4OjMPQag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79464b5f7b38b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 09301818f05390c0fe52cfa138fd711f
4d2bd6518ffab458b3888f800951b6652a8023a7
9f610a35ab2378e71b536368d120dcacaa83b7dcc76f3d9d39bcb7bf423eee5b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2540
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Etag: "63de9a94-116"
Last-Modified: Sat, 04 Feb 2023 20:10:52 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
estkewasa.com/utx?cb=09YDkwRwVpio&top=exeo.app&tid=822524
54.230.111.128204 No Content 0 B URL HTTP/2 estkewasa.com/utx?cb=09YDkwRwVpio&top=exeo.app&tid=822524
IP 54.230.111.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=09YDkwRwVpio&top=exeo.app&tid=822524 HTTP/1.1
Host: estkewasa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 04 Feb 2023 20:53:12 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 04 Feb 2023 20:54:12 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rSoQqlZK3u8o9S3enlPI84I9SzmImQbf1nN1Xfrq20znNXUwSPZJMQ==
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exeo.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 18:52:41 GMT
expires: Tue, 30 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 439231
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
estkewasa.com/S3hjNEQqGgBZeypFARIxORReEXYNXVFyIHhBVVs3PgwaAjYtHQAaJycXFlAiORcNQGolHRcRdg1KMHAGHjU7WzYTAhNsFh8AOXkFMzsGUw4jOVMBMRwRB1ECDx8tdiMONyEGLwU6JwFheT4lXQYHMA1hBSgUU1YOJxwTcjxzFTYGLwogIFgRBR8beyYgKQhsLA1JNXdxET8gDRAFFCpRDgkhC2EBKBQ7TXESPgpmFigpLgwiGU0IcgEjTCR3ChI+IEwiAkgpUiEsOVVmEnJOInMRCS4rUxIRSy1SISw5CWMGGV1RdgYDPSB7A3s7OXEoBh4hYiooSVoCBQhVOXwceAwbbhUNKDlTBnI+JlxwHQIlZwEYGzVuKi8xBnUCIDk2QHAKICZwFyJNOX4oGhspBCwzORlMcQo/JlIXJk0lVRUKXglHKyUIXmZ0Pzc6bXEPTw
54.230.111.128200 OK 1.2 kB URL HTTP/2 estkewasa.com/S3hjNEQqGgBZeypFARIxORReEXYNXVFyIHhBVVs3PgwaAjYtHQAaJycXFlAiORcNQGolHRcRdg1KMHAGHjU7WzYTAhNsFh8AOXkFMzsGUw4jOVMBMRwRB1ECDx8tdiMONyEGLwU6JwFheT4lXQYHMA1hBSgUU1YOJxwTcjxzFTYGLwogIFgRBR8beyYgKQhsLA1JNXdxET8gDRAFFCpRDgkhC2EBKBQ7TXESPgpmFigpLgwiGU0IcgEjTCR3ChI+IEwiAkgpUiEsOVVmEnJOInMRCS4rUxIRSy1SISw5CWMGGV1RdgYDPSB7A3s7OXEoBh4hYiooSVoCBQhVOXwceAwbbhUNKDlTBnI+JlxwHQIlZwEYGzVuKi8xBnUCIDk2QHAKICZwFyJNOX4oGhspBCwzORlMcQo/JlIXJk0lVRUKXglHKyUIXmZ0Pzc6bXEPTw
IP 54.230.111.128:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 5c05e8e73883a86830c90e5900051940
7ac5315c19ffd955ae43e278e60ad3e6417bfde0
e967a6cac5463b595ab8fa3f13b4d1765566bd200c36bb008772bdeeeb710e07
GET /S3hjNEQqGgBZeypFARIxORReEXYNXVFyIHhBVVs3PgwaAjYtHQAaJycXFlAiORcNQGolHRcRdg1KMHAGHjU7WzYTAhNsFh8AOXkFMzsGUw4jOVMBMRwRB1ECDx8tdiMONyEGLwU6JwFheT4lXQYHMA1hBSgUU1YOJxwTcjxzFTYGLwogIFgRBR8beyYgKQhsLA1JNXdxET8gDRAFFCpRDgkhC2EBKBQ7TXESPgpmFigpLgwiGU0IcgEjTCR3ChI+IEwiAkgpUiEsOVVmEnJOInMRCS4rUxIRSy1SISw5CWMGGV1RdgYDPSB7A3s7OXEoBh4hYiooSVoCBQhVOXwceAwbbhUNKDlTBnI+JlxwHQIlZwEYGzVuKi8xBnUCIDk2QHAKICZwFyJNOX4oGhspBCwzORlMcQo/JlIXJk0lVRUKXglHKyUIXmZ0Pzc6bXEPTw HTTP/1.1
Host: estkewasa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1186
date: Sat, 04 Feb 2023 20:53:12 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -zyhL8veD4PUAlOKVPOKZrvxUrKWPxe_ooADizBhLwCgLrXOfSkWRg==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
IP 216.58.211.3:0
Hash 4878847e239b3697640ccaf65ff8dd54
970c1bd6c968727d5752b5e4072a8f4eed0a9cb3
0d265a524952284d786e1fbae8f1260a219b1a366fca1fdfc8a6a512dac72003
POST /s/gts1p5/bjlwOPa5ksQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
estkewasa.com/utx?cb=5srBpJCuoVgp&top=exeo.app&tid=889494
54.230.111.128204 No Content 0 B URL HTTP/2 estkewasa.com/utx?cb=5srBpJCuoVgp&top=exeo.app&tid=889494
IP 54.230.111.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=5srBpJCuoVgp&top=exeo.app&tid=889494 HTTP/1.1
Host: estkewasa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 04 Feb 2023 20:53:12 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 04 Feb 2023 20:54:12 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: j2qBItvBXmt5gHetwz0pqpI9P82u0ZIga29U77jlF2avZZ6T6QKA_A==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
IP 216.58.211.3:0
Hash 4878847e239b3697640ccaf65ff8dd54
970c1bd6c968727d5752b5e4072a8f4eed0a9cb3
0d265a524952284d786e1fbae8f1260a219b1a366fca1fdfc8a6a512dac72003
POST /s/gts1p5/bjlwOPa5ksQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
estkewasa.com/QnM2b2UjEVUCWiNOVEkQMB8LSlcEVgQpAXFKAAAWNwdPWRckFlVBBi4cQwsDMBxYG0ssFkJKVwQ1YAUNFCIEIlQUCUUDPQE5ZCI9dxFUCCMqFloLEhcabxwhESpwIy0TH3kYFSg5Yi4kExkDAyM7C1UOLQw1eQMOdTlwWhIaJ0UIPS8QUyEmITFXGB04PU4iUBdBUQEiFkZXIgwDMXg5EncpZDZWACdRHCIWSmMgNgg0bCdQJRFgIR8BHmAdIwZKYSI2NSZ8PVQsEEFfDAokUhUwLyphNTIYInAtVCwQTj5AcDVgAitxIVs5UyE7cDspJUZeNQkDJn44SCYJczwkJilRJTYYFAdYBnIDTCwIFxh0BTMWPFs1NwcyRgMGLj1bLDIUCmQCNAs+TwA3D0ICWSpyKV0JCBAJYAECCxBMNQAYBBAFFi0dRlIcdTVbXVMkIGAVDg
54.230.111.128200 OK 1.2 kB URL HTTP/2 estkewasa.com/QnM2b2UjEVUCWiNOVEkQMB8LSlcEVgQpAXFKAAAWNwdPWRckFlVBBi4cQwsDMBxYG0ssFkJKVwQ1YAUNFCIEIlQUCUUDPQE5ZCI9dxFUCCMqFloLEhcabxwhESpwIy0TH3kYFSg5Yi4kExkDAyM7C1UOLQw1eQMOdTlwWhIaJ0UIPS8QUyEmITFXGB04PU4iUBdBUQEiFkZXIgwDMXg5EncpZDZWACdRHCIWSmMgNgg0bCdQJRFgIR8BHmAdIwZKYSI2NSZ8PVQsEEFfDAokUhUwLyphNTIYInAtVCwQTj5AcDVgAitxIVs5UyE7cDspJUZeNQkDJn44SCYJczwkJilRJTYYFAdYBnIDTCwIFxh0BTMWPFs1NwcyRgMGLj1bLDIUCmQCNAs+TwA3D0ICWSpyKV0JCBAJYAECCxBMNQAYBBAFFi0dRlIcdTVbXVMkIGAVDg
IP 54.230.111.128:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3040), with no line terminators
Hash dcb02fcba0eaf1dafce2d8646b047e6b
606ddb24f85e4a02b5786b7e5db1588103e2d511
d676575e31b4990f6b44b008f4cb3b69a18f54bcd595c937340d6c538e7e27d7
GET /QnM2b2UjEVUCWiNOVEkQMB8LSlcEVgQpAXFKAAAWNwdPWRckFlVBBi4cQwsDMBxYG0ssFkJKVwQ1YAUNFCIEIlQUCUUDPQE5ZCI9dxFUCCMqFloLEhcabxwhESpwIy0TH3kYFSg5Yi4kExkDAyM7C1UOLQw1eQMOdTlwWhIaJ0UIPS8QUyEmITFXGB04PU4iUBdBUQEiFkZXIgwDMXg5EncpZDZWACdRHCIWSmMgNgg0bCdQJRFgIR8BHmAdIwZKYSI2NSZ8PVQsEEFfDAokUhUwLyphNTIYInAtVCwQTj5AcDVgAitxIVs5UyE7cDspJUZeNQkDJn44SCYJczwkJilRJTYYFAdYBnIDTCwIFxh0BTMWPFs1NwcyRgMGLj1bLDIUCmQCNAs+TwA3D0ICWSpyKV0JCBAJYAECCxBMNQAYBBAFFi0dRlIcdTVbXVMkIGAVDg HTTP/1.1
Host: estkewasa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Sat, 04 Feb 2023 20:53:12 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wRcIJTsXTa3-TpcVwx0QkKbOY4k6sId1iQxCsY8m0G2m17Kal6Jh1w==
X-Firefox-Spdy: h2
estkewasa.com/YXRtVVgAFg44ZwBJD3MtExhQcGonUV8TPFJNWzorFAAUYyoHEQ57Ow0bGDE+ExsDIXYPERlwaicEOz4SUDo6OmktJhkBDjI9HxAJCSc0Ox4pNVwhLyo1NzQaIi5IZx4xGBoMFzA5BTAxGR03FB4xMAAhITRFBhkXIiIkEC9ZQCQAPyQgKTY1JwMFMDslFzgWGQJBIhcgOzYHMTYzRyMzPSk+PBdpEVFfFxYzDA8RMgpFLz0aOC4EIhokMgU4O1EhDwI2LwwjLRo4LgcAOzZFFTwCUS5eAWozDSkEFgQXXhBrJDIFOBUgOTwCCgUOPwQaJC4AIQkjRQItEhlZNzAaOToaGC8FFTdmEic2KyU2O0QOExwlTBoQHiwyITg8KRdcITUFRR4TDCI6SGceMzVLPysOGh1oEwgGAhQMLjJZ
54.230.111.128200 OK 1.2 kB URL HTTP/2 estkewasa.com/YXRtVVgAFg44ZwBJD3MtExhQcGonUV8TPFJNWzorFAAUYyoHEQ57Ow0bGDE+ExsDIXYPERlwaicEOz4SUDo6OmktJhkBDjI9HxAJCSc0Ox4pNVwhLyo1NzQaIi5IZx4xGBoMFzA5BTAxGR03FB4xMAAhITRFBhkXIiIkEC9ZQCQAPyQgKTY1JwMFMDslFzgWGQJBIhcgOzYHMTYzRyMzPSk+PBdpEVFfFxYzDA8RMgpFLz0aOC4EIhokMgU4O1EhDwI2LwwjLRo4LgcAOzZFFTwCUS5eAWozDSkEFgQXXhBrJDIFOBUgOTwCCgUOPwQaJC4AIQkjRQItEhlZNzAaOToaGC8FFTdmEic2KyU2O0QOExwlTBoQHiwyITg8KRdcITUFRR4TDCI6SGceMzVLPysOGh1oEwgGAhQMLjJZ
IP 54.230.111.128:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3014), with no line terminators
Hash 32e40cb0c736438e833eb26f7ac24478
ac2690facaaa19f48234ce7910e6e33ad663efc1
0014aa6d3ab210875015a9ce45cad7cb98d18ccfa5760e52d3de25b6154bfb84
GET /YXRtVVgAFg44ZwBJD3MtExhQcGonUV8TPFJNWzorFAAUYyoHEQ57Ow0bGDE+ExsDIXYPERlwaicEOz4SUDo6OmktJhkBDjI9HxAJCSc0Ox4pNVwhLyo1NzQaIi5IZx4xGBoMFzA5BTAxGR03FB4xMAAhITRFBhkXIiIkEC9ZQCQAPyQgKTY1JwMFMDslFzgWGQJBIhcgOzYHMTYzRyMzPSk+PBdpEVFfFxYzDA8RMgpFLz0aOC4EIhokMgU4O1EhDwI2LwwjLRo4LgcAOzZFFTwCUS5eAWozDSkEFgQXXhBrJDIFOBUgOTwCCgUOPwQaJC4AIQkjRQItEhlZNzAaOToaGC8FFTdmEic2KyU2O0QOExwlTBoQHiwyITg8KRdcITUFRR4TDCI6SGceMzVLPysOGh1oEwgGAhQMLjJZ HTTP/1.1
Host: estkewasa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Sat, 04 Feb 2023 20:53:12 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: m9Mv6kMORGDXxE981xRh1B4r1Vxk3hUBLYWr95uHoFDudgfSrbb4Ag==
X-Firefox-Spdy: h2
live.demand.supply/e/e.js?e=ll&d=193&cs=c&dsReferer=ZXhlby5hcHAvQ2RzZ29abng=
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/e/e.js?e=ll&d=193&cs=c&dsReferer=ZXhlby5hcHAvQ2RzZ29abng=
IP 104.16.134.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /e/e.js?e=ll&d=193&cs=c&dsReferer=ZXhlby5hcHAvQ2RzZ29abng= HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:12 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
etag: "e11f25735db9ddc62adb36e2e1846234-ssl"
x-nf-request-id: 01GPGADBNXCHVSK51WK5YVFSDJ
cf-cache-status: HIT
age: 2064118
accept-ranges: bytes
set-cookie: __cf_bm=b0EQDUbZWMAXX.vI3WO9drfQDTWvy.HMMHFk3nF3oxg-1675543992-0-ATXkv6bdDdb5ejwEj6LdRQ+bOzTSso4q6MoWTipT7H4rzWVuvq1F5Qvt+e5bnBuXGuoiOcfk9Gn37gFdUdmBlag=; path=/; expires=Sat, 04-Feb-23 21:23:12 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 79464b60c82b0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 2.0 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 76f424c88b802913f311e457fa8c01d0
a7f3c64b54907570dc0ec0c0da81a29e8d4ca084
619518362088bce004d70e6a99d09da39ede10ecdec468f7b636dd5c6e97ee68
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "064EAD0181AD64406BC6506F73730F522E9D4C35F1F304F3D6CA5E3EF4A342AB"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8315
Expires: Sat, 04 Feb 2023 23:11:47 GMT
Date: Sat, 04 Feb 2023 20:53:12 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
IP 216.58.211.3:0
Hash 4878847e239b3697640ccaf65ff8dd54
970c1bd6c968727d5752b5e4072a8f4eed0a9cb3
0d265a524952284d786e1fbae8f1260a219b1a366fca1fdfc8a6a512dac72003
POST /s/gts1p5/bjlwOPa5ksQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
uckbrokennailsa.xyz/ZGtOV2RLVC0kWT4+IWcAPBsaMRMcLR07KlMvCxUtMQV2HzVUGGgjDQBWdmNXVl1/cRQND3NmXEIYOjYQERhzZkINBSg4WUIdc2ZKVEV8eVZCHnNmQhAbLzBZVU0+IxAIVn9hU1FeemNUVlJ6YVU
172.67.135.16204 No Content 0 B URL HTTP/2 uckbrokennailsa.xyz/ZGtOV2RLVC0kWT4+IWcAPBsaMRMcLR07KlMvCxUtMQV2HzVUGGgjDQBWdmNXVl1/cRQND3NmXEIYOjYQERhzZkINBSg4WUIdc2ZKVEV8eVZCHnNmQhAbLzBZVU0+IxAIVn9hU1FeemNUVlJ6YVU
IP 172.67.135.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZGtOV2RLVC0kWT4+IWcAPBsaMRMcLR07KlMvCxUtMQV2HzVUGGgjDQBWdmNXVl1/cRQND3NmXEIYOjYQERhzZkINBSg4WUIdc2ZKVEV8eVZCHnNmQhAbLzBZVU0+IxAIVn9hU1FeemNUVlJ6YVU HTTP/1.1
Host: uckbrokennailsa.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 04 Feb 2023 20:53:12 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nyYrYWNMr3Kt55luwBbTsFjzwuEw%2FrMmz4FIXgRk3A8KkiZFDE35FnQXe3JUIp3hO5KbqdUBVCGjBAomFYxqgbupwut4rkPgrotu3FRhTKC%2BRoIYJ4ILr5w0KkS4hyHjupzY7fXr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79464b60ceabb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uckbrokennailsa.xyz/S2FrNHRkXghHSRpTLXEmeCdaYUcFGzoHJhkFIwE8L1ApBBd7Bk1AHS9cUwZGflNfEgQiBVYFUjgVCkABOFxaEh0lBwQJUj1cWhpHf09YBVp5Rx4JRW0VG1UTdlBNRAA/DVYFQnxUXgBAe1NSAER6
172.67.135.16204 No Content 0 B URL HTTP/2 uckbrokennailsa.xyz/S2FrNHRkXghHSRpTLXEmeCdaYUcFGzoHJhkFIwE8L1ApBBd7Bk1AHS9cUwZGflNfEgQiBVYFUjgVCkABOFxaEh0lBwQJUj1cWhpHf09YBVp5Rx4JRW0VG1UTdlBNRAA/DVYFQnxUXgBAe1NSAER6
IP 172.67.135.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /S2FrNHRkXghHSRpTLXEmeCdaYUcFGzoHJhkFIwE8L1ApBBd7Bk1AHS9cUwZGflNfEgQiBVYFUjgVCkABOFxaEh0lBwQJUj1cWhpHf09YBVp5Rx4JRW0VG1UTdlBNRAA/DVYFQnxUXgBAe1NSAER6 HTTP/1.1
Host: uckbrokennailsa.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 04 Feb 2023 20:53:12 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KHMGWcTqw1lR0TYs%2FviOOyRPtZWukgZ1aMZ6Sf36xFpBJjcVx1zaC8ph9%2BRR5qPUpLEKsTueuZ9LZWfsNxpYIzt%2BhVnYIp6XKDbgVNtM8hWotlLmVJExqM%2FNfR6UlvaTkLFDDr17"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79464b60dec1b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.149.71.248101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.71.248:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ek54HwYJsJd0ZH3dtI3BTQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2PzoZLe4EW3a1Ufz/QnWFyL32XI=
live.demand.supply/up.js
104.16.134.22200 OK 2.7 kB IP 104.16.134.22:0
File type ASCII text, with very long lines (3472)
Hash 0efcc34875392c865e6b9d91eb169fa8
63cabd4d82457a40288f20e1099b84a3ed6b1119
b0126560711eceb9be7cdf8782d4aa10196fef70c99dfb39f6a2598c4ad8f2b1
GET /up.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:12 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 79464b5f7a85b51d-OSL
age: 378
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
etag: W/"30cd4982b290dd406327b3dd39f1ea22-ssl-df"
link: <https://live.demand.supply/impl.v16.3.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v16-2-0/ZXhlby5hcHAv>; rel=preload; as=script
vary: Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
cf-polished: origSize=4391
timing-allow-origin: *
x-nf-request-id: 01GMX2WC7DDRK600SK19DPWQGC
set-cookie: demandSupplyTi=2d30e606-9d2e-41d6-b245-22041dc54057; demandSupplyTc = null; demandSupplyTcI = null; SameSite=None; Secure; Max-Age=63072000
__cf_bm=3OmZZov3_LE7Sz2_RmXBTI.l.R62_AvJKjebh6RmDE0-1675543992-0-AfgLzFoyiK9FIv0qzpT3GXJ//qygsrMHknYoORv7jMq9E/vmsP3GlFZRtqn1NzhPMMSKZC6Kq/X0VzvrqCKZWjI=; path=/; expires=Sat, 04-Feb-23 21:23:12 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uckbrokennailsa.xyz/cFBYUmpfbzshVz4XFmQ/NBkWBQE+PRs1JCcBah8rMmEoGDAxHX4mAxRtYGpTRGlsdBoZNGVjTAMkOSYfA21pdAMeNjdvTAZtaXxZRH5rY0RCdi1vW1YkKDMNTWF+Ih4EPGVjXEdlbWZeQGJhZl5D
172.67.135.16204 No Content 0 B URL HTTP/2 uckbrokennailsa.xyz/cFBYUmpfbzshVz4XFmQ/NBkWBQE+PRs1JCcBah8rMmEoGDAxHX4mAxRtYGpTRGlsdBoZNGVjTAMkOSYfA21pdAMeNjdvTAZtaXxZRH5rY0RCdi1vW1YkKDMNTWF+Ih4EPGVjXEdlbWZeQGJhZl5D
IP 172.67.135.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cFBYUmpfbzshVz4XFmQ/NBkWBQE+PRs1JCcBah8rMmEoGDAxHX4mAxRtYGpTRGlsdBoZNGVjTAMkOSYfA21pdAMeNjdvTAZtaXxZRH5rY0RCdi1vW1YkKDMNTWF+Ih4EPGVjXEdlbWZeQGJhZl5D HTTP/1.1
Host: uckbrokennailsa.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 04 Feb 2023 20:53:12 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6aTNYgCxrkai%2BLC1DHC7ChJEtVEaK1hZz9w1B8HBRqQd2Ba4On0bj2IkBmJ2OXwG7pTG7k8WHCmuARRROi4h9NK%2Bz5P0q9ia%2B8zG8ZEYfDphmNfZFsKFutTd5JJ485LlBkdqIXJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79464b617f89b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d396osuty6rfec.cloudfront.net/FVjhVQ2M1VzslXCJRMX5bbgFheldwUiYsDSYFLHQlOwpjJTAAQj5lFyxcaHNFOlk7JF5wXTsgXmceNCcBawxzNxM5U2gnGT5aMiABNVw5ZRY3BTgsGT9UOSJGZH5gbVNzCmVrFD9WMSwUJR1ncw0iHWdzUmYWZWZQFB1ncxQ/VmN3RmV6cHFTLg5hZlAUHW-dzESAdZgJSZg17c0pzCmUkBjVTOmZREAplclNmCWVyRmQIMyoRM146O0ZkfmRzVngIczZeZw
54.230.245.231200 OK 599 B URL HTTP/2 d396osuty6rfec.cloudfront.net/FVjhVQ2M1VzslXCJRMX5bbgFheldwUiYsDSYFLHQlOwpjJTAAQj5lFyxcaHNFOlk7JF5wXTsgXmceNCcBawxzNxM5U2gnGT5aMiABNVw5ZRY3BTgsGT9UOSJGZH5gbVNzCmVrFD9WMSwUJR1ncw0iHWdzUmYWZWZQFB1ncxQ/VmN3RmV6cHFTLg5hZlAUHW-dzESAdZgJSZg17c0pzCmUkBjVTOmZREAplclNmCWVyRmQIMyoRM146O0ZkfmRzVngIczZeZw
IP 54.230.245.231:0
File type ASCII text, with very long lines (855), with no line terminators
Hash d328a5337e52b2173aa8c5a6b7b6bc4c
73a4a86d93b35dd6a7d4511f05d8e5ef8a9b72c8
3bf9daeecb7d8c5a01b0a4142a98251b8084112ced897399f1bd4fb7f675ce65
GET /FVjhVQ2M1VzslXCJRMX5bbgFheldwUiYsDSYFLHQlOwpjJTAAQj5lFyxcaHNFOlk7JF5wXTsgXmceNCcBawxzNxM5U2gnGT5aMiABNVw5ZRY3BTgsGT9UOSJGZH5gbVNzCmVrFD9WMSwUJR1ncw0iHWdzUmYWZWZQFB1ncxQ/VmN3RmV6cHFTLg5hZlAUHW-dzESAdZgJSZg17c0pzCmUkBjVTOmZREAplclNmCWVyRmQIMyoRM146O0ZkfmRzVngIczZeZw HTTP/1.1
Host: d396osuty6rfec.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://estkewasa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 599
date: Sat, 04 Feb 2023 20:53:12 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zX7JL_mP6zw0QJ188qruG50BMdgKz635hZxSktFV-yMj-U84gLMWZg==
X-Firefox-Spdy: h2
d396osuty6rfec.cloudfront.net/2SDBUMXorXzpXRTxZMAxCegJhA05uWideFDgNBgEOB2kNBD5/FiBLHnUAcl0bJldpFx8mU2kAXClUNgxObkQkXhF1VC5ZGC9TNlIeJBYhUEclXy5YFiRRcQM8fR5kFEh4GCNYFCxfI0JfegA6RV96AGUBVHgVZ3NfegAjWBR+BHECOG0CZElMfBVnc196AC-ZHX3txZQFPZgB9FEh4VzFSEScVZndIeAFkAUt4AXEDSi5ZJlQcJ0hxAzx5AGEfSm5FaQA
54.230.245.231200 OK 505 B URL HTTP/2 d396osuty6rfec.cloudfront.net/2SDBUMXorXzpXRTxZMAxCegJhA05uWideFDgNBgEOB2kNBD5/FiBLHnUAcl0bJldpFx8mU2kAXClUNgxObkQkXhF1VC5ZGC9TNlIeJBYhUEclXy5YFiRRcQM8fR5kFEh4GCNYFCxfI0JfegA6RV96AGUBVHgVZ3NfegAjWBR+BHECOG0CZElMfBVnc196AC-ZHX3txZQFPZgB9FEh4VzFSEScVZndIeAFkAUt4AXEDSi5ZJlQcJ0hxAzx5AGEfSm5FaQA
IP 54.230.245.231:0
File type ASCII text, with very long lines (681), with no line terminators
Hash 154d207dde97999299ac83a96ab49a6d
af3689e8f4adcc917128fee3da109a66a9a7858b
fbfc2404f406aa72c3c48b6823a48abab217f48075c8582fe18c27386a8142ae
GET /2SDBUMXorXzpXRTxZMAxCegJhA05uWideFDgNBgEOB2kNBD5/FiBLHnUAcl0bJldpFx8mU2kAXClUNgxObkQkXhF1VC5ZGC9TNlIeJBYhUEclXy5YFiRRcQM8fR5kFEh4GCNYFCxfI0JfegA6RV96AGUBVHgVZ3NfegAjWBR+BHECOG0CZElMfBVnc196AC-ZHX3txZQFPZgB9FEh4VzFSEScVZndIeAFkAUt4AXEDSi5ZJlQcJ0hxAzx5AGEfSm5FaQA HTTP/1.1
Host: d396osuty6rfec.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://estkewasa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 505
date: Sat, 04 Feb 2023 20:53:12 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MS8U2S3pu6LB_bFq2Thk2dXotO3j3jwGDBoIDoMLDdXnVpXw9oOIyA==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
IP 216.58.211.3:0
Hash 4878847e239b3697640ccaf65ff8dd54
970c1bd6c968727d5752b5e4072a8f4eed0a9cb3
0d265a524952284d786e1fbae8f1260a219b1a366fca1fdfc8a6a512dac72003
POST /s/gts1p5/bjlwOPa5ksQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 71c8111ac9d63deac2a414c0a64fcc9b
855b767fc93c000b338e25e6342d93611447d677
9eb3105d541665d69b5a23b32ed483f71616fd390d47a44f32eb20cb8ba1f7a6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 20:53:12 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 14:07:11 GMT
Expires: Thu, 09 Feb 2023 14:07:10 GMT
Etag: "855b767fc93c000b338e25e6342d93611447d677"
Cache-Control: max-age=407037,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79464b625891b523-OSL
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
37.48.68.71200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1180
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 04 Feb 2023 20:53:12 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exeo.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ac85d3e0a8ec2827b2e3f0eca3336919
4b630e134dcb05e77c44e313f22f2214b51841a2
d1747dfa46c4ca2dcc3239bd1376ae7401b4b3e7b8d260dc4162b9b8208cd6f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3198
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Last-Modified: Sat, 04 Feb 2023 19:59:54 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 04 Feb 2023 19:45:20 GMT
expires: Sat, 04 Feb 2023 21:45:20 GMT
cache-control: public, max-age=7200
age: 4072
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 529 B IP 172.64.172.27:0
File type ASCII text, with no line terminators
Hash fcdd7925b879c7338537eb4055ba18d7
50acacb211a1a96f1314f34414f845c78e3f8b5d
27aeb7289d6dc18e130426c4a41a4d6e239b320aa332ba3c764de7f7bdf1c4a9
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:12 GMT
content-type: text/plain
set-cookie: csu=1643670566905519@1@1675543992; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=14szj6%2B7hF6m277fVvzmRDxVJxV31oJoJY63gaHshHKMxcbRANhQx3FtJ6FXjGS%2BQ7HH%2FVwWkprUqjcncgmVONOPuduMV2e0kZWlRXLrlSvXEwH06ViKleou%2BlfU38qJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79464b606ae63855-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash d09cd05d951779967af874274fbb4875
119e58de80b389f59c445f045371d49e4414767e
1a3f1b8c4f3a485afca5745a30c8402d66b56434f360e11d7ec2063fc9851908
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash d09cd05d951779967af874274fbb4875
119e58de80b389f59c445f045371d49e4414767e
1a3f1b8c4f3a485afca5745a30c8402d66b56434f360e11d7ec2063fc9851908
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.162200 OK 27 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.162:0
File type ASCII text, with very long lines (39302)
Hash bab569cc23d447448c57aa62f004f78e
458d623f739963fe6fbbef1de0711b5a8ae8c439
294523e27871595c838bd201b8c7b50af8cf13f466f04cbc10c4ca036fe20a06
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27272
date: Sat, 04 Feb 2023 20:53:12 GMT
expires: Sat, 04 Feb 2023 20:53:12 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1473 / 553 of 1000 / last-modified: 1675465921"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j99&a=668788950&t=pageview&_s=1&dl=https%3A%2F%2Fexeo.app%2FCdsgoZnx&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=712168584&gjid=1025308813&cid=593722668.1675544030&tid=UA-135952122-1&_gid=543813397.1675544030&_r=1&_slc=1>m=457e3210&z=22659017
142.250.74.46200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=668788950&t=pageview&_s=1&dl=https%3A%2F%2Fexeo.app%2FCdsgoZnx&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=712168584&gjid=1025308813&cid=593722668.1675544030&tid=UA-135952122-1&_gid=543813397.1675544030&_r=1&_slc=1>m=457e3210&z=22659017
IP 142.250.74.46:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j99&a=668788950&t=pageview&_s=1&dl=https%3A%2F%2Fexeo.app%2FCdsgoZnx&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=712168584&gjid=1025308813&cid=593722668.1675544030&tid=UA-135952122-1&_gid=543813397.1675544030&_r=1&_slc=1>m=457e3210&z=22659017 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://exeo.app
date: Sat, 04 Feb 2023 20:53:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 63885aec1652be55682f6b8f49e93937
350000de57140f3ae3c1ddd68e968647123f9386
bdfb417896607a3915cd0e25d2953390475b3324f767269601aba07ca5266c52
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 Feb 2023 20:53:12 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-988986095%3A1675543992863476&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHc36u1IEX0zAYrBExd3wtUifffYTp3tQAPYzm8OzidObhlzFswgEffR27D6KAdGoOWTEr_0cQ
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-Ve4TAQuUueJUfcCsY3sIZQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:uQ9Y5aQLCg7apX6-ZBs1xq2GuEqMhA:NA_m6xBsd9FaJiJY;Path=/;Expires=Mon, 03-Feb-2025 20:53:12 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 398 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash 7824966cb0bc37f29939b18c5b6991b8
77d090b6aebbe13158ca59a5e10bed29b7ce4f7b
6a1ea3896f247d26c38502261cdb5426b5384a5a380d29846cd09063ed7e30d8
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 Feb 2023 20:53:12 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1626493457%3A1675543992904843&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeikfQ87neHA1eHrtYf2iGDyEu4H_URVBwQaMmg0KlLGXKJL4HD1kGPGlFumfQFNudkPJ8GfQ
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-LVo0JdS0HUatg5s86wm-Dw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:4ESH_Z7CVWVdQk_IZoORHzwkmRPyog:F8egMam0zeh3vHdU;Path=/;Expires=Mon, 03-Feb-2025 20:53:12 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash c7d887fc3e3b7a68b7872c76802085c0
eb26f820776e7d87a00489eb14f918e5f6945835
915e873e95d8f0276f4763e5596b03cac487f6f8a36c65577c6622fc8560d929
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 1.3 kB IP 93.184.220.29:0
File type gzip compressed data, max compression\012- data
Hash 697af7323b82feb95aa2061f322073d3
6c7975f5346a55ffb04723cdc3325e506e9bc9a5
64272423e6a01f0f2f3000c711fcaae5538ca977da8dd8a8f1403fbcd0b4c00b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3198
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:12 GMT
Last-Modified: Sat, 04 Feb 2023 19:59:54 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8077210062c315b98902cb06c74d485b
808e94ac31f1b45185103ce25c1bc2afd056b17a
78871f45de0c58bffa6a86b50f6bd0db61932bf6a2b7d8191dba0f0eaab628b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash c7d887fc3e3b7a68b7872c76802085c0
eb26f820776e7d87a00489eb14f918e5f6945835
915e873e95d8f0276f4763e5596b03cac487f6f8a36c65577c6622fc8560d929
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=exeo.app
142.250.74.130200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=exeo.app
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exeo.app HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 04 Feb 2023 20:53:13 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 12 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
Hash feec6be778c18dbd75ce164771db5c07
983628b00f884274d663cb2026c548b3aac99770
4d52ca95932dd9a418b3d27361af9a0e0c842f9c56905b14106ef832286bf8ce
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: hUODTLaW095F3lYd8zBMjNbyGUM84YyaKTykh9J+umwCQI3bTaRA3l3QJtfIUv5zpbAlGgZmIN2u15RAryuUEA==
date: Sat, 04 Feb 2023 20:53:12 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 103 kB IP 172.64.172.27:0
Size 103 kB (102871 bytes)
Hash d063afeea8674824d7f6baec6ca1f8e3
c728b5ddfba8c357b78fa934ba91c63ca88817c5
8dd93a6e6755291a06f68c81bac4cdfa06cbda629783113225bf17f5eff0b10a
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:12 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5156
last-modified: Sat, 04 Feb 2023 19:27:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pemVR13nstl5x5Is7mQPG3EcZASXb8BE2g7DS61LGm6fPnDkq4pw5vRiwyZKxj9bDPfFhNG8mJoOQ52N6Qy9rmSRFuqXzx%2BVE%2FWTpZZ220ZV9%2Fji0nRzUbXJH0D6KYRy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79464b606af83855-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023020101&st=env
216.58.207.194200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023020101&st=env
IP 216.58.207.194:0
File type JSON data\012- , ASCII text, with very long lines (15066), with no line terminators
Hash 623380eea0dee9662ded7287dd207d2f
dfa909def4fcba1c10e7b65c3fa2fab9f661f26a
58c7955029d7bc800708fdd339f8c4e577e82cf7e34d11705ca96f59fa7a282e
GET /getconfig/sodar?sv=200&tid=gpt&tv=2023020101&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Sat, 04 Feb 2023 20:53:13 GMT
server: cafe
content-length: 11372
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
142.250.74.97200 OK 2.7 kB URL HTTP/2 776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: 776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Sat, 04 Feb 2023 20:53:13 GMT
expires: Sun, 04 Feb 2024 20:53:13 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 7d70322f4f6af3289d4d7f4c22a4c179
f2abd2a7c1575ab0b362920699143dce3ff60d75
0e5b166c8e8d91421e0122ab3863a9cdd88ca4dffa1d9beb9cdf61aca0ac95f2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
172.217.21.161200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 172.217.21.161:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sat, 04 Feb 2023 20:53:13 GMT
expires: Sat, 04 Feb 2023 20:53:13 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
172.217.21.161200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 08:42:42 GMT
expires: Fri, 02 Feb 2024 08:42:42 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 216631
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash a78b06ca527ce7542b24b349e0485d8b
6f5e5126c1c9d40c9ba09d58e1755d2ca39d02ab
bc7dc156ab8b2b33422fff0922e219246eb1d12469d10ac8007416fed41ac473
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 513 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash e727a28831536efeb25979651ad09dd1
f1b2f0d08b4a4d92344edb75653165234981b108
23878d4b36bb247f8242dff079f40db0731738ba0531217f7277e271c4c0c442
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 04 Feb 2023 20:53:13 GMT
date: Sat, 04 Feb 2023 20:53:13 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-up6Cx296O96voymKGLtOLQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
exeo.app/fv.ico
104.26.9.233200 OK 11 kB IP 104.26.9.233:0
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash d79e45a1ace3082e4b2223d9ae3ac628
6ce74abf2702ac7625c1a3b86b308358cda8c39d
275947a68d819c5da533f4fe2018367725055c2b50b562bdd47d21846ebfc595
GET /fv.ico HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/CdsgoZnx
Cookie: AppSession=d5914fed55cf686efd46f65b5224c681; csrfToken=1472ba5591e21396308a5e777c93381efd8a6519188d9f0e8aba22b1f0d3f67e5651ed82425dd174ce7d55169f379ef7dcc282952cab90569cc2a6cf39fb2e50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:12 GMT
content-type: image/x-icon
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Aug 2019 06:50:33 GMT
cache-control: max-age=31536000
expires: Tue, 12 Dec 2023 22:59:02 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4658050
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B0NGk8Gif3hkORU8tyBQ6WdsHl8AobFY0L7hIUtvZzUd643Pkzpmh2cc4LzB%2FUCW6pdM4rApRO6QfKa6ewao4vqUBLhzdH%2F4u6BOwksIVfuyJAJLKvslkEX2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79464b62cfbeb518-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 40ee59ec17ff4b68e7961563edde0ec9
23a4a97e9a0b208688618f8a6695ff727c946468
7288450eca8b95a5f2bff34e82dd9efccb4fe59d8c1dd8bc9135ca3d3691074d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6315
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:13 GMT
Last-Modified: Sat, 04 Feb 2023 19:07:58 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280
cdn.id5-sync.com/api/1.0/esp.js
104.22.52.86200 OK 17 kB URL HTTP/2 cdn.id5-sync.com/api/1.0/esp.js
IP 104.22.52.86:0
File type ASCII text, with very long lines (59496)
Hash 377270b98f9ef5aae4f04dcdf7b86ada
d51eff71bf7318988198ac41150fa78543199d0b
11d721a7e404de8c5275b33e5bbcfc790d63f3edc903c655b57537dc13223c06
GET /api/1.0/esp.js HTTP/1.1
Host: cdn.id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:13 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: FVMlFSmcD0Wn/+rph/xJPSMD8h1xLItGxMiFojs1e+J1f7LO28QsQCtM5wu1mlkwy4pwPQtZ0SQ=
x-amz-request-id: H5PSQWN45SZ0RJ5Q
last-modified: Wed, 18 Jan 2023 10:47:58 GMT
etag: W/"854d94282c6b6d99cd8ba33bb311e621"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 3035
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 79464b67effdb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQtrWInAQYk6zQ3QEwAQ&v=APEucNXMgXW5SuYPBM6vSlrnhirFsnsbKHMNuBBllarbtTy94d-u9C9b6ysiqN6EoBSyk7B6R0Y8rJD6K60v6gts8cGkmd2G7WRZDNvHKUqm3Nsx1dxd3jpAfNRoUT5Y3yOiA3_5yJo1cMCSMUvWGbcvRzQ7TpE52QkhBSlgrAxOtuIYwjQCIw7vFl_K8eEbVVrtq7zkpPmOfj0UFRKEgvEOT4jZRncbUA
142.250.74.34200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQtrWInAQYk6zQ3QEwAQ&v=APEucNXMgXW5SuYPBM6vSlrnhirFsnsbKHMNuBBllarbtTy94d-u9C9b6ysiqN6EoBSyk7B6R0Y8rJD6K60v6gts8cGkmd2G7WRZDNvHKUqm3Nsx1dxd3jpAfNRoUT5Y3yOiA3_5yJo1cMCSMUvWGbcvRzQ7TpE52QkhBSlgrAxOtuIYwjQCIw7vFl_K8eEbVVrtq7zkpPmOfj0UFRKEgvEOT4jZRncbUA
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CO-t7QIQtrWInAQYk6zQ3QEwAQ&v=APEucNXMgXW5SuYPBM6vSlrnhirFsnsbKHMNuBBllarbtTy94d-u9C9b6ysiqN6EoBSyk7B6R0Y8rJD6K60v6gts8cGkmd2G7WRZDNvHKUqm3Nsx1dxd3jpAfNRoUT5Y3yOiA3_5yJo1cMCSMUvWGbcvRzQ7TpE52QkhBSlgrAxOtuIYwjQCIw7vFl_K8eEbVVrtq7zkpPmOfj0UFRKEgvEOT4jZRncbUA HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Feb 2023 20:53:13 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Feb-2023 21:08:13 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 04 Feb 2023 20:53:13 GMT
cache-control: private
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY-ueEvQEwAQ&v=APEucNVwfYpABq4j7JJiIesdW2jAzOMQf8dmB4NLFRw_-NEon-SESWfEy7ldjhMu7yICTKEEkg-JQUm-HquQ5gZ0_fO--37vghUoyM8QZfryhtrGJkESI5xxN_ySs1lYcKpK0t5_bg-itJscPhadVMw5XJv984Kye_CfOViYSr42WcTz7JWb_19u0hGFx1m9CzlxzRKzvk_kRz1VfePR04ITfgc7G-QEhg
142.250.74.34200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY-ueEvQEwAQ&v=APEucNVwfYpABq4j7JJiIesdW2jAzOMQf8dmB4NLFRw_-NEon-SESWfEy7ldjhMu7yICTKEEkg-JQUm-HquQ5gZ0_fO--37vghUoyM8QZfryhtrGJkESI5xxN_ySs1lYcKpK0t5_bg-itJscPhadVMw5XJv984Kye_CfOViYSr42WcTz7JWb_19u0hGFx1m9CzlxzRKzvk_kRz1VfePR04ITfgc7G-QEhg
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CJfnugEQpvPq4AIY-ueEvQEwAQ&v=APEucNVwfYpABq4j7JJiIesdW2jAzOMQf8dmB4NLFRw_-NEon-SESWfEy7ldjhMu7yICTKEEkg-JQUm-HquQ5gZ0_fO--37vghUoyM8QZfryhtrGJkESI5xxN_ySs1lYcKpK0t5_bg-itJscPhadVMw5XJv984Kye_CfOViYSr42WcTz7JWb_19u0hGFx1m9CzlxzRKzvk_kRz1VfePR04ITfgc7G-QEhg HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Feb 2023 20:53:13 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Feb-2023 21:08:13 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 04 Feb 2023 20:53:13 GMT
cache-control: private
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash eb0e0c25454e9b4c02a9b0c9d7d6f7d0
bd2267d81c5bd0cbb2db0b5549b9fdc5170a7000
ec5e00a0e1169a333229204bbd0ecfa72e686d2cfafdbd617648a8bfd1549abd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC5E00A0E1169A333229204BBD0ECFA72E686D2CFAFDBD617648A8BFD1549ABD"
Last-Modified: Sat, 04 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5549
Expires: Sat, 04 Feb 2023 22:25:42 GMT
Date: Sat, 04 Feb 2023 20:53:13 GMT
Connection: keep-alive
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
142.250.74.130200 OK 49 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 142.250.74.130:0
File type ASCII text, with very long lines (3504)
Hash 40b8ffdc606e81703c5f6a39df96f373
0a39b905fe6b8f947d256b01614abcdd27baef65
93cfc3bdb53008e8640dee5f3e7515b10a9b2959e69d8f2919f3d243cf547f36
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 49146
date: Sat, 04 Feb 2023 20:53:13 GMT
expires: Sat, 04 Feb 2023 20:53:13 GMT
cache-control: private, max-age=3000
etag: "1675254965429469"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=5182866&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0id7i28tdU0pobn3RjlCXE0&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/CdsgoZnx&DVP_PP_BUNDLE_ID=
95.101.11.115200 OK 1.9 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=5182866&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0id7i28tdU0pobn3RjlCXE0&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/CdsgoZnx&DVP_PP_BUNDLE_ID=
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type HTML document, ASCII text, with very long lines (536)
Hash 87b6182d03ee779aa68e37632f67656e
fac511e36df5215ae95ad7d03c4984e5ffcb7f6e
e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7
GET /dvbs_src.js?ctx=1828362&cmp=115750&plc=5182866&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0id7i28tdU0pobn3RjlCXE0&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&turl=https://exeo.app/CdsgoZnx&DVP_PP_BUNDLE_ID= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-GUploader-UploadID: ADPycds6p1jm1dM37ZrGE7degj1PHtVHSCOhkWg3tNxtDa8jls04Qf_pWilJX59SK2PF90mCXMWOvLDiSS4yJ4B9Ex0-uw
Cache-Control: max-age=86400
Expires: Wed, 18 Jan 2023 15:48:02 GMT
Last-Modified: Tue, 10 Jan 2023 11:02:09 GMT
ETag: "87b6182d03ee779aa68e37632f67656e"
x-goog-generation: 1673348529482061
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1922
x-goog-meta-pipeline-id: 742670731
x-goog-meta-previous-generation-number: 1673253614982549
Content-Type: application/javascript
x-goog-hash: crc32c=lOOx4w==, md5=h7YYLQPud5qmjjdjL2dlbg==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Content-Length: 1922
Server: UploadServer
Date: Sat, 04 Feb 2023 20:53:13 GMT
Connection: keep-alive
id5-sync.com/api/esp/increment?counter=no-config
162.19.138.120204 0 B URL HTTP/1.1 id5-sync.com/api/esp/increment?counter=no-config
IP 162.19.138.120:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/esp/increment?counter=no-config HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
date: Sat, 04 Feb 2023 20:53:13 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
r3.o.lencr.org/
23.36.76.226200 OK 1.1 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
File type gzip compressed data, max compression\012- data
Hash d02ad2d850d416ea1b826323b53f2ea8
728b6562b6fbe499951df62aee718903a33c710f
cceccda3ee093781bfa217421d366c428671c0decd017852291ffe04ad280e72
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20642
Expires: Sun, 05 Feb 2023 02:37:15 GMT
Date: Sat, 04 Feb 2023 20:53:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20642
Expires: Sun, 05 Feb 2023 02:37:15 GMT
Date: Sat, 04 Feb 2023 20:53:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20642
Expires: Sun, 05 Feb 2023 02:37:15 GMT
Date: Sat, 04 Feb 2023 20:53:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20642
Expires: Sun, 05 Feb 2023 02:37:15 GMT
Date: Sat, 04 Feb 2023 20:53:13 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 06:20:04 GMT
age: 52389
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: 6a8c6487-6069-47d1-afa1-648626f85439
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyDqqGg5oAMFV-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd7fdd-0a772cde1e6fba6d7da97435;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:42:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CHWhIpyzhoPtMUplzh1430Q9FfCM1wkTc_hQsgQk6InM9tYBPGYnNg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:05:44 GMT
age: 82049
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 392b61306c346508d3ac4a2f28218f9c
d2de32b52e0d3f4fc6acaf687b3521294b01dc03
018712a4d6734b84ac1777124f97dae4d93b1e5b297a5dcfe0955b52710b8a35
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10253
x-amzn-requestid: a90cb6b3-8a72-4b4b-b4f5-6dafc8c6752a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7GGv5IAMFu8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-3ca59e7c52800a4e44bda8fd;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jBxNmhfAeUgxg8w4XpQHZ1QoN9GatdUV7V7r2tHd7YePJYPHpesd2Q==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:05:21 GMT
age: 82072
etag: "d2de32b52e0d3f4fc6acaf687b3521294b01dc03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 114e345e134986d7451148fcea31b29d
541e878afee68c8802bb52b0cbbe5a5a0a185392
5030244d4babd1023166f39c935029d789a91ba90aa3a44c6f4c88ddc947b678
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8211
x-amzn-requestid: 2df5779a-a808-46ec-9246-1a9b9bddd9e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmKLVHwroAMF72Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bd7b-3cfe97e07d17958836425784;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:04:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _VFg0FMYa1Dg55fLpJTwdX2uZXkYjZSFdbdAKqGQu7GF2dPiawKh1g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 07:29:26 GMT
age: 48227
etag: "541e878afee68c8802bb52b0cbbe5a5a0a185392"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:00:26 GMT
age: 82367
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: aKr85ooofBPeKkeJIDO5W_X5Rn6xnJlRHmVrs8tgBMYe3HQhobsm3w==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:56:07 GMT
age: 82626
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.doubleverify.com/dvbs_src_internal117.js
95.101.11.115200 OK 19 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src_internal117.js
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2636), with CRLF, LF line terminators
Hash cf93b15de9d1c76c1bc6fdaee5382496
26e52f0a242bff375cc54d8d33a1a416d89e2813
c290ae68279e0685c13650d1534a0cd86997420399bb67288046e61b13defb53
GET /dvbs_src_internal117.js HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=946080000
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 11:00:18 GMT
Accept-Ranges: bytes
ETag: "0cda5b9e224d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 18840
Date: Sat, 04 Feb 2023 20:53:13 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 185b62fe607d5d833cc1717b68f3f7b7
ab6b571fdfcd1d1cdb923c48f53df4ecd74d85c2
656d98d306ebfcdea0dff590c34a6ce1496faa95ba05fb86f72a5e57e295f61b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t.6sc.co/img.gif?event=imp&mcid=84456&cb=3344002726&pid=184934570&cid=29139965
23.14.5.116200 OK 43 B URL HTTP/1.1 t.6sc.co/img.gif?event=imp&mcid=84456&cb=3344002726&pid=184934570&cid=29139965
IP 23.14.5.116:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash f837aa60b6fe83458f790db60d529fc9
14af87ccec7f81bb28d53c84da2fd5a9d5925cda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /img.gif?event=imp&mcid=84456&cb=3344002726&pid=184934570&cid=29139965 HTTP/1.1
Host: t.6sc.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-Type: image/gif
ETag: "60bb2e1b-2b"
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Sat, 05 Jun 2021 07:56:11 GMT
Pragma: no-cache
Server: nginx/1.14.0 (Ubuntu)
X-Content-Type-Options: nosniff
Content-Length: 43
Date: Sat, 04 Feb 2023 20:53:14 GMT
Connection: keep-alive
Set-Cookie: 6suuid=1c985468c2140000bac5de63ca0000004cf24800; expires=Mon, 03-Feb-2025 20:53:14 GMT; path=/; domain=.6sc.co; SameSite=None; secure
Access-Control-Allow-Origin:
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 185b62fe607d5d833cc1717b68f3f7b7
ab6b571fdfcd1d1cdb923c48f53df4ecd74d85c2
656d98d306ebfcdea0dff590c34a6ce1496faa95ba05fb86f72a5e57e295f61b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/simgad/7709811284745239176
172.217.21.166200 OK 16 kB URL HTTP/2 s0.2mdn.net/simgad/7709811284745239176
IP 172.217.21.166:0
File type PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash 8865b2b2a725d98c32a4937819cdf889
1a04c91c7f2bb838ee960a8aebd29b4ea4010a26
7c547f8b4be7d92b2fd2a52b6965790b389d839797f0cdfdab79ecfb06dde46f
GET /simgad/7709811284745239176 HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 16014
x-content-type-options: nosniff
x-dns-prefetch-control: off
server: sffe
x-xss-protection: 0
date: Sat, 04 Feb 2023 19:24:05 GMT
expires: Sun, 04 Feb 2024 19:24:05 GMT
cache-control: public, max-age=31536000
age: 5349
last-modified: Fri, 06 Jan 2023 14:16:53 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstdYkzLlEy5CuGrboN1I1u_owy1yCEgf8JNsmssT3NCPeW6Avv_PEJ67Pb_P5Kbc_c3lTtS6hx1nuLbVG9UgIwsTeoev-6TYYNaBq1DHJn0Pa22HUB0hfpC0SLTH7LAhZvzwH9hHKvGG_UaI_Hbs8_DutQibWc9TL-A4IkYF20WiyIyCX9U8JDElyXHe2ZXYTkN7Z4q32vJsdMNvsllr6RYNY36DirZzkxGs6rO8NtK5tWt3z37Q1iaiaXIp18fWaDKT4A7Ej8x6IpVGTOwgnl4JnoxfqjGkq-f_8v2vfbbFR2KjLFfBT40d1yHPadFR6qNDsKaq96wOF0jfhcXngUa4fqPBp-ChO4jcz4h2ZUoCqRPs66AO04vCqOTCTvZL1gHRn84HvQ1_K29YfmkwGJ9nvci4keyY99fe9Y0S_ZLnvRW6ToKF3nWDTJMFVlQ8VObdKRlIb0QSEUG5SIohslFzKBhVycaebv7EsgDO9pAuoVd1F5n-jTXBwZzs0EI2puyoRDc0GHslBX3_uOcuWfqEMYhgF6nJtyhvIuYLHIOdurzXNwFuXTlBrwJIjhZUcwXeAU1dQ4GDjdFWOWFkit1--NsE4-Gu0qZak-Fk61hcbGu4_XJ8M6IxGfppWQhx4B7lRYbFgHf2Tbapa6isTTPOLD4RpbjjzK3ePXK2d0Zb-wk5aBPNZg5IMToI9h-ELp9phmEj2WTvvrXwzRSd4FxoUETp0ajiFGXv5Kc51sKB2OVDSnDEZ8A0uHtSvx5kxlCgV-14_m2dqx4nh1DgqI_8Wxtzhexy1net6Eg8OfA4lmeyXK10JZI2OpHBw3SFP4L6emaAJBfpD6kWN23VQqKpLl0VcQjX4eBWpLBCutJVDOyc2VFIu2rKmK61NauPn5KEVF7LqFXq4SL9V7XNL1y9Q55VTjtxoXXH7FVQ2dC4dXwobn3gX3pqae7V78vdDYargYqdjSuhiZ7ZkAsIYXwiWM2_XFNLt5Xjbl-fEt0kAUzhAWyTNrqqszWOeFU2BrytQHiEXhEHUGXUi7HFLMFRZ-Ca_iSKXDvn-y7_dWHkjG_yR0mVhZkbsVLiEWhulTxFQvJfnqNNBm9XUnhwvkm3jMXtZG_F-lG_rxza38ChlekgZY4Sx7oBR2SBBc8uxMzl_anHBBhDKl-geuwUykNfU5m-HeUH8k3f_enCQ&sai=AMfl-YTi3wVlaCl-AOqHyufVx0nxZCxHpZ5mVbAQAKeD2y8KMUpoxFIP62_GRM8bTiCzV3nOBpOZS37Sp3w9A70XdHd0_eY1oZVsuZvNnPjJzaX3hsnFEQm5bnc1O1cSKv2kxYZrb3seZ8uQaN1d7F5C-vcV6rZ-UinQUVZnem4-jd--8SIeEEJMKq-ZMOuUqrPC3L6vOnd-pDYNK1QggTyPkSCh35k-2SVwdWQJqgL3DdYZr9kuWSghqLj-xubIg40TCJqfeWukln-uSfNc6ANc28TNSq4yfXRCxlrdJ7EJkw&sig=Cg0ArKJSzBh6Eb50JpraEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230201.89318&arae=0&ftch=1&adurl=
142.250.74.66200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstdYkzLlEy5CuGrboN1I1u_owy1yCEgf8JNsmssT3NCPeW6Avv_PEJ67Pb_P5Kbc_c3lTtS6hx1nuLbVG9UgIwsTeoev-6TYYNaBq1DHJn0Pa22HUB0hfpC0SLTH7LAhZvzwH9hHKvGG_UaI_Hbs8_DutQibWc9TL-A4IkYF20WiyIyCX9U8JDElyXHe2ZXYTkN7Z4q32vJsdMNvsllr6RYNY36DirZzkxGs6rO8NtK5tWt3z37Q1iaiaXIp18fWaDKT4A7Ej8x6IpVGTOwgnl4JnoxfqjGkq-f_8v2vfbbFR2KjLFfBT40d1yHPadFR6qNDsKaq96wOF0jfhcXngUa4fqPBp-ChO4jcz4h2ZUoCqRPs66AO04vCqOTCTvZL1gHRn84HvQ1_K29YfmkwGJ9nvci4keyY99fe9Y0S_ZLnvRW6ToKF3nWDTJMFVlQ8VObdKRlIb0QSEUG5SIohslFzKBhVycaebv7EsgDO9pAuoVd1F5n-jTXBwZzs0EI2puyoRDc0GHslBX3_uOcuWfqEMYhgF6nJtyhvIuYLHIOdurzXNwFuXTlBrwJIjhZUcwXeAU1dQ4GDjdFWOWFkit1--NsE4-Gu0qZak-Fk61hcbGu4_XJ8M6IxGfppWQhx4B7lRYbFgHf2Tbapa6isTTPOLD4RpbjjzK3ePXK2d0Zb-wk5aBPNZg5IMToI9h-ELp9phmEj2WTvvrXwzRSd4FxoUETp0ajiFGXv5Kc51sKB2OVDSnDEZ8A0uHtSvx5kxlCgV-14_m2dqx4nh1DgqI_8Wxtzhexy1net6Eg8OfA4lmeyXK10JZI2OpHBw3SFP4L6emaAJBfpD6kWN23VQqKpLl0VcQjX4eBWpLBCutJVDOyc2VFIu2rKmK61NauPn5KEVF7LqFXq4SL9V7XNL1y9Q55VTjtxoXXH7FVQ2dC4dXwobn3gX3pqae7V78vdDYargYqdjSuhiZ7ZkAsIYXwiWM2_XFNLt5Xjbl-fEt0kAUzhAWyTNrqqszWOeFU2BrytQHiEXhEHUGXUi7HFLMFRZ-Ca_iSKXDvn-y7_dWHkjG_yR0mVhZkbsVLiEWhulTxFQvJfnqNNBm9XUnhwvkm3jMXtZG_F-lG_rxza38ChlekgZY4Sx7oBR2SBBc8uxMzl_anHBBhDKl-geuwUykNfU5m-HeUH8k3f_enCQ&sai=AMfl-YTi3wVlaCl-AOqHyufVx0nxZCxHpZ5mVbAQAKeD2y8KMUpoxFIP62_GRM8bTiCzV3nOBpOZS37Sp3w9A70XdHd0_eY1oZVsuZvNnPjJzaX3hsnFEQm5bnc1O1cSKv2kxYZrb3seZ8uQaN1d7F5C-vcV6rZ-UinQUVZnem4-jd--8SIeEEJMKq-ZMOuUqrPC3L6vOnd-pDYNK1QggTyPkSCh35k-2SVwdWQJqgL3DdYZr9kuWSghqLj-xubIg40TCJqfeWukln-uSfNc6ANc28TNSq4yfXRCxlrdJ7EJkw&sig=Cg0ArKJSzBh6Eb50JpraEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230201.89318&arae=0&ftch=1&adurl=
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjstdYkzLlEy5CuGrboN1I1u_owy1yCEgf8JNsmssT3NCPeW6Avv_PEJ67Pb_P5Kbc_c3lTtS6hx1nuLbVG9UgIwsTeoev-6TYYNaBq1DHJn0Pa22HUB0hfpC0SLTH7LAhZvzwH9hHKvGG_UaI_Hbs8_DutQibWc9TL-A4IkYF20WiyIyCX9U8JDElyXHe2ZXYTkN7Z4q32vJsdMNvsllr6RYNY36DirZzkxGs6rO8NtK5tWt3z37Q1iaiaXIp18fWaDKT4A7Ej8x6IpVGTOwgnl4JnoxfqjGkq-f_8v2vfbbFR2KjLFfBT40d1yHPadFR6qNDsKaq96wOF0jfhcXngUa4fqPBp-ChO4jcz4h2ZUoCqRPs66AO04vCqOTCTvZL1gHRn84HvQ1_K29YfmkwGJ9nvci4keyY99fe9Y0S_ZLnvRW6ToKF3nWDTJMFVlQ8VObdKRlIb0QSEUG5SIohslFzKBhVycaebv7EsgDO9pAuoVd1F5n-jTXBwZzs0EI2puyoRDc0GHslBX3_uOcuWfqEMYhgF6nJtyhvIuYLHIOdurzXNwFuXTlBrwJIjhZUcwXeAU1dQ4GDjdFWOWFkit1--NsE4-Gu0qZak-Fk61hcbGu4_XJ8M6IxGfppWQhx4B7lRYbFgHf2Tbapa6isTTPOLD4RpbjjzK3ePXK2d0Zb-wk5aBPNZg5IMToI9h-ELp9phmEj2WTvvrXwzRSd4FxoUETp0ajiFGXv5Kc51sKB2OVDSnDEZ8A0uHtSvx5kxlCgV-14_m2dqx4nh1DgqI_8Wxtzhexy1net6Eg8OfA4lmeyXK10JZI2OpHBw3SFP4L6emaAJBfpD6kWN23VQqKpLl0VcQjX4eBWpLBCutJVDOyc2VFIu2rKmK61NauPn5KEVF7LqFXq4SL9V7XNL1y9Q55VTjtxoXXH7FVQ2dC4dXwobn3gX3pqae7V78vdDYargYqdjSuhiZ7ZkAsIYXwiWM2_XFNLt5Xjbl-fEt0kAUzhAWyTNrqqszWOeFU2BrytQHiEXhEHUGXUi7HFLMFRZ-Ca_iSKXDvn-y7_dWHkjG_yR0mVhZkbsVLiEWhulTxFQvJfnqNNBm9XUnhwvkm3jMXtZG_F-lG_rxza38ChlekgZY4Sx7oBR2SBBc8uxMzl_anHBBhDKl-geuwUykNfU5m-HeUH8k3f_enCQ&sai=AMfl-YTi3wVlaCl-AOqHyufVx0nxZCxHpZ5mVbAQAKeD2y8KMUpoxFIP62_GRM8bTiCzV3nOBpOZS37Sp3w9A70XdHd0_eY1oZVsuZvNnPjJzaX3hsnFEQm5bnc1O1cSKv2kxYZrb3seZ8uQaN1d7F5C-vcV6rZ-UinQUVZnem4-jd--8SIeEEJMKq-ZMOuUqrPC3L6vOnd-pDYNK1QggTyPkSCh35k-2SVwdWQJqgL3DdYZr9kuWSghqLj-xubIg40TCJqfeWukln-uSfNc6ANc28TNSq4yfXRCxlrdJ7EJkw&sig=Cg0ArKJSzBh6Eb50JpraEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230201.89318&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
access-control-allow-origin: *
cache-control: private
content-type: image/gif
x-content-type-options: nosniff
date: Sat, 04 Feb 2023 20:53:14 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Feb-2023 21:08:14 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 04 Feb 2023 20:53:14 GMT
X-Firefox-Spdy: h2
s0.2mdn.net/simgad/14978420082356711962
172.217.21.166200 OK 128 kB URL HTTP/2 s0.2mdn.net/simgad/14978420082356711962
IP 172.217.21.166:0
File type GIF image data, version 89a, 1 x 1\012- data
Size 128 kB (127823 bytes)
Hash ab7c5306b5052949e2ed04b5b29f0c84
c0aab9aee9199c075d2152ea939876df42d1d5e8
5683da4585346b4318f426adb5fd5c0fc4f6fc5f54ed03890274a8f1dadc70c8
GET /simgad/14978420082356711962 HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 127788
x-content-type-options: nosniff
x-dns-prefetch-control: off
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 06:43:41 GMT
expires: Wed, 31 Jan 2024 06:43:41 GMT
cache-control: public, max-age=31536000
age: 396573
last-modified: Tue, 17 Jan 2023 12:22:38 GMT
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstdYkzLlEy5CuGrboN1I1u_owy1yCEgf8JNsmssT3NCPeW6Avv_PEJ67Pb_P5Kbc_c3lTtS6hx1nuLbVG9UgIwsTeoev-6TYYNaBq1DHJn0Pa22HUB0hfpC0SLTH7LAhZvzwH9hHKvGG_UaI_Hbs8_DutQibWc9TL-A4IkYF20WiyIyCX9U8JDElyXHe2ZXYTkN7Z4q32vJsdMNvsllr6RYNY36DirZzkxGs6rO8NtK5tWt3z37Q1iaiaXIp18fWaDKT4A7Ej8x6IpVGTOwgnl4JnoxfqjGkq-f_8v2vfbbFR2KjLFfBT40d1yHPadFR6qNDsKaq96wOF0jfhcXngUa4fqPBp-ChO4jcz4h2ZUoCqRPs66AO04vCqOTCTvZL1gHRn84HvQ1_K29YfmkwGJ9nvci4keyY99fe9Y0S_ZLnvRW6ToKF3nWDTJMFVlQ8VObdKRlIb0QSEUG5SIohslFzKBhVycaebv7EsgDO9pAuoVd1F5n-jTXBwZzs0EI2puyoRDc0GHslBX3_uOcuWfqEMYhgF6nJtyhvIuYLHIOdurzXNwFuXTlBrwJIjhZUcwXeAU1dQ4GDjdFWOWFkit1--NsE4-Gu0qZak-Fk61hcbGu4_XJ8M6IxGfppWQhx4B7lRYbFgHf2Tbapa6isTTPOLD4RpbjjzK3ePXK2d0Zb-wk5aBPNZg5IMToI9h-ELp9phmEj2WTvvrXwzRSd4FxoUETp0ajiFGXv5Kc51sKB2OVDSnDEZ8A0uHtSvx5kxlCgV-14_m2dqx4nh1DgqI_8Wxtzhexy1net6Eg8OfA4lmeyXK10JZI2OpHBw3SFP4L6emaAJBfpD6kWN23VQqKpLl0VcQjX4eBWpLBCutJVDOyc2VFIu2rKmK61NauPn5KEVF7LqFXq4SL9V7XNL1y9Q55VTjtxoXXH7FVQ2dC4dXwobn3gX3pqae7V78vdDYargYqdjSuhiZ7ZkAsIYXwiWM2_XFNLt5Xjbl-fEt0kAUzhAWyTNrqqszWOeFU2BrytQHiEXhEHUGXUi7HFLMFRZ-Ca_iSKXDvn-y7_dWHkjG_yR0mVhZkbsVLiEWhulTxFQvJfnqNNBm9XUnhwvkm3jMXtZG_F-lG_rxza38ChlekgZY4Sx7oBR2SBBc8uxMzl_anHBBhDKl-geuwUykNfU5m-HeUH8k3f_enCQ&sai=AMfl-YTi3wVlaCl-AOqHyufVx0nxZCxHpZ5mVbAQAKeD2y8KMUpoxFIP62_GRM8bTiCzV3nOBpOZS37Sp3w9A70XdHd0_eY1oZVsuZvNnPjJzaX3hsnFEQm5bnc1O1cSKv2kxYZrb3seZ8uQaN1d7F5C-vcV6rZ-UinQUVZnem4-jd--8SIeEEJMKq-ZMOuUqrPC3L6vOnd-pDYNK1QggTyPkSCh35k-2SVwdWQJqgL3DdYZr9kuWSghqLj-xubIg40TCJqfeWukln-uSfNc6ANc28TNSq4yfXRCxlrdJ7EJkw&sig=Cg0ArKJSzBh6Eb50JpraEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=358&vt=11&dtpt=357&dett=2&cstd=0&cisv=r20230201.89318&arae=0&ftch=1&adurl=
142.250.74.66200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstdYkzLlEy5CuGrboN1I1u_owy1yCEgf8JNsmssT3NCPeW6Avv_PEJ67Pb_P5Kbc_c3lTtS6hx1nuLbVG9UgIwsTeoev-6TYYNaBq1DHJn0Pa22HUB0hfpC0SLTH7LAhZvzwH9hHKvGG_UaI_Hbs8_DutQibWc9TL-A4IkYF20WiyIyCX9U8JDElyXHe2ZXYTkN7Z4q32vJsdMNvsllr6RYNY36DirZzkxGs6rO8NtK5tWt3z37Q1iaiaXIp18fWaDKT4A7Ej8x6IpVGTOwgnl4JnoxfqjGkq-f_8v2vfbbFR2KjLFfBT40d1yHPadFR6qNDsKaq96wOF0jfhcXngUa4fqPBp-ChO4jcz4h2ZUoCqRPs66AO04vCqOTCTvZL1gHRn84HvQ1_K29YfmkwGJ9nvci4keyY99fe9Y0S_ZLnvRW6ToKF3nWDTJMFVlQ8VObdKRlIb0QSEUG5SIohslFzKBhVycaebv7EsgDO9pAuoVd1F5n-jTXBwZzs0EI2puyoRDc0GHslBX3_uOcuWfqEMYhgF6nJtyhvIuYLHIOdurzXNwFuXTlBrwJIjhZUcwXeAU1dQ4GDjdFWOWFkit1--NsE4-Gu0qZak-Fk61hcbGu4_XJ8M6IxGfppWQhx4B7lRYbFgHf2Tbapa6isTTPOLD4RpbjjzK3ePXK2d0Zb-wk5aBPNZg5IMToI9h-ELp9phmEj2WTvvrXwzRSd4FxoUETp0ajiFGXv5Kc51sKB2OVDSnDEZ8A0uHtSvx5kxlCgV-14_m2dqx4nh1DgqI_8Wxtzhexy1net6Eg8OfA4lmeyXK10JZI2OpHBw3SFP4L6emaAJBfpD6kWN23VQqKpLl0VcQjX4eBWpLBCutJVDOyc2VFIu2rKmK61NauPn5KEVF7LqFXq4SL9V7XNL1y9Q55VTjtxoXXH7FVQ2dC4dXwobn3gX3pqae7V78vdDYargYqdjSuhiZ7ZkAsIYXwiWM2_XFNLt5Xjbl-fEt0kAUzhAWyTNrqqszWOeFU2BrytQHiEXhEHUGXUi7HFLMFRZ-Ca_iSKXDvn-y7_dWHkjG_yR0mVhZkbsVLiEWhulTxFQvJfnqNNBm9XUnhwvkm3jMXtZG_F-lG_rxza38ChlekgZY4Sx7oBR2SBBc8uxMzl_anHBBhDKl-geuwUykNfU5m-HeUH8k3f_enCQ&sai=AMfl-YTi3wVlaCl-AOqHyufVx0nxZCxHpZ5mVbAQAKeD2y8KMUpoxFIP62_GRM8bTiCzV3nOBpOZS37Sp3w9A70XdHd0_eY1oZVsuZvNnPjJzaX3hsnFEQm5bnc1O1cSKv2kxYZrb3seZ8uQaN1d7F5C-vcV6rZ-UinQUVZnem4-jd--8SIeEEJMKq-ZMOuUqrPC3L6vOnd-pDYNK1QggTyPkSCh35k-2SVwdWQJqgL3DdYZr9kuWSghqLj-xubIg40TCJqfeWukln-uSfNc6ANc28TNSq4yfXRCxlrdJ7EJkw&sig=Cg0ArKJSzBh6Eb50JpraEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=358&vt=11&dtpt=357&dett=2&cstd=0&cisv=r20230201.89318&arae=0&ftch=1&adurl=
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjstdYkzLlEy5CuGrboN1I1u_owy1yCEgf8JNsmssT3NCPeW6Avv_PEJ67Pb_P5Kbc_c3lTtS6hx1nuLbVG9UgIwsTeoev-6TYYNaBq1DHJn0Pa22HUB0hfpC0SLTH7LAhZvzwH9hHKvGG_UaI_Hbs8_DutQibWc9TL-A4IkYF20WiyIyCX9U8JDElyXHe2ZXYTkN7Z4q32vJsdMNvsllr6RYNY36DirZzkxGs6rO8NtK5tWt3z37Q1iaiaXIp18fWaDKT4A7Ej8x6IpVGTOwgnl4JnoxfqjGkq-f_8v2vfbbFR2KjLFfBT40d1yHPadFR6qNDsKaq96wOF0jfhcXngUa4fqPBp-ChO4jcz4h2ZUoCqRPs66AO04vCqOTCTvZL1gHRn84HvQ1_K29YfmkwGJ9nvci4keyY99fe9Y0S_ZLnvRW6ToKF3nWDTJMFVlQ8VObdKRlIb0QSEUG5SIohslFzKBhVycaebv7EsgDO9pAuoVd1F5n-jTXBwZzs0EI2puyoRDc0GHslBX3_uOcuWfqEMYhgF6nJtyhvIuYLHIOdurzXNwFuXTlBrwJIjhZUcwXeAU1dQ4GDjdFWOWFkit1--NsE4-Gu0qZak-Fk61hcbGu4_XJ8M6IxGfppWQhx4B7lRYbFgHf2Tbapa6isTTPOLD4RpbjjzK3ePXK2d0Zb-wk5aBPNZg5IMToI9h-ELp9phmEj2WTvvrXwzRSd4FxoUETp0ajiFGXv5Kc51sKB2OVDSnDEZ8A0uHtSvx5kxlCgV-14_m2dqx4nh1DgqI_8Wxtzhexy1net6Eg8OfA4lmeyXK10JZI2OpHBw3SFP4L6emaAJBfpD6kWN23VQqKpLl0VcQjX4eBWpLBCutJVDOyc2VFIu2rKmK61NauPn5KEVF7LqFXq4SL9V7XNL1y9Q55VTjtxoXXH7FVQ2dC4dXwobn3gX3pqae7V78vdDYargYqdjSuhiZ7ZkAsIYXwiWM2_XFNLt5Xjbl-fEt0kAUzhAWyTNrqqszWOeFU2BrytQHiEXhEHUGXUi7HFLMFRZ-Ca_iSKXDvn-y7_dWHkjG_yR0mVhZkbsVLiEWhulTxFQvJfnqNNBm9XUnhwvkm3jMXtZG_F-lG_rxza38ChlekgZY4Sx7oBR2SBBc8uxMzl_anHBBhDKl-geuwUykNfU5m-HeUH8k3f_enCQ&sai=AMfl-YTi3wVlaCl-AOqHyufVx0nxZCxHpZ5mVbAQAKeD2y8KMUpoxFIP62_GRM8bTiCzV3nOBpOZS37Sp3w9A70XdHd0_eY1oZVsuZvNnPjJzaX3hsnFEQm5bnc1O1cSKv2kxYZrb3seZ8uQaN1d7F5C-vcV6rZ-UinQUVZnem4-jd--8SIeEEJMKq-ZMOuUqrPC3L6vOnd-pDYNK1QggTyPkSCh35k-2SVwdWQJqgL3DdYZr9kuWSghqLj-xubIg40TCJqfeWukln-uSfNc6ANc28TNSq4yfXRCxlrdJ7EJkw&sig=Cg0ArKJSzBh6Eb50JpraEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=358&vt=11&dtpt=357&dett=2&cstd=0&cisv=r20230201.89318&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sat, 04 Feb 2023 20:53:14 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Feb-2023 21:08:14 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 04 Feb 2023 20:53:14 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 185b62fe607d5d833cc1717b68f3f7b7
ab6b571fdfcd1d1cdb923c48f53df4ecd74d85c2
656d98d306ebfcdea0dff590c34a6ce1496faa95ba05fb86f72a5e57e295f61b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 20:53:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.starfieldtech.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 79a2784590877462b86b7f0a33601af9
ad856fdf644f7d403697b442559ac0d856adc194
9548a32ab06ba91adac7bfd95322db97869075f71e85c30ef3b4d3ede057b3e2
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 04 Feb 2023 20:53:14 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 03 Feb 2023 20:47:17 GMT
Expires: Sat, 04 Feb 2023 20:53:14 GMT
ETag: "ad856fdf644f7d403697b442559ac0d856adc194"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_179800127996&jsTagObjCallback=__tagObject_callback_179800127996&num=6&ctx=1828362&cmp=115750&plc=5182866&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=179800127996&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/CdsgoZnx&chro=0&hist=2&winh=280&winw=940&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0id7i28tdU0pobn3RjlCXE0&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=7&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATaur5D8%40%2B%3FI&dvp_exetime=9.00&callbackName=__verify_callback_179800127996
34.149.12.213200 OK 268 B URL HTTP/1.1 rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_179800127996&jsTagObjCallback=__tagObject_callback_179800127996&num=6&ctx=1828362&cmp=115750&plc=5182866&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=179800127996&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/CdsgoZnx&chro=0&hist=2&winh=280&winw=940&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0id7i28tdU0pobn3RjlCXE0&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=7&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATaur5D8%40%2B%3FI&dvp_exetime=9.00&callbackName=__verify_callback_179800127996
IP 34.149.12.213:0
Hash cad563cfd191310fb9a1f7e025e61fe9
1a70bb7fa250aa9d4b622a0e816c58d5be6d491f
82a651b1350df0f5452b59c9be9117bc4642dc42b88b90c8621fa831f7a92066
GET /verify.js?flvr=0&jsCallback=__verify_callback_179800127996&jsTagObjCallback=__tagObject_callback_179800127996&num=6&ctx=1828362&cmp=115750&plc=5182866&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=179800127996&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&turl=https://exeo.app/CdsgoZnx&chro=0&hist=2&winh=280&winw=940&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0id7i28tdU0pobn3RjlCXE0&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=7&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATaur5D8%40%2B%3FI&dvp_exetime=9.00&callbackName=__verify_callback_179800127996 HTTP/1.1
Host: rtb0.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 20:53:14 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 02/03/2023 20:53:14
Pragma: no-cache
Vary: Accept-Encoding
X-DV-Response: 0
cdn.doubleverify.com/dv-measurements3497.js
95.101.11.115200 OK 109 kB URL HTTP/1.1 cdn.doubleverify.com/dv-measurements3497.js
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 109 kB (109099 bytes)
Hash 4773cb5cfa2ad0e71d21f43c56c76ae3
39d66090c14e1b5d2f0f3413a34e087b5969d054
76206ee41bcfae347cef25b03589639e616747c9f77e2b3378387ee9e14f3a00
GET /dv-measurements3497.js HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=946080900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 01 Feb 2023 08:37:17 GMT
Accept-Ranges: bytes
ETag: "809cf641836d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 109099
Date: Sat, 04 Feb 2023 20:53:14 GMT
Connection: keep-alive
servedby.flashtalking.com/imp/8/115750;5182866;201;jsappend;DV360;DV360FY20AcrobatCTXInMarketHighReachNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2F776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&us_privacy=${US_PRIVACY}&cachebuster=907929.3243125697&ft_dv=%5B%25ft_dv%25%5D
104.88.10.141200 OK 817 B URL HTTP/1.1 servedby.flashtalking.com/imp/8/115750;5182866;201;jsappend;DV360;DV360FY20AcrobatCTXInMarketHighReachNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2F776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&us_privacy=${US_PRIVACY}&cachebuster=907929.3243125697&ft_dv=%5B%25ft_dv%25%5D
IP 104.88.10.141:0
File type ASCII text, with CRLF, CR, LF line terminators
Hash 5a4d515de1c8ffbf71421a5988c5b084
2b381669765639e2e9adaf51d0fd86304c42a447
e4e6f99c552e33b2c0add1532c706d682869dec0f7868eb7227eb232dbb1663d
GET /imp/8/115750;5182866;201;jsappend;DV360;DV360FY20AcrobatCTXInMarketHighReachNODSKBAN728x90/?ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2F776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&us_privacy=${US_PRIVACY}&cachebuster=907929.3243125697&ft_dv=%5B%25ft_dv%25%5D HTTP/1.1
Host: servedby.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=ISO-8859-1
Server: prod-xre-app8.frk11
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 20:53:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 04 Feb 2023 20:53:14 GMT
Content-Length: 817
Connection: keep-alive
Strict-Transport-Security: max-age=86400
cdn.flashtalking.com/xre/518/5182866/4069571/js/j-5182866-4069571.js
205.185.216.10200 OK 17 kB URL HTTP/1.1 cdn.flashtalking.com/xre/518/5182866/4069571/js/j-5182866-4069571.js
IP 205.185.216.10:0
File type ASCII text, with very long lines (2897), with CRLF, CR, LF line terminators
Hash 8c83de7498f1e340dc423c319a72cf66
fb1ee3c2d5e97a8c3f94764ff5e98ee3cd7cd0e1
25f586ea17fffa43cca2307d13698b6eb3b71489ded14fc1530582908c60a8f9
GET /xre/518/5182866/4069571/js/j-5182866-4069571.js HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 20:53:14 GMT
Connection: Keep-Alive
ETag: "1664998065"
Cache-Control: max-age=526
Content-Encoding: gzip
Content-Length: 17008
Content-Type: text/javascript; charset=utf-8
Last-Modified: Wed, 05 Oct 2022 19:27:45 GMT
Accept-Ranges: bytes
x-amz-id-2: zFXgMlJd6SX5rnAEjM+CiD1vPe2y/2Y++/eZjtKkM5dcopFuD0gMkEWnihOpXXG9zgqocE7Q6M4=
x-amz-request-id: S2H2HPJV9D2NMBZE
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1675543994.dop203.sk1.t,1675543994.cds022.sk1.shn,1675543994.dop203.sk1.t,1675543994.cds069.sk1.c
cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182866&num=&adid=&advid=&adsrv=29&btreg=5182866&btadsrv=flashtalking&crt=4069571&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=4423E665-1217-74FA-BB1A-0027D6D6E99F&auevent=&980536106
95.101.11.115200 OK 3.3 kB URL HTTP/1.1 cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182866&num=&adid=&advid=&adsrv=29&btreg=5182866&btadsrv=flashtalking&crt=4069571&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=4423E665-1217-74FA-BB1A-0027D6D6E99F&auevent=&980536106
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (8016)
Hash 558236d14c2aba66c3914c13a1854592
6f67ca562bf15c1a23254b80111d11d99260eff7
ae734998083e7b4a03942d17ae10e83c9d5ff2a75ad66fadfe7eb8acab3bf23f
GET /dvtp_src.js?ctx=1828362&cmp=115750&sid=18330&plc=5182866&num=&adid=&advid=&adsrv=29&btreg=5182866&btadsrv=flashtalking&crt=4069571&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=4423E665-1217-74FA-BB1A-0027D6D6E99F&auevent=&980536106 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 01 Feb 2023 10:02:56 GMT
Accept-Ranges: bytes
ETag: "0c8245b2436d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 3338
Date: Sat, 04 Feb 2023 20:53:14 GMT
Connection: keep-alive
cdn.flashtalking.com/116327/4069571/index.html
205.185.216.10200 OK 22 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069571/index.html
IP 205.185.216.10:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1430), with CRLF, LF line terminators
Hash 6b6f22786e6f3f0c871de2632b0a6a8b
f519f5563a86f2fc64f4a1737342ee354ad4876d
3ea4a259652cff565b2e3ffe95ad3c43f060582cdce0c99117c57d1a41ad15ef
GET /116327/4069571/index.html HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 20:53:14 GMT
Connection: Keep-Alive
ETag: "1664411220"
Cache-Control: max-age=646
Content-Encoding: gzip
Content-Length: 22509
Content-Type: text/html
Last-Modified: Thu, 29 Sep 2022 00:27:00 GMT
Accept-Ranges: bytes
x-amz-id-2: OoqgReKjupAkHGPMUkNRenRYsMSQ/Lnev/EzKoZdVA/b8shKyd8vD8W8XDFKmr3MgA2jdprM+zU=
x-amz-request-id: F80T9ABB9123GK0M
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1675543994.dop203.sk1.t,1675543994.cds022.sk1.shn,1675543994.dop203.sk1.t,1675543994.cds264.sk1.c
secure.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
2.18.172.49200 OK 1.3 kB URL HTTP/1.1 secure.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
IP 2.18.172.49:0
File type PNG image data, 19 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash db320ef6f3c45ab5c90887ef618de2bb
7d4bd175166545ea775fcb69b406eba11f7fa3ec
f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025
GET /oba/icon/iconc.png?EDAA_icon=y HTTP/1.1
Host: secure.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Sat, 12 Apr 2014 19:14:32 GMT
Content-Type: image/png
ETag: W/"db320ef6f3c45ab5c90887ef618de2bb"
X-Varnish: 440713868 434560932
Accept-Ranges: bytes
Content-Length: 1308
Cache-Control: max-age=457165
Expires: Fri, 10 Feb 2023 03:52:39 GMT
Date: Sat, 04 Feb 2023 20:53:14 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
2.18.172.49200 OK 6.0 kB URL HTTP/1.1 secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
IP 2.18.172.49:0
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash d675694ab4d4d2eb56cca854c25d9c36
34174b9397a3cb289f892f1f98ccc51a63698360
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98
GET /oba/icon/consumer-privacy-logo.png HTTP/1.1
Host: secure.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Thu, 11 Feb 2021 15:39:51 GMT
Content-Type: image/png
ETag: W/"d675694ab4d4d2eb56cca854c25d9c36"
X-Varnish: 721542519 721664610
Accept-Ranges: bytes
Content-Length: 5953
Cache-Control: max-age=237
Expires: Sat, 04 Feb 2023 20:57:12 GMT
Date: Sat, 04 Feb 2023 20:53:15 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
cdn.flashtalking.com/116327/4069571/images/Desktop_Acrobat_ARed_FullBleedVERB.png
205.185.216.10200 OK 53 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069571/images/Desktop_Acrobat_ARed_FullBleedVERB.png
IP 205.185.216.10:0
File type PNG image data, 1006 x 1006, 8-bit/color RGBA, non-interlaced\012- data
Hash 38a032ded861b9c4d5806ec24c9b1ca6
8d0ab06003146fce58b1484ffd543c2be3e8c049
5974065541ad65f16b0bb987eedcc3be2ecbaa4de9f21869d636cecc2441efda
GET /116327/4069571/images/Desktop_Acrobat_ARed_FullBleedVERB.png HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069571/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 20:53:15 GMT
Connection: Keep-Alive
ETag: "1664411220"
Cache-Control: max-age=691
Content-Length: 52887
Content-Type: image/png
Last-Modified: Thu, 29 Sep 2022 00:27:00 GMT
Accept-Ranges: bytes
x-amz-id-2: H/X/708k3Xefx6Xr51eB0d28ZR+nnbIFX70q3oG6IV72cOvVQDsCVjU09U43LSwlQS7lEdTgFR8=
x-amz-request-id: F80W3BAVDHT0KBTV
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1675543994.dop203.sk1.t,1675543994.cds022.sk1.shn,1675543995.dop203.sk1.t,1675543995.cds255.sk1.c
cdn.flashtalking.com/116327/4069571/images/gradient_728x90.png
205.185.216.10200 OK 6.2 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069571/images/gradient_728x90.png
IP 205.185.216.10:0
File type PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash db47dddd08bbabfb656fdcb6c4845fd4
df7ac31929e97fd01d66528ca60885d95b546306
9a518f29526e9b9bf6627c17debd7fab5c01fdf1a80032dcea9ddfdca3c9ee8b
GET /116327/4069571/images/gradient_728x90.png HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069571/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 20:53:15 GMT
Connection: Keep-Alive
ETag: "1664411220"
Cache-Control: max-age=772
Content-Length: 6175
Content-Type: image/png
Last-Modified: Thu, 29 Sep 2022 00:27:00 GMT
Accept-Ranges: bytes
x-amz-id-2: jWS7axUqNJAjc/GGfoq2dq8dMr3dbiEJ1bmE+wD+SqA9nzbqNIpDhyraj7QpMvt945DvWwe7qJ8=
x-amz-request-id: CK2Q8WCYWJQRKMY5
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1675543994.dop203.sk1.t,1675543994.cds022.sk1.shn,1675543995.dop203.sk1.t,1675543995.cds071.sk1.c
cdn.flashtalking.com/116327/4069571/images/Group171472.png
205.185.216.10200 OK 48 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069571/images/Group171472.png
IP 205.185.216.10:0
File type PNG image data, 802 x 802, 8-bit/color RGBA, non-interlaced\012- data
Hash 9c628e9acdc55344312932fc53e51890
544de55aac5ac7e8d94f23754372ed1a545beffd
dba335650002392562f88e326f52e0a88b3a1a9b9262b795b2c1b5dac900a476
GET /116327/4069571/images/Group171472.png HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069571/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 20:53:15 GMT
Connection: Keep-Alive
ETag: "1664411220"
Cache-Control: max-age=685
Content-Length: 47662
Content-Type: image/png
Last-Modified: Thu, 29 Sep 2022 00:27:00 GMT
Accept-Ranges: bytes
x-amz-id-2: bW+hXwy4qvPLrpz3Sw29IYRfeCRqcbuD2JiDCms6pNrxOxijQEsOBPCHgKqmbQDfX/v3cLs1d9o=
x-amz-request-id: CK2X6413QJ6V53DJ
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1675543994.dop203.sk1.t,1675543994.cds022.sk1.shn,1675543995.dop203.sk1.t,1675543995.cds210.sk1.c
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 68cf08d77af8279898bf9ddad7b9b223
efda878c11b075ca24541c593e3e4146a8f7b4a5
d291469433a8ce2b9663f96789e5d7df3e1d1ae2d7258bf1835e126b2957e5ea
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 04 Feb 2023 20:53:15 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 04 Feb 2023 02:59:35 GMT
Expires: Sun, 05 Feb 2023 02:59:35 GMT
ETag: "efda878c11b075ca24541c593e3e4146a8f7b4a5"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
cdn.flashtalking.com/116327/4069571/images/MaskGroup171153.png
205.185.216.10200 OK 82 kB URL HTTP/1.1 cdn.flashtalking.com/116327/4069571/images/MaskGroup171153.png
IP 205.185.216.10:0
File type PNG image data, 642 x 674, 8-bit/color RGB, non-interlaced\012- data
Hash aa80b743045113baa5a45756cc258c01
d1ec09f5074cd7612fb0cc06e5a02eab6ef40d19
d3b39584486be12795fc5a5e3b7184ffc43f9ce6995f8a27b535f589d46af75b
GET /116327/4069571/images/MaskGroup171153.png HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/116327/4069571/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 20:53:15 GMT
Connection: Keep-Alive
ETag: "1664411220"
Cache-Control: max-age=762
Content-Length: 82376
Content-Type: image/png
Last-Modified: Thu, 29 Sep 2022 00:27:00 GMT
Accept-Ranges: bytes
x-amz-id-2: xlwivOaFzfc8r7fURCaziSaMW2BEyP796fYzlRMtagWuCHt+U0QECSGRa3br2SMzMsFfH9UdmbE=
x-amz-request-id: CK2RTMF8XV37SCQ1
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
X-HW: 1675543994.dop203.sk1.t,1675543994.cds022.sk1.shn,1675543995.dop203.sk1.t,1675543995.cds212.sk1.c
tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=106&ttfrms=17&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATaur5D8%40%2B%3FI&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1278&ddur=11&uid=1675544032247553&jsCallback=dvCallback_1675544032247964&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=91&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182866&crt=4069571&btreg=5182866&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=4423E665-1217-74FA-BB1A-0027D6D6E99F&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=1392522252.4918864&dvp_tukv=178805943.82646313&dvp_tuid=635475294873&jurtd=3765574431
34.149.12.213200 OK 1.2 kB URL HTTP/1.1 tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=106&ttfrms=17&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATaur5D8%40%2B%3FI&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1278&ddur=11&uid=1675544032247553&jsCallback=dvCallback_1675544032247964&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=91&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182866&crt=4069571&btreg=5182866&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=4423E665-1217-74FA-BB1A-0027D6D6E99F&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=1392522252.4918864&dvp_tukv=178805943.82646313&dvp_tuid=635475294873&jurtd=3765574431
IP 34.149.12.213:0
File type ASCII text, with very long lines (3044), with no line terminators
Hash a2b1af0be06e1a6497ab4ce32134b102
70acd6290b3bbaad706563b9c218f648565bab6f
9b2416ab85b1f3a2caa456f742636e94c38ff360b2dbb90972f153d313abfcd0
GET /visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=106&ttfrms=17&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATaur5D8%40%2B%3FI&srcurlD=0&aUrlD=-1&ssl=https:&dfs=1278&ddur=11&uid=1675544032247553&jsCallback=dvCallback_1675544032247964&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=91&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=115750&sid=18330&plc=5182866&crt=4069571&btreg=5182866&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=4423E665-1217-74FA-BB1A-0027D6D6E99F&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=1392522252.4918864&dvp_tukv=178805943.82646313&dvp_tuid=635475294873&jurtd=3765574431 HTTP/1.1
Host: tps.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 20:53:15 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 02/03/2023 20:53:15
Pragma: no-cache
Vary: Accept-Encoding
code.createjs.com/1.0.0/createjs.min.js
95.101.10.9200 OK 64 kB URL HTTP/2 code.createjs.com/1.0.0/createjs.min.js
IP 95.101.10.9:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32043)
Hash 292a7144ac6076827ee286446a70333b
c44f65af003ad27b49ee90ecb3c8b1788ae0ddf6
650a416042a408cbbe2448fb2ef009e0a3cab8c6344d32a52c1ae3d9a70dbe61
GET /1.0.0/createjs.min.js HTTP/1.1
Host: code.createjs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.flashtalking.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
accept-ranges: bytes
content-type: text/javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=900
expires: Sat, 04 Feb 2023 21:08:15 GMT
date: Sat, 04 Feb 2023 20:53:15 GMT
x-n: S
X-Firefox-Spdy: h2
cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=c295069288db4a0992e637b0c4fff078&dup=&eoid=1000&cbust=1675544032486539
95.101.11.115302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=c295069288db4a0992e637b0c4fff078&dup=&eoid=1000&cbust=1675544032486539
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-eu3¶m=akipv6&impid=c295069288db4a0992e637b0c4fff078&dup=&eoid=1000&cbust=1675544032486539 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-eu3.doubleverify.com/event.png?impid=c295069288db4a0992e637b0c4fff078&akipv6=&dup=&eoid=1000
Date: Sat, 04 Feb 2023 20:53:15 GMT
Connection: keep-alive
tpsc-eu3.doubleverify.com/event.png?impid=c295069288db4a0992e637b0c4fff078&akipv6=&dup=&eoid=1000
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=c295069288db4a0992e637b0c4fff078&akipv6=&dup=&eoid=1000
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=c295069288db4a0992e637b0c4fff078&akipv6=&dup=&eoid=1000 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sat, 04 Feb 2023 20:53:15 GMT
Connection: keep-alive
Cache-Control: max-age=0
Expires: 02/03/2023 20:53:15
Pragma: no-cache
tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=241&ttfrms=27&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATaur5D8%40%2B%3FI&srcurlD=0&aUrlD=-1&ssl=https:&uid=1675544031982478&jsCallback=dvCallback_1675544031982696&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=91&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://exeo.app/CdsgoZnx&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0id7i28tdU0pobn3RjlCXE0&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=1392522252.4918864&dvp_tukv=264391773993.6515&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=1621664668874&jurtd=2937932596
34.149.12.213200 OK 678 B URL HTTP/1.1 tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=241&ttfrms=27&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATaur5D8%40%2B%3FI&srcurlD=0&aUrlD=-1&ssl=https:&uid=1675544031982478&jsCallback=dvCallback_1675544031982696&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=91&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://exeo.app/CdsgoZnx&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0id7i28tdU0pobn3RjlCXE0&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=1392522252.4918864&dvp_tukv=264391773993.6515&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=1621664668874&jurtd=2937932596
IP 34.149.12.213:0
File type ASCII text, with very long lines (1184), with no line terminators
Hash 30e167dac36174c657fed9e2a047c7da
84d0754048e7338946e6b3b0d955b08b4e2a84b1
dec69b3a17113a894daa4d06eb3638bdac190b4f21f267d30255405a84a72990
GET /visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=241&ttfrms=27&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau6I6%40%5D2AATauU2%26C%3Dl9EEADTbpTauTau6I6%40%5D2AATaur5D8%40%2B%3FI&srcurlD=0&aUrlD=-1&ssl=https:&uid=1675544031982478&jsCallback=dvCallback_1675544031982696&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3497&tgjsver=3497&lvvn=28&m1=13&refD=2&fcifrms=6&brh=2&sdf=2&dvp_epl=91&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://exeo.app/CdsgoZnx&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0id7i28tdU0pobn3RjlCXE0&DVP_DBM_1=3060631&DVP_DBM_2=24779287&DVP_DBM_3=15170598693&DVP_DBM_4=396440570&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=1928744274602&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=1392522252.4918864&dvp_tukv=264391773993.6515&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=1621664668874&jurtd=2937932596 HTTP/1.1
Host: tps.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 20:53:16 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 02/03/2023 20:53:16
Pragma: no-cache
Vary: Accept-Encoding
cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=3e3d0a8d0b84424ca4c1b7d10df1ee40&dup=&eoid=1000&cbust=1675544033216511
95.101.11.115302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-eu3¶m=akipv6&impid=3e3d0a8d0b84424ca4c1b7d10df1ee40&dup=&eoid=1000&cbust=1675544033216511
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-eu3¶m=akipv6&impid=3e3d0a8d0b84424ca4c1b7d10df1ee40&dup=&eoid=1000&cbust=1675544033216511 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-eu3.doubleverify.com/event.png?impid=3e3d0a8d0b84424ca4c1b7d10df1ee40&akipv6=&dup=&eoid=1000
Date: Sat, 04 Feb 2023 20:53:16 GMT
Connection: keep-alive
tpsc-eu3.doubleverify.com/event.png?impid=3e3d0a8d0b84424ca4c1b7d10df1ee40&akipv6=&dup=&eoid=1000
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=3e3d0a8d0b84424ca4c1b7d10df1ee40&akipv6=&dup=&eoid=1000
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=3e3d0a8d0b84424ca4c1b7d10df1ee40&akipv6=&dup=&eoid=1000 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sat, 04 Feb 2023 20:53:16 GMT
Connection: keep-alive
Cache-Control: max-age=0
Expires: 02/03/2023 20:53:16
Pragma: no-cache
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 68cf08d77af8279898bf9ddad7b9b223
efda878c11b075ca24541c593e3e4146a8f7b4a5
d291469433a8ce2b9663f96789e5d7df3e1d1ae2d7258bf1835e126b2957e5ea
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 04 Feb 2023 20:53:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 04 Feb 2023 02:59:35 GMT
Expires: Sun, 05 Feb 2023 02:59:35 GMT
ETag: "efda878c11b075ca24541c593e3e4146a8f7b4a5"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1675544034592995
142.250.74.134302 Found 0 B URL HTTP/2 ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1675544034592995
IP 142.250.74.134:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1|https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1675544034592995 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 04 Feb 2023 20:53:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/p/src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1%7Chttps://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;ord=1?cbust=1675544034592995&~oref=https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Feb-2023 21:08:17 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1|https://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1675544034594116
142.250.74.134302 Found 0 B URL HTTP/2 ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1|https://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1675544034594116
IP 142.250.74.134:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1|https://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1675544034594116 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 04 Feb 2023 20:53:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/p/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1%7Chttps://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115750;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?cbust=1675544034594116&~oref=https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Feb-2023 21:08:17 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpsc-eu3.doubleverify.com/event.png?impid=c295069288db4a0992e637b0c4fff078&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=180&eoid=15&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=11&tetms=4&msltms=5&vltms=180&sei=146&vetms=61&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=968&msrcannum=4&ismms=26&isumms=25&nvr=6&isgmmims=26&isgmv4mims=26&elmtp=1&isbxdms=2321&b0=100&b11=2297&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2397&sftb=2397&msrdp=0&naral=704&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1115&isuiabvms=1115&isgmpims=132&isgmv4dpims=1115&ispmxpms=1115&engalms=25&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3255&cbust=1675544035487491
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=c295069288db4a0992e637b0c4fff078&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=180&eoid=15&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=11&tetms=4&msltms=5&vltms=180&sei=146&vetms=61&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=968&msrcannum=4&ismms=26&isumms=25&nvr=6&isgmmims=26&isgmv4mims=26&elmtp=1&isbxdms=2321&b0=100&b11=2297&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2397&sftb=2397&msrdp=0&naral=704&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1115&isuiabvms=1115&isgmpims=132&isgmv4dpims=1115&ispmxpms=1115&engalms=25&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3255&cbust=1675544035487491
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /event.png?impid=c295069288db4a0992e637b0c4fff078&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=180&eoid=15&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=11&tetms=4&msltms=5&vltms=180&sei=146&vetms=61&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=968&msrcannum=4&ismms=26&isumms=25&nvr=6&isgmmims=26&isgmv4mims=26&elmtp=1&isbxdms=2321&b0=100&b11=2297&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2397&sftb=2397&msrdp=0&naral=704&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1115&isuiabvms=1115&isgmpims=132&isgmv4dpims=1115&ispmxpms=1115&engalms=25&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=3255&cbust=1675544035487491 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Sat, 04 Feb 2023 20:53:18 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 02/03/2023 20:53:18
Pragma: no-cache
tpsc-eu3.doubleverify.com/event.png?impid=3e3d0a8d0b84424ca4c1b7d10df1ee40&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=1223&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=11&tetms=3&msltms=13&vltms=1223&sei=145&vetms=12&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=904&msrcannum=3&ismms=1052&isumms=1051&nvr=6&isgmmims=1052&isgmv4mims=1052&elmtp=1&isbxdms=3273&b0=100&b11=2226&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2326&sftb=2326&msrdp=2&naral=640&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2071&isuiabvms=2071&isgmpims=1155&isgmv4dpims=2071&ispmxpms=2071&engalms=1050&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=4259&cbust=1675544036216484
34.149.12.213204 No Content 0 B URL HTTP/1.1 tpsc-eu3.doubleverify.com/event.png?impid=3e3d0a8d0b84424ca4c1b7d10df1ee40&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=1223&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=11&tetms=3&msltms=13&vltms=1223&sei=145&vetms=12&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=904&msrcannum=3&ismms=1052&isumms=1051&nvr=6&isgmmims=1052&isgmv4mims=1052&elmtp=1&isbxdms=3273&b0=100&b11=2226&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2326&sftb=2326&msrdp=2&naral=640&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2071&isuiabvms=2071&isgmpims=1155&isgmv4dpims=2071&ispmxpms=2071&engalms=1050&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=4259&cbust=1675544036216484
IP 34.149.12.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /event.png?impid=3e3d0a8d0b84424ca4c1b7d10df1ee40&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=1223&eoid=14&msrjs=3497&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=11&tetms=3&msltms=13&vltms=1223&sei=145&vetms=12&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=904&msrcannum=3&ismms=1052&isumms=1051&nvr=6&isgmmims=1052&isgmv4mims=1052&elmtp=1&isbxdms=3273&b0=100&b11=2226&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2326&sftb=2326&msrdp=2&naral=640&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2071&isuiabvms=2071&isgmpims=1155&isgmv4dpims=2071&ispmxpms=2071&engalms=1050&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=2&meeid=1&ttfurm=4259&cbust=1675544036216484 HTTP/1.1
Host: tpsc-eu3.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://776bd21ca348b324e2137489e8caf0f9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Sat, 04 Feb 2023 20:53:19 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 02/03/2023 20:53:19
Pragma: no-cache
exeo.app/CdsgoZnx
104.26.9.233200 OK 0 B IP 104.26.9.233:0
GET /CdsgoZnx HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:11 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=d5914fed55cf686efd46f65b5224c681; path=/; HttpOnly
csrfToken=1472ba5591e21396308a5e777c93381efd8a6519188d9f0e8aba22b1f0d3f67e5651ed82425dd174ce7d55169f379ef7dcc282952cab90569cc2a6cf39fb2e50; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wvelz3ibB1j%2BS8TQ590w0jKQ6Fmenzgrs%2FjFQWBfQNUCLixefho8X19fNm4XVNxJDtPBhfwPl%2FZ94utRgQIxOqhuI%2FxgSyyMlG0fykHZQML4GAtMX6xVW0hc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79464b5d18d5b518-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.106:0
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 Feb 2023 20:53:12 GMT
date: Sat, 04 Feb 2023 20:53:12 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
exeo.app/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675540800
104.26.9.233200 OK 0 B URL HTTP/2 exeo.app/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675540800
IP 104.26.9.233:0
GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675540800 HTTP/1.1
Host: exeo.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: AppSession=d5914fed55cf686efd46f65b5224c681; csrfToken=1472ba5591e21396308a5e777c93381efd8a6519188d9f0e8aba22b1f0d3f67e5651ed82425dd174ce7d55169f379ef7dcc282952cab90569cc2a6cf39fb2e50
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:12 GMT
content-type: application/javascript; charset=UTF-8
x-control-type-options: nosniff
vary: accept-encoding
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3NAHTlLOUyzbs%2FUQCdd1JMptVyb2AOQNQiTiA9JXCXaFHYH5GQuB0OCh5bCwPEY5AFE76%2FH1Z%2Buc6qSgILNpAPOkhLpTQNyqLytZgSWPx%2F2%2FFtrVCUJNbR4p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79464b604cb3b518-OSL
content-encoding: br
X-Firefox-Spdy: h2
live.demand.supply/ds.2.html
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/ds.2.html
IP 104.16.134.22:0
GET /ds.2.html HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:12 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
x-nf-request-id: 01GPGAFB7A85YK1WPYW7SQCTTM
cf-cache-status: HIT
age: 2064118
set-cookie: __cf_bm=OeWCm0vwRzxgSzPoMSSHdf9qjfgxO9yH6_fqG4uYfXE-1675543992-0-Ab/Q1mWernMChV+3c4Fx8OGJflSYKoyHDK8tyIQQI7nDn6ELGlHTgHc1TeT7R9v8x/Sz2H1fcpTkeLV6CaGGQxE=; path=/; expires=Sat, 04-Feb-23 21:23:12 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 79464b608bdfb51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.demand.supply/v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvQ2RzZ29abng=
104.16.134.22200 OK 0 B URL HTTP/2 api.demand.supply/v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvQ2RzZ29abng=
IP 104.16.134.22:0
GET /v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvQ2RzZ29abng= HTTP/1.1
Host: api.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exeo.app
Connection: keep-alive
Referer: https://exeo.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:12 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
etag: W/"12f-aFZteA9zgnZw4R98/cYBNh/r5E0"
cf-cache-status: HIT
age: 6992
set-cookie: __cf_bm=UciAXW1zHwm4NyQxzNUww2crqdHACrz8JDcA40_mH4A-1675543992-0-AVBjPBt8QiQBtXZH+KeQ5xImYyXLmLn9g2Yxj8IC6yG+/4JcBeqGDRWpJGa6PJGbbW8C1inZrcI/3R0F5zSHuGc=; path=/; expires=Sat, 04-Feb-23 21:23:12 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 79464b6108590afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1626493457%3A1675543992904843&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeikfQ87neHA1eHrtYf2iGDyEu4H_URVBwQaMmg0KlLGXKJL4HD1kGPGlFumfQFNudkPJ8GfQ
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1626493457%3A1675543992904843&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeikfQ87neHA1eHrtYf2iGDyEu4H_URVBwQaMmg0KlLGXKJL4HD1kGPGlFumfQFNudkPJ8GfQ
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S-1626493457%3A1675543992904843&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeikfQ87neHA1eHrtYf2iGDyEu4H_URVBwQaMmg0KlLGXKJL4HD1kGPGlFumfQFNudkPJ8GfQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 Feb 2023 20:53:12 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-kwiqp2xzkWjp7OlgWJee3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
live.demand.supply/impl.v16.3.0.js
104.16.134.22200 OK 0 B URL HTTP/2 live.demand.supply/impl.v16.3.0.js
IP 104.16.134.22:0
GET /impl.v16.3.0.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exeo.app/
Cookie: demandSupplyTi=2d30e606-9d2e-41d6-b245-22041dc54057; __cf_bm=3OmZZov3_LE7Sz2_RmXBTI.l.R62_AvJKjebh6RmDE0-1675543992-0-AfgLzFoyiK9FIv0qzpT3GXJ//qygsrMHknYoORv7jMq9E/vmsP3GlFZRtqn1NzhPMMSKZC6Kq/X0VzvrqCKZWjI=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:12 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=74953
etag: W/"b19940580c70e30455a2254a785a8919-ssl-df"
timing-allow-origin: *
vary: Accept-Encoding
x-nf-request-id: 01GMX2V689ENQZTBQ4NFCNSXD1
cf-cache-status: HIT
age: 1233617
server: cloudflare
cf-ray: 79464b608bd7b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exeo.app/
Origin: https://exeo.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 Feb 2023 20:53:12 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5156
last-modified: Sat, 04 Feb 2023 19:27:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ynVPnw9vTbjEPpHo%2FFRsBkgLA%2B2%2BVM8fwOUnMbazSgkSPbB3HCVI41yWRwGht0zEq62Z0BALuN2tSDRZy%2Fy%2FVpMd2U%2Bqz3ExvmIN6QJsSvg9Ltt3%2FjhDw3fKrmi4yLV%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79464b607b093855-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2