r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 43ad67f241ee3692a9c9c1da080dae58
6a024f7d71eeee257edc91ba9273416f634aaae5
636635b57f9e6d2ad9b1b949298ee7d3b5b7e251a63516ff68bfb1eceded5688
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "636635B57F9E6D2AD9B1B949298EE7D3B5B7E251A63516FF68BFB1ECEDED5688"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10816
Expires: Mon, 12 Dec 2022 00:59:09 GMT
Date: Sun, 11 Dec 2022 21:58:53 GMT
Connection: keep-alive
exee.app/8uFwdK
104.21.48.127200 OK 165 kB IP 104.21.48.127:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61746)
Size 165 kB (164851 bytes)
Hash 2e73f480a7c4fb728262d14c2d28c4fd
c419f4bd478d9aea58771fb99018abd787bc5360
bf3bf182068589020db0fae59fe4e926d5dbcf5a2f21ed7168f6df3ea2d76a25
GET /8uFwdK HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 21:58:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding,User-Agent
Set-Cookie: AppSession=ab4dd9417224ae85b9b520c12bb70d10; path=/; HttpOnly
csrfToken=78d3bdd344f357b50731b0f4736a59f862ef27e279d6e1d65efc45ea672f416a82fbb6a967bb7574f50b1cdd85ebc44b60cdd8af0e1aa3abf68b9349e8d130d4; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fJDDVaYC0d9MPCFp6FQnX84NuNqi9PGRbf8v5fJAO8BRpHEAB9bT1EZlLBXxcW7P4DX%2BE3Zt9bzT%2FIAgoHqGUMqfAuny3pcz88arCLz45SCjM3d%2FatZGSGezxg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77817bf69f1d0b39-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 430f1651125c14bfa4924aa1f1a392e9
304141c5fe7ac8b370a67912b2592f9622de9600
315d77a9956f34b1615e38f5f1971dd05146980f8a36b35a8108d47ebba7e8e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "315D77A9956F34B1615E38F5F1971DD05146980F8A36B35A8108D47EBBA7E8E5"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4620
Expires: Sun, 11 Dec 2022 23:15:53 GMT
Date: Sun, 11 Dec 2022 21:58:53 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dbd022fec0a71226daaf29b7563a8896
c37d14dc7b3849a4bb815fa325fb5e70fae54039
22da5e6e3f9507688fc8cb02183d52cf38f4adf8b2c6c52eaf5f88182471efeb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22DA5E6E3F9507688FC8CB02183D52CF38F4ADF8B2C6C52EAF5F88182471EFEB"
Last-Modified: Sun, 11 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11401
Expires: Mon, 12 Dec 2022 01:08:54 GMT
Date: Sun, 11 Dec 2022 21:58:53 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 11 Dec 2022 21:08:31 GMT
content-type: application/json
age: 3022
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: OJ4CVRVinacqYvTTTLZJ0e90OEEXGWcnoLmyJKBpSAIn+/+/DJeJMzsxP4/jrLTYIMGX9O2fDfA=
x-amz-request-id: GJ3G6953JEQ3Y820
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 11 Dec 2022 21:51:14 GMT
age: 459
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
exee.app/css/continue.css
104.21.48.127200 OK 43 kB URL HTTP/1.1 exee.app/css/continue.css
IP 104.21.48.127:0
File type assembler source, ASCII text
Hash 86f2690abb402da57ec94426944f117d
090dd2289eff354b4ae54490f2f8060df48c9d0c
e1f10c833a7a0f58158484857fe22a7c6efdcb7e4636df1cc9e2c4a5d3d1dafa
GET /css/continue.css HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/8uFwdK
Cookie: AppSession=ab4dd9417224ae85b9b520c12bb70d10; csrfToken=78d3bdd344f357b50731b0f4736a59f862ef27e279d6e1d65efc45ea672f416a82fbb6a967bb7574f50b1cdd85ebc44b60cdd8af0e1aa3abf68b9349e8d130d4
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 21:58:53 GMT
Content-Type: text/css
Content-Length: 43033
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 20 Nov 2020 17:25:47 GMT
Cache-Control: max-age=2592000
Expires: Mon, 09 Jan 2023 22:50:15 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Age: 83318
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=12Psfram%2FqY7o1GFzvthCNKzeS68A0mGcySJQyYioCRqOaFsSgvpncnYYo7GSPT0zhq62j5uru%2FlX1BnbaTCUERI1WrDXJrSacxdpdfxVZ36TZREPjIuTHdq%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77817bf8a9100b39-OSL
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Dec 2022 21:58:53 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2bbc2a332da069e062c141b6755efb07
e7cb19a32562264a6858b73f90caff1fe7887a29
5fad6e64460cced764a9d312bc67cf858e5b28e5b2e107dc790bc5973f1ecd1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 74d82b5960e5e12af402b01fa10b0829
4b80baad99eaafa43a8a78dbcd8e0df4141b3dd7
328abed4a3d2ea1d745c64c5c40925ae5efca25846d2e1c8457a030347473b51
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-135952122-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 2c5384bc4e1f5456328fdcfa692e8407
f412953bb78ce1c8af3f87f08f18879bb847c334
617fe5b4a51396918f567fedd13f0ac910f0a1d18c082da9be2f3d915961cd3b
GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 11 Dec 2022 21:58:53 GMT
expires: Sun, 11 Dec 2022 21:58:53 GMT
cache-control: private, max-age=900
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43635
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
qj.wimplesbooklet.com/1clkn/29529
172.255.6.246200 OK 26 B URL HTTP/1.1 qj.wimplesbooklet.com/1clkn/29529
IP 172.255.6.246:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/29529 HTTP/1.1
Host: qj.wimplesbooklet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 21:58:53 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 12-Dec-2022 21:58:53 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Mon, 12-Dec-2022 21:58:53 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 74d82b5960e5e12af402b01fa10b0829
4b80baad99eaafa43a8a78dbcd8e0df4141b3dd7
328abed4a3d2ea1d745c64c5c40925ae5efca25846d2e1c8457a030347473b51
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2bbc2a332da069e062c141b6755efb07
e7cb19a32562264a6858b73f90caff1fe7887a29
5fad6e64460cced764a9d312bc67cf858e5b28e5b2e107dc790bc5973f1ecd1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8fea2d3bcb0ff2ae2719d151626aedd2
4f463254293dca1a96e4e4f572599f3bc20fb1ea
b0752251cd001fbc22d3693295c253dbc276bd2a5ca0b3bae51ed48a69f88d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B0752251CD001FBC22D3693295C253DBC276BD2A5CA0B3BAE51ED48A69F88D49"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2110
Expires: Sun, 11 Dec 2022 22:34:03 GMT
Date: Sun, 11 Dec 2022 21:58:53 GMT
Connection: keep-alive
a.vdo.ai/core/v-exee-app/vdo.ai.js
172.64.105.3301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/v-exee-app/vdo.ai.js
IP 172.64.105.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/v-exee-app/vdo.ai.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 21:58:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 11 Dec 2022 22:58:53 GMT
Location: https://a.vdo.ai/core/v-exee-app/vdo.ai.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F6etGEw1mOOlXRfVBw6QwnEMdBvsyjYK%2FindaOvd81fKWWRdLcNOg3HhV9BVfgTOSCyQgjVnUDEZMJoOhtH6zn3I9ZOyL9GxAfmq2xFt7f%2Fdk250tpSaNlSZIg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77817bf9e99975bd-LHR
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dc2b4d77e5a3f58cf290e2836e13138a
46e445967430cd03e746a4662594b795f3731934
84fb5e5a676bd0a52c8b13d298acbc4792e9829d094abc2c6075b813ddccddf9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "84FB5E5A676BD0A52C8B13D298ACBC4792E9829D094ABC2C6075B813DDCCDDF9"
Last-Modified: Fri, 09 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9429
Expires: Mon, 12 Dec 2022 00:36:02 GMT
Date: Sun, 11 Dec 2022 21:58:53 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8fea2d3bcb0ff2ae2719d151626aedd2
4f463254293dca1a96e4e4f572599f3bc20fb1ea
b0752251cd001fbc22d3693295c253dbc276bd2a5ca0b3bae51ed48a69f88d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B0752251CD001FBC22D3693295C253DBC276BD2A5CA0B3BAE51ED48A69F88D49"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2110
Expires: Sun, 11 Dec 2022 22:34:03 GMT
Date: Sun, 11 Dec 2022 21:58:53 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7d7d32ac5320d741b3763e2a56c171fd
6b96fb9b49ced7635332c282e8343b03102093b5
f63c09c36d4cb17e3781a90118de486b23ee5e33ec96f63ba1b2f3826a4dc9ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F63C09C36D4CB17E3781A90118DE486B23EE5E33EC96F63BA1B2F3826A4DC9AB"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11867
Expires: Mon, 12 Dec 2022 01:16:40 GMT
Date: Sun, 11 Dec 2022 21:58:53 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7d7d32ac5320d741b3763e2a56c171fd
6b96fb9b49ced7635332c282e8343b03102093b5
f63c09c36d4cb17e3781a90118de486b23ee5e33ec96f63ba1b2f3826a4dc9ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F63C09C36D4CB17E3781A90118DE486B23EE5E33EC96F63BA1B2F3826A4DC9AB"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11867
Expires: Mon, 12 Dec 2022 01:16:40 GMT
Date: Sun, 11 Dec 2022 21:58:53 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 784e0439ec6be7b4ca1312cd7cfae85b
18dad06db451855d3009aa3207d868895c577666
6369a3e27c976088b4dda95da9422fdb201979fedfcb4edf9db60089fd9ea53b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 784e0439ec6be7b4ca1312cd7cfae85b
18dad06db451855d3009aa3207d868895c577666
6369a3e27c976088b4dda95da9422fdb201979fedfcb4edf9db60089fd9ea53b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
216.58.207.227200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:56:07 GMT
expires: Tue, 05 Dec 2023 18:56:07 GMT
cache-control: public, max-age=31536000
age: 529366
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:52:41 GMT
expires: Tue, 05 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 529572
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
keterrehepren.xyz/eFdIcTZXaCsCCy8TGUB7Eyc7M3cxFi0mQT0VGQEDIRYZP3QgZ24FXxxqcEMETWV8V0YRM3VAEAsjKQVDC2p5V18WMSdMEA5qeV8FTHl7QBhJcT1MB14jOBBRRWZuAUIMO3VAAE9nf0gDQWR6QAdK
172.67.140.50204 No Content 0 B URL HTTP/2 keterrehepren.xyz/eFdIcTZXaCsCCy8TGUB7Eyc7M3cxFi0mQT0VGQEDIRYZP3QgZ24FXxxqcEMETWV8V0YRM3VAEAsjKQVDC2p5V18WMSdMEA5qeV8FTHl7QBhJcT1MB14jOBBRRWZuAUIMO3VAAE9nf0gDQWR6QAdK
IP 172.67.140.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eFdIcTZXaCsCCy8TGUB7Eyc7M3cxFi0mQT0VGQEDIRYZP3QgZ24FXxxqcEMETWV8V0YRM3VAEAsjKQVDC2p5V18WMSdMEA5qeV8FTHl7QBhJcT1MB14jOBBRRWZuAUIMO3VAAE9nf0gDQWR6QAdK HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 21:58:53 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JyVhxiki895FY0FQMpYQJAo5JBhOj9k8%2BYWZujVUZs9fbqgtlCIElC6KSi%2FAVtNIra70UGn6KnpQWJCZAUkykfNq3khCPGNAUnUDan%2F3gl6kV1lw%2BxeLywohoTqpXiekEGS0jQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77817bfa78fa0b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 784e0439ec6be7b4ca1312cd7cfae85b
18dad06db451855d3009aa3207d868895c577666
6369a3e27c976088b4dda95da9422fdb201979fedfcb4edf9db60089fd9ea53b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
keterrehepren.xyz/cmE5TEldXlo/dCYbdz0dGDscfg8wUFF7CDoCfhsnBSlfOzkWB3gFbwYIXXFxSlgNdX1UEVAodENHSjgoBhRKcXhUCFcqJk9HT3F4XFINYnpDTwhqPE9QHzg5EwYEfW8CFU0gdENXDnx+S1QAf3tDVAk
172.67.140.50204 No Content 0 B URL HTTP/2 keterrehepren.xyz/cmE5TEldXlo/dCYbdz0dGDscfg8wUFF7CDoCfhsnBSlfOzkWB3gFbwYIXXFxSlgNdX1UEVAodENHSjgoBhRKcXhUCFcqJk9HT3F4XFINYnpDTwhqPE9QHzg5EwYEfW8CFU0gdENXDnx+S1QAf3tDVAk
IP 172.67.140.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cmE5TEldXlo/dCYbdz0dGDscfg8wUFF7CDoCfhsnBSlfOzkWB3gFbwYIXXFxSlgNdX1UEVAodENHSjgoBhRKcXhUCFcqJk9HT3F4XFINYnpDTwhqPE9QHzg5EwYEfW8CFU0gdENXDnx+S1QAf3tDVAk HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 21:58:53 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RrtW%2B7nHY%2Bb6WSQEEUPt4LM5NFXJj1K0agFWbOKUCvZYcrjWll2fgS9QN4dGwUI9LA8draXy4WkBWL0KC1GqlOViDcSd%2FOa93tTDfYbchY43MhzTkgJjr%2BDKg%2FxAZA6P3yJ5SQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77817bfa991e0b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
keterrehepren.xyz/VzhDelZ4ByAJawV+LzY3Eg00Gw4dXCdJECJbck9hMX83X2QVbRtCcCNRJ0duYwtxTGdxSCoea2YAZQkiNkw2CWtmHioUMDgFZQxrZhZzVGR5CmUPa2YeNwo3MAVyXCYjTC9HZ2EPc01vYgFwSGdhAQ
172.67.140.50204 No Content 0 B URL HTTP/2 keterrehepren.xyz/VzhDelZ4ByAJawV+LzY3Eg00Gw4dXCdJECJbck9hMX83X2QVbRtCcCNRJ0duYwtxTGdxSCoea2YAZQkiNkw2CWtmHioUMDgFZQxrZhZzVGR5CmUPa2YeNwo3MAVyXCYjTC9HZ2EPc01vYgFwSGdhAQ
IP 172.67.140.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VzhDelZ4ByAJawV+LzY3Eg00Gw4dXCdJECJbck9hMX83X2QVbRtCcCNRJ0duYwtxTGdxSCoea2YAZQkiNkw2CWtmHioUMDgFZQxrZhZzVGR5CmUPa2YeNwo3MAVyXCYjTC9HZ2EPc01vYgFwSGdhAQ HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 21:58:53 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RTx%2BrNclcdaKGXINDR8m4scgCzJqEw6F5sXl6G9TI0RIRDQyjTzzgp1nU5P0UlFXOD7XFysvhGWinxCkC%2Bxt22jQYKcgawJYtbdnr0RL4uPQAyCh%2Bbl9%2BFUsvERUbCMIB%2F1n8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77817bfab9300b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dc2b4d77e5a3f58cf290e2836e13138a
46e445967430cd03e746a4662594b795f3731934
84fb5e5a676bd0a52c8b13d298acbc4792e9829d094abc2c6075b813ddccddf9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "84FB5E5A676BD0A52C8B13D298ACBC4792E9829D094ABC2C6075B813DDCCDDF9"
Last-Modified: Fri, 09 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9428
Expires: Mon, 12 Dec 2022 00:36:02 GMT
Date: Sun, 11 Dec 2022 21:58:54 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d8b6288aa182c59316c39ea8777fd31c
7e3a9cb2ee6f53c063161b881f99ab8b20851252
d188c187297ca0c01966dbc10159090ebbe8e0c96f5d7adc725fc2d3ee25f9c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4215
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:54 GMT
Last-Modified: Sun, 11 Dec 2022 20:48:39 GMT
Server: ECS (amb/6BB0)
X-Cache: HIT
Content-Length: 280
superjuryger.xyz/WjFMT1U7Uy8iajsMLmkgKF1xamccFH4JMWtCPTkhaQchKGYuAC5hNjZeOSszKF4iO3s0VDhqZxxCGyUfA2IbOGACZRU5ACMELh8dCGQVKCEpUgonbQ1yPyIUM14cCyIpeAg4GAx9ICg2PHB0LhcJRXkpP2pmHChsNVM7DmICdXV/BjAILwBmCFUqCRhien0JIBxyO3oUIHQcAAYPeAN+Jmh9HnslC3l4dxENVSoBLxd3AiNhb1MKezYYAhZ6Bg1WDywRbncCCQxpYSR2cGh3DQgyNHYEdxQ7eSQsMRt7dSo8bxR+CRQdVml9FxhlHQo3HUkqCBc+QCkdBylzImJkbH0idxQ7dT8uMy10FioTIkcECD09YhsoFgpIOx8YDAB1KiwqXg0iOW9pCzwWO2Y0KjQ2YDQAIjEJFBwXKWkkOBE7eTQMNDJgOCsTahcmPDo0QXEYFz5kfQIybncCGAYzQAc
108.139.15.84200 OK 1.2 kB URL HTTP/1.1 superjuryger.xyz/WjFMT1U7Uy8iajsMLmkgKF1xamccFH4JMWtCPTkhaQchKGYuAC5hNjZeOSszKF4iO3s0VDhqZxxCGyUfA2IbOGACZRU5ACMELh8dCGQVKCEpUgonbQ1yPyIUM14cCyIpeAg4GAx9ICg2PHB0LhcJRXkpP2pmHChsNVM7DmICdXV/BjAILwBmCFUqCRhien0JIBxyO3oUIHQcAAYPeAN+Jmh9HnslC3l4dxENVSoBLxd3AiNhb1MKezYYAhZ6Bg1WDywRbncCCQxpYSR2cGh3DQgyNHYEdxQ7eSQsMRt7dSo8bxR+CRQdVml9FxhlHQo3HUkqCBc+QCkdBylzImJkbH0idxQ7dT8uMy10FioTIkcECD09YhsoFgpIOx8YDAB1KiwqXg0iOW9pCzwWO2Y0KjQ2YDQAIjEJFBwXKWkkOBE7eTQMNDJgOCsTahcmPDo0QXEYFz5kfQIybncCGAYzQAc
IP 108.139.15.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Hash 1923a51a8560539aa0efc2304c9f06c6
d01c473efcae942f91b68be25183c343a8262b91
cbcfe44d3610f6584bc742cbe75e3b278e05793778c6b96f22c4f6220275ab7d
GET /WjFMT1U7Uy8iajsMLmkgKF1xamccFH4JMWtCPTkhaQchKGYuAC5hNjZeOSszKF4iO3s0VDhqZxxCGyUfA2IbOGACZRU5ACMELh8dCGQVKCEpUgonbQ1yPyIUM14cCyIpeAg4GAx9ICg2PHB0LhcJRXkpP2pmHChsNVM7DmICdXV/BjAILwBmCFUqCRhien0JIBxyO3oUIHQcAAYPeAN+Jmh9HnslC3l4dxENVSoBLxd3AiNhb1MKezYYAhZ6Bg1WDywRbncCCQxpYSR2cGh3DQgyNHYEdxQ7eSQsMRt7dSo8bxR+CRQdVml9FxhlHQo3HUkqCBc+QCkdBylzImJkbH0idxQ7dT8uMy10FioTIkcECD09YhsoFgpIOx8YDAB1KiwqXg0iOW9pCzwWO2Y0KjQ2YDQAIjEJFBwXKWkkOBE7eTQMNDJgOCsTahcmPDo0QXEYFz5kfQIybncCGAYzQAc HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1197
Connection: keep-alive
Date: Sun, 11 Dec 2022 21:58:53 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 7215ed8d33cf8b90bf39beeb866c1404.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ATL58-P2
X-Amz-Cf-Id: 71Vv8o7KnCB3FjPvGgV-vaA6Eu5U3zsm4wDJ_ikfaD0ETzEQE77tCg==
fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
192.243.59.13200 OK 13 kB URL HTTP/1.1 fightingcowardlycoffin.com/f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37186), with no line terminators
Hash 2095b9e7f16b4ffff59ad34890ccb848
de0442c1a46e24b9f159ebae8241fef29fbe0649
fd649029ac030164f169316be7e10980459dac193378bd320a3c19d02f619b45
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /f5/85/f6/f585f65c6c65123b95dd09be324de3bb.js HTTP/1.1
Host: fightingcowardlycoffin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 11 Dec 2022 21:58:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a845b2affd4af1c3f2905dc42695d203
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
superjuryger.xyz/SkJuQVcrIA0saCt/DGciOC5TZGUMZ1wHM3sxHzcjeXQDJmQ+cwxvNCYtGyUxOC0ANXkkJxpkZQwMNxknJyZcIhQMEwkTAAgXOgA8OiQ7cT8eEDgPHw8AOxgUGAQmBDwDcTg4YwgABHEwAnM7AAEhISEJFQQjOxcgAQQJKhAYci8SFBsIJhdmDwUsEz8oE14EAQklBSIALQM5AD8TDSo5Yx8ALBcfDjUKChQtdi8FLzkOLwduHw84CwcZKSAHAXopIAUvIQYqJmccFwIXBQwAJBIBHAQiFzsmGjwEPCEXAhcFDhNWGwIcFAgXAxwBO3E4LxM4DxIZEUMTBBwUKwgSDAg7CBI+FT8qOxgXXg8RHDU3JxUYNScTEi0lPBczGxECGxAccywnAQ8hLAIWLQYrEDAQGl8QLxwuKBEEDyYsBxIuGkgrJCUsHnwjfxJYFTA7GC8kZD1z
108.139.15.84200 OK 1.2 kB URL HTTP/1.1 superjuryger.xyz/SkJuQVcrIA0saCt/DGciOC5TZGUMZ1wHM3sxHzcjeXQDJmQ+cwxvNCYtGyUxOC0ANXkkJxpkZQwMNxknJyZcIhQMEwkTAAgXOgA8OiQ7cT8eEDgPHw8AOxgUGAQmBDwDcTg4YwgABHEwAnM7AAEhISEJFQQjOxcgAQQJKhAYci8SFBsIJhdmDwUsEz8oE14EAQklBSIALQM5AD8TDSo5Yx8ALBcfDjUKChQtdi8FLzkOLwduHw84CwcZKSAHAXopIAUvIQYqJmccFwIXBQwAJBIBHAQiFzsmGjwEPCEXAhcFDhNWGwIcFAgXAxwBO3E4LxM4DxIZEUMTBBwUKwgSDAg7CBI+FT8qOxgXXg8RHDU3JxUYNScTEi0lPBczGxECGxAccywnAQ8hLAIWLQYrEDAQGl8QLxwuKBEEDyYsBxIuGkgrJCUsHnwjfxJYFTA7GC8kZD1z
IP 108.139.15.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Hash 73144f3c9e4493d25d54f8d6e3aa013c
cb1443b11d572fbef49da9952f54a7a8b6e67af3
675e44b0681b7d16a4824f2616451551f67092258addeb01f205f142c100cdd8
GET /SkJuQVcrIA0saCt/DGciOC5TZGUMZ1wHM3sxHzcjeXQDJmQ+cwxvNCYtGyUxOC0ANXkkJxpkZQwMNxknJyZcIhQMEwkTAAgXOgA8OiQ7cT8eEDgPHw8AOxgUGAQmBDwDcTg4YwgABHEwAnM7AAEhISEJFQQjOxcgAQQJKhAYci8SFBsIJhdmDwUsEz8oE14EAQklBSIALQM5AD8TDSo5Yx8ALBcfDjUKChQtdi8FLzkOLwduHw84CwcZKSAHAXopIAUvIQYqJmccFwIXBQwAJBIBHAQiFzsmGjwEPCEXAhcFDhNWGwIcFAgXAxwBO3E4LxM4DxIZEUMTBBwUKwgSDAg7CBI+FT8qOxgXXg8RHDU3JxUYNScTEi0lPBczGxECGxAccywnAQ8hLAIWLQYrEDAQGl8QLxwuKBEEDyYsBxIuGkgrJCUsHnwjfxJYFTA7GC8kZD1z HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1192
Connection: keep-alive
Date: Sun, 11 Dec 2022 21:58:54 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 35ccb6cc125c2f90120be4104c394baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ATL58-P2
X-Amz-Cf-Id: zaTDWrT0-AJn3gxvIBYYCryG2eK3xV6-tjamDOLPz1ZdzSH2KNOHzQ==
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7d7d32ac5320d741b3763e2a56c171fd
6b96fb9b49ced7635332c282e8343b03102093b5
f63c09c36d4cb17e3781a90118de486b23ee5e33ec96f63ba1b2f3826a4dc9ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F63C09C36D4CB17E3781A90118DE486B23EE5E33EC96F63BA1B2F3826A4DC9AB"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11866
Expires: Mon, 12 Dec 2022 01:16:40 GMT
Date: Sun, 11 Dec 2022 21:58:54 GMT
Connection: keep-alive
superjuryger.xyz/utx?cb=SyQMIz7Y38gs&top=exee.app&tid=889494
108.139.15.84204 No Content 0 B URL HTTP/2 superjuryger.xyz/utx?cb=SyQMIz7Y38gs&top=exee.app&tid=889494
IP 108.139.15.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=SyQMIz7Y38gs&top=exee.app&tid=889494 HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 21:58:54 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 11 Dec 2022 21:59:54 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 f191c7ddc7f4299b09e1d20e7caf0344.cloudfront.net (CloudFront)
x-amz-cf-pop: ATL58-P2
x-amz-cf-id: IgQwT6kkOLYX1kRhq37gIOTKXKblcYCEpCt2lo4Y4_RkTmJa6CR90w==
X-Firefox-Spdy: h2
superjuryger.xyz/REtROUclKTJUeCV2Mx8yNidsHHUCbmN/I3U4IE8zd308XnQwejMXJCgkJF0hNiQ/TWkqLiUcdQIcBlQVAhgEbHIHMiJPIi1/H3AfFnIzVSN3LWJrfwAhCFQMPTsLcQQBIx1ACXcEOH8uAhoIfx49fzRwHxZ6N3ggLwEocykVIhBXDSkvB2A+IyMefys8KSt4cBMYNlQXPgYYchQsLDB6DTMRYm9idg0HVxEsBjt0DA0YCEAMEQ1iXBQ3PgBhI3EvFkkMIBwpCwABDWJcEw0xElcJfRIWUiodAyUIDigBKVsPHRIAYSNxBShBBSAsOQkmKA0jXBA8bmN/ESpmBEwOACABcio8eBl/HXUuGW82EhMHDR4DIwRwPgV4AU4ONQYGeygNJQMMJAwZBGA9PH8wTmEuOD5XN3kSOV0yA3kiXX81CB0
108.139.15.84200 OK 1.2 kB URL HTTP/1.1 superjuryger.xyz/REtROUclKTJUeCV2Mx8yNidsHHUCbmN/I3U4IE8zd308XnQwejMXJCgkJF0hNiQ/TWkqLiUcdQIcBlQVAhgEbHIHMiJPIi1/H3AfFnIzVSN3LWJrfwAhCFQMPTsLcQQBIx1ACXcEOH8uAhoIfx49fzRwHxZ6N3ggLwEocykVIhBXDSkvB2A+IyMefys8KSt4cBMYNlQXPgYYchQsLDB6DTMRYm9idg0HVxEsBjt0DA0YCEAMEQ1iXBQ3PgBhI3EvFkkMIBwpCwABDWJcEw0xElcJfRIWUiodAyUIDigBKVsPHRIAYSNxBShBBSAsOQkmKA0jXBA8bmN/ESpmBEwOACABcio8eBl/HXUuGW82EhMHDR4DIwRwPgV4AU4ONQYGeygNJQMMJAwZBGA9PH8wTmEuOD5XN3kSOV0yA3kiXX81CB0
IP 108.139.15.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3021), with no line terminators
Hash 982ce163ec376140fcdcc6fda23c2aef
341af58152917e27d8e2e6dc320b1c6d2216e402
f37ad7c11277da9739c54853511d64c4d4574486b122c296d4086c219397c321
GET /REtROUclKTJUeCV2Mx8yNidsHHUCbmN/I3U4IE8zd308XnQwejMXJCgkJF0hNiQ/TWkqLiUcdQIcBlQVAhgEbHIHMiJPIi1/H3AfFnIzVSN3LWJrfwAhCFQMPTsLcQQBIx1ACXcEOH8uAhoIfx49fzRwHxZ6N3ggLwEocykVIhBXDSkvB2A+IyMefys8KSt4cBMYNlQXPgYYchQsLDB6DTMRYm9idg0HVxEsBjt0DA0YCEAMEQ1iXBQ3PgBhI3EvFkkMIBwpCwABDWJcEw0xElcJfRIWUiodAyUIDigBKVsPHRIAYSNxBShBBSAsOQkmKA0jXBA8bmN/ESpmBEwOACABcio8eBl/HXUuGW82EhMHDR4DIwRwPgV4AU4ONQYGeygNJQMMJAwZBGA9PH8wTmEuOD5XN3kSOV0yA3kiXX81CB0 HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1174
Connection: keep-alive
Date: Sun, 11 Dec 2022 21:58:54 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 bae6de0befe82416d15a4f0db2e42a20.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ATL58-P2
X-Amz-Cf-Id: FnnaMfyGJZgqxRxFsTMmvxlIZBkKNyrB2z-vRxAs9m4l5puKxgsA6A==
superjuryger.xyz/utx?cb=GptoUHqbV9qE&top=exee.app&tid=822524
108.139.15.84204 No Content 0 B URL HTTP/2 superjuryger.xyz/utx?cb=GptoUHqbV9qE&top=exee.app&tid=822524
IP 108.139.15.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=GptoUHqbV9qE&top=exee.app&tid=822524 HTTP/1.1
Host: superjuryger.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 11 Dec 2022 21:58:54 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://exee.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 11 Dec 2022 21:59:54 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 f191c7ddc7f4299b09e1d20e7caf0344.cloudfront.net (CloudFront)
x-amz-cf-pop: ATL58-P2
x-amz-cf-id: 8PKAA_4Ze1v_l42Qkc_E-jy_OBdeLxl2YNty2fvVurvD-hy296zNSg==
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.173.27200 OK 357 B IP 172.64.173.27:0
File type ASCII text, with no line terminators
Hash 6fb0356b7fc185b35a53a5882dab9216
19a3bb03f3c6a9b736087038fe14280d63103a71
7d4e35390298babc560e74482466c3457bd120fd8610bd046dfb1be387d9834a
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Dec 2022 21:58:54 GMT
content-type: text/plain
set-cookie: csu=1764158848936063@1@1670795934; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cl4HPnO%2FFzyXUwS4FRBscJ7UuCarVSnwqw6JZ%2BdhJe0CdQKk6nwrY9bdFV%2B401ia6RTGhURpjCx%2FPvRF5MG41V8AbQD25LF6w9wk3l9jYc%2BBqEg%2FyQQxt6fCuvy6YzP9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77817bfbbd7124b5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.140.24200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.140.24:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 21:58:54 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: d8c9975b9fbe37cada4c450d4161138c
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sun, 11 Dec 2022 21:58:54 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ODic%2FU5BNOphFRBdkuxKFflHgT3se1Yviref3TPUAsusiq6Sd1BKqTnZaGqgqfypqU%2F0PLiD2VYdtiGgeUFvL%2B6g7sTXpAPptQJp3isDLncONVxoM%2B%2BQMXCjBYQXuQDQhzU4i1M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77817bfc7d0b240c-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8db5e5fdd6de1be318e1e2eb919fb0e7
8258c78d87a302be368193b851b55c8e32107c82
143d463b64c5b6772aa9f446e7ea1bb201fe8ce57b25779a6c99dd416a660c7f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 21:58:54 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Dec 2022 16:52:37 GMT
Expires: Thu, 15 Dec 2022 16:52:36 GMT
Etag: "8258c78d87a302be368193b851b55c8e32107c82"
Cache-Control: max-age=326621,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77817bfc7d8db529-OSL
pogothere.xyz/asd100.bin
172.64.173.27200 OK 103 kB IP 172.64.173.27:0
Size 103 kB (102680 bytes)
Hash 9c295dc49ec795dd45313253b0e6004b
650b6b226520b0be820a14596753a3603623c485
f46dd170d7e081790bd939b77325548aa1bba51a08cc6ffc2708075167398860
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 11 Dec 2022 21:58:54 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1
last-modified: Sun, 11 Dec 2022 21:58:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k3QkojDIC%2FTWWrpX16Rpszodtz6z1qchLIVw3pPMlESTUGPS%2F%2BjApggXAAPYYyWvM1tdoPZ%2BZPobVp9tvo6FLhLUiGC5lxvQPbwh5taTI2Fiwq2GWrqImdaL6pt%2B7Fm7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77817bfb0caa24b5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 146 kB IP 172.64.173.27:0
Size 146 kB (145973 bytes)
Hash dcb80cea14b1a3dafbe36577c2d25b19
14903f12f9c9dd1a0938e0919ed1f697e4c096df
856c9f0b0506710aff2388f102dc4c779f5eb752f8043ba124d5d587132dffde
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 11 Dec 2022 21:58:54 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Sun, 11 Dec 2022 21:58:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s768vh6mtJ5xbgiYbjRhrPIpmVws%2BqWll3tUCBvPGGKb2KYuQnMbhzo8bpUkugBDnU3mlxL%2BdMmnXcSa4vygXqJNFA5B3xr%2Bv%2BSIUCtnNnfwEXuWqRaV9NoXW7Fr0kYj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77817bfaec8924b5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d1sqvt36mg3t1b.cloudfront.net/sWjJYSWw5XTYvUy5bPHRUYgtscFh8WCsmAioPDwsIDwMVLlgcfA8aBSt5fj0WPg9obwA7XD90Sj9cO3RdfFM8K1FuFCw5AzEPOSUIO1s2LR4pQH48DWdfNzMFNl45bF4cB3Z5SWgCcD4FNFY3Ph9/AGgnGH8AaHhcdAJ9ei5/AGg+BTQEbGxfGBdqeRRsBn-16Ln8AaDsafwEZeFxvHGhgSWgCPywPMV19eypoAml5XGsCaWxealQxOwk8XSBsXhwDaHxCahQtdF0
54.230.245.152200 OK 610 B URL HTTP/1.1 d1sqvt36mg3t1b.cloudfront.net/sWjJYSWw5XTYvUy5bPHRUYgtscFh8WCsmAioPDwsIDwMVLlgcfA8aBSt5fj0WPg9obwA7XD90Sj9cO3RdfFM8K1FuFCw5AzEPOSUIO1s2LR4pQH48DWdfNzMFNl45bF4cB3Z5SWgCcD4FNFY3Ph9/AGgnGH8AaHhcdAJ9ei5/AGg+BTQEbGxfGBdqeRRsBn-16Ln8AaDsafwEZeFxvHGhgSWgCPywPMV19eypoAml5XGsCaWxealQxOwk8XSBsXhwDaHxCahQtdF0
IP 54.230.245.152:0
File type ASCII text, with very long lines (875), with no line terminators
Hash a805f5161554a6f531d9e4b891e7a6c1
4b966de447dc2932daf018a85a16a416f9d9345a
08a7552c67a844ded17b385d34ee024bd636e9f67f8fc4fe5f6f66fca147eea5
GET /sWjJYSWw5XTYvUy5bPHRUYgtscFh8WCsmAioPDwsIDwMVLlgcfA8aBSt5fj0WPg9obwA7XD90Sj9cO3RdfFM8K1FuFCw5AzEPOSUIO1s2LR4pQH48DWdfNzMFNl45bF4cB3Z5SWgCcD4FNFY3Ph9/AGgnGH8AaHhcdAJ9ei5/AGg+BTQEbGxfGBdqeRRsBn-16Ln8AaDsafwEZeFxvHGhgSWgCPywPMV19eypoAml5XGsCaWxealQxOwk8XSBsXhwDaHxCahQtdF0 HTTP/1.1
Host: d1sqvt36mg3t1b.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://superjuryger.xyz/
HTTP/1.1 200 OK
Content-Length: 610
Connection: keep-alive
Date: Sun, 11 Dec 2022 21:58:54 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: v9IyjZ0EOQOoiV7vPGVNSMgZ1yk6a1PIbdKMj8bU2qFWfXiJiGeSVw==
datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
139.45.195.253200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 900
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 11 Dec 2022 21:58:54 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: http://exee.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
d1sqvt36mg3t1b.cloudfront.net/NYXpmd2cCFQgRWBUTAkpfU0hTRVNHEBUYCRFHEkI3Vy4BBj0gH1UAVkcOHBNaUVwKFgkGR0ASCQJHV1EGBRhbQ0EVCgkcWgAWAhYODx4UBBVHDwdKCg4ADxsLAF9UMVJPSkNFV0kNDxkDDg0VUlVRFBJSVVFLVllXREkkUlVRDQ8ZUVVfVTVCU0oeQVNESS-RSVVEIEFJUIEtWQklRU0NFVwYfBRwIREggRVdQSlZGV1BfVEcBCAgDEQgZX1QxVlFPSEdBFEdX
54.230.245.152200 OK 516 B URL HTTP/1.1 d1sqvt36mg3t1b.cloudfront.net/NYXpmd2cCFQgRWBUTAkpfU0hTRVNHEBUYCRFHEkI3Vy4BBj0gH1UAVkcOHBNaUVwKFgkGR0ASCQJHV1EGBRhbQ0EVCgkcWgAWAhYODx4UBBVHDwdKCg4ADxsLAF9UMVJPSkNFV0kNDxkDDg0VUlVRFBJSVVFLVllXREkkUlVRDQ8ZUVVfVTVCU0oeQVNESS-RSVVEIEFJUIEtWQklRU0NFVwYfBRwIREggRVdQSlZGV1BfVEcBCAgDEQgZX1QxVlFPSEdBFEdX
IP 54.230.245.152:0
File type ASCII text, with very long lines (705), with no line terminators
Hash e752c2e8b9d7dd31ae1714876dcf032b
3f50ffb690ab5ca1aec5d3915d9750bdd79d0e82
f71002a5b755e70dd6ad6c35c26acb70243be897d805d47236d754af37cc2a13
GET /NYXpmd2cCFQgRWBUTAkpfU0hTRVNHEBUYCRFHEkI3Vy4BBj0gH1UAVkcOHBNaUVwKFgkGR0ASCQJHV1EGBRhbQ0EVCgkcWgAWAhYODx4UBBVHDwdKCg4ADxsLAF9UMVJPSkNFV0kNDxkDDg0VUlVRFBJSVVFLVllXREkkUlVRDQ8ZUVVfVTVCU0oeQVNESS-RSVVEIEFJUIEtWQklRU0NFVwYfBRwIREggRVdQSlZGV1BfVEcBCAgDEQgZX1QxVlFPSEdBFEdX HTTP/1.1
Host: d1sqvt36mg3t1b.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://superjuryger.xyz/
HTTP/1.1 200 OK
Content-Length: 516
Connection: keep-alive
Date: Sun, 11 Dec 2022 21:58:54 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: y6V57hKJWoEV35vrvRt3BKr5zf7g3NE6H4NjTeehRbU7MxxlPCGd2Q==
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash f0b47065b11cbea51cb76d12a9bfa1fb
e4297c96b6395dd7d35cac31717d3153fb3d95a4
7e851c843752269d2e3efd2908be5074cdd273eb839bf91bb7fbf57dacba5855
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=144507
Date: Sun, 11 Dec 2022 21:58:54 GMT
Etag: "6395db96-1d7"
Expires: Tue, 13 Dec 2022 14:07:21 GMT
Last-Modified: Sun, 11 Dec 2022 13:31:02 GMT
Server: ECS (bsa/EB11)
X-Cache: Miss from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RWPpoCU2NiiQl0Za3jSK_KIczRy38GNMFG6xW2cszLHBn1wi9GHWZQ==
Age: 2179
d1sqvt36mg3t1b.cloudfront.net/WWmRFSUU5Cysvei4NIXR9bld3f3R8DjYmKypZHCEhLyN3OiFiFQYFYy4eIXR1fAgkJyJnQiAnJmdVYyghOFlxbzA7WSgmPzMIKShgaCJwZ3V/VnVhMjMKISYyKUF3eSsuQXd5dGpKdWx2GEF3eTIzCnN9YGkmYHt1IlJxbHYYQXd5NyxBdgh0alFreWx/Vn-UuIDkPKmx3HFZ1eHVqVXV4YGhUIyA3PwIqMWBoInR5cHRUYzx4aw
54.230.245.152200 OK 189 B URL HTTP/1.1 d1sqvt36mg3t1b.cloudfront.net/WWmRFSUU5Cysvei4NIXR9bld3f3R8DjYmKypZHCEhLyN3OiFiFQYFYy4eIXR1fAgkJyJnQiAnJmdVYyghOFlxbzA7WSgmPzMIKShgaCJwZ3V/VnVhMjMKISYyKUF3eSsuQXd5dGpKdWx2GEF3eTIzCnN9YGkmYHt1IlJxbHYYQXd5NyxBdgh0alFreWx/Vn-UuIDkPKmx3HFZ1eHVqVXV4YGhUIyA3PwIqMWBoInR5cHRUYzx4aw
IP 54.230.245.152:0
File type ASCII text, with no line terminators
Hash a263c758853d47fcf262ce70c84cddd6
798ece43726418bd5c51a09cc72a29fdb453ca3a
8babc9568f200d51485625462fc7d03f3f6064c063913a7efc98cddc3a6bdb3d
GET /WWmRFSUU5Cysvei4NIXR9bld3f3R8DjYmKypZHCEhLyN3OiFiFQYFYy4eIXR1fAgkJyJnQiAnJmdVYyghOFlxbzA7WSgmPzMIKShgaCJwZ3V/VnVhMjMKISYyKUF3eSsuQXd5dGpKdWx2GEF3eTIzCnN9YGkmYHt1IlJxbHYYQXd5NyxBdgh0alFreWx/Vn-UuIDkPKmx3HFZ1eHVqVXV4YGhUIyA3PwIqMWBoInR5cHRUYzx4aw HTTP/1.1
Host: d1sqvt36mg3t1b.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://superjuryger.xyz/
HTTP/1.1 200 OK
Content-Length: 189
Connection: keep-alive
Date: Sun, 11 Dec 2022 21:58:54 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: _HsXeI2m1kISvm9ypp9Kb4k3-x5xfGtuHZJ0CIeLLVEI2OqKCoWsgg==
simplewebanalysis.com/stats
18.195.193.92200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.195.193.92:0
File type ASCII text, with no line terminators
Hash 3a2e255f7146c4a0cd213dac7131f13f
93955df228dbff3061d6ba758eaaddc6dcaafa73
238b7d59f63097e277da0c9f1be0d0662b6d783ae666c055333f0c009c157508
Analyzer Verdict Alert fortinet Malware
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 21:58:54 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
set-cookie: uid_id2=91ad29eb-7e6b-4389-935a-08f70cd917ec:2:1; expires=Wed, 08 Dec 2032 21:58:54 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e12bb655426d080117693ba116f398cf
8fe1f7f8d0b191baed2decba3523656da97077f5
2c25ba0d1c806de98d5489934acd8e2f17487e4f7e40c7f0d39094ce49f91b8d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3985
Cache-Control: max-age=130467
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:54 GMT
Etag: "63959db0-1d7"
Expires: Tue, 13 Dec 2022 10:13:21 GMT
Last-Modified: Sun, 11 Dec 2022 09:06:56 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3a1942bd2fc7c60d1cfffd1b72f202c1
2b95e8b0f97322d14ba4797016bf34314795771f
219bdf287c5cd0a9141d291c0d07db3831f095f2be854cbfe654ac57f2b7e49e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4036
Cache-Control: max-age=160040
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:54 GMT
Etag: "63961102-1d7"
Expires: Tue, 13 Dec 2022 18:26:14 GMT
Last-Modified: Sun, 11 Dec 2022 17:18:58 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 11 Dec 2022 20:41:08 GMT
expires: Sun, 11 Dec 2022 22:41:08 GMT
cache-control: public, max-age=7200
age: 4666
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
172.64.105.3301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
IP 172.64.105.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/dependencies_hbv4_latest/vdo.min.js?v=v2.2 HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 21:58:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 11 Dec 2022 22:58:54 GMT
Location: https://a.vdo.ai/core/dependencies_hbv4_latest/vdo.min.js?v=v2.2
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=215KvM9ZvA%2BToDFDdrvML6sbWQrgR7EQmPs60ibZhzEGOn04trQnaXy3Epmb6e5md9N1mL%2Bukrq6Ef0l4u3EmXI2S5rFlcZFKJePfBpw80H4L5qm6BcXT18DAw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77817bff0fe175bd-LHR
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4f59766c2fbd3c45359e028feba76529
01ca4b880afac47af0d6c0cd7d996ffccff57132
d54cf91ffbf4c5147cc6ea9c5cae537d3ae442513a34e9c1fe6a5169aa13174d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4f59766c2fbd3c45359e028feba76529
01ca4b880afac47af0d6c0cd7d996ffccff57132
d54cf91ffbf4c5147cc6ea9c5cae537d3ae442513a34e9c1fe6a5169aa13174d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
keterrehepren.xyz/popunder.gif
172.67.140.50301 Moved Permanently 0 B URL HTTP/1.1 keterrehepren.xyz/popunder.gif
IP 172.67.140.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: keterrehepren.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 21:58:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 11 Dec 2022 22:58:54 GMT
Location: https://keterrehepren.xyz/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D6yBdNFuvjkiD8kMqTMVFBzNzS6XpVvmdaUkbN%2FAyZU7BSbx90XX86TzbnEju4mP2qF6EU5xeO%2FX26Uix5HlcPVwgPhnf2w%2Bo%2BmwfXBPI%2FVCwDWk%2FBJ6kNOttE9vn6syGYOt0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77817bff5d67b527-OSL
alt-svc: h2=":443"; ma=60
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 402 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash 7a5147c33d35c69e912f38ee47017be1
3c5943ecdd8537065efb62a406be837c81306378
bafa732ea996496f5f57798cdce539110c36a6ef8b3c1d6695430a9856ea7981
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 11 Dec 2022 21:58:54 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1391926135%3A1670795934627205&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh7uXYlUnubTBxRf3NjV3GpFKR5WJ_5f0xZGbHHXmnxnMBrLlz-R7FjzCyzLu-MGaXkSV6bO_Q
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-54qkjPB7Q3s1W6HozY9JxQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 402
server: GSE
set-cookie: __Host-GAPS=1:759yARWXAESQVcW0FcuZXcXDUS70NA:_XZ7a7-9VqIt4UfM;Path=/;Expires=Tue, 10-Dec-2024 21:58:54 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 165cab5e8773c2efa14c92a3e9c175bd
b748989dd5e6d57aee46e27eb8eb2c377e736550
a704116ea736ca16ace060115930624785b33e0f0ba8819e60406336561ced34
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A704116EA736CA16ACE060115930624785B33E0F0BA8819E60406336561CED34"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3294
Expires: Sun, 11 Dec 2022 22:53:48 GMT
Date: Sun, 11 Dec 2022 21:58:54 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 392 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 59f6ba093db84bdd2bc4be4fdfe41d6c
3f0f9051c6ca884906a3823cc6e1f7e1814499e2
05adf7d55590f3ad270560efdd5ae0d5687066408e3b48eaee25cc0de20f626f
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 11 Dec 2022 21:58:54 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1627703517%3A1670795934635126&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5nlutlKuDlXz_dM6N3xtOh00GHYKjdrKRk9xG4GxC2qvTnIFvBxhOrsJ7ueAiorZ_YgQh7Yw
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-JBQUdhJKgwg0KfLIA23cDA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:4HoBfd-GUWaz_5O8mEbG49EYX31_gQ:NeoHy_7HM0sghTs6;Path=/;Expires=Tue, 10-Dec-2024 21:58:54 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7064f6619ec94ac742915441ddf9be63
07864ef6316dfb3bfd38d602d2c38d237da8e61e
501f0b2261360de41668fde33f0518321c9335d5e1eab0f4a1014f75e061cca1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 165cab5e8773c2efa14c92a3e9c175bd
b748989dd5e6d57aee46e27eb8eb2c377e736550
a704116ea736ca16ace060115930624785b33e0f0ba8819e60406336561ced34
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A704116EA736CA16ACE060115930624785B33E0F0BA8819E60406336561CED34"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3294
Expires: Sun, 11 Dec 2022 22:53:48 GMT
Date: Sun, 11 Dec 2022 21:58:54 GMT
Connection: keep-alive
pogothere.xyz/
172.64.173.27200 OK 28 B IP 172.64.173.27:0
File type ASCII text, with no line terminators
Hash 1baf323d6ee5c358eaaf613cd0038f93
fefb4b65d63e307da8a4d7319f6ec26f35316d76
265caa4ff7f367b78ccee8d2cc9a8711c670a291b0f1b19701229aa554ca078a
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 21:58:54 GMT
content-type: text/plain
set-cookie: csu=1276504735668420@1@1670795933; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://exee.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jx5GpqGZ4pC3Rz4WBS7OErkbUg4%2Fv0D3aSh%2B%2Fx207X82Yqp1SdWIvT3zaCm9CF06QF05yQcZqfyX6Uy3yp73guWWnuDyAoY7hITELUOV5tr1aCALjMScSkadqDCEP2iN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77817bfacc5424b5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3a1942bd2fc7c60d1cfffd1b72f202c1
2b95e8b0f97322d14ba4797016bf34314795771f
219bdf287c5cd0a9141d291c0d07db3831f095f2be854cbfe654ac57f2b7e49e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4036
Cache-Control: max-age=160040
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:54 GMT
Etag: "63961102-1d7"
Expires: Tue, 13 Dec 2022 18:26:14 GMT
Last-Modified: Sun, 11 Dec 2022 17:18:58 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
patrondescendantprecursor.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
173.233.137.36200 OK 29 kB URL HTTP/1.1 patrondescendantprecursor.com/e3/ed/da/e3edda287db626ee1ba52321f203a61e.js
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 94d249ab23bdd179d60ca6713fcb84f7
b9cdf97ba03bf95a133ee7a924d994fb581feb53
cc52f115c0eeccef938e9c22ac3b38a55022b4f76e3a87158bca114f96b5b0a8
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/ed/da/e3edda287db626ee1ba52321f203a61e.js HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 21:58:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 543fe4bbdc750cd45ddf5355bb0bcc48
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 30f11462333fc35d7561d81e16c39073
52109e02981889cb701cf4a83d8abe89c13ce1aa
ea0ae9e41454e65dd6a7f9e48197c453e0d85dd80976c2baefd7432f83375f84
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA0AE9E41454E65DD6A7F9E48197C453E0D85DD80976C2BAEFD7432F83375F84"
Last-Modified: Fri, 09 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16581
Expires: Mon, 12 Dec 2022 02:35:15 GMT
Date: Sun, 11 Dec 2022 21:58:54 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10823
Expires: Mon, 12 Dec 2022 00:59:17 GMT
Date: Sun, 11 Dec 2022 21:58:54 GMT
Connection: keep-alive
exee.app/fv.ico
104.21.48.127200 OK 2.0 kB IP 104.21.48.127:0
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 56f8c65042da56ec75d62afcce85eec1
a68e1b2e91b17e293a5fce157e5d40e9e00b4588
314c91564de25def1f61019062a8546f4d36e47c398836e98286f8c3c5ebe139
GET /fv.ico HTTP/1.1
Host: exee.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 21:58:54 GMT
content-type: image/x-icon
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Aug 2019 06:50:33 GMT
cache-control: max-age=31536000
expires: Tue, 17 Oct 2023 15:43:20 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4774534
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8gPoklXZP4I%2BzD4iT9hKNyI8w%2FATySvcvcp1GGElSOB4OXDfHSHbwWWBmvBwc5B6NdEqd%2FLaKN%2Fs29W6v715Jl7AneRwCzJGn2mEQgxhLzwCBu9BC43rEYt8WA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77817bffab1d0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10823
Expires: Mon, 12 Dec 2022 00:59:17 GMT
Date: Sun, 11 Dec 2022 21:58:54 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10823
Expires: Mon, 12 Dec 2022 00:59:17 GMT
Date: Sun, 11 Dec 2022 21:58:54 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10823
Expires: Mon, 12 Dec 2022 00:59:17 GMT
Date: Sun, 11 Dec 2022 21:58:54 GMT
Connection: keep-alive
analytics.vdo.ai/logger
172.64.105.3200 OK 4.5 kB IP 172.64.105.3:0
Hash 92f70cc5ddeda0733776cb2364a7f0b7
fb1f5a62b121476bde05a725a356e7c6501a0675
06fa9f1a8732c4a0c359de072ba14394b55d46c5c540e62d57d2184fb530a839
POST /logger HTTP/1.1
Host: analytics.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 124
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 21:58:54 GMT
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lgz9exFL8VYcuANzw8mH%2BW6TmRENF%2BiueVsmJZUNNMIPLS8cNicm%2B9Jp%2BsI3PyXMthPzCXRYeCcquFxoNUpa4683b4AhgZw%2FYS5fCn6sd%2FcERCRyDeOSxVWBT7Nh308YR8u2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77817bfd9c0a7413-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35586156-4c0f-4b7e-ade1-0373a473ecf2.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35586156-4c0f-4b7e-ade1-0373a473ecf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea3f48d55264e9000260f9076b1465de
f62e2445a3eecc698562b792c613de74fb77921a
2bc725ab7a45e573a10cf53050ecd79900eba2db14eb93fe4d206e4d7a7d4323
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35586156-4c0f-4b7e-ade1-0373a473ecf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5854
x-amzn-requestid: 53af7632-c8ac-4655-a424-076000e1aef2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c83JnGdFoAMF9cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63950570-72f4c342690eb06034e00954;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 22:17:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: beZLsCxEHJWPWmC_4IuRuyOgjPx7X7Y8cHm3iL-6VvXhsn-usz1ESg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 11:31:00 GMT
age: 37674
etag: "f62e2445a3eecc698562b792c613de74fb77921a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6bca12a-103c-4b98-a218-27a61f8d6951.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6bca12a-103c-4b98-a218-27a61f8d6951.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2020df3404a4b7c3e142af4a1330b848
2fe69b52fe03128e86550bf08474ecac82682384
37a52c158d5cfdf3589e19163cf446c02ce1466f444656080b02da82d2bcefae
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6bca12a-103c-4b98-a218-27a61f8d6951.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6311
x-amzn-requestid: 46ccaee0-bde8-4be6-9dc8-46e3ae356dc8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c8xUYH10oAMF8Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6394fc1b-2440251f06cb950a57489555;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 21:37:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UU3eyJXDqth6F65_913HL9lqA3qZHfGExAV89BRzHpQho5wZbQRTmw==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 21:38:41 GMT
age: 1213
etag: "2fe69b52fe03128e86550bf08474ecac82682384"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: e68bff96-83e0-471c-95ed-d9773d2354a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c82_MHywoAMFe_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6395052d-23c53ea949b7266822b23787;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 22:16:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rB0PKLb094bjVAHEBqTXaHZfBWD2F6q8AEt3KL3gDJ53Dd-3GzZwWg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 05:47:56 GMT
age: 58258
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31aca93e-2858-4933-b847-8f2f94143051.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31aca93e-2858-4933-b847-8f2f94143051.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8fb99efffa43a89258e8f6fa88b57b3d
af9e7836bb609a2fa5ada07bb46a547f007a70ac
117238c7ac845cb0b65576ea779bb64e6f93ea715eaa2df5a05338743646839c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31aca93e-2858-4933-b847-8f2f94143051.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9385
x-amzn-requestid: c465c6db-4228-4455-b5d5-0b6bec43928c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c8xkmGn7oAMFTnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6394fc83-1903b69055c1d5bc70c3adea;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 21:39:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lKEDn3cnl_JvdDKPiGN8h0w_O87ehwY0yn6NqZFNFejYsiDBRxO3NA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Dec 2022 22:03:46 GMT
age: 86108
etag: "af9e7836bb609a2fa5ada07bb46a547f007a70ac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f74a7ce-34b1-4cb6-a68f-8fd3dc0a2b9f.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f74a7ce-34b1-4cb6-a68f-8fd3dc0a2b9f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6fa9fe07664d7ecc189f2ec5e88d82ab
6c9476510cac4e1aa7f96e46f659381c95de5a53
4955b29a4c20466c6e2f342c6d6e2ff060fe4943005fab0a930ca587e99efa7d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f74a7ce-34b1-4cb6-a68f-8fd3dc0a2b9f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7269
x-amzn-requestid: 0ca02ec9-910e-427f-92d4-c6f2de1a3529
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c82piGjdIAMFSnQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639504a3-20c792da66e8398c655dafd4;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 22:13:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KJYhsEThKbSj5L2xMkKzWXYD9D3LDMhskjxIV2AHetWv4az2l4zSqQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 15:07:59 GMT
age: 24655
etag: "6c9476510cac4e1aa7f96e46f659381c95de5a53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 27 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (30548)
Hash 59eb4ad40dab54eec3b270fa884c9e95
b79a159cb1dc8daba1d04f59ef28458e01ffbd2c
e70b25e5cc3636a98ac7f75881edcb3a233ffcc1995bad72f945d90e1a68f372
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: wHYlFRsTB6CT6ui6HcJbZCD8swJ3n2Fecime6x++g9iWrTkaHc8+tHqAul+zU6sB+ic3A6jnH60OilU55WvYPQ==
date: Sun, 11 Dec 2022 21:58:54 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2F8uFwdK&tag=v-exee-app&domain=exee.app
172.64.104.3200 OK 4.2 kB URL HTTP/2 targeting.vdo.ai/allowed_url.php?type=json&url=exee.app%2F8uFwdK&tag=v-exee-app&domain=exee.app
IP 172.64.104.3:0
File type JSON data\012- , ASCII text, with very long lines (9656)
Hash 0d1f4b12be46737eea600288f18beba4
3f9bce01416eb6b32b6987fc1ca62e9b8578aaa1
113dfe56fc2aa3d587a6664cc1a570713b03a556030c2ad81ac13820a1917693
GET /allowed_url.php?type=json&url=exee.app%2F8uFwdK&tag=v-exee-app&domain=exee.app HTTP/1.1
Host: targeting.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 21:58:54 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RaTECGaFZ4AV0Shki8VPs8WalIoeKHYZp0Q3YvKbvJEwL%2F0iUOh%2F8MNz50luHKKUocDFf3b%2B5vrYZk4%2BJs%2BQc655AsN67m9TrfoZyuW%2BNIEOJeCjptsMPltgU8xcJ13sYatr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77817bfdbc157327-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
patrondescendantprecursor.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=91ad29eb-7e6b-4389-935a-08f70cd917ec%3A2%3A1
173.233.137.36200 OK 2.4 kB URL HTTP/1.1 patrondescendantprecursor.com/sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=91ad29eb-7e6b-4389-935a-08f70cd917ec%3A2%3A1
IP 173.233.137.36:0
File type JSON data\012- , ASCII text, with very long lines (5767), with no line terminators
Hash 0dfea31a9726b41db87832e35dd8e516
5d5085998c1fc239d7fcb3c12c350da3369625b0
84847b9d1301c081000aa85f5dcbe469c0263e6217a903a5c94edb144b2d787f
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=f585f65c6c65123b95dd09be324de3bb&uuid=91ad29eb-7e6b-4389-935a-08f70cd917ec%3A2%3A1 HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 21:58:55 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://exee.app
Access-Control-Allow-Origin: http://exee.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17869332; expires=Mon, 12 Dec 2022 21:58:54 GMT; secure; SameSite=None
uid_id2=91ad29eb-7e6b-4389-935a-08f70cd917ec:2:1; expires=Sun, 18 Dec 2022 21:58:54 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 12 Dec 2022 21:58:55 GMT; secure; SameSite=None
uncs=1; expires=Mon, 12 Dec 2022 21:58:55 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 12 Dec 2022 21:58:55 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 12 Dec 2022 21:58:55 GMT; secure; SameSite=None
slecf585f65c6c65123b95dd09be324de3bb=[3396716]; expires=Sun, 11 Dec 2022 21:59:00 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cb0cebb6bc6dc89461bbdb55a49eeeee
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/1.1 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20039
Date: Sun, 11 Dec 2022 20:23:10 GMT
Expires: Sun, 11 Dec 2022 22:23:10 GMT
Cache-Control: public, max-age=7200
Age: 5745
Last-Modified: Tue, 27 Sep 2022 22:01:05 GMT
Content-Type: text/javascript
imasdk.googleapis.com/js/sdkloader/ima3.js
216.58.207.234200 OK 127 kB URL HTTP/1.1 imasdk.googleapis.com/js/sdkloader/ima3.js
IP 216.58.207.234:0
File type ASCII text, with very long lines (2791)
Size 127 kB (126857 bytes)
Hash 21194044394ef476e44611727d8f00dd
ba7ffffa00243495b382bdef73a0561f0f47f05d
bc67b3ddd745e176311e8f19bc0f4881f232b8a12813e76adc65767a78866254
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Content-Length: 126857
Date: Sun, 11 Dec 2022 21:58:55 GMT
Expires: Sun, 11 Dec 2022 21:58:55 GMT
Cache-Control: private, max-age=900, stale-while-revalidate=3600
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
patrondescendantprecursor.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR9NYkguFHJRkFoxIWC01PV1dXdZRbBMUaC%2BRgmkdn6vqrnOa%2FrFe9VdfUMCIMBybLdiDtrTs8HiUEScCtIjyAyINgK0qDzB1yJkJUL6ZmG1ruoe0%2Bduzjn3PfpXnFKfBR0unbT7Cit6UpU92uvb6hUmNLVbt2tBX7dv1zbUGmrebk2mH1s%2F63Aj%2Br%2BG7X3JN8yKw0%2F8P3AD2rXlJWJGaycsVDZoziox3692agHURMD%2B3%2FsCg%2BOehD9U%2FIilJg8s%2FnjEyg%2BRtp7fFW6rdxkb77bKzTNjUVfHH2QbqWmTNFbjIn1kKRH820YNyHkiyWY9GjuAKa%2FP3MApibE%2By0AS4%2FmMsH6B%2BdKmYZMwcRzKPtjSD2GomNwcw9K%2FEwALnDrNtLe4S1jS7p9ztIZOyEXn%2F4NVU7IxT8uIe19varVoHbH6CJXJnUYJBXUYAzVHSMrjpHveFDlMXj%2BCZT4iaw8vYG0t3%2FbaQMlpq%2FFARWNWLLltmyx5WbYiZfjMKLLfidp%2B1zEQVvys4iUGkMlY2g5BHVLKJyHQnkoEg9F5qEnpjUaxYnvtxOWhGGnyTkPQ86jTktEImx2Eh8Fn3kYIs%2BG4HoIbneR2V1sqSFs8R3cZgUnPLicoC8qlJKgdAQlJSgVQZkTlP3qQGjXcNWh0K5gwbw35j2sRibv7tEDk3dlSvayU%2FLCLDjv%2BYeXsCWntSTqREkr4i3eioJGyOJICD9mMmw0hQwZg1MVlFsCdR521IRc%2BPhPZGpCllZXwOgxnD4GV6%2BCFq%2BAlqN2wwfdHDU7PnbSQzmQdWUgTIUsv4h829vTp%2BSls9OFv2pIfnLlQ3Zz8teDf8BthcxW%2BEh9T9DV90frpiT766Z05MntLFc9tUNnZ72T01xeePi%2B3C6NFdevuuGDt%2FmMmI2P7kqX36CpUGnXka9WlRDSXjOWS%2FLtdbch2VrhNlcLmxbZjbV3rl3vZVY6p0w6BlUTQn44AVcT8uw307Mn%2B%2FLvj6HsGLao0CtOyLygzDF4tguXLfQ7Q2D1YodlHsqiGtkGW%2FzUikDLBaasgvsPZot5z91H13qg%2BT2kvQp9W6GvK1A9hCsujPLMnlz5JTwrMO2NmLbePtNWf3YerlPTmowSP5F%2BQ7IkZkmb%2BiJOmjGjcSDbLKIBcjfhn69%2F%2BS8AAAD%2F%2FwEAAP%2F%2F4y71rIoEAAA%3D
173.233.137.36200 OK 7 B URL HTTP/1.1 patrondescendantprecursor.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR9NYkguFHJRkFoxIWC01PV1dXdZRbBMUaC%2BRgmkdn6vqrnOa%2FrFe9VdfUMCIMBybLdiDtrTs8HiUEScCtIjyAyINgK0qDzB1yJkJUL6ZmG1ruoe0%2Bduzjn3PfpXnFKfBR0unbT7Cit6UpU92uvb6hUmNLVbt2tBX7dv1zbUGmrebk2mH1s%2F63Aj%2Br%2BG7X3JN8yKw0%2F8P3AD2rXlJWJGaycsVDZoziox3692agHURMD%2B3%2FsCg%2BOehD9U%2FIilJg8s%2FnjEyg%2BRtp7fFW6rdxkb77bKzTNjUVfHH2QbqWmTNFbjIn1kKRH820YNyHkiyWY9GjuAKa%2FP3MApibE%2By0AS4%2FmMsH6B%2BdKmYZMwcRzKPtjSD2GomNwcw9K%2FEwALnDrNtLe4S1jS7p9ztIZOyEXn%2F4NVU7IxT8uIe19varVoHbH6CJXJnUYJBXUYAzVHSMrjpHveFDlMXj%2BCZT4iaw8vYG0t3%2FbaQMlpq%2FFARWNWLLltmyx5WbYiZfjMKLLfidp%2B1zEQVvys4iUGkMlY2g5BHVLKJyHQnkoEg9F5qEnpjUaxYnvtxOWhGGnyTkPQ86jTktEImx2Eh8Fn3kYIs%2BG4HoIbneR2V1sqSFs8R3cZgUnPLicoC8qlJKgdAQlJSgVQZkTlP3qQGjXcNWh0K5gwbw35j2sRibv7tEDk3dlSvayU%2FLCLDjv%2BYeXsCWntSTqREkr4i3eioJGyOJICD9mMmw0hQwZg1MVlFsCdR521IRc%2BPhPZGpCllZXwOgxnD4GV6%2BCFq%2BAlqN2wwfdHDU7PnbSQzmQdWUgTIUsv4h829vTp%2BSls9OFv2pIfnLlQ3Zz8teDf8BthcxW%2BEh9T9DV90frpiT766Z05MntLFc9tUNnZ72T01xeePi%2B3C6NFdevuuGDt%2FmMmI2P7kqX36CpUGnXka9WlRDSXjOWS%2FLtdbch2VrhNlcLmxbZjbV3rl3vZVY6p0w6BlUTQn44AVcT8uw307Mn%2B%2FLvj6HsGLao0CtOyLygzDF4tguXLfQ7Q2D1YodlHsqiGtkGW%2FzUikDLBaasgvsPZot5z91H13qg%2BT2kvQp9W6GvK1A9hCsujPLMnlz5JTwrMO2NmLbePtNWf3YerlPTmowSP5F%2BQ7IkZkmb%2BiJOmjGjcSDbLKIBcjfhn69%2F%2BS8AAAD%2F%2FwEAAP%2F%2F4y71rIoEAAA%3D
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR9NYkguFHJRkFoxIWC01PV1dXdZRbBMUaC%2BRgmkdn6vqrnOa%2FrFe9VdfUMCIMBybLdiDtrTs8HiUEScCtIjyAyINgK0qDzB1yJkJUL6ZmG1ruoe0%2Bduzjn3PfpXnFKfBR0unbT7Cit6UpU92uvb6hUmNLVbt2tBX7dv1zbUGmrebk2mH1s%2F63Aj%2Br%2BG7X3JN8yKw0%2F8P3AD2rXlJWJGaycsVDZoziox3692agHURMD%2B3%2FsCg%2BOehD9U%2FIilJg8s%2FnjEyg%2BRtp7fFW6rdxkb77bKzTNjUVfHH2QbqWmTNFbjIn1kKRH820YNyHkiyWY9GjuAKa%2FP3MApibE%2By0AS4%2FmMsH6B%2BdKmYZMwcRzKPtjSD2GomNwcw9K%2FEwALnDrNtLe4S1jS7p9ztIZOyEXn%2F4NVU7IxT8uIe19varVoHbH6CJXJnUYJBXUYAzVHSMrjpHveFDlMXj%2BCZT4iaw8vYG0t3%2FbaQMlpq%2FFARWNWLLltmyx5WbYiZfjMKLLfidp%2B1zEQVvys4iUGkMlY2g5BHVLKJyHQnkoEg9F5qEnpjUaxYnvtxOWhGGnyTkPQ86jTktEImx2Eh8Fn3kYIs%2BG4HoIbneR2V1sqSFs8R3cZgUnPLicoC8qlJKgdAQlJSgVQZkTlP3qQGjXcNWh0K5gwbw35j2sRibv7tEDk3dlSvayU%2FLCLDjv%2BYeXsCWntSTqREkr4i3eioJGyOJICD9mMmw0hQwZg1MVlFsCdR521IRc%2BPhPZGpCllZXwOgxnD4GV6%2BCFq%2BAlqN2wwfdHDU7PnbSQzmQdWUgTIUsv4h829vTp%2BSls9OFv2pIfnLlQ3Zz8teDf8BthcxW%2BEh9T9DV90frpiT766Z05MntLFc9tUNnZ72T01xeePi%2B3C6NFdevuuGDt%2FmMmI2P7kqX36CpUGnXka9WlRDSXjOWS%2FLtdbch2VrhNlcLmxbZjbV3rl3vZVY6p0w6BlUTQn44AVcT8uw307Mn%2B%2FLvj6HsGLao0CtOyLygzDF4tguXLfQ7Q2D1YodlHsqiGtkGW%2FzUikDLBaasgvsPZot5z91H13qg%2BT2kvQp9W6GvK1A9hCsujPLMnlz5JTwrMO2NmLbePtNWf3YerlPTmowSP5F%2BQ7IkZkmb%2BiJOmjGjcSDbLKIBcjfhn69%2F%2BS8AAAD%2F%2FwEAAP%2F%2F4y71rIoEAAA%3D HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Cookie: u_pl=17869332; uid_id2=91ad29eb-7e6b-4389-935a-08f70cd917ec:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 21:58:55 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 961dc40486c0121d0c34151f82cd9e97
Strict-Transport-Security: max-age=0; includeSubdomains
a.vdo.ai/core/assets/vdo.player.js
172.64.105.3301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/assets/vdo.player.js
IP 172.64.105.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/assets/vdo.player.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 21:58:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 11 Dec 2022 22:58:55 GMT
Location: https://a.vdo.ai/core/assets/vdo.player.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iNnc1Y9lqBQ6T5hZW%2BDfr7NGgPciERbkO8AT5jd6suEG7K5BeUjy65xd8jzCrvp3XBEDb%2BD%2Br1k1mdPayGSC3%2FkC3%2BwdMR7raTfLXwdK5fj0604wBvvaaKrUeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77817c041cff75bd-LHR
alt-svc: h2=":443"; ma=60
a.vdo.ai/core/assets/rtb_v6.24.1.js
172.64.105.3301 Moved Permanently 0 B URL HTTP/1.1 a.vdo.ai/core/assets/rtb_v6.24.1.js
IP 172.64.105.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core/assets/rtb_v6.24.1.js HTTP/1.1
Host: a.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Dec 2022 21:58:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 11 Dec 2022 22:58:55 GMT
Location: https://a.vdo.ai/core/assets/rtb_v6.24.1.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v4MhoMMh%2B7ygpN74Cs7%2BVCFelgCnYmGH1PgOrncMXklb1Vo2DiVb1o6%2BS%2BSxeltFvG0uTPQyCGxztj7oZEy0eVcWOOsl9ekVNi6zacn0jFU%2FEy2LVVnF8yzr1w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77817c044a7176ab-LHR
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7064f6619ec94ac742915441ddf9be63
07864ef6316dfb3bfd38d602d2c38d237da8e61e
501f0b2261360de41668fde33f0518321c9335d5e1eab0f4a1014f75e061cca1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
imasdk.googleapis.com/js/core/bridge3.549.0_en.html
216.58.207.234200 OK 227 kB URL HTTP/1.1 imasdk.googleapis.com/js/core/bridge3.549.0_en.html
IP 216.58.207.234:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (39845)
Size 227 kB (227324 bytes)
Hash 218d94ccb369687311175f7ec00afc59
c95b5a666ae1f797bd900eb761edf66d6493babc
6ccbc5be5e00381dfe25726314816f570041c6525318d83cabbe6d5599b925e3
GET /js/core/bridge3.549.0_en.html HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Content-Length: 227324
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 23:13:10 GMT
Expires: Thu, 07 Dec 2023 23:13:10 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 07 Dec 2022 23:06:21 GMT
Content-Type: text/html
Age: 341145
www.youtube.com/iframe_api
216.58.211.14200 OK 130 kB URL HTTP/2 www.youtube.com/iframe_api
IP 216.58.211.14:0
File type ASCII text, with very long lines (65475)
Size 130 kB (129659 bytes)
Hash e66745295b40f7683618cdc1d0cbc5cb
926851d396f15f40ca0a9f212da3aa7ec8e6aa33
9d1ce18579d2d4722fc32a52f15f8df32771587483e8ab3f5947e9bde8a52ae9
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Sun, 11 Dec 2022 21:58:55 GMT
date: Sun, 11 Dec 2022 21:58:55 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=KaEulNSfV3Q; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=vrFJCudArjY; Domain=.youtube.com; Expires=Fri, 09-Jun-2023 21:58:55 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+968; expires=Tue, 10-Dec-2024 21:58:55 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 633462c5bc4d631d0f28109676f1c4ef
5e971024687c599a40822616459355ab75a69aa6
464513db00c7735b28f8140ecd0a3a0641fce311481f736a946a1ed8e8e881d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
216.58.207.226200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP 216.58.207.226:0
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 11 Dec 2022 21:33:11 GMT
expires: Sun, 11 Dec 2022 22:33:11 GMT
cache-control: public, max-age=3600
age: 1545
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 633462c5bc4d631d0f28109676f1c4ef
5e971024687c599a40822616459355ab75a69aa6
464513db00c7735b28f8140ecd0a3a0641fce311481f736a946a1ed8e8e881d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash ab7e3876457704d11addbee121cd2bd7
e764783b909d925899facc2dde59c94f20b261dc
37ed52eaeaef24a31e5d436f44c12ee44f960445fe7c25bc7e43b7994ff3a159
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 11 Dec 2022 21:58:56 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 11 Dec 2022 19:38:47 GMT
Expires: Mon, 12 Dec 2022 19:38:47 GMT
ETag: "e764783b909d925899facc2dde59c94f20b261dc"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash ab7e3876457704d11addbee121cd2bd7
e764783b909d925899facc2dde59c94f20b261dc
37ed52eaeaef24a31e5d436f44c12ee44f960445fe7c25bc7e43b7994ff3a159
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 11 Dec 2022 21:58:56 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 11 Dec 2022 19:38:47 GMT
Expires: Mon, 12 Dec 2022 19:38:47 GMT
ETag: "e764783b909d925899facc2dde59c94f20b261dc"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash ab7e3876457704d11addbee121cd2bd7
e764783b909d925899facc2dde59c94f20b261dc
37ed52eaeaef24a31e5d436f44c12ee44f960445fe7c25bc7e43b7994ff3a159
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 11 Dec 2022 21:58:55 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 11 Dec 2022 19:38:47 GMT
Expires: Mon, 12 Dec 2022 19:38:47 GMT
ETag: "e764783b909d925899facc2dde59c94f20b261dc"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6da1a0019f5802275cbb126eb7dceec8
2bb9bea7bfbb26559d4bd9a81bd4f029800fa09d
615c4f00ee2efde05e8933e7601fff77447abeeebee42a29993a0ffd78ec4410
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "615C4F00EE2EFDE05E8933E7601FFF77447ABEEEBEE42A29993A0FFD78EC4410"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18590
Expires: Mon, 12 Dec 2022 03:08:46 GMT
Date: Sun, 11 Dec 2022 21:58:56 GMT
Connection: keep-alive
patrondescendantprecursor.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Findex.html&l=1559&fd=675
173.233.137.36200 OK 0 B URL HTTP/1.1 patrondescendantprecursor.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Findex.html&l=1559&fd=675
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Findex.html&l=1559&fd=675 HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 21:58:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
51.79.81.36204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP 51.79.81.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.16.1
Date: Sun, 11 Dec 2022 21:58:56 GMT
Connection: keep-alive
Expires: Mon, 11 Dec 2023 21:58:56 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.74200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.74:0
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 11 Dec 2022 21:58:56 GMT
Date: Sun, 11 Dec 2022 21:58:56 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg
172.64.108.13200 OK 22 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg
IP 172.64.108.13:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x292, components 3\012- data
Hash e1f754e6014f2a7636aa19acdf37eaa7
72ded7fb65560b2702630d5208386654f294e8e9
8b9e400d61eb3c28929db8209c3136b14e2112d6eb8b4f504b74f6cca67b50fe
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Dec 2022 21:58:56 GMT
content-type: image/jpeg
content-length: 21845
last-modified: Wed, 03 Aug 2022 08:33:45 GMT
etag: "62ea32e9-5555"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2275657
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EPqm4PEKwSqNTF3vbc2YK29W0Z3URT2SZZvaJbfSonuI6AoNvssMVnUzPdaNoBJuotLERnrm1AYGR20U%2FxL4ipf6%2FWP%2BV%2B3D0%2BkUbVD8%2F91jn1QkpNNZdSo3XZ6dKb8mulxotkW8uKb2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77817c0a2f4d76db-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6da1a0019f5802275cbb126eb7dceec8
2bb9bea7bfbb26559d4bd9a81bd4f029800fa09d
615c4f00ee2efde05e8933e7601fff77447abeeebee42a29993a0ffd78ec4410
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "615C4F00EE2EFDE05E8933E7601FFF77447ABEEEBEE42A29993A0FFD78EC4410"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18590
Expires: Mon, 12 Dec 2022 03:08:46 GMT
Date: Sun, 11 Dec 2022 21:58:56 GMT
Connection: keep-alive
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
51.79.81.36200 OK 7.6 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8
IP 51.79.81.36:0
Hash 5d70884c81835f59111a011da36dae6e
cc0b761c8834859ea7bf4b1f82fe36f83f8a3654
4083f5e84f250641ddb576c6be05096b6ca62b52294df32b8d7f0829897057a9
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.m3u8 HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
vdoai: true
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sun, 11 Dec 2022 21:58:56 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62e47d37-bf80"
Expires: Mon, 11 Dec 2023 21:58:56 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
51.79.81.36200 OK 58 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png
IP 51.79.81.36:0
File type PNG image data, 320 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash cf8ffcaf217375cf9bb01c612300b25a
5d033771d013ab4364a83c6302b473c6f64ff722
2b14b918bb31b4672d92b0287ed00c91c74e5d315759da2deb6028b0b4e9f909
GET /media_file/v-exee-app/source/uploads/thumbnails/1648810245326246d905ebe51.png HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sun, 11 Dec 2022 21:58:56 GMT
Content-Type: image/png
Content-Length: 57775
Last-Modified: Fri, 01 Apr 2022 10:50:46 GMT
Connection: keep-alive
ETag: "6246d906-e1af"
Expires: Mon, 11 Dec 2023 21:58:56 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
51.79.81.36204 No Content 0 B URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP 51.79.81.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Referer: http://exee.app/
Origin: http://exee.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.16.1
Date: Sun, 11 Dec 2022 21:58:56 GMT
Connection: keep-alive
Expires: Mon, 11 Dec 2023 21:58:56 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
patrondescendantprecursor.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fanimate.css&l=79245&fd=355
173.233.137.36200 OK 0 B URL HTTP/1.1 patrondescendantprecursor.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fanimate.css&l=79245&fd=355
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fanimate.css&l=79245&fd=355 HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 21:58:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/js/script.js
172.64.108.13200 OK 16 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/js/script.js
IP 172.64.108.13:0
Hash 82450a339417ee24a139cf2a28b4ddff
849879d7f855e988b5fd8addfe37123e92163928
2889245c6dc93794b9b3510e25dc3f1a5608a4de8f75b381de3b7548654088b2
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 21:58:56 GMT
content-type: application/javascript
last-modified: Tue, 17 Aug 2021 13:04:06 GMT
etag: W/"611bb3c6-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v92v3rNPwJrbHHxzEKyLBAq6a%2Fyye6lmA2TSCyxevvCDxX%2BjiNsCTBrBid7LcNnjLsBXtiqNFaA0Q1%2BZdOddkA1o5aW1bqF0sqqnQJyaT5dCAT1J%2F7fJ6V%2FyX5HmfvXXfYj0SpcnAaOF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77817c09ff2676db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://exee.app
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 21:12:42 GMT
Expires: Thu, 07 Dec 2023 21:12:42 GMT
Cache-Control: public, max-age=31536000
Age: 348374
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
patrondescendantprecursor.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR9NYkguFHJRkFoxIWC01PV1dXdZRbBMUaC%2BRgmkdn6vqrnOa%2FrFe9VdfUMCIMBybLdiDtrTs8HiUEScCtIjyAyINgK0qDzB1yJkJUL6ZmG1ruoe0%2Bduzjn3PfpXnFKfBR0unbT7Cit6UpU92uvb6hUmNLVbt2tBX7dv1zbUGmrebk2mH1s%2F63Aj%2Br%2BG7X3JN8yKw0%2F8P3AD2rXlJWJGaycsVDZoziox3692agHURMD%2B3%2FsCg%2BOehD9U%2FIilJg8s%2FnjEyg%2BRtp7fFW6rdxkb77bKzTNjUVfHH2QbqWmTNFbjIn1kKRH820YNyHkiyWY9GjuAKa%2FP3MApibE%2By0AS4%2FmMsH6B%2BdKmYZMwcRzKPtjSD2GomNwcw9K%2FEwALnDrNtLe4S1jS7p9ztIZOyEXn%2F4NVU7IxT8uIe19varVoHbH6CJXJnUYJBXUYAzVHSMrjpHveFDlMXj%2BCZT4iaw8vYG0t3%2FbaQMlpq%2FFARWNWLLltmyx5WbYiZfjMKLLfidp%2B1zEQVvys4iUGkMlY2g5BHVLKJyHQnkoEg9F5qEnpjUaxYnvtxOWhGGnyTkPQ86jTktEImx2Eh8Fn3kYIs%2BG4HoIbneR2V1sqSFs8R3cZgUnPLicoC8qlJKgdAQlJSgVQZkTlP3qQGjXcNWh0K5gwbw35j2sRibv7tEDk3dlSvayU%2FLCLDjv%2BYeXsCWntSTqREkr4i3eioJGyOJICD9mMmw0hQwZg1MVlFsCdR521IRc%2BPhPZGpCllZXwOgxnD4GV6%2BCFq%2BAlqN2wwfdHDU7PnbSQzmQdWUgTIUsv4h829vTp%2BSls9OFv2pIfnLlQ3Zz8teDf8BthcxW%2BEh9T9DV90frpiT766Z05MntLFc9tUNnZ72T01xeePi%2B3C6NFdevuuGDt%2FmMmI2P7kqX36CpUGnXka9WlRDSXjOWS%2FLtdbch2VrhNlcLmxbZjbV3rl3vZVY6p0w6BlUTQn44AVcT8uw307Mn%2B%2FLvj6HsGLao0CtOyLygzDF4tguXLfQ7Q2D1YodlHsqiGtkGW%2FzUikDLBaasgvsPZot5z91H13qg%2BT2kvQp9W6GvK1A9hCsujPLMnlz5JTwrMO2NmLbePtNWf3YerlPTWhQ0ZYd12lwIJrkI2o2wE%2Fp%2BQ4hmO5ZBjNxN%2BOfrX%2F4LAAD%2F%2FwEAAP%2F%2F9yZ7SooEAAA%3D
173.233.137.36200 OK 7 B URL HTTP/1.1 patrondescendantprecursor.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR9NYkguFHJRkFoxIWC01PV1dXdZRbBMUaC%2BRgmkdn6vqrnOa%2FrFe9VdfUMCIMBybLdiDtrTs8HiUEScCtIjyAyINgK0qDzB1yJkJUL6ZmG1ruoe0%2Bduzjn3PfpXnFKfBR0unbT7Cit6UpU92uvb6hUmNLVbt2tBX7dv1zbUGmrebk2mH1s%2F63Aj%2Br%2BG7X3JN8yKw0%2F8P3AD2rXlJWJGaycsVDZoziox3692agHURMD%2B3%2FsCg%2BOehD9U%2FIilJg8s%2FnjEyg%2BRtp7fFW6rdxkb77bKzTNjUVfHH2QbqWmTNFbjIn1kKRH820YNyHkiyWY9GjuAKa%2FP3MApibE%2By0AS4%2FmMsH6B%2BdKmYZMwcRzKPtjSD2GomNwcw9K%2FEwALnDrNtLe4S1jS7p9ztIZOyEXn%2F4NVU7IxT8uIe19varVoHbH6CJXJnUYJBXUYAzVHSMrjpHveFDlMXj%2BCZT4iaw8vYG0t3%2FbaQMlpq%2FFARWNWLLltmyx5WbYiZfjMKLLfidp%2B1zEQVvys4iUGkMlY2g5BHVLKJyHQnkoEg9F5qEnpjUaxYnvtxOWhGGnyTkPQ86jTktEImx2Eh8Fn3kYIs%2BG4HoIbneR2V1sqSFs8R3cZgUnPLicoC8qlJKgdAQlJSgVQZkTlP3qQGjXcNWh0K5gwbw35j2sRibv7tEDk3dlSvayU%2FLCLDjv%2BYeXsCWntSTqREkr4i3eioJGyOJICD9mMmw0hQwZg1MVlFsCdR521IRc%2BPhPZGpCllZXwOgxnD4GV6%2BCFq%2BAlqN2wwfdHDU7PnbSQzmQdWUgTIUsv4h829vTp%2BSls9OFv2pIfnLlQ3Zz8teDf8BthcxW%2BEh9T9DV90frpiT766Z05MntLFc9tUNnZ72T01xeePi%2B3C6NFdevuuGDt%2FmMmI2P7kqX36CpUGnXka9WlRDSXjOWS%2FLtdbch2VrhNlcLmxbZjbV3rl3vZVY6p0w6BlUTQn44AVcT8uw307Mn%2B%2FLvj6HsGLao0CtOyLygzDF4tguXLfQ7Q2D1YodlHsqiGtkGW%2FzUikDLBaasgvsPZot5z91H13qg%2BT2kvQp9W6GvK1A9hCsujPLMnlz5JTwrMO2NmLbePtNWf3YerlPTWhQ0ZYd12lwIJrkI2o2wE%2Fp%2BQ4hmO5ZBjNxN%2BOfrX%2F4LAAD%2F%2FwEAAP%2F%2F9yZ7SooEAAA%3D
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR9NYkguFHJRkFoxIWC01PV1dXdZRbBMUaC%2BRgmkdn6vqrnOa%2FrFe9VdfUMCIMBybLdiDtrTs8HiUEScCtIjyAyINgK0qDzB1yJkJUL6ZmG1ruoe0%2Bduzjn3PfpXnFKfBR0unbT7Cit6UpU92uvb6hUmNLVbt2tBX7dv1zbUGmrebk2mH1s%2F63Aj%2Br%2BG7X3JN8yKw0%2F8P3AD2rXlJWJGaycsVDZoziox3692agHURMD%2B3%2FsCg%2BOehD9U%2FIilJg8s%2FnjEyg%2BRtp7fFW6rdxkb77bKzTNjUVfHH2QbqWmTNFbjIn1kKRH820YNyHkiyWY9GjuAKa%2FP3MApibE%2By0AS4%2FmMsH6B%2BdKmYZMwcRzKPtjSD2GomNwcw9K%2FEwALnDrNtLe4S1jS7p9ztIZOyEXn%2F4NVU7IxT8uIe19varVoHbH6CJXJnUYJBXUYAzVHSMrjpHveFDlMXj%2BCZT4iaw8vYG0t3%2FbaQMlpq%2FFARWNWLLltmyx5WbYiZfjMKLLfidp%2B1zEQVvys4iUGkMlY2g5BHVLKJyHQnkoEg9F5qEnpjUaxYnvtxOWhGGnyTkPQ86jTktEImx2Eh8Fn3kYIs%2BG4HoIbneR2V1sqSFs8R3cZgUnPLicoC8qlJKgdAQlJSgVQZkTlP3qQGjXcNWh0K5gwbw35j2sRibv7tEDk3dlSvayU%2FLCLDjv%2BYeXsCWntSTqREkr4i3eioJGyOJICD9mMmw0hQwZg1MVlFsCdR521IRc%2BPhPZGpCllZXwOgxnD4GV6%2BCFq%2BAlqN2wwfdHDU7PnbSQzmQdWUgTIUsv4h829vTp%2BSls9OFv2pIfnLlQ3Zz8teDf8BthcxW%2BEh9T9DV90frpiT766Z05MntLFc9tUNnZ72T01xeePi%2B3C6NFdevuuGDt%2FmMmI2P7kqX36CpUGnXka9WlRDSXjOWS%2FLtdbch2VrhNlcLmxbZjbV3rl3vZVY6p0w6BlUTQn44AVcT8uw307Mn%2B%2FLvj6HsGLao0CtOyLygzDF4tguXLfQ7Q2D1YodlHsqiGtkGW%2FzUikDLBaasgvsPZot5z91H13qg%2BT2kvQp9W6GvK1A9hCsujPLMnlz5JTwrMO2NmLbePtNWf3YerlPTWhQ0ZYd12lwIJrkI2o2wE%2Fp%2BQ4hmO5ZBjNxN%2BOfrX%2F4LAAD%2F%2FwEAAP%2F%2F9yZ7SooEAAA%3D HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Cookie: u_pl=17869332; uid_id2=91ad29eb-7e6b-4389-935a-08f70cd917ec:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 21:58:56 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d9c6066e8dbda3ba87670ab8fb9e791c
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/animate.css
172.64.108.13200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/animate.css
IP 172.64.108.13:0
Hash 21eb7a65c17a2c22ba104a7ecbf1dc0f
ea8c53be54889c7489aed04e30e3eb83af64dec9
090bd9ceb9a58da038e5ed4a39dfbb63ece49ed4f4f0656ce35f7faa41a3b237
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 21:58:56 GMT
content-type: text/css
last-modified: Tue, 17 Aug 2021 13:04:04 GMT
etag: W/"611bb3c4-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Txj5EsCqw5B0Hl3LrNW05vKMp%2Bl5yJzKpyBpnLGprZyezTspYrq%2Fsho8OsEFoniQDYZyx16wkaOWjagCR3T9InZvo0VBed7tEq9qtMBkT7nP51U2qNJumUCCi%2B8%2BbUeuxcuBH4vwB0vg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77817c09ef1b76db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
patrondescendantprecursor.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fjs%2Fscript.js&l=386&fd=374
173.233.137.36200 OK 0 B URL HTTP/1.1 patrondescendantprecursor.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fjs%2Fscript.js&l=386&fd=374
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fjs%2Fscript.js&l=386&fd=374 HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 21:58:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
patrondescendantprecursor.com/pixel/sbs?c=1
173.233.137.36200 OK 0 B URL HTTP/1.1 patrondescendantprecursor.com/pixel/sbs?c=1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: patrondescendantprecursor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Cookie: u_pl=17869332; uid_id2=91ad29eb-7e6b-4389-935a-08f70cd917ec:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf585f65c6c65123b95dd09be324de3bb=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 11 Dec 2022 21:58:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4ff941976d54fb3509d71d021fee5ec9
1d426b24ca16bb0043a838a9b066d44f23833468
bffa7b806f826caeee50cfc4a24b8ac1b1f9e7bc758cbb08c919c960bcaf082e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/instream/video/client.js
142.250.74.70200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP 142.250.74.70:0
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Sun, 11 Dec 2022 21:58:57 GMT
expires: Sun, 11 Dec 2022 21:58:57 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=exee.app
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=exee.app
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=exee.app HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 11 Dec 2022 21:58:57 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4ff941976d54fb3509d71d021fee5ec9
1d426b24ca16bb0043a838a9b066d44f23833468
bffa7b806f826caeee50cfc4a24b8ac1b1f9e7bc758cbb08c919c960bcaf082e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 21:58:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
51.79.81.36206 Partial Content 454 kB URL HTTP/1.1 h5.vdo.ai/media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts
IP 51.79.81.36:0
Size 454 kB (453832 bytes)
Hash b2fa66eb6fbe5a86875597aafd72688e
3f3ffb07d91b34dcbaa886bbbb50c59ab33767c8
f2985ff1aa24da33cb50632ba0daed5632c90cd761f6a53c56084988c4ae4cc2
GET /media_file/v-exee-app/source/uploads/videos/1648810245326246d905ebe51.ts HTTP/1.1
Host: h5.vdo.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-453831
vdoai: true
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.16.1
Date: Sun, 11 Dec 2022 21:58:56 GMT
Content-Type: video/mp2t
Content-Length: 453832
Last-Modified: Sat, 30 Jul 2022 00:37:11 GMT
Connection: keep-alive
ETag: "62e47d37-cce09a8"
Expires: Mon, 11 Dec 2023 21:58:56 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Range: bytes 0-453831/214829480
unseenreport.com/pxf.gif?uuid=91ad29eb-7e6b-4389-935a-08f70cd917ec&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=91ad29eb-7e6b-4389-935a-08f70cd917ec&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=91ad29eb-7e6b-4389-935a-08f70cd917ec&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f585f65c6c65123b95dd09be324de3bb&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 11 Dec 2022 21:58:57 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ec0486dfb9dc62f2611831154d5edf89
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=91ad29eb-7e6b-4389-935a-08f70cd917ec&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=91ad29eb-7e6b-4389-935a-08f70cd917ec&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=91ad29eb-7e6b-4389-935a-08f70cd917ec&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=e3edda287db626ee1ba52321f203a61e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://exee.app/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 11 Dec 2022 21:58:57 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f2b07255f6e20eb474cbe69cb01a1387
Strict-Transport-Security: max-age=0; includeSubdomains
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92a308f9-a83f-41bd-aacf-c6bd9e6eaf11.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92a308f9-a83f-41bd-aacf-c6bd9e6eaf11.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78068ece5c05e5936bfc1eac61c627f8
0c1118eaf153c16f6bcb731767b1237ee72a5541
9b7f84ec789ec853dc463e5839c63d8395e8921cc0599b8b7e694eebb1d22b9e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92a308f9-a83f-41bd-aacf-c6bd9e6eaf11.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6850
x-amzn-requestid: a7a24880-17cf-4873-9da2-1cdedb1d351b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csWC5GsFIAMF_jQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6a12-186b17d55261c18243dc0302;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 22:00:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0o7IBdTij9xmRQK0w1ErdgWrwkWJIILBJKtd0nwmQGDurfi_VQN1iw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 13:56:19 GMT
age: 28962
etag: "0c1118eaf153c16f6bcb731767b1237ee72a5541"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP 142.250.74.74:0
GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 11 Dec 2022 21:58:53 GMT
date: Sun, 11 Dec 2022 21:58:53 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css
IP 172.64.108.13:0
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 21:58:56 GMT
content-type: text/css
last-modified: Mon, 31 Jan 2022 15:54:46 GMT
etag: W/"61f80646-e35"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yrofS%2FOKfDlmo90eXF1Hy71fxBz1nUDFfWr3gY%2BH5UsMsmpDr544XmquhzZCXYPjwIZOo5oJelOHRTFaez76Bd8Qq3n8Jt9sIJHl5EzmIQ6Rdvf8M6prFc3Bt2LiZ6L7FTKzV1KHTgKc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77817c09ff2376db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
188.114.97.1200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP 188.114.97.1:0
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 21:58:53 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5641
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P8ZdzjGXIbnH9%2Bmltu%2F0OoZwLo4VOfYJ2keLU2GbUs3%2BZJiJ5dhHS5vCuRZZ3%2FDuVEmHy80bq0e5NcEH5yh0%2Bea0s9TeYBvF68pC4hgLYMje6yKlfflS0vtjLyHm%2F%2B214g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77817bf9da7db515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html
104.26.6.19200 OK 0 B URL HTTP/2 cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html
IP 104.26.6.19:0
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://exee.app
Connection: keep-alive
Referer: http://exee.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 21:58:55 GMT
content-type: text/html
last-modified: Tue, 01 Feb 2022 10:33:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AdsZ3TKe5%2BiW0RT1L6FUtsvkquLsPqZ2URefoEi8ywhl9EkGP3mkQzT0msYaCX6ZMphGywZQv0IkT4%2BjPkC3ef1%2FLkbk7zUqmz%2BKZAXcYEiJlVLWbEZkMUzD%2BVZtmGhP%2FkWdNuY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77817c031a0bb4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2