exeo.app Open in urlscan Pro
2606:4700:20::681a:8e9 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://exe.io/ixXzPT
Effective URL:
https://exeo.app/ixXzPT
Submission: On December 23 via manual (December 23rd 2022, 6:43:07 pm UTC) from CA — Scanned from CA

Summary HTTP 128 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 39 IPs in 3 countries across 33 domains to perform 128 HTTP transactions. The main IP is 2606:4700:20::681a:8e9, located in United States and belongs to CLOUDFLARENET, US. The main domain is exeo.app. The Cisco Umbrella rank of the primary domain is 814019.
TLS certificate: Issued by E1 on November 22nd 2022. Valid for: 3 months.

This is the only time exeo.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:20:... 2606:4700:20::681a:267	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:20:... 2606:4700:20::681a:8e9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4006:81f::200a	15169 (GOOGLE) (GOOGLE)
16	2606:4700::68... 2606:4700::6810:8516	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3037::ac43:9599	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2607:f8b0:400... 2607:f8b0:4006:822::2003	15169 (GOOGLE) (GOOGLE)
1	37.48.68.71 37.48.68.71	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
4	172.64.173.27 172.64.173.27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	18.160.46.115 18.160.46.115	16509 (AMAZON-02) (AMAZON-02)
4	172.67.181.150 172.67.181.150	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2 4	2607:f8b0:400... 2607:f8b0:4006:80b::200d	15169 (GOOGLE) (GOOGLE)
1	173.237.16.126 173.237.16.126	7979 (SERVERS-COM) (SERVERS-COM)
1	2607:f8b0:400... 2607:f8b0:4006:817::2008	15169 (GOOGLE) (GOOGLE)
3	2600:9000:207... 2600:9000:2073:ca00:14:7514:ad00:21	16509 (AMAZON-02) (AMAZON-02)
10	2607:f8b0:400... 2607:f8b0:4006:80b::2002	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:820::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:8616	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:81d::2002	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:81f::2002	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:809::2001	15169 (GOOGLE) (GOOGLE)
7	2607:f8b0:400... 2607:f8b0:4006:816::2002	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:823::2002	15169 (GOOGLE) (GOOGLE)
9	2607:f8b0:400... 2607:f8b0:4006:80b::2001	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:809::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::ac43:266a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2607:f8b0:400... 2607:f8b0:4006:808::2001	15169 (GOOGLE) (GOOGLE)
1	162.19.138.120 162.19.138.120	16276 (OVH) (OVH)
8	23.205.72.21 23.205.72.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.204.152.54 23.204.152.54	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	184.29.128.24 184.29.128.24	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2607:f8b0:400... 2607:f8b0:4006:808::2002	15169 (GOOGLE) (GOOGLE)
2	104.126.116.147 104.126.116.147	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 8	142.251.40.130 142.251.40.130	15169 (GOOGLE) (GOOGLE)
2 2	2606:ae80:145... 2606:ae80:1451:14::1080	25751 (VALUECLICK) (VALUECLICK)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	34.171.234.26 34.171.234.26	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 3	35.211.178.172 35.211.178.172	15169 (GOOGLE) (GOOGLE)
2 2	54.243.126.57 54.243.126.57	14618 (AMAZON-AES) (AMAZON-AES)
1 1	69.166.1.10 69.166.1.10	27630 (AS-XFERNET) (AS-XFERNET)
2 2	3.222.12.191 3.222.12.191	14618 (AMAZON-AES) (AMAZON-AES)
2 2	52.45.33.138 52.45.33.138	14618 (AMAZON-AES) (AMAZON-AES)
5	34.111.96.116 34.111.96.116	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:1901:0:c... 2600:1901:0:cba2::	15169 (GOOGLE) (GOOGLE)
1	23.204.152.27 23.204.152.27	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
128	39

2 2606:4700:20::681a:267 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

exe.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:20::681a:8e9 (United States)

ASN13335 (CLOUDFLARENET, US)

exeo.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81f::200a (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2606:4700::6810:8516 (United States)

ASN13335 (CLOUDFLARENET, US)

live.demand.supply	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::ac43:9599 (United States)

ASN13335 (CLOUDFLARENET, US)

cdntechone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:822::2003 (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.48.68.71 (Amsterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

datatechone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.64.173.27 (United States)

ASN13335 (CLOUDFLARENET, US)

pogothere.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.160.46.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-46-115.iad55.r.cloudfront.net

aightutaitlastwe.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.67.181.150 (United States)

ASN13335 (CLOUDFLARENET, US)

ersfohiplaceof.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80b::200d (Nutley, United States) 2 redirects

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.237.16.126 (United States)

ASN7979 (SERVERS-COM, US)

qj.wimplesbooklet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::2008 (Nutley, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2073:ca00:14:7514:ad00:21 (United States)

ASN16509 (AMAZON-02, US)

d3zd5ejbi4l9w.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4006:80b::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:820::200e (Nutley, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8616 (United States)

ASN13335 (CLOUDFLARENET, US)

api.demand.supply	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81d::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81f::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:809::2001 (Nutley, United States)

ASN15169 (GOOGLE, US)

6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:4006:816::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:823::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:80b::2001 (Nutley, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:809::2004 (Nutley, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:808::2001 (Nutley, United States)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.120 (France)

ASN16276 (OVH, FR)
PTR: ns31533571.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.205.72.21 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-72-21.deploy.static.akamaitechnologies.com

hblg.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
warp.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.204.152.54 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-204-152-54.deploy.static.akamaitechnologies.com

qsearch-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.29.128.24 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-29-128-24.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:808::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.126.116.147 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-116-147.deploy.static.akamaitechnologies.com

pxlclnmdecom-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.251.40.130 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:ae80:1451:14::1080 (United States) 2 redirects

ASN25751 (VALUECLICK, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.171.234.26 (Council Bluffs, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 26.234.171.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.211.178.172 (North Charleston, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.243.126.57 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-126-57.compute-1.amazonaws.com

t.pswec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.166.1.10 (United States) 1 redirects

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.222.12.191 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-222-12-191.compute-1.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.45.33.138 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-33-138.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.111.96.116 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 116.96.111.34.bc.googleusercontent.com

dts.clnmde.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:cba2:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

dts6.clnmde.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.204.152.27 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-204-152-27.deploy.static.akamaitechnologies.com

res-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	googlesyndication.com 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 101 tpc.googlesyndication.com — Cisco Umbrella Rank: 139	79 KB
18	doubleclick.net 1 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 192 cm.g.doubleclick.net — Cisco Umbrella Rank: 208	211 KB
17	demand.supply live.demand.supply — Cisco Umbrella Rank: 32819 api.demand.supply — Cisco Umbrella Rank: 53120	33 KB
11	media.net hblg.media.net — Cisco Umbrella Rank: 1815 contextual.media.net — Cisco Umbrella Rank: 540 warp.media.net — Cisco Umbrella Rank: 2500 lg3.media.net — Cisco Umbrella Rank: 5094 cs.media.net — Cisco Umbrella Rank: 1387	222 KB
9	google.com 2 redirects accounts.google.com — Cisco Umbrella Rank: 71 adservice.google.com — Cisco Umbrella Rank: 72 www.google.com — Cisco Umbrella Rank: 2	3 KB
6	clnmde.com dts.clnmde.com — Cisco Umbrella Rank: 21264 dts6.clnmde.com — Cisco Umbrella Rank: 24292	1 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 374	109 KB
5	aightutaitlastwe.xyz aightutaitlastwe.xyz	6 KB
5	exeo.app exeo.app — Cisco Umbrella Rank: 814019	215 KB
4	akamaihd.net qsearch-a.akamaihd.net — Cisco Umbrella Rank: 1711 pxlclnmdecom-a.akamaihd.net — Cisco Umbrella Rank: 18608 res-a.akamaihd.net — Cisco Umbrella Rank: 8407	69 KB
4	ersfohiplaceof.xyz ersfohiplaceof.xyz	1 KB
4	pogothere.xyz pogothere.xyz — Cisco Umbrella Rank: 25929	202 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 282	2 KB
3	google.ca adservice.google.ca — Cisco Umbrella Rank: 14299	1 KB
3	cloudfront.net d3zd5ejbi4l9w.cloudfront.net	2 KB
3	gstatic.com fonts.gstatic.com	90 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 279	799 B
2	360yield.com 2 redirects match.360yield.com — Cisco Umbrella Rank: 2234	788 B
2	pswec.com 2 redirects t.pswec.com — Cisco Umbrella Rank: 3103	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 726 s.tribalfusion.com — Cisco Umbrella Rank: 1844	1 KB
2	dotomi.com 2 redirects dclk-match.dotomi.com — Cisco Umbrella Rank: 2338	880 B
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 958 id5-sync.com — Cisco Umbrella Rank: 413	17 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 29	20 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	2 KB
2	exe.io 1 redirects exe.io — Cisco Umbrella Rank: 354481	8 KB
1	sonobi.com 1 redirects sync.go.sonobi.com — Cisco Umbrella Rank: 816	874 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 759	715 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 188 Failed	47 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 51	43 KB
1	wimplesbooklet.com qj.wimplesbooklet.com — Cisco Umbrella Rank: 645520	1 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 110
1	datatechone.com datatechone.com — Cisco Umbrella Rank: 40693	461 B
1	cdntechone.com cdntechone.com — Cisco Umbrella Rank: 71299	6 KB
128	33

	Domain	Requested by
16	live.demand.supply	exeo.app live.demand.supply client
10	securepubads.g.doubleclick.net	live.demand.supply securepubads.g.doubleclick.net exeo.app
9	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com exeo.app 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
8	cm.g.doubleclick.net	1 redirects 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
7	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com www.googletagservices.com
5	dts.clnmde.com	pxlclnmdecom-a.akamaihd.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	aightutaitlastwe.xyz	exeo.app
5	exeo.app	exeo.app
4	accounts.google.com	2 redirects exeo.app
4	ersfohiplaceof.xyz	exeo.app
4	pogothere.xyz	exeo.app
3	x.bidswitch.net	3 redirects
3	lg3.media.net	6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com exeo.app
3	contextual.media.net	6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com contextual.media.net
3	hblg.media.net	exeo.app 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
3	adservice.google.com	securepubads.g.doubleclick.net
3	adservice.google.ca	securepubads.g.doubleclick.net
3	d3zd5ejbi4l9w.cloudfront.net	aightutaitlastwe.xyz
3	fonts.gstatic.com	fonts.googleapis.com
2	ups.analytics.yahoo.com	2 redirects
2	match.360yield.com	2 redirects
2	t.pswec.com	2 redirects
2	dclk-match.dotomi.com	2 redirects
2	pxlclnmdecom-a.akamaihd.net	contextual.media.net pxlclnmdecom-a.akamaihd.net
2	www.google.com	tpc.googlesyndication.com 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
2	6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	fonts.googleapis.com	exeo.app securepubads.g.doubleclick.net
2	exe.io	1 redirects exeo.app
1	res-a.akamaihd.net	6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
1	dts6.clnmde.com	6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
1	sync.go.sonobi.com	1 redirects
1	um.simpli.fi	1 redirects
1	s.tribalfusion.com	6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	cs.media.net	contextual.media.net
1	warp.media.net	6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
1	qsearch-a.akamaihd.net	exeo.app
1	id5-sync.com	cdn.id5-sync.com
1	www.googletagservices.com	securepubads.g.doubleclick.net 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	api.demand.supply	live.demand.supply
1	www.googletagmanager.com	exeo.app
1	qj.wimplesbooklet.com	exeo.app
1	www.facebook.com	exeo.app
1	datatechone.com	cdntechone.com
1	cdntechone.com	exeo.app
128	48

This site contains links to these domains. Also see Links.

Domain
exe.io
sulvo.com

Subject Issuer	Validity	Valid
*.exeo.app E1	`2022-11-22` - `2023-02-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
exe.io Cloudflare Inc ECC CA-3	`2022-03-23` - `2023-03-23`	a year	crt.sh
demand.supply Cloudflare Inc ECC CA-3	`2022-03-21` - `2023-03-21`	a year	crt.sh
*.cdntechone.com E1	`2022-11-23` - `2023-02-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
datatechone.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-18` - `2023-12-24`	a year	crt.sh
*.pogothere.xyz E1	`2022-11-02` - `2023-01-31`	3 months	crt.sh
aightutaitlastwe.xyz Amazon RSA 2048 M01	`2022-12-22` - `2024-01-20`	a year	crt.sh
*.ersfohiplaceof.xyz GTS CA 1P5	`2022-12-18` - `2023-03-18`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-10-02` - `2022-12-31`	3 months	crt.sh
qj.wimplesbooklet.com R3	`2022-12-02` - `2023-03-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-07` - `2023-06-06`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.id5-sync.com R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2022-02-20` - `2023-02-22`	a year	crt.sh
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2022-06-28` - `2023-06-30`	a year	crt.sh
dts.clnmde.com GTS CA 1D4	`2022-11-27` - `2023-02-25`	3 months	crt.sh

This page contains 15 frames:

Primary Page: https://exeo.app/ixXzPT
Frame ID: A6443857320FD553057649FA871E00BC
Requests: 63 HTTP requests in this frame

Frame: https://aightutaitlastwe.xyz/UDYxcFgxVFIdZzELU1YtIloMVWoWEwM2PGNMVUU9OlRYRDRpQR8TND9DVRYqP1hFXjY1QhRCHh1XXwAeBGJgOh4DRUMzIGRieCgZHWF0GC82QXM9HRRvWCcwIH5wQw0Tflo5NzZaXkcAFHMCJR40fWgJHgZ0c0FsMQd0NR8IXgk1PyNTe0MZEWJwRGkZWggoHjl/QScvHWR7MyACc3cHLxx3WjgeBA5aJxkJVGg4YSluACJpMXdrEQ06f1onP2RgfBpsAmF0HyofZHcpCz5kCDc0IFBVF2ACYXQfIRpwQRMMPXQUQho0XQg5PARjcig0HlFXBwkcdVtdDThjY0A+Gk9rFBA8DwIzLxZsZScsdQRzMTNpf1UnDjZ3VkQ3GWR3KRcHdBRCHhJ3aCQUOVFjJx0/X3o2OxJwZgg3ElpeKhQED1MyIGlRV0MSMmVfQTISc2MgPD5RfyIdJAVUIh4JZVspKwVRQjkUF1F2PB1pBFQYKApidj1sE2BCVjIjWV8AZRYOBwRgPQVfIQ
Frame ID: 6326CBE91A6A95A59E7CF77AEA1CB96B
Requests: 2 HTTP requests in this frame

Frame: https://aightutaitlastwe.xyz/enRveTYbFgwUCRtJDV9DCBhSXAQ8UV0/UkkOC0xTEBYGTVpDA0EaWhUBCx9EFRobV1gfAEpLcD8hOy8FGBgiAGESHyYbdSwXKkh4CBU+AXIsRgtKbg0lLSllPz0lFVITMjcaVzETKk1iAzkjO1sWHDorWQo6PhF+KTBXDmECNjsdYigWKT94ExBeKGI+M1oVcw05CilyFT0oDl1JJAMOVT4OJkliSzENNFsCLSg7Z0wkORJhKUYqIXc8GAodWzcyNwFdTCRePG89Jy1JdEoXLjMFKzw9SA8QEhgvZSImKUl0Shc1NlxCMD5JQh0xFztwIh0bF3csWVo1by0yOjtOTlFdP3g/PTw9ch1APi98GTI4KHErMS0ebAI2KSFYCUI3KHs+JFwofjQxGxFvLB8KO2IgRC1JVTA6BTNTPTELS28NITo7Xz9RXTthOD4jIGQZMT1IbEMtPQ11IiM1FnFKLgwjBSs8PQEGAzpeKHA4RzUTVUo+CyN+QjM+LFEXFi4oEBAHABdGRyVWSHI4GSsrXwAgCiwOLg
Frame ID: 9677A95A3928A8F9DAFCE913538676F2
Requests: 2 HTTP requests in this frame

Frame: https://aightutaitlastwe.xyz/QVBJTHMgMiohTCBtK2oGMzx0aUEHdXsKF3IqLXkWKzIgeB94J2cvHy4lLSoBLj49Yh0kJGx+NXIGDRYYEjsYfyQQPzopCgM2CAQXeQkIGiQnGB81KwMzJQcaEBwCDj5kYgsWIhAGAx0ENBULDQQIFyILIigJJQMfBworDzZ3Bh8gRBg6Hx8xLzQ+LxgMFi01GHYECHweChQcGCUmKDEpFBsSLAQheQEYfBgIFD0ONXNpexY1JgErfykqEngeGCUYDAo5LGl7FjYEHgMEOSYVeC86GAcQCzsJKD4qIQ8HLCUmKgIuKwUMKg8ZNzgdPi8iEDkvfxcrFw9hF3kJHhU0FRMMPzoHIwAuQBgIDH0pdxsNfRcAB3B+KQcVCwcgeWcBfDV1NA0oFgc5HDw+Ex4eCDsXOw0nA3cxJAk1FAgHPSkQAhguQBs7Gx0mMhoaFhUQCC4PKhAGHRY7JTkMDjVyNBhqGTI/JzxODQkzfUEwPwE2
Frame ID: 786718A2745DFB186F063025C2081FB7
Requests: 2 HTTP requests in this frame

Frame: https://exeo.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1671811200
Frame ID: B9162E0DD11CEC32DC2F2C5AE1A969AB
Requests: 3 HTTP requests in this frame

Frame: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 632016493E341242DD870DBDC89DF4DB
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1185805D909017F714006B15050BE64F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0B2F1982CE27F7DEEA4DED30B1C27E12
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuFHNBugiHnS24kQOZUfzxQqC_P7aP-E-v0hyk3fq9i6gx4njQvwhSD4g3CkqU10_DtJCzRar7_Uw7boKsuvnJ-kjdiRMcv_40foLqCh_4hdyitu9SBdnM3Z2sU9ycD3iDq8K-Dls-U-roi6Or7jWOpfCdlKUavJqU3YW8jcA7xI0ZOECxPo9wWkF6LgarJhwjisLit-cexG4v1XXX8sp8K-Qfrx9VLp2ygeFQ6-kMdmhiO7ZPdfj-8nIgNP2Afo5TnCFS5CnVVs4e2nVqFmiiJTq-6OTshuVFsULMIOm69E8x263LE4iwFLeLfvNeW7bPEbLkv_gEHbnITnF_ix7PsMClNVM6vBi0EfV0PZZhQenfqG_T6R9yqF4TlQWaW&sai=AMfl-YQCJotcJ9M-ZtsO_kYYTnqZB2IBQGU-y3deqHf9vCZG8S3w2kt7ORj6XKwjqXLuqxtvSqd0uQyogqAxUa4hbODGOx--Exf-BORoh6NcNqt3KPTRPiJRe1fxCWY77BIBWpy5TvscTC33Hrz4Jgse7l0&sig=Cg0ArKJSzPoHIuzIuuXrEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 79A1CADFFA312B03614B423E1810CE5E
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/022211060024000/amp4ads-v0.mjs
Frame ID: EA43E6B918B453A500E9DCD824D330C8
Requests: 15 HTTP requests in this frame

Frame: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 8549B74B8679EB59ADEFB07530350505
Requests: 24 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUU9JF8H&prvid=99%2C77%2C4%2C20000%2C313%2C10000%2C9%2C319%2C294&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1
Frame ID: 7E25CB72510470A3D2011EA44778429B
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F43D2F027C5674F5311C55D32D061D86
Requests: 9 HTTP requests in this frame

Frame: https://pxlclnmdecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=3
Frame ID: 160996C01B9A1C10BEF52F37CEF41D99
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 22BC6DD19EE3BD17EC2536C364B0DA42
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

exe.io

Page URL History Show full URLs

https://exe.io/ixXzPT HTTP 302
https://exeo.app/ixXzPT Page URL

Detected technologies

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

128
Requests

91 %
HTTPS

58 %
IPv6

33
Domains

48
Subdomains

39
IPs

3
Countries

1388 kB
Transfer

3402 kB
Size

34
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://exe.io/
Title: exe.io

Search URL Search Domain Scan URL

URL: https://exe.io/auth/signup
Title: https://exe.io/auth/signup

Search URL Search Domain Scan URL

URL: https://sulvo.com/?utm_source=https://exeo.app/ixXzPT&utm_adtype=sticky_display&utm_medium=sulvo

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://exe.io/ixXzPT HTTP 302
https://exeo.app/ixXzPT Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
https://accounts.google.com/v3/signin/identifier?dsh=S1006849899%3A1671820981671983&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh7zvBsueRUqrwJ3XASrqijtgeZbYL6sSzzldWjrB8eR6rw56Lqbs-3M9v1423GXWNGk-vN2jg

Request Chain 20

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
https://accounts.google.com/v3/signin/identifier?dsh=S17805143%3A1671820981674949&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh58TkbeGtmEexdomItmqn5nLohJEbJsnLBqxmyMvJOPtqw83ERbvMCZVyKGNlMdkBDVHkwl_w

Request Chain 111

https://cm.g.doubleclick.net/pixel?cs=6&google_nid=media&google_cm=1&google_hm=MzE0ODIyNTgzMTQ1NDczNzAwMFYxMA%3D%3D&google_sc=1 HTTP 302
https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEMqsuCzpW2kFuXIobharybw&google_cver=1

Request Chain 112

https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEDm9zC_O1-zyWtAnI6pCWeM&google_cver=1&google_push=AavPq0PzPzDs6x_cBk0_Kz6L99IAsOEp0dts9_xjPkaj9F1AoFsKR-nocgDnyyp_-RhEENk1Wda5ei9bI0IMPiA0mKkHApcUoe2p HTTP 302
https://dclk-match.dotomi.com/match/bounce/current?DotomiTest=4535af307915140f&is_secure=true&networkId=14000&version=1&google_gid=CAESEDm9zC_O1-zyWtAnI6pCWeM&google_cver=1&google_push=AavPq0PzPzDs6x_cBk0_Kz6L99IAsOEp0dts9_xjPkaj9F1AoFsKR-nocgDnyyp_-RhEENk1Wda5ei9bI0IMPiA0mKkHApcUoe2p HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAAHIFe__HaxiwNVb3qnAAAAAAA&expiration=1671907383&google_cver=1&is_secure=true&google_gid=CAESEDm9zC_O1-zyWtAnI6pCWeM&google_push=AavPq0PzPzDs6x_cBk0_Kz6L99IAsOEp0dts9_xjPkaj9F1AoFsKR-nocgDnyyp_-RhEENk1Wda5ei9bI0IMPiA0mKkHApcUoe2p

Request Chain 113

https://a.tribalfusion.com/i.match?p=b6&u=CAESECHFHRGE47UndsLMmzzdk00&google_cver=1&google_push=AavPq0NRnP-LfxL2mNJGoKuJGgLIj8opibhT84MMkQOZIvfYHNYnyuT3pxvN7KlXQAO_Dg9nT0YgG9xZNm4a7BOS7qG6sdSe8Ts&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAavPq0NRnP-LfxL2mNJGoKuJGgLIj8opibhT84MMkQOZIvfYHNYnyuT3pxvN7KlXQAO_Dg9nT0YgG9xZNm4a7BOS7qG6sdSe8Ts%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECHFHRGE47UndsLMmzzdk00&google_cver=1&google_push=AavPq0NRnP-LfxL2mNJGoKuJGgLIj8opibhT84MMkQOZIvfYHNYnyuT3pxvN7KlXQAO_Dg9nT0YgG9xZNm4a7BOS7qG6sdSe8Ts&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAavPq0NRnP-LfxL2mNJGoKuJGgLIj8opibhT84MMkQOZIvfYHNYnyuT3pxvN7KlXQAO_Dg9nT0YgG9xZNm4a7BOS7qG6sdSe8Ts%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 114

https://um.simpli.fi/gp_match?google_gid=CAESEEJmbpSZutYA2SX0F0vKp7Y&google_cver=1&google_push=AavPq0NErGNOlN5FMO2uySiQEJ0b7G5HUj0uA4R9qzGZYB1K8XQ8BROULF4wtWquiPvFeIJZ7nKuuBd1e7-4lZFdcYu78hehvgro HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFE5E8AC8C5F4D99B891BAA8A305B6A6&google_push=AavPq0NErGNOlN5FMO2uySiQEJ0b7G5HUj0uA4R9qzGZYB1K8XQ8BROULF4wtWquiPvFeIJZ7nKuuBd1e7-4lZFdcYu78hehvgro

Request Chain 115

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEApr8JIq0Sdg7jYtnqCStdQ&google_cver=1&google_push=AavPq0P-K2inoiUo64Fv_EFgxyUCBDA16F9yIu1_26Z8YZJOKC3ujhPN93XvyFJ5O1M5ryKBD6A4aSg6mVv5xbvAqHDW9KTUbfdH HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEApr8JIq0Sdg7jYtnqCStdQ&google_cver=1&google_push=AavPq0P-K2inoiUo64Fv_EFgxyUCBDA16F9yIu1_26Z8YZJOKC3ujhPN93XvyFJ5O1M5ryKBD6A4aSg6mVv5xbvAqHDW9KTUbfdH HTTP 302
https://t.pswec.com/bsw_sync?ssp=google&bsw_user_id=95101237-887a-4059-ab0c-dceb4f397408 HTTP 302
https://t.pswec.com/ul_cb/bsw_sync?ssp=google&bsw_user_id=95101237-887a-4059-ab0c-dceb4f397408 HTTP 302
https://x.bidswitch.net/sync?dsp_id=2&user_id=b0ec8122-bcdd-4925-a188-929ac9eff74a&expires=3&user_group=1&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AavPq0P-K2inoiUo64Fv_EFgxyUCBDA16F9yIu1_26Z8YZJOKC3ujhPN93XvyFJ5O1M5ryKBD6A4aSg6mVv5xbvAqHDW9KTUbfdH&google_hm=lRASN4h6QFmrDNzrTzl0CA==

Request Chain 116

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAavPq0MrP2dfrnuC_PNzAh__w-Nli3_om1qsyWn6hYrGwFwvzId1yUCYE5v_MTiHCK2sUiihnGNDdEVmXN741rPNfkm4fZUQCj23%26google_hm%3D%5BUID%5D&google_gid=CAESEG_dcGd3sK4ItrUuYo5evXw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AavPq0MrP2dfrnuC_PNzAh__w-Nli3_om1qsyWn6hYrGwFwvzId1yUCYE5v_MTiHCK2sUiihnGNDdEVmXN741rPNfkm4fZUQCj23&google_hm=32101165-8128-4682-8e9c-98ce5304d675

Request Chain 117

https://match.360yield.com/match/ebda?google_gid=CAESEDyDJuj3ngIichz85wE6KII&google_cver=1&google_push=AavPq0NCab83W9ufBf2QkbBlT_V0eno17i9g5alDfU4iz3qUAY8katISPlC0puSRSNafESL56I0pnwIfZS_sZBKS5UxSMNBlkxNK HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEDyDJuj3ngIichz85wE6KII&google_cver=1&google_push=AavPq0NCab83W9ufBf2QkbBlT_V0eno17i9g5alDfU4iz3qUAY8katISPlC0puSRSNafESL56I0pnwIfZS_sZBKS5UxSMNBlkxNK HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=McKpm-RqTK2tNX9xB4DR5Q&google_push=AavPq0NCab83W9ufBf2QkbBlT_V0eno17i9g5alDfU4iz3qUAY8katISPlC0puSRSNafESL56I0pnwIfZS_sZBKS5UxSMNBlkxNK

Request Chain 118

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEKAnJp_UwQdnWwjA4QrBrQ&google_cver=1&google_push=AavPq0OxVKFMwqtsmAZ9Aw2uuK4tiPyPIxLElJfjPj26E1E2EYNQjvLEaRqVhKD1oHfxVEWYEDbQb10GRQJh8Rg9yeQr9PFzNX0GFg HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEKAnJp_UwQdnWwjA4QrBrQ&google_cver=1&google_push=AavPq0OxVKFMwqtsmAZ9Aw2uuK4tiPyPIxLElJfjPj26E1E2EYNQjvLEaRqVhKD1oHfxVEWYEDbQb10GRQJh8Rg9yeQr9PFzNX0GFg&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1kY2hRaWZaRTJ1SEtCa1BuNW9GWDdPWGsxRHExSUw4M35B&google_push=AavPq0OxVKFMwqtsmAZ9Aw2uuK4tiPyPIxLElJfjPj26E1E2EYNQjvLEaRqVhKD1oHfxVEWYEDbQb10GRQJh8Rg9yeQr9PFzNX0GFg

128 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request ixXzPT Show response
exeo.app/
Redirect Chain

https://exe.io/ixXzPT
https://exeo.app/ixXzPT

582 KB
149 KB

442ms
353ms

Document
text/html

2606:4700:20::681a:8e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://exeo.app/ixXzPT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:8e9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

32426c0d52b7060fd03ace71dea2a36e83d9c7319f3cbc4d30f2c04fb7b691cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 77e33d8a681ff975-YYZ
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 23 Dec 2022 18:43:01 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FXGjR3ZZgL1bNprz7tqiKB4jWjJjDE3Jz%2FrgAg9rugslcQ6JZ317xuRCCiT20MK4eJSSO6ysPkD7mvp2hPnYnNorfVRnuIzgBHHCuXmhOMl9Qiue33aXt8cjTvUtjeR8KkBlzjAU"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 77e33d87cd9f542b-YYZ
content-type: text/html; charset=UTF-8
date: Fri, 23 Dec 2022 18:43:00 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://exeo.app/ixXzPT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RlKhGVt6qyWPVBxCoHKtwu4FfzISvyTkdk5g6W9CZG%2BOuRryhepwA6GDO2RUB1G6RFqKk5fkFJBFVyLuD3W1SvgsH4ZF8tF6Sb8Qq7Ij9BgvXCVV5eBdOCKNe8GMNe0no51HJg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 86ms
38ms Stylesheet
text/css 2607:f8b0:4006:81f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Requested by

Host: exeo.app
URL: https://exeo.app/ixXzPT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

97d876b0796d55e1a4d9dec67f958fd62674617e5417b92e4584c0397974e9d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 23 Dec 2022 18:35:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 23 Dec 2022 18:43:01 GMT

GET
H2 200 continue.css
exeo.app/css/ 179 KB
41 KB 53ms
53ms Stylesheet
text/css 2606:4700:20::681a:8e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://exeo.app/css/continue.css

Requested by

Host: exeo.app
URL: https://exeo.app/ixXzPT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:8e9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23998750e040d16d7cdcc67be18f2c98db45cc55e098f1548107d04a4666d6fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/ixXzPT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 69842
cf-polished: origSize=211688
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Mon, 12 Dec 2022 17:28:40 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wx2FmNpks9dCCLjOyKXOP8VqHwiuN%2BuPQG21OV9pwiFzTIX6eCVrwn2%2BSxpKdQiw2os9%2BROjL1VZVs85NbwdJpmnNgYn2xb4KRyG7nIRrOxEvpbqyv2jD%2FYuRyL9y9Ykkguv0GDT"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 77e33d8caa70f975-YYZ
expires: Sat, 21 Jan 2023 23:18:59 GMT

GET
H2 200 logo_sm.png
exe.io/img/ 7 KB
8 KB 37ms
37ms Image
image/png 2606:4700:20::681a:267
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://exe.io/img/logo_sm.png

Requested by

Host: exeo.app
URL: https://exeo.app/ixXzPT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:267 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b5909e1e74fbd27e91e37fb276c6a440ee23d05cf4a03fb6af5455e0812686c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 69840
cf-polished: origSize=10989, status=vary_header_present
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7266
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Sun, 28 Mar 2021 18:01:57 GMT
server: cloudflare
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zRUDK8M4SD%2BfKd1ZDMke6vDCPoZgoDgO1aKG5b1uTRGlddAQV1fim2%2FPWwhpOuGu7JuLPErSEJ7kKIgmZDsNjxYyQKkl90URJQUzKOvFAAxLB7cZp59KBx7tO6eBTe6aSyh1Pg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 77e33d8d0848542b-YYZ
expires: Fri, 22 Dec 2023 23:19:01 GMT

GET
H2 200 up.js Show response
live.demand.supply/ 5 KB
3 KB 388ms
324ms Script
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/up.js
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 427a99fb7613ffa4df0be9f02c583feed0f5039efb56847a41b5ff6207df6590

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nf-request-id: 01GMX2WC7DDRK600SK19DPWQGC
date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: br
cf-cache-status: HIT
age: 480
cf-polished: origSize=4391
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
etag: W/"30cd4982b290dd406327b3dd39f1ea22-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
cf-ray: 77e33d8d9bd95473-YYZ
link: <https://live.demand.supply/impl.v16.3.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v16-2-0/ZXhlby5hcHAv>; rel=preload; as=script
timing-allow-origin: *

GET
H2 200 stattag.js Show response
cdntechone.com/ 13 KB
6 KB 91ms
37ms Script
application/javascript 2606:4700:3037::ac43:9599
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdntechone.com/stattag.js
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:9599 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b9e2b7f5c251c5b5490e5e8adbda9acdf687b74eb8d5a8d8f2ee1a0104bae3f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5658
etag: W/"637e3737-3284"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nqfUP0KSvha2dl9dQylUWRe5cjy9%2F3aNGEjsogpL5xcpgzCUHSoRzT8SN5wHCY8EK8l7Io%2FONc9NmwGDByK2S%2F9O2%2FVcL5vRSsa1RyYKlFLyAW53wxhwT7MD2eqxh9AAvYYkT0vXljZRFVtFJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 77e33d8d8a8cc3ee-EWR
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 69ms
21ms Font
font/woff2 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://exeo.app
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 00:29:25 GMT
x-content-type-options: nosniff
age: 152016
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Dec 2023 00:29:25 GMT

GET
H2 200 memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
fonts.gstatic.com/s/opensans/v34/ 17 KB
18 KB 87ms
43ms Font
font/woff2 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://exeo.app
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 13:14:33 GMT
x-content-type-options: nosniff
age: 192508
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17820
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Dec 2023 13:14:33 GMT

POST
H/1.1 200
OK add Show response
datatechone.com/log/ 2 B
461 B 293ms
93ms XHR
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697
Requested by: Host: cdntechone.com
URL: https://cdntechone.com/stattag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Amsterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://exeo.app/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 23 Dec 2022 18:43:01 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://exeo.app
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 2

GET
H2 200 asd100.bin Show response
pogothere.xyz/ 100 KB
101 KB 87ms
28ms Fetch
binary/octet-stream 172.64.173.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/asd100.bin
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.173.27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1898
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 23 Dec 2022 18:11:23 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0mCMdvPkba0S1woXSukFt3YnonEseY6MIxBaKYSBFovS1M4B90UDJIoEEOX0ZwREFjUZ%2FVZcKB8WTn5KjFljBv1V6%2B3wql%2BH1TYhjGEl%2B44AkrJoe2t917Io6Yn%2BcrvF"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 77e33d8ed9ba8c23-EWR
access-control-allow-headers: X-Requested-With, content-type

GET
H2 200 / Show response
pogothere.xyz/ 25 B
354 B 109ms
50ms Fetch
text/plain 172.64.173.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.173.27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3cb666e68f7d1fcf0c9170658fcd2602c2b15f6478c42831b1255213d1f770fa

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nXZh2M32%2B4JylH%2BeAZs8F4KwHe7zHBJD%2BkGYyApUmSdlgla3zckAx7aVQ77ye5j5%2FGi7JLB3HBNkrjM3V77uFrYB4IzTBy9YWEt9QoabE78%2B%2FV33YJfvsdmq6c0Bg%2BCV"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
access-control-allow-origin: https://exeo.app
content-type: text/plain
access-control-allow-credentials: true
cf-ray: 77e33d8ed9bf8c23-EWR
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 204 utx Show response
aightutaitlastwe.xyz/ 0
486 B 92ms
26ms XHR
text/plain 18.160.46.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aightutaitlastwe.xyz/utx?cb=5Spq0N3iRvB6&top=exeo.app&tid=822524
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.46.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-46-115.iad55.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:01 GMT
via: 1.1 2e9efc6c92f43e49016092f40e32ddc4.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-pop: IAD55-P2
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: akkVdMSZk3AJ4HjleC1Blz654OylDNHwqxa-3cNKpYXnaRdpUDyXaQ==

GET
H2 200 X3o2OxJwZgg3ElpeKhQED1MyIGlRV0MSMmVfQTISc2MgPD5RfyIdJAVUIh4JZVspKwVRQjkUF1F2PB1pBFQYKApidj1sE2BCVjIjWV8AZRYOBwRgPQVfIQ Show response
aightutaitlastwe.xyz/UDYxcFgxVFIdZzELU1YtIloMVWoWEwM2PGNMVUU9OlRYRDRpQR8TND9DVRYqP1hFXjY1QhRCHh1XXwAeBGJgOh4DRUMzIGRieCgZHWF0GC82QXM9HRRvWCcwIH5wQw0Tflo5NzZaXkcAFHMCJR40fWgJHgZ0c0FsMQd0NR8IXgk1PyNT... Frame 6326 3 KB
2 KB 64ms
30ms Document
text/html 18.160.46.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aightutaitlastwe.xyz/UDYxcFgxVFIdZzELU1YtIloMVWoWEwM2PGNMVUU9OlRYRDRpQR8TND9DVRYqP1hFXjY1QhRCHh1XXwAeBGJgOh4DRUMzIGRieCgZHWF0GC82QXM9HRRvWCcwIH5wQw0Tflo5NzZaXkcAFHMCJR40fWgJHgZ0c0FsMQd0NR8IXgk1PyNTe0MZEWJwRGkZWggoHjl/QScvHWR7MyACc3cHLxx3WjgeBA5aJxkJVGg4YSluACJpMXdrEQ06f1onP2RgfBpsAmF0HyofZHcpCz5kCDc0IFBVF2ACYXQfIRpwQRMMPXQUQho0XQg5PARjcig0HlFXBwkcdVtdDThjY0A+Gk9rFBA8DwIzLxZsZScsdQRzMTNpf1UnDjZ3VkQ3GWR3KRcHdBRCHhJ3aCQUOVFjJx0/X3o2OxJwZgg3ElpeKhQED1MyIGlRV0MSMmVfQTISc2MgPD5RfyIdJAVUIh4JZVspKwVRQjkUF1F2PB1pBFQYKApidj1sE2BCVjIjWV8AZRYOBwRgPQVfIQ
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.46.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-46-115.iad55.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 07d7a6d17445bae4ae3ba039ef1a6161a8ffa65470f8d2b7d71db859776e7785

Request headers

Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip
content-length: 1229
content-type: text/html
date: Fri, 23 Dec 2022 18:43:01 GMT
p3p: CP="NID DSP ALL COR"
pragma: no-cache
server: openresty/1.17.8.2
via: 1.1 2e9efc6c92f43e49016092f40e32ddc4.cloudfront.net (CloudFront)
x-amz-cf-id: 0PVqcyEJFdFFMHI6gpd-mCptgKLGzI8ZemcRJY7FZSovEDat6mzc6Q==
x-amz-cf-pop: IAD55-P2
x-cache: Miss from cloudfront

GET
H2 200 asd100.bin Show response
pogothere.xyz/ 100 KB
100 KB 71ms
49ms Fetch
binary/octet-stream 172.64.173.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/asd100.bin
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.173.27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1898
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 23 Dec 2022 18:11:23 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: https://exeo.app
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nzsGNH%2BMUdp7HR4oSiG%2BvLEtzjtPzWQEbBvxmOsKUJ6uPmv%2F8U4V3Z4Zi%2F%2BBVMlO7ssxmHjMb3G5bOJQ0MjgXa%2FTFajA0f5kw2s%2FjKZZ%2FAckhDJlPY8vEnxmUM5%2BMY%2Bw"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 77e33d8ed9c48c23-EWR
access-control-allow-headers: X-Requested-With, content-type

GET
H2 200 / Show response
pogothere.xyz/ 25 B
365 B 71ms
50ms Fetch
text/plain 172.64.173.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.173.27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa3100754769df99c4c3410ecfb0dcf80c5a9d2b5ebec87d135b6f642a7b2ac6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fs%2BwEDacrSxWp0T3CMpAkucm60dEXOORhmphgnDwd6msbbeW0l77c2wZwc4%2BUfwZwSF2mfBx2dsIYTj4bZvPWD2UgepR6TTgb1nkIpnvp%2FNShLcY20cscK%2FC%2Fd2xsNeW"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
access-control-allow-origin: https://exeo.app
content-type: text/plain
access-control-allow-credentials: true
cf-ray: 77e33d8ed9c78c23-EWR
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 204 utx Show response
aightutaitlastwe.xyz/ 0
485 B 61ms
32ms XHR
text/plain 18.160.46.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aightutaitlastwe.xyz/utx?cb=xTXm324QIrvY&top=exeo.app&tid=889494
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.46.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-46-115.iad55.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:01 GMT
via: 1.1 2e9efc6c92f43e49016092f40e32ddc4.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-pop: IAD55-P2
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://exeo.app
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: F7sWurXgFhROCfwvNDQt34w6idHU-CZkCFhvkihm7RXGCXGO7Flphw==

GET
H2 200 PTw9ch1APi98GTI4KHErMS0ebAI2KSFYCUI3KHs+JFwofjQxGxFvLB8KO2IgRC1JVTA6BTNTPTELS28NITo7Xz9RXTthOD4jIGQZMT1IbEMtPQ11IiM1FnFKLgwjBSs8PQEGAzpeKHA4RzUTVUo+CyN+QjM+LFEXFi4oEBAHABdGRyVWSHI4GSsrXwAgCiwOLg Show response
aightutaitlastwe.xyz/enRveTYbFgwUCRtJDV9DCBhSXAQ8UV0/UkkOC0xTEBYGTVpDA0EaWhUBCx9EFRobV1gfAEpLcD8hOy8FGBgiAGESHyYbdSwXKkh4CBU+AXIsRgtKbg0lLSllPz0lFVITMjcaVzETKk1iAzkjO1sWHDorWQo6PhF+KTBXDmECNjsdYigW... Frame 9677 3 KB
2 KB 42ms
33ms Document
text/html 18.160.46.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aightutaitlastwe.xyz/enRveTYbFgwUCRtJDV9DCBhSXAQ8UV0/UkkOC0xTEBYGTVpDA0EaWhUBCx9EFRobV1gfAEpLcD8hOy8FGBgiAGESHyYbdSwXKkh4CBU+AXIsRgtKbg0lLSllPz0lFVITMjcaVzETKk1iAzkjO1sWHDorWQo6PhF+KTBXDmECNjsdYigWKT94ExBeKGI+M1oVcw05CilyFT0oDl1JJAMOVT4OJkliSzENNFsCLSg7Z0wkORJhKUYqIXc8GAodWzcyNwFdTCRePG89Jy1JdEoXLjMFKzw9SA8QEhgvZSImKUl0Shc1NlxCMD5JQh0xFztwIh0bF3csWVo1by0yOjtOTlFdP3g/PTw9ch1APi98GTI4KHErMS0ebAI2KSFYCUI3KHs+JFwofjQxGxFvLB8KO2IgRC1JVTA6BTNTPTELS28NITo7Xz9RXTthOD4jIGQZMT1IbEMtPQ11IiM1FnFKLgwjBSs8PQEGAzpeKHA4RzUTVUo+CyN+QjM+LFEXFi4oEBAHABdGRyVWSHI4GSsrXwAgCiwOLg
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.46.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-46-115.iad55.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 1063eb461bdaf9aa0d050d9427958130c528dd447729e3dc5c0a5b080fcabef4

Request headers

Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip
content-length: 1241
content-type: text/html
date: Fri, 23 Dec 2022 18:43:01 GMT
p3p: CP="NID DSP ALL COR"
pragma: no-cache
server: openresty/1.17.8.2
via: 1.1 2e9efc6c92f43e49016092f40e32ddc4.cloudfront.net (CloudFront)
x-amz-cf-id: G30UXvPsoOl0JZNG0pWZ9gwhoLSv2UqfHj9CRH6SY0bDOJA3XG8iAg==
x-amz-cf-pop: IAD55-P2
x-cache: Miss from cloudfront

GET
H2 200 JzxODQkzfUEwPwE2 Show response
aightutaitlastwe.xyz/QVBJTHMgMiohTCBtK2oGMzx0aUEHdXsKF3IqLXkWKzIgeB94J2cvHy4lLSoBLj49Yh0kJGx+NXIGDRYYEjsYfyQQPzopCgM2CAQXeQkIGiQnGB81KwMzJQcaEBwCDj5kYgsWIhAGAx0ENBULDQQIFyILIigJJQMfBworDzZ3Bh8gRBg6... Frame 7867 3 KB
2 KB 34ms
31ms Document
text/html 18.160.46.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aightutaitlastwe.xyz/QVBJTHMgMiohTCBtK2oGMzx0aUEHdXsKF3IqLXkWKzIgeB94J2cvHy4lLSoBLj49Yh0kJGx+NXIGDRYYEjsYfyQQPzopCgM2CAQXeQkIGiQnGB81KwMzJQcaEBwCDj5kYgsWIhAGAx0ENBULDQQIFyILIigJJQMfBworDzZ3Bh8gRBg6Hx8xLzQ+LxgMFi01GHYECHweChQcGCUmKDEpFBsSLAQheQEYfBgIFD0ONXNpexY1JgErfykqEngeGCUYDAo5LGl7FjYEHgMEOSYVeC86GAcQCzsJKD4qIQ8HLCUmKgIuKwUMKg8ZNzgdPi8iEDkvfxcrFw9hF3kJHhU0FRMMPzoHIwAuQBgIDH0pdxsNfRcAB3B+KQcVCwcgeWcBfDV1NA0oFgc5HDw+Ex4eCDsXOw0nA3cxJAk1FAgHPSkQAhguQBs7Gx0mMhoaFhUQCC4PKhAGHRY7JTkMDjVyNBhqGTI/JzxODQkzfUEwPwE2
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.46.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-46-115.iad55.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 6ec3f31ac6bcf2d5eb977371cd2639801ed272bcd6d5f90d2ff790f239090954

Request headers

Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip
content-length: 1214
content-type: text/html
date: Fri, 23 Dec 2022 18:43:01 GMT
p3p: CP="NID DSP ALL COR"
pragma: no-cache
server: openresty/1.17.8.2
via: 1.1 2e9efc6c92f43e49016092f40e32ddc4.cloudfront.net (CloudFront)
x-amz-cf-id: 5MCWb_Hzx5gvU6MVXYdLo8-14ZdgD2PTpv-Qt0ffaEJs5XzF-bKxyg==
x-amz-cf-pop: IAD55-P2
x-cache: Miss from cloudfront

GET
H2 204 LxxQNC4BG3shPTwzYjccNTFmJ0oZGVNLVF9CAkRYSwBeElFcVkQCDRkFREtdSxlZEANQVkFLXUNDA1hfXF4FUBlQQRECHAwXCkdKHQRDGlFcRgBHVF9ADk5dWEAA
ersfohiplaceof.xyz/N3ZsbXAYSQ8eTW4iJhs9TSA/ 0
413 B 143ms
63ms Image
text/plain 172.67.181.150
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ersfohiplaceof.xyz/N3ZsbXAYSQ8eTW4iJhs9TSA/LxxQNC4BG3shPTwzYjccNTFmJ0oZGVNLVF9CAkRYSwBeElFcVkQCDRkFREtdSxlZEANQVkFLXUNDA1hfXF4FUBlQQRECHAwXCkdKHQRDGlFcRgBHVF9ADk5dWEAA
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.181.150 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wp%2BHxMO8NGh%2FKeL4YuRZNBDbTrws0F7K8Mr%2F4qFvmztR8mDHg9iZYvZ619cqlIuJ7WRfCSMmw4pBobr5T4q7DOtLcwcQW4LTFHT1mif40W5RYnduxHmX66XfiNl2eyBZ%2FvxshbY%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 77e33d8f693b631a-ORD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 login.php
www.facebook.com/ 0
0 157ms
98ms Image
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
https://accounts.google.com/v3/signin/identifier?dsh=S1006849899%3A1671820981671983&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignI...

0
0

90ms
45ms

Image
text/html

2607:f8b0:4006:80b::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?dsh=S1006849899%3A1671820981671983&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh7zvBsueRUqrwJ3XASrqijtgeZbYL6sSzzldWjrB8eR6rw56Lqbs-3M9v1423GXWNGk-vN2jg
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H3
Server: 2607:f8b0:4006:80b::200d Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Fri, 23 Dec 2022 18:43:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'report-sample' 'nonce-p2tyF_RdGibH1suX0o-p-A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 390
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?dsh=S1006849899%3A1671820981671983&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh7zvBsueRUqrwJ3XASrqijtgeZbYL6sSzzldWjrB8eR6rw56Lqbs-3M9v1423GXWNGk-vN2jg
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
https://accounts.google.com/v3/signin/identifier?dsh=S17805143%3A1671820981674949&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSig...

0
0

94ms
50ms

Image
text/html

2607:f8b0:4006:80b::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?dsh=S17805143%3A1671820981674949&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh58TkbeGtmEexdomItmqn5nLohJEbJsnLBqxmyMvJOPtqw83ERbvMCZVyKGNlMdkBDVHkwl_w
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H3
Server: 2607:f8b0:4006:80b::200d Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Fri, 23 Dec 2022 18:43:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'report-sample' 'nonce-4r3jTyN0UL9NEswEa1A9Tg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 394
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?dsh=S17805143%3A1671820981674949&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh58TkbeGtmEexdomItmqn5nLohJEbJsnLBqxmyMvJOPtqw83ERbvMCZVyKGNlMdkBDVHkwl_w
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 ekZFM1NVeSZAbi0ONQUFSCo1YjgKMxBkZjcXKHkBGy0xfQpLMWNHOh57fQtqTn9xFSMTIngCdQkyJEcmCXt0FToUICoOdQx7dB1gTmh2An1IYDAOYlwyNVI0R3djQycOKngCZU13fQFjQ350BmdJ
ersfohiplaceof.xyz/ 0
247 B 144ms
65ms Image
text/plain 172.67.181.150
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ersfohiplaceof.xyz/ekZFM1NVeSZAbi0ONQUFSCo1YjgKMxBkZjcXKHkBGy0xfQpLMWNHOh57fQtqTn9xFSMTIngCdQkyJEcmCXt0FToUICoOdQx7dB1gTmh2An1IYDAOYlwyNVI0R3djQycOKngCZU13fQFjQ350BmdJ
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.181.150 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CMrzEKJhZZeFprA2IAp0OTS8gqus8ReYEcqJoj3eskbqt%2BUZIdvuT4CkiaNI90s44jtvH0TYR6Ry%2BGVxP7BULkTrB8fkBt07tDWOkIw3Hc0rdm0SEefxltQu6ChSFZUlJSDRLZM%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 77e33d8f693d631a-ORD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 204 QURocUduewsCehQuLgMTLzQBMAE1fDsmAgMcBgUOGBUqKyEqCU4FLiV5UEV0c3JZVzcoIFVAf2c3HBAzNDdVQGEoKg4eemcyVUBpcWpaX3VnMVVAYTU0CRZ6cGIYBTMteVlHcHB8WkF+eXVdR3Q
ersfohiplaceof.xyz/ 0
249 B 149ms
70ms Image
text/plain 172.67.181.150
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ersfohiplaceof.xyz/QURocUduewsCehQuLgMTLzQBMAE1fDsmAgMcBgUOGBUqKyEqCU4FLiV5UEV0c3JZVzcoIFVAf2c3HBAzNDdVQGEoKg4eemcyVUBpcWpaX3VnMVVAYTU0CRZ6cGIYBTMteVlHcHB8WkF+eXVdR3Q
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.181.150 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s0kU94ltvnY%2FDtJC2oK7B0lEasRbpoHwJIr0icy0s7%2Bumnbu6dmCUA9OICkqSOnOM7xhN4E70IFfp9cGg2lLioZpM4awUr%2FHcK9WXpl%2BMajz0I3L6u85mHLLM4l%2BKsm1s6FJG4U%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 77e33d8f693f631a-ORD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK 29529 Show response
qj.wimplesbooklet.com/1clkn/ 6 B
1 KB 257ms
50ms Script
application/javascript 173.237.16.126
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://qj.wimplesbooklet.com/1clkn/29529

Requested by

Host: exeo.app
URL: https://exeo.app/ixXzPT

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

173.237.16.126 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 18:43:01 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 109 KB
43 KB 86ms
34ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-135952122-1

Requested by

Host: exeo.app
URL: https://exeo.app/ixXzPT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c25400baa21004d7076c49c2af8e5145740dd19461b845dea76f90e7b8f4468c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43583
x-xss-protection: 0
last-modified: Fri, 23 Dec 2022 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 23 Dec 2022 18:43:01 GMT

GET
H2 200 invisible.js Show response
exeo.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame B916 37 KB
15 KB 34ms
25ms Script
application/javascript 2606:4700:20::681a:8e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://exeo.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1671811200
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aee902ff04fa13dfd08c4acfac12da9e54888d94e7332522cb42b5891fc2df0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=96chl3bheY0AMGdBQ6Hqxl%2B9GyjDdEhOsOOyhyoBiXysD8sAibzQw1GbvP%2FifaH1NHNd0kOVP3owDD2mHcUmefqSE1cuFR6d7s1ZHv9hM9Kn7wQnxkS5X8xZY8pF0ubjQgDuITAV"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 77e33d8f1ce5f975-YYZ

GET
H2 200 BAYTLigRWEoiKFcBFWxoBloZLT9bBx9gf3JbSn1jBERPdngNREt3eRFYSjYsUgsILGgGLE92ehpZTGM4CVs Show response
d3zd5ejbi4l9w.cloudfront.net/ManpFTTQJFSsrCx4TIXAMWEhwfwBMEDYiWhpHA3UCHkIoflo7XDE3UFdKYyFVBB14a1EEGXh8EgseJ3AATA41Il9XFiIpWwMRJCxREFwwLAkHFT8kWAYbYH9yX1R1aAZaUjIkWg4VMj4RWEorORFYSnR9Glpfdg8RWEoyJFp... Frame 6326 709 B
795 B 156ms
93ms Script
text/plain 2600:9000:2073:ca00:14:7514:ad00:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3zd5ejbi4l9w.cloudfront.net/ManpFTTQJFSsrCx4TIXAMWEhwfwBMEDYiWhpHA3UCHkIoflo7XDE3UFdKYyFVBB14a1EEGXh8EgseJ3AATA41Il9XFiIpWwMRJCxREFwwLAkHFT8kWAYbYH9yX1R1aAZaUjIkWg4VMj4RWEorORFYSnR9Glpfdg8RWEoyJFpcTmB+dk9IdTUCXlNgfwQLCj-UhUR0fJyZdHl93CwFZTWt+Ak9IdWVfAg4oIRFYOWB/BAYTLigRWEoiKFcBFWxoBloZLT9bBx9gf3JbSn1jBERPdngNREt3eRFYSjYsUgsILGgGLE92ehpZTGM4CVs
Requested by: Host: aightutaitlastwe.xyz
URL: https://aightutaitlastwe.xyz/UDYxcFgxVFIdZzELU1YtIloMVWoWEwM2PGNMVUU9OlRYRDRpQR8TND9DVRYqP1hFXjY1QhRCHh1XXwAeBGJgOh4DRUMzIGRieCgZHWF0GC82QXM9HRRvWCcwIH5wQw0Tflo5NzZaXkcAFHMCJR40fWgJHgZ0c0FsMQd0NR8IXgk1PyNTe0MZEWJwRGkZWggoHjl/QScvHWR7MyACc3cHLxx3WjgeBA5aJxkJVGg4YSluACJpMXdrEQ06f1onP2RgfBpsAmF0HyofZHcpCz5kCDc0IFBVF2ACYXQfIRpwQRMMPXQUQho0XQg5PARjcig0HlFXBwkcdVtdDThjY0A+Gk9rFBA8DwIzLxZsZScsdQRzMTNpf1UnDjZ3VkQ3GWR3KRcHdBRCHhJ3aCQUOVFjJx0/X3o2OxJwZgg3ElpeKhQED1MyIGlRV0MSMmVfQTISc2MgPD5RfyIdJAVUIh4JZVspKwVRQjkUF1F2PB1pBFQYKApidj1sE2BCVjIjWV8AZRYOBwRgPQVfIQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2073:ca00:14:7514:ad00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 45d54f85dd5e4beef9f10f319457389dbb8d6215eca82e51d9241bc48ccc3055

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://aightutaitlastwe.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: gzip
via: 1.1 5451b84324d9bca0bdd03e4c4009ae10.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD50-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 516
x-amz-cf-id: Z4QctX-x5BHRSnH4PjdP51qLhft_7JfRRZYchnv1jyrHE5T1QCUZ6A==

GET
H2 200 NEISDDg4QVJcFWQGQEBgZxBFXns6XQMDP3QHNEthYVkeBTZ0B0cJNjJeGEd2YwUUBiE+WBJLYRcER1Z9YRtCXWZoG0ZcZ3QHRx0yN1QFB3Zjc0JdZH8GQUgmbAQ Show response
d3zd5ejbi4l9w.cloudfront.net/EUTV3blMyWhkIbCVcE1NraQxDV2d3XwQBPSEIJldiFXcaKgE4TyMLBmlhURopNQhHSD8wWxBTdTRbFFNid1QTDG5lEwMePDoIGwk3PlwcDzI0T1EbMmxYGBQ6PVkWS2EXAFledmMFXxk6P1EYGSB0B0cAJ3QHR19jfwVSXRF... Frame 9677 887 B
904 B 156ms
95ms Script
text/plain 2600:9000:2073:ca00:14:7514:ad00:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3zd5ejbi4l9w.cloudfront.net/EUTV3blMyWhkIbCVcE1NraQxDV2d3XwQBPSEIJldiFXcaKgE4TyMLBmlhURopNQhHSD8wWxBTdTRbFFNid1QTDG5lEwMePDoIGwk3PlwcDzI0T1EbMmxYGBQ6PVkWS2EXAFledmMFXxk6P1EYGSB0B0cAJ3QHR19jfwVSXRF0B0cZOj8DQ0tgExBFXitnAV-5LYWFUBx4/NEISDDg4QVJcFWQGQEBgZxBFXns6XQMDP3QHNEthYVkeBTZ0B0cJNjJeGEd2YwUUBiE+WBJLYRcER1Z9YRtCXWZoG0ZcZ3QHRx0yN1QFB3Zjc0JdZH8GQUgmbAQ
Requested by: Host: aightutaitlastwe.xyz
URL: https://aightutaitlastwe.xyz/enRveTYbFgwUCRtJDV9DCBhSXAQ8UV0/UkkOC0xTEBYGTVpDA0EaWhUBCx9EFRobV1gfAEpLcD8hOy8FGBgiAGESHyYbdSwXKkh4CBU+AXIsRgtKbg0lLSllPz0lFVITMjcaVzETKk1iAzkjO1sWHDorWQo6PhF+KTBXDmECNjsdYigWKT94ExBeKGI+M1oVcw05CilyFT0oDl1JJAMOVT4OJkliSzENNFsCLSg7Z0wkORJhKUYqIXc8GAodWzcyNwFdTCRePG89Jy1JdEoXLjMFKzw9SA8QEhgvZSImKUl0Shc1NlxCMD5JQh0xFztwIh0bF3csWVo1by0yOjtOTlFdP3g/PTw9ch1APi98GTI4KHErMS0ebAI2KSFYCUI3KHs+JFwofjQxGxFvLB8KO2IgRC1JVTA6BTNTPTELS28NITo7Xz9RXTthOD4jIGQZMT1IbEMtPQ11IiM1FnFKLgwjBSs8PQEGAzpeKHA4RzUTVUo+CyN+QjM+LFEXFi4oEBAHABdGRyVWSHI4GSsrXwAgCiwOLg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2073:ca00:14:7514:ad00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ef3d682e8595752e0039efb02e582ef6d6d9546c73671fa464a9168b6afe8b9f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://aightutaitlastwe.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: gzip
via: 1.1 5451b84324d9bca0bdd03e4c4009ae10.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD50-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 626
x-amz-cf-id: NtLx1k6YRCv8EVk86RE-KgO1yFzN5dQ1gUTFNiBvmnGJ3lnUyEdWAQ==

GET
H2 200 3VDZkSkQ3WQoseyBfAHd8YAVWfHVyXBclKiQLKBM+ZQQVJQwuEBAwIGkGQiYlOlFZbCE6VVl7YjVSBndwckMFdyk7TA0mKDUTVgxxegZBeHR8QQ0kIDtBF292ZFgQb3ZkB1RkdHEFJm92ZEENJHJgE1cIYWYGHHxwfRNWeiUkRggvMzFUDyMwcQQif3djGF-d8YWY... Show response
d3zd5ejbi4l9w.cloudfront.net/ Frame 7867 201 B
468 B 154ms
94ms Script
text/plain 2600:9000:2073:ca00:14:7514:ad00:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3zd5ejbi4l9w.cloudfront.net/3VDZkSkQ3WQoseyBfAHd8YAVWfHVyXBclKiQLKBM+ZQQVJQwuEBAwIGkGQiYlOlFZbCE6VVl7YjVSBndwckMFdyk7TA0mKDUTVgxxegZBeHR8QQ0kIDtBF292ZFgQb3ZkB1RkdHEFJm92ZEENJHJgE1cIYWYGHHxwfRNWeiUkRggvMzFUDyMwcQQif3djGF-d8YWYGTCEsIFsIb3YXE1Z6KD1dAW92ZFEBKS87H0F4dDdeFiUpMRNWDHVkDkp6amEFUXNqZQRQb3ZkRQUsJSZfQXgCYQVTZHdiEBF3dQ
Requested by: Host: aightutaitlastwe.xyz
URL: https://aightutaitlastwe.xyz/QVBJTHMgMiohTCBtK2oGMzx0aUEHdXsKF3IqLXkWKzIgeB94J2cvHy4lLSoBLj49Yh0kJGx+NXIGDRYYEjsYfyQQPzopCgM2CAQXeQkIGiQnGB81KwMzJQcaEBwCDj5kYgsWIhAGAx0ENBULDQQIFyILIigJJQMfBworDzZ3Bh8gRBg6Hx8xLzQ+LxgMFi01GHYECHweChQcGCUmKDEpFBsSLAQheQEYfBgIFD0ONXNpexY1JgErfykqEngeGCUYDAo5LGl7FjYEHgMEOSYVeC86GAcQCzsJKD4qIQ8HLCUmKgIuKwUMKg8ZNzgdPi8iEDkvfxcrFw9hF3kJHhU0FRMMPzoHIwAuQBgIDH0pdxsNfRcAB3B+KQcVCwcgeWcBfDV1NA0oFgc5HDw+Ex4eCDsXOw0nA3cxJAk1FAgHPSkQAhguQBs7Gx0mMhoaFhUQCC4PKhAGHRY7JTkMDjVyNBhqGTI/JzxODQkzfUEwPwE2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2073:ca00:14:7514:ad00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: d92cb09c9c751edff17a3e671e8fcdbac0137dbbe2e2246cb76cd4091434069c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://aightutaitlastwe.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: gzip
via: 1.1 5451b84324d9bca0bdd03e4c4009ae10.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD50-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 191
x-amz-cf-id: tYz6ROfIVewnAwXEPTRWab9Mub2e8Z2QDd9X92yHZcsucIF-cjIVcg==

GET
H2 200 pica.js
exeo.app/cdn-cgi/challenge-platform/h/g/scripts/ Frame B916 21 KB
9 KB 29ms
29ms Other
application/javascript 2606:4700:20::681a:8e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://exeo.app/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1f5e62eb0dcb3004fe9df0edfb501b640686ba31571a1681a5f7803d138b32f

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MDba%2B7Psuh6JSI1pon7HnaLJBxNxXye6pjvZyZiYYa8qWKxdr6CQ8Ncs2Vnb685lN5oC9%2F19nwrJ3rp1Qs%2FNMwvkyTRgCmJv%2FankH5jwCjsMfn53tseVu2VpGXRyKt4%2FN8Q2jZ3m"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 77e33d8f6d53f975-YYZ

GET
H3 200 impl.v16.3.0.js Show response
live.demand.supply/ 73 KB
24 KB 184ms
129ms Script
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/impl.v16.3.0.js
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1eb6a860427095d495e066d7a3911ef977a5266b874f76d762fbca1b9b6739ae

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nf-request-id: 01GMX2V689ENQZTBQ4NFCNSXD1
date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: br
cf-cache-status: HIT
age: 102629
cf-polished: origSize=74953
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
etag: W/"b19940580c70e30455a2254a785a8919-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
cf-ray: 77e33d900f3ba21c-YYZ

GET
H3 200 ZXhlby5hcHAv Show response
live.demand.supply/p4/v16-2-0/ 909 B
645 B 292ms
238ms Script
text/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/p4/v16-2-0/ZXhlby5hcHAv
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b880d67c493b8b92a7367c3e7a33cb1b09377e446354c818ad2d54e6806504b9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 77e33d8fff35a21c-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
336 B 74ms
50ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?e=ll&d=390&cs=c&dsReferer=ZXhlby5hcHAvaXhYelBU
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/up.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nf-request-id: 01GM32FRGGARDGXY1X31YKZ3XW
date: Fri, 23 Dec 2022 18:43:01 GMT
cf-cache-status: HIT
age: 955451
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "9664438fc0db5c4deed9238aef210660-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 77e33d8fd95bf999-YYZ

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 118ms
46ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a32c9c3d2556412e648e01280cde0cb4c2bbfab8785db1bcbd419e895c9896e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27534
x-xss-protection: 0
server: sffe
etag: "1429 / 31 of 1000 / last-modified: 1670587517"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 23 Dec 2022 18:43:01 GMT

GET
H3 200 ZXhlby5hcHAvaXhYelBU Show response
live.demand.supply/p4/v16-2-0/ 909 B
645 B 282ms
236ms Script
text/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/p4/v16-2-0/ZXhlby5hcHAvaXhYelBU
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/up.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b880d67c493b8b92a7367c3e7a33cb1b09377e446354c818ad2d54e6806504b9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 77e33d900f3fa21c-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 ds.2.html Show response
live.demand.supply/ 413 B
405 B 90ms
68ms XHR
text/html 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/ds.2.html
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/up.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nf-request-id: 01GM32FRGGXY91P3W7PAZSC246
date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 955451
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
cf-ray: 77e33d8fd95ff999-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 77ms
19ms Script
text/javascript 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-135952122-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 16:44:06 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 7135
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Fri, 23 Dec 2022 18:44:06 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 75ms
33ms XHR
text/plain 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=895199283&t=pageview&_s=1&dl=https%3A%2F%2Fexeo.app%2FixXzPT&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=756017960&gjid=935295327&cid=708064460.1671820982&tid=UA-135952122-1&_gid=116737404.1671820982&_r=1&gtm=2oubu0&z=840102071

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://exeo.app/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://exeo.app
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_2022120501.js Show response
securepubads.g.doubleclick.net/gpt/ 380 KB
129 KB 65ms
19ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 21:41:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75700
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131905
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 09:36:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 22 Dec 2023 21:41:21 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 110 B
97 B 81ms
38ms XHR
application/json 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=exeo.app

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6897bb6819f7aee2a7bc1c182b48a62fd046ab67bd6fe768a3bec6d7037c611b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72
x-xss-protection: 0
expires: Fri, 23 Dec 2022 18:43:01 GMT

GET
H3 200 exeo.app_fluid_lb+sq_continue_page_before_button_1 Show response
live.demand.supply/cp/ 28 B
191 B 100ms
100ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/exeo.app_fluid_lb+sq_continue_page_before_button_1?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=ZXhlby5hcHAvaXhYelBU
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.3.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 469b7eb15dfa890167a023387fd690afa2f4586f94eac286c9d36f912e7c556d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 77e33d90fa88f999-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 28

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
299 B 34ms
33ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/x/e.js?ce=fs&dsReferer=ZXhlby5hcHAvaXhYelBU
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.3.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nf-request-id: 01GM32FRB81H3YGGHB8NZK64D7
date: Fri, 23 Dec 2022 18:43:01 GMT
cf-cache-status: HIT
age: 955450
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "9664438fc0db5c4deed9238aef210660-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 77e33d90fa89f999-YYZ

POST
H2 200 77e33d8a681ff975 Show response
exeo.app/cdn-cgi/challenge-platform/h/g/cv/result/ Frame B916 2 B
554 B 120ms
120ms XHR
text/plain 2606:4700:20::681a:8e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://exeo.app/cdn-cgi/challenge-platform/h/g/cv/result/77e33d8a681ff975
Requested by: Host: exeo.app
URL: https://exeo.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1671811200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77e33d92284df975-YYZ
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mrDFG0SBYvGu4xLUlxesPFeO58wANBhPBFlNMGCbGSzU5b6EVngrNlvBvemcWCox8yFZHSIKrWbTaf8rawY8cTDWzc2kRQSmGyu7fPErPyJQgNoY1IpuxGa6lijAKUtaf5mVtosI"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
300 B 32ms
31ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=exeo.app_fluid_lb%2Bsq_continue_page_before_button_1&pdc=0.526502799987793&ucv=null&e=tcp&dsReferer=ZXhlby5hcHAvaXhYelBU
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.3.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nf-request-id: 01GM32FRGGARDGXY1X31YKZ3XW
date: Fri, 23 Dec 2022 18:43:02 GMT
cf-cache-status: HIT
age: 955452
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "9664438fc0db5c4deed9238aef210660-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 77e33d923bcdf999-YYZ

GET
H2 200 exeo.app_fluid_lb+sq_continue_page_before_button_1 Show response
api.demand.supply/v16-2-0/a/ 304 B
494 B 114ms
58ms XHR
application/json 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demand.supply/v16-2-0/a/exeo.app_fluid_lb+sq_continue_page_before_button_1?&dsReferer=ZXhlby5hcHAvaXhYelBU
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.3.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90534bebd79a2ab2fc9defb980c65df6a76828d438654e9b3f033c10cdb0915a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 2922
etag: W/"130-OctHC+S13KEX87JXYtfy5TOU5+I"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 77e33d92bb79a1ea-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 exeo.app_auto_728x90_sticky_display_bottom Show response
live.demand.supply/cp/ 29 B
192 B 185ms
185ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/exeo.app_auto_728x90_sticky_display_bottom?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=ZXhlby5hcHAvaXhYelBU
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.3.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9717d708c1623c40a183aa51f6a8f3e5ef2eea3d0f10510fa921d082e74eb0e7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 77e33d926bfdf999-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 29

GET
H2 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
792 B 109ms
40ms Script
application/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=exeo.app

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 88ms
41ms Script
application/javascript 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=exeo.app

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1 KB
711 B 378ms
378ms XHR
text/plain 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2509611919724268&correlator=1778305121879676&eid=31069125&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=44890869%3A22855689125%2Cca-pub-3831894559014614-tag%2C7ee716ae-b3e6-4091-8929-3dc5d06775a6&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=1&adks=2893322063&sfv=1-0-40&ists=1&fas=8&prev_scp=ti%3Ddfa0771a-5558-4d70-b927-ed335f9ba110%26pof%3D0%26interstitials-bid%3D0.2%26bid-p%3Dgoogle%26bsc%3D77&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1671820982155&lmt=1671820982&dlt=1671820981213&idt=900&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fexeo.app%2FixXzPT&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=708064460.1671820982&ga_sid=1671820982&ga_hid=895199283&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6ec89f0fb726bb064ce3f88797f6636f57840b48ac6612e87461162b86c48eb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 681
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://exeo.app
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6320 6 KB
3 KB 103ms
33ms Document
text/html 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 23 Dec 2022 18:43:02 GMT
expires: Sat, 23 Dec 2023 18:43:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2022120501.js Show response
securepubads.g.doubleclick.net/gpt/ 37 KB
14 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022120501.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5eadb3853810c64a037b947f6355ca7f98036d56bfb46ee9f51a01f881259ed6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 05:46:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 219373
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14011
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 09:36:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 21 Dec 2023 05:46:49 GMT

GET
H3 200 popunder.gif
ersfohiplaceof.xyz/ 35 B
549 B 98ms
38ms Image
image/gif 172.67.181.150
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ersfohiplaceof.xyz/popunder.gif
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.181.150 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: public
date: Fri, 23 Dec 2022 18:43:02 GMT
cf-cache-status: HIT
last-modified: Fri, 23 Dec 2022 16:58:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6264
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lTMDZN8tnAe%2FnAmxm6EftGZ0uFpiD1zCwX5BlzSj5zN0TFxIwcMioi5ruzJ7qIKjetJcTB1T7%2FBhi4dFi35ApTsNizuHDrkq1GUsKyDhJ96NbVn8fj1vIYnwo3CxYd5OGhPXUPM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800, immutable
cf-ray: 77e33d930b5f634a-ORD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 62 KB
13 KB 387ms
387ms XHR
text/plain 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2509611919724268&correlator=4480487352924952&eid=31069125&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=44890869%3A22855689125%2Cca-pub-3831894559014614-tag%2C3feeeb45-0f17-4c76-aa93-558e37af35a1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=940x280&ifi=2&adks=2234010598&sfv=1-0-40&prev_scp=ti%3Ddfa0771a-5558-4d70-b927-ed335f9ba110%26pof%3D0%26bid%3D0.31%26bid-p%3Dgoogle%26bsc%3D77&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1671820982253&lmt=1671820982&dlt=1671820981213&idt=900&adxs=328&adys=145&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fexeo.app%2FixXzPT&frm=20&vis=1&psz=945x116&msz=945x116&fws=0&ohw=0&ga_vid=708064460.1671820982&ga_sid=1671820982&ga_hid=895199283&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90074df5566c450240350edc720624a1c1e44aac9d13f99aaaa98f8fc5f94d05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13569
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://exeo.app
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 100ms
44ms XHR
application/json 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36da7816c87e88cf482e72b8da992a2a048dd254e2a53c7f80400753fde4ceb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11150
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
300 B 33ms
33ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=exeo.app_auto_728x90_sticky_display_bottom&pdc=0.4347446918487549&ucv=null&e=tcp&dsReferer=ZXhlby5hcHAvaXhYelBU
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.3.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nf-request-id: 01GM32FRGGARDGXY1X31YKZ3XW
date: Fri, 23 Dec 2022 18:43:02 GMT
cf-cache-status: HIT
age: 955452
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "9664438fc0db5c4deed9238aef210660-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 77e33d938d62f999-YYZ

GET
H3 200 sdb.css
live.demand.supply/css/ 4 KB
2 KB 132ms
132ms Stylesheet
text/css 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/css/sdb.css
Requested by: Host: client
URL: about:client
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99456b3711ac205efcbdbc08ae9dae0124aa6a94d0edf9701a80caa6fc38b5db

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nf-request-id: 01GKEGAWC4SGRHTV1JSYVR2CX0
date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
age: 627275
etag: W/"7e4afe9ecd2e201398ebe8fa1ba49330-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-ray: 77e33d938eb7a21c-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
122 B 82ms
39ms Script
application/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=exeo.app

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 80ms
37ms Script
application/javascript 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=exeo.app

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
10 KB 294ms
294ms XHR
text/plain 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2509611919724268&correlator=2194093332368497&eid=31069125&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=44890869%3A22855689125%2Cca-pub-3831894559014614-tag%2Cafafdb0d-39d1-4953-b43d-ab93c1fbc5a3&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=3&adks=2231202216&sfv=1-0-40&prev_scp=ti%3Ddfa0771a-5558-4d70-b927-ed335f9ba110%26pof%3D0%26bid%3D0.23%26bid-p%3Dgoogle%26stt%3Dbhs%26bsc%3D77&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1671820982327&lmt=1671820982&dlt=1671820981213&idt=900&adxs=436&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fexeo.app%2FixXzPT&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=512&ohw=0&ga_vid=708064460.1671820982&ga_sid=1671820982&ga_hid=895199283&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63b411ae55ed14f464cd64e29163d66f3a63b7dc4069f6d2d7c908e63a5e219d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9914
x-xss-protection: 0
google-lineitem-id: 5563951126
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138332681208
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://exeo.app
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 103ms
54ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 23 Dec 2022 18:43:02 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1185 13 KB
13 KB 65ms
19ms Document
text/html 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 75832
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-length: 12817
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 22 Dec 2022 21:39:10 GMT
expires: Fri, 22 Dec 2023 21:39:10 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0B2F 783 B
1 KB 90ms
41ms Document
text/html 2607:f8b0:4006:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2004 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

46c9383627e5bae8d0d1fd819f1ad634f61f3a65544451a51da76d69cfd37e37

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tRrzyn5XA_rBUSrMcrhMvQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-tRrzyn5XA_rBUSrMcrhMvQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 23 Dec 2022 18:43:02 GMT
expires: Fri, 23 Dec 2022 18:43:02 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
300 B 33ms
33ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=exeo.app_auto_interstitial_desktop&e=nai&dsReferer=ZXhlby5hcHAvaXhYelBU
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.3.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nf-request-id: 01GM32FRGGARDGXY1X31YKZ3XW
date: Fri, 23 Dec 2022 18:43:02 GMT
cf-cache-status: HIT
age: 955452
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "9664438fc0db5c4deed9238aef210660-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 77e33d94ff15f999-YYZ

GET
H3 200 GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js Show response
pagead2.googlesyndication.com/bg/ Frame 1185 36 KB
16 KB 62ms
20ms Script
text/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 03:07:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56143
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16025
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 23 Dec 2023 03:07:19 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0B2F 0
0 60ms
40ms Image
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120501&jk=2509611919724268&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 58 KB
17 KB 99ms
37ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a97afd769b3d774563606be9e943789398af5a1bf3583c2bc9a81f99832aa2b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
server: cloudflare
x-amz-request-id: WJEB18Y1WEVHKDRT
age: 2853
etag: W/"91dadf6b1eddd8d91a5cc2e3be5ea8cf"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 77e33d95edfda222-YYZ
x-amz-id-2: dGlae9yNlZm8ww52R5RhNClezwdU+qHic7NrHh/8CgdUb6UyM5i5Ox53S/RjNZvEszJ2lhlM6CM=

GET view
securepubads.g.doubleclick.net/pcs/ Frame 79A1 0
0

GET rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 79A1 0
0

GET
H3 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
122 B 42ms
41ms Script
application/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=exeo.app

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 37ms
37ms Script
application/javascript 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=exeo.app

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 34 KB
16 KB 523ms
523ms XHR
text/plain 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2509611919724268&correlator=3106917041434353&eid=31069125&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=44890869%3A22855689125%2Cca-pub-3831894559014614-tag%2C0d7c591c-fb7f-4621-bdc0-c9268b4896ba&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=4&adks=2310731849&sfv=1-0-40&prev_scp=ti%3Ddfa0771a-5558-4d70-b927-ed335f9ba110%26pof%3D0%26bid%3D0.01%26bid-p%3Dgoogle%26stt%3Dbhs%26bsc%3D77&eri=1&sc=1&cookie=ID%3De16fead885bddb31%3AT%3D1671820982%3AS%3DALNI_MazfStX7xSOPpTLcOJZAA0Q00tz2g&gpic=UID%3D000008e2e5ca46df%3AT%3D1671820982%3ART%3D1671820982%3AS%3DALNI_MbYIaVK44YSgjG5zQi0DNwhMdD9Rg&abxe=1&dt=1671820982653&lmt=1671820982&dlt=1671820981213&idt=900&adxs=436&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fexeo.app%2FixXzPT&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=512&ohw=0&ga_vid=708064460.1671820982&ga_sid=1671820982&ga_hid=895199283&ga_fc=true&a3p=EhsKDGlkNS1zeW5jLmNvbRjn8q6C1DBIAFICCGQ.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d40ffd23257ca9f17ffa07552e1bc167fe27830757bfed221bbedf30475e69ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15873
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://exeo.app
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/022211060024000/ Frame EA43 221 KB
61 KB 76ms
22ms Script
text/javascript 2607:f8b0:4006:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dce9f5afda30bc387f9f1090b155cbb90596e3c7c1374ea9e135b7184c8fc707

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 00:19:46 GMT
age: 238996
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61620
x-xss-protection: 0
server: sffe
etag: "011de7b3056fa7b4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 00:19:46 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/022211060024000/v0/ Frame EA43 14 KB
5 KB 109ms
55ms Script
text/javascript 2607:f8b0:4006:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 20 Dec 2022 23:15:56 GMT
age: 242826
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 20 Dec 2023 23:15:56 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/022211060024000/v0/ Frame EA43 94 KB
28 KB 115ms
62ms Script
text/javascript 2607:f8b0:4006:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 00:19:46 GMT
age: 238996
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 00:19:46 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/022211060024000/v0/ Frame EA43 5 KB
2 KB 121ms
68ms Script
text/javascript 2607:f8b0:4006:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 00:19:46 GMT
age: 238996
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 00:19:46 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/022211060024000/v0/ Frame EA43 40 KB
13 KB 110ms
58ms Script
text/javascript 2607:f8b0:4006:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 15:51:26 GMT
age: 183096
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 15:51:26 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame EA43 8 KB
895 B 77ms
36ms Stylesheet
text/css 2607:f8b0:4006:81f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 23 Dec 2022 18:43:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 23 Dec 2022 18:29:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 23 Dec 2022 18:43:02 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame EA43 2 KB
2 KB 20ms
19ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: exeo.app
URL: https://exeo.app/ixXzPT

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 04:17:51 GMT
x-content-type-options: nosniff
server: cafe
age: 51911
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 24 Dec 2022 04:17:51 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame EA43 295 B
319 B 21ms
20ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: exeo.app
URL: https://exeo.app/ixXzPT

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 05:44:31 GMT
x-content-type-options: nosniff
server: cafe
age: 46711
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 24 Dec 2022 05:44:31 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame EA43 0
0 48ms
48ms Image
text/html 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CajBJtvalY4PUEpbzzwXU8qn4D_aszoxu-tP4n58QqdSu4o4OEAEglZvKIWD96KKB8AOgAbeYgaIoyAEJqQKKHv6ayDt7PuACAKgDAcgDCqoE7AFP0G2WrL2Tp5_dQV9Zo6rhUs28lFpVcFMWlsVCX34zJ2r3cbuVd23pXmtHKjYch-OjUAY-Koii-Vdt-q39WTUB85-2KcNUoZgG8LLqCJqlGeY_f4STifsRxUmIFpOboNRpuZxJJzEyLseXXy5ts7nta4D2_UTrE0lxKkT_B0cg8y1BBHgO36RusR43jKvGpyr60rG3pZg5VgDT6DIOrlNDYTHPKSKLrorPwe6gBtq95gRGdf_ycMgzaOksCdKBXQPSgxHi2DvoTJ5uKIp_cJplVirU0H8Ad89DZWC3xrTkg2V1lJYfVCn6C9-84sAEoZe_64AE4AQBkgUECAQYAZIFBAgFGASgBi6AB7HPjboDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQxKgf0ggPCIBhEAEYHTICigI6AoBAgAoDyAsB2BMM0BUBgBcBshceChwIABIUcHViLTM4MzE4OTQ1NTkwMTQ2MTQY_fkT&sigh=Fs1TL-kodVs&uach_m=[UACH]&cid=CAQSSwDq26N9Y2JKXqHkrOF0TN9HjFM6g9g-ifuwFCm5Lyfc78ZTkNiCVeg4DruQ0ivP7HSEliaC18X4aGI9nw_09fdX5g4KBqtu3LLhvxgBIBM&template_id=5000
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80b::2002 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
300 B 28ms
28ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?gl=0.31&b=2&r=exeo.app_fluid_lb%2Bsq_continue_page_before_button_1&sy=9849e61b-a239-4521-a820-75352a567c09&ts=77&cd=2&pud=390&pus=c&pue=1318&pid=206&pis=c&pie=1524&ppd=294&pps=a&ppe=1612&pcl=1223&ttc=1869&tti=2302&ttif=0&lca=1612&lcak=ppe&lct=1612&lctk=ppe&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=exeo.app&mlre=undefined&mlin=0&mlsi=940x280&mlbw=4g&mlcs=NaN&mltp=dfa0771a-5558-4d70-b927-ed335f9ba110&e=lm&dsReferer=ZXhlby5hcHAvaXhYelBU
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.3.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nf-request-id: 01GM32FRGGARDGXY1X31YKZ3XW
date: Fri, 23 Dec 2022 18:43:02 GMT
cf-cache-status: HIT
age: 955452
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "9664438fc0db5c4deed9238aef210660-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 77e33d95cffaf999-YYZ

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/1049677144549373520/ Frame EA43 9 KB
9 KB 20ms
20ms Image
image/jpeg 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1049677144549373520/14763004658117789537?w=400&h=209

Requested by

Host: exeo.app
URL: https://exeo.app/ixXzPT

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59023d598bb6b4972249c7a764e7a71e50295fde01e6d93a28d0e4ed58e0e624

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 10:46:17 GMT
x-content-type-options: nosniff
age: 287805
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9044
x-xss-protection: 0
last-modified: Tue, 28 Jun 2022 12:44:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 20 Dec 2023 10:46:17 GMT

GET
DATA 200
OK truncated
/ Frame EA43 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA43 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e748d47e0930e87a515df7e2a11e9d797dd670598254900fdbd654593f001a9a

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA43 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ac55ddcbb7be11489a30a6e0e1f850fd33b3bb8f0921df9ef8aec8af5b4ced2

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
317 B 300ms
99ms XHR
text/plain 162.19.138.120
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.120 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533571.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://exeo.app/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://exeo.app
date: Fri, 23 Dec 2022 18:43:02 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame EA43 28 KB
28 KB 63ms
20ms Font
font/woff2 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://exeo.app
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 20:34:36 GMT
x-content-type-options: nosniff
age: 166106
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Dec 2023 20:34:36 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1185 0
10 B 20ms
19ms Image
text/plain 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?fWCipg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:02 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 container.html Show response
6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8549 6 KB
3 KB 61ms
20ms Document
text/html 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://exeo.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 23 Dec 2022 18:43:02 GMT
expires: Sat, 23 Dec 2023 18:43:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
300 B 35ms
35ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?r=exeo.app_auto_728x90_sticky_display_bottom&pn=2&sn=3&pc=0.4347446918487549&ds=true&e=wdp&dsReferer=ZXhlby5hcHAvaXhYelBU
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.3.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nf-request-id: 01GM32FRGGARDGXY1X31YKZ3XW
date: Fri, 23 Dec 2022 18:43:03 GMT
cf-cache-status: HIT
age: 955453
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "9664438fc0db5c4deed9238aef210660-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 77e33d990bd9f999-YYZ

GET
DATA 200
OK truncated
/ 182 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 476d8d8a5ee6c842a16e5ae6a58cec35ff7649729b77de0319644cdc128340eb

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 834 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ea842ad92b2cb342a00d74293e6036981ec07854e082223080525efa9c88528

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
300 B 28ms
28ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/e/e.js?gl=0.01&b=3&r=exeo.app_auto_728x90_sticky_display_bottom&sy=9849e61b-a239-4521-a820-75352a567c09&ts=77&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=exeo.app&mlre=undefined&mlin=0&mlsi=728x90&mlbw=4g&mlcs=NaN&mltp=dfa0771a-5558-4d70-b927-ed335f9ba110&e=lm&dsReferer=ZXhlby5hcHAvaXhYelBU
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v16.3.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nf-request-id: 01GM32FRGGARDGXY1X31YKZ3XW
date: Fri, 23 Dec 2022 18:43:03 GMT
cf-cache-status: HIT
age: 955453
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "9664438fc0db5c4deed9238aef210660-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 77e33d990bdef999-YYZ

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8549 0
0 47ms
46ms Fetch
text/html 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C-4GXtvalY9r5Kp2goPwP3tiB4AK-laSvbPfa0tOsDMCNtwEQASAAYP3oooHwA4IBF2NhLXB1Yi0zODMxODk0NTU5MDE0NjE0yAEJ4AIAqAMBqgSPAk_Q0SAeweQXGrFulVOJgUYTuW0erCls2NV6Dp2Ax775PjPE3dsWp_zyI4LiRMFFCy-FMfiCWm4t5HimEjyhIqXTG09NhkrJBimJPgqaBhVpwd-Q4M26wmKmE7jI6n-rbF54J8Lga91TCDhP_Dx0ewmXn8p4MM1yznfJ1UXA82xI_y1X03r-3ScI8jIdp_fGc3mgW65Hw3RDTvy7Gwo8He3tw8ibY_pkpx5NSUKrgfB3S6SGwsSlfb5vnfOS3dnjHfxlRcBzmgsAL-KIhq_Sw6e9UP9VDMVO-xhtNBXhxIyXFBHHb2JNBCpD5Z61qFXOHG35YjvJQtfzCrhG9ItneCmLo6NbizbDrlKMP5fXWVXgBAGABo6p0Oyx6-TDRqAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA0IgGEQATICigI6AoBAgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTM4MzE4OTQ1NTkwMTQ2MTQY_fkT&sigh=1egzI9XBtwE&uach_m=[UACH]&cid=CAQSPADq26N9TZ9eOq1e4STANaKpsPQisC8gLtabwR8j-52sk1zoZoZZRLQB5VCQBQbFRnaGoaC5ogaa6p_y5hgBIBM
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80b::2002 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 log
hblg.media.net/ Frame 8549 35 B
0 79ms
19ms Fetch
image/gif 23.205.72.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hblg.media.net/log?logid=kfk&evtid=l1log&acid=55145fd0ff824c8aa3851716f401eb19&bidrestime=1671820982855&cbdp=0.026&ogbdp=0.04&prvReqId=95182431685869_1834146521_41051946813131&pvid=313&scrid=1700080807682800728009000000500&size=728x90&slotVisibility=1&viewability=71&app=0&cc=CA&cid=8CUU9JF8H&csip=rtb-appnexus-ee-7c44c646b9-mfsdg.SC&device_id=4&dn=exeo.app&itype=ADX&mang=1&requrl=https%3A%2F%2Fexeo.app%2FixXzPT&dtc=east_sc&zone=d&commit_id=48929b14&ugd=4&ctr=6.4073136E-4&rme=nurl

Requested by

Host: exeo.app
URL: https://exeo.app/ixXzPT

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.72.21 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-72-21.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:03 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Fri, 23 Dec 2022 18:43:03 GMT

GET
H/1.1 200
OK log
qsearch-a.akamaihd.net/ Frame 8549 35 B
0 87ms
18ms Fetch
image/gif 23.204.152.54
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=dmmra&ckfl=0&lper=&app_type=adx_test&bdr_typ=1&ss_d1=0&ogerpm=0.0400&ss_d2=0&stid=&other_prv=313&jar_err=&current_day=5.0&adtyp=0&req_id=oWgDeqH12fRpDin5wNouCw&bd_m3=0.0000&bidfp=0.0100&bd_m2=0.0000&pvag_id=&bd_m1=0.0000&ugd=4&dim10=false&predicted_wr=72.7784&exp=&deal_id=&fdbk_id=&second_bidder=*&search_res=36&floor_bucket=0.00&gpid_format=&seat=BID_API&rc=-1&size=728x90&url_l1=ixxzpt&f_seg=long_tail_information_technology_jobs&prdp=0.0256&ogcbdp=0.0400&dfpbd=0.0256&server=1&ogerpm_wd_bkt=0-1&model_version=202212230403_generic_adx_1-cid_0&viewability=0.7100&dmm_r=0.0000&cut=36&dmm_l=0.0000&as_cache=1&tcyerpm=&sc=CA-QC&send_erpm=true&dmm_m9=0.0000&sd=1&hb_exp=&seg=long_tail_information_technology_jobs&dmm_m4=0.0000&erpm_bucket=0.05&ugd_ver=&requrl=exeo.app%2Fixxzpt%2F&bidrestime=1671820982855&cc=CA&strg=harmony&ss=&current_hour=18&time_stamp=2022-12-23+18%3A43%3A02&model_key=generic_adx_1-cid_0&rvshhon=&mul_ratio=0.0000&bdp=0.0400&ct=Montreal&akey=&mnckfl=0&bdp_bucket=0.05&algo=default&dc=east_sc&splid=&erpm_mult=1.000000&dn=exeo.app&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F108.0.5359.124+Safari%2F537.36&buyer_id=&bdp_wider_bucket=1&acid=55145fd0ff824c8aa3851716f401eb19&zone=d&infl=&o_ver=NT+10.0&br_ver=108.0.5359.124&bdmm_m6=0.0000&bdmm_m7=0.0000&bdmm_m5=0.0000&ver=9.1.2&totalTimeBucket=4&visibility=1&totalTime=4330390&dmm_m1=2022-12-23+18%3A43%3A02.858704446&e_rpm=0.0000&dmm_m22=0.0400&gdpr=&vsid=&log_less=false&gpid_sent=false&ogerpm_used=false&bdmm_m12=0.0000&cid=8CUU9JF8H&bcrid=1700080807682800728009000000500&rawbid=0.0400&seat_id=BID_API&sub_bidder=196&pst=EMS&pbshr=100.0000&dmm_d10=&o_id=101&clisp=rtb-appnexus-ee-7c44c646b9-mfsdg.SC&dfp_bucket=0.0&adblk=2310731849&itype=adx&pvid_seat=313_BID_API&cliIP=0&advurl=topics.businessfocus.online%2F&level_base=0&crid=410519468&sat=1&br_id=265&cut_bkt=35&gpid=&iwb=1&second_bid=0.000000&sc_pvid=313&capd=0&other_bids=0.04
Requested by: Host: exeo.app
URL: https://exeo.app/ixXzPT
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 23.204.152.54 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-54.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 23 Dec 2022 18:43:03 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Fri, 23 Dec 2022 18:43:03 GMT

GET
H2 200 nmedianet.js Show response
contextual.media.net/ Frame 8549 322 KB
118 KB 115ms
55ms Script
text/javascript 184.29.128.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/nmedianet.js?cid=8CU7Q771E

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.29.128.24 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-29-128-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

079c6467b414dec800f8f6e68e55cea648c0e780486eef7a02ad549ba2afd28b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-mnt-h: 21-dsjj
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Fri, 23 Dec 2022 18:43:03 GMT
server: Apache
etag: "33d176752090f2907c61af6a75936eb4"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
x-mnt-w: 8-31
timing-allow-origin: *
expires: Fri, 23 Dec 2022 18:48:03 GMT

GET
H2 200 adperformance.js Show response
warp.media.net/rtb/resource/ Frame 8549 61 KB
62 KB 80ms
22ms Script
application/javascript 23.205.72.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://warp.media.net/rtb/resource/adperformance.js?v=35e90bcdc8

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.72.21 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-72-21.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

3378135f525fc551ce49d2c117e9967735794757a4c71910d8c1b8fa38bf3f2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=604800
date: Fri, 23 Dec 2022 18:43:03 GMT
server: nginx
content-type: application/javascript;charset=ISO-8859-1
cache-control: max-age=70615
access-control-allow-credentials: true
content-length: 62892
expires: Sat, 24 Dec 2022 14:19:58 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 8549 3 KB
1 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 09:55:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31680
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 06 Jan 2023 09:55:03 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 8549 18 KB
7 KB 22ms
20ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 09:55:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31681
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 06 Jan 2023 09:55:02 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8549 0
0 86ms
38ms Image
text/html 2607:f8b0:4006:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT4RO07Q6wM90MTjX7icavF1wJ-eTLzL0tecY3AazuCyIccxowsYRsza-znanAvblCNlXVZPTY-Nr9G3RSIwSzv1litcw
Requested by: Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:809::2004 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 8549 24 KB
6 KB 23ms
21ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 18:38:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 259450
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 20 Dec 2023 18:38:53 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8549 153 KB
47 KB 47ms
45ms Script
text/javascript 2607:f8b0:4006:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 23 Dec 2022 18:43:03 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 43ms
42ms Image
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120501&jk=2509611919724268&bg=!3N-l35vNAAYgquz3AKo7ACkAdvg8WocTKQMBa7TSUo575DrM698P3m9LHva-CcaV6p_iVMAlJ4sYNgIAAACpUgAAAANoAQcKAMM4P2_6v0CwrnpxJWtWw5bLhAWwgcl5Pev07k6ztnt3WBbqBMNUdVifmOptBLbfeVYdNAVYz0VcQuiuFElTqyY84sBBwLqg3ZsB3ewug593hOM7QhDBLhLC90mQD7iuVb35wI3ELDQrNUeoGlV2lnpDL0zJigNRrjzKjeoB_Ns2d_V38eoFfh3HwO-Uj6T7zLI9VCh5Xw9xp2zNy22uWcUvgUeCDRVsaDQy9OfoLYqzTinxDHXe3TIJLqnT4bYgbDewyS-ZAsAjc9aZ2liDXJwO7a5C1R6qHelG6V5klMR2d48Qd6ni-Yy7Da8RmZjNc0lBLblwsBYT1i3iNqN2169wSpTgEpqfTSnNyA_Ylw3XanpR0qBXPXfviWvoa9XzDJgVGObUfYyKsvZ-MWX2Jd8RkLp4akPoVNSOwIMXWPNG7IEVVbcps_XU4cQ6JTbHOrNLf4uPg_rZbq8QZldS4oD5xxRjvaBLFYfafyvHw7VR-escGOR-UWohg23STztXcYpq5rCucEEAlB5d_5Pz6ssoI1HJw9-pok0q4BNyVEyC2lT_WX_b512KRy_N_uAJU_J9KPv7ZHpcZJu3-tR8idoOtK0DFzC9L9i6kjVynhsreDtb_0y4KPGaIXhB3Ms1yYylUjTd9lQnGOYC5js3eW5_wpy23B2yEkx5ETGxKMzmpfIIvu7isESLnHVI7wLPm_sNKv3DqsXDuO_rNlHVZz-DM87W2QEr-TYNzqMqnSCwmvSQJrfHxI5vlof8fNxIX81GLtOVUZvXWGCBYJyLSebLfi6dtmu_0Jz6J477cnl4Yyv1eobe1yjEUz4cjFuxIoWTDtQuaqAsVc8Oo2ee76U13KwfzIsgkOYG02fUyEEhM8jzJUfYWRZPMBB8muXKSR56-NRqtiXRsq05FUTPuQ5UIl5TpDRaGkCialr9rzCVLp10lnCgfSsQsUxmdDGepxHKkuAsivWM2M0GCNnegj9nVRPab-c8rKZwb8WQIcOzyniGx5OvpKtk40MXAYZUKmAzP4_X-XxFDcbaVC7F5RbdgAFTDkb6YV_Touv46rypFJa_-42S9bl4tNm3G7_vlgOIO1O0x8tMa9JM9CrEdiMHxyZPTAzGMbXhy5YSph9WAqPJTYBVBacv_Srp6F0sOZXutkM2wsxVCCdHa7BvhBYylRdEMyjHpaA1ySVYRT8QH9zUyBW3pA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H/1.1 200
OK browserfp.min.js Show response
pxlclnmdecom-a.akamaihd.net/javascripts/ Frame 8549 101 KB
33 KB 94ms
30ms Script
text/javascript 104.126.116.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU7Q771E&noCookies=true
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU7Q771E
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.126.116.147 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-116-147.deploy.static.akamaitechnologies.com
Software: / Express
Resource Hash: 7f7e8adca6fa45e986b7398d0c866c6e1072d66b9f09ebe18b30610c792b6ac4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 18:43:03 GMT
Content-Encoding: gzip
x-powered-by: Express
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
Access-Control-Max-Age: 1800
Connection: keep-alive
Content-Length: 33806
Expires: Fri, 23 Dec 2022 18:48:03 GMT

GET
H2 200 smtr Show response
contextual.media.net/ Frame 8549 86 KB
31 KB 305ms
305ms Script
text/javascript 184.29.128.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=0&cid=8CU7Q771E&cpcd=QcqgoxBu_JEBy1__-rrJcw%3D%3D&crid=531436763&size=728x90&cc=CA&sc=QC&chnm=HARMONY&pid=8PO6CSQ66&tpid=T110S06&https=1&vif=2&requrl=https%3A%2F%2Fexeo.app%2FixXzPT&nse=5&vi=1671820983414785806&lw=1&ugd=4&adt1=8CUU9JF8H&adt2=410519468&itid=17&bae=B4xBqgBzqg&bcpf=B8fOnRrolnfOur84xBqgBzqg&bdrId=313&ntv=0&matchstring=hr%3D0%7C&katpre=1&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&katbid=-21&katid=808076828&kapc=29&ekals=775EJvu99uW%7C%7CE7vu%7C%7CjY8OverJk%7C%7C1ywjvz1%7C%7C77OvW&kata=aton&ekalog=PPVrvfV1UP%2FZ2A%204Aequ%3Dl4%7C%7CbVvfiXf%7C%7CqVrv9%7C%7C%3DVvfiXF%7C%7CcVvfiXF%7C%7Cc0_rvFH9%7C%7C_TVrvF%7C%7C_0_rvh9FX9XhWhh9HWAF%7C%7CbVrvW&pgid=p1549000777t202212231843&newfl=1&nb=1&cadomain=tzR-hLcl-L81q0bo4F7GnA3mMwDIDjC2d77KxBXphR_fTCDUsmLZYQ%3D%3D&allsc=QC

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU7Q771E

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.29.128.24 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-29-128-24.deploy.static.akamaitechnologies.com

Software

Resource Hash

db9ecd413f476e5f3c0a83540a7d61bee02e7ac4529a3f35b1386090a54215c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
x-sc-h: 21-mr5d
timing-allow-origin: *
content-length: 31772
expires: Fri, 23 Dec 2022 18:43:03 GMT

GET
H2 200 bping.php
lg3.media.net/ Frame 8549 15 B
15 B 40ms
21ms Image
text/html 23.205.72.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?vgd_len=541&&vgd_cdv=839&vgd_cage=1&gdpr=0&prid=8PRVCXX19&cid=8CU7Q771E&crid=531436763&vi=1671820983414785806&ugd=4&lf=6&cc=CA&sc=QC&lper=100&wsip=2886993991&r=1671820983455&requrl=https%3A%2F%2Fexeo.app%2FixXzPT&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=16276&vgd_rakh=1671820983163339232&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fnmedianet.js&vgd_hb_audit_1=8CUU9JF8H&vgd_hb_audit_2=410519468&vgd_pgid=p1549000777t202212231843&vgd_pgids=1&vgd_uspa=0&hvsid=00001671820983451025035145478613&gdpr=0&vgd_l2type=scs_newfl&vgd_end=1

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.72.21 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-72-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=21600
date: Fri, 23 Dec 2022 18:43:03 GMT
server: Apache
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: max-age=68082
content-length: 15

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 7E25 26 KB
9 KB 41ms
39ms Document
text/html 184.29.128.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUU9JF8H&prvid=99%2C77%2C4%2C20000%2C313%2C10000%2C9%2C319%2C294&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.29.128.24 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-29-128-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

339867a8c23fcd59c6e08f75d1e940eac48da82321c41b21980f652e7a465346

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 9327
content-type: text/html; charset=UTF-8
date: Fri, 23 Dec 2022 18:43:03 GMT
expires: Sun, 25 Dec 2022 18:43:03 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 clog
hblg.media.net/ Frame 8549 35 B
199 B 21ms
20ms Image
image/gif 23.205.72.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hblg.media.net/clog?logid=awlog&pixel_len_bucket=4729&lper=1&itypeid=17&itype=ADX&cc=CA&cid=8CUU9JF8H&reqid=oWgDeqH12fRpDin5wNouCw&vid=oWgDeqH12fRpDin5wNouCw&dn=exeo.app&rawDn=exeo.app&pid=8PR113JGC&ugd=4&fleet=appnexus-ee&requrl=https%3A%2F%2Fexeo.app%2FixXzPT&cliIPV6=2607%3A5300%3A0060%3A0000%3A0000%3A0000%3A0000%3A0000&cliIPType=v6&coppa_enf=true&lmt_status=N&lmt_applied=N&lmt_enf=true&dnt_enf=false&geo_source=2&sc=CA-QC&ct=Montreal&pubid=pub-ADX-116310109131&tgtval=pub-ADX-116310109131&csip=rtb-appnexus-ee-7c44c646b9-mfsdg.SC&dtc=east_sc&zone=d&sd=1&ptype=23&tmax=300&xtmax=290&gdpr=0&app=0&sat=1&device_id=4&asn=514&sckfl=1&suid=CAESEOnnocDKxvRCTMf74XAn2po&smbrid=adx-unknown&cxtSgmt=long_tail_information_technology_jobs&usp_status=0&usp_enf=1&gqid=ADdJoTvd6xTVM5muHf7cAPRGkUix3TxzW90sDqHUGoum0hG_gO2YkotrBnIwFn4jVEBwZMuu&pexid=ADX-pub-3831894559014614&geoll=false&is_ortb=false&s_ip=74.125.19.8&s_city=morganton&commit_id=48929b14&ocurr=USD&omul=1.0&currsrc=API&currsrc_date=2022-12-23+00%3A00%3A00&schain_cmpl=0&dummy_vsid=false&amptype=1&second_call=false&supply_cc=CA&ipcc=CA&rtttime=70&pvid=313&prvAccId=531436763&prvApiId=8CU7Q771E&adj0=0.0&adj1=0.0&adj2=0.0&pst=0&crid=410519468&prspt=headerBid&prvReqId=95182431685869_1834146521_41051946813131&reqsize=728x90&size=728x90&chnl=HARMONY&bdp=0.040&cbdp=0.026&og_cbdp=0.040&ogbdp=0.04&pv_adtype=0&res_mtype=0&mnet_ckfl=0&ckfl=0&be=0&cat=IAB-3&advUrl=https%3A%2F%2Ftopics.businessfocus.online&dfpBd=0.026&dt=O&dbf=1&epc=531436763&s=1&snm=SUCCESS&pcrid=8CU7Q771E-531436763-52-14&tpbTkn=false&exid=31&bidflr=0.010&pbidflr=0.010&opbidflr=0.010&spbf=0&viewability=71&slotVisibility=1&adpos=1&iframingState=0&sbdrid=196&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Csch%3D1%7Cclt%3D3%7CssProfile%3D0%7Cdbr%3D1%7Ctpi%3D1&mnrf=0&seat=BID_API&brsrclk=0&bidrestime=1671820982855&fpuReq=0&bfs=103&acsn=1&ybnca_erpm=0.04&dmm_erpm=true&dmm_ogerpm=false&bcrid=1700080807682800728009000000500&strg=HARMONY&vls=0&scrid=1700080807682800728009000000500&mang=1&pvdTmax=218&fpusp=false&ae=false&epcexp=false&moau=true&incentive_type=0&ucrid_ver=2&omid=0&spIvt=3&spSource=0&spTo=3&spIsReq=3&spFst=0&spCst=0&mx_sbp=-10.0&mx_sua_cvg=1111111&mx_epbc=8CU7Q771E&mx_SPRIG=2&mx_bsBucket=0&mx_ssProfile=0&mx_sua_os_n=Windows+NT&mx_lr=0&mx_TAS=1&mx_g_one_uid_sent=None&mx_uid_sent=0&mx_sua_os_v=10.0&mx_bsBucketRa=0&mx_sid=8CUU9JF8H&mx_SC=0&mx_lr_seg_deal=0&mx_aqcpl_crid=0&mx_nsz=1&mx_GCID=0&mx_maq_call=false&mx_aurt=0&mx_sua_model=x64&mx_crsw_exp=cbx1&mx_tgs=728x90&mx_bsProfileRa=0&mx_IAB2=2&mx_bss_algos%3C%3E=0&mx_aurl_hc=0&mx_aabpc=0&mx_PC=1&mx_UCC=5&mx_crsw_bckt=A1&mx_isLossNtf=false&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=3&mx_gpid_sent=false&mx_commit_id=666c5078e6&acid=55145fd0ff824c8aa3851716f401eb19&rtime=16.0&wsip=mowx-lite-6c9b7f6669-8xb7q&ltime=28.0&act=headerBid&abs=0%7C0%7Cxtmax%3D290%7Cbrr%3D0&adtypes=0&adblk=2310731849&impId=1&reftime=0&reftype=0&sticky=false%7Cfalse%7Ctrue&psrc=fail&mowxReqId=55145fd0ff824c8aa3851716f401eb19_1&policy_enf=2&pub_blk_enf=1&renderer=0&ifst=0&ifdp=0&media=0&req_mtype%3C%3E=0&vcmplrt=-1.0&ctr=6.4073136E-4&ctr_vendor=EXCHANGE&rfc=-1&feedback_id=oWgDeqH12fRpDin5wNouCw&mnrfc=-1&viewability_vendor=EXCHANGE&actltime=28&mp_seg%3C%3E=10000740&debug_ts=2022-12-23+18%3A43%3A02&__expireat=1671821583110&mview=1&rme=adm&bdata=sd2%3Dnull~iurl_l%3D20~ogerpm%3D0.04~vw_exc%3D0.71~vis_sd%3D564~dc2%3D1~scd%3Dqc~v_asn%3D16276~vl2r_sd%3D2022122312~iurl_b%3D1948.63~url_tkc%3D0~std%3D~last%3D~vis_url_b%3D0.86~ip%3D19L3rJI3UMirDVFMi3AQN2~fbb%3D0~vis_url_l%3D20~riipua%3D2%2C2~et%3D15~rc%3D1~risuid%3D0%2C0~rps_sd%3D2022122313~vis_b%3D807.89~url_b%3D0.51~vl2r_url_b%3D0~vl2r_url_vi%3D1E-16~url_tvi%3D0~url_l%3D20~gcat%3D-1~bb%3D196~vv%3D0~l2r_b%3D1000~erpm%3D0.04~vl2r_url_kc%3D0E0~bm%3D1~sid%3D531436763~sd%3D1~uid%3D2IaGhMmguJnj7vaixY~btd%3D267006623368984943520230472046646019753958732108090596364724446628081713638789180314170881998848~d2p_l%3D30~3pcf%3D1000.31~uim%3D0~dmm_strg%3Dharmony~d2p_b%3D0.97~ogd2p_b%3D0.95~vurl_b%3D0.83~ss%3DNA~uiw%3D-1~ce%3D0~rps_b%3D63.5~vurl_l%3D20~CI%3D2811~nts%3D1~tb%3D-1~ct%3Dmontreal~basis2%3D196~basis1%3D196~isRef%3D0~ivurl_b%3D1.21~isif%3D0~lc%3D1~bid%3D0.04~dc%3D8~vl2r_b%3D0.83~ivurl_l%3D20~supply_tag_id%3D%7Eviewability%3D0.71%7Eamp%3D1%7Ecbdp%3D0.026%7Edmm%3Dharmony%7Esuid%3DCAESEOnnocDKxvRCTMf74XAn2po%7Esgmt%3Dlong_tail_information_technology_jobs%7Esd%3D1%7Edtc%3Deast_sc%7Exid%3DADX-pub-3831894559014614%7Edalg%3Ddefault%7Ehtml%3D1%7Eadblk%3D2310731849%7Esobp%3D%7Ectr%3D6.4073136E-4%7Ebdpcapd%3D0%7Edmm_erpm%3Dtrue%7Ebflr%3D0.010%7Eogbid%3D0.040%7Eac_type%3D1%7Eitype_id%3D17%7Eseller_tag_id%3D%7Edetected_tag_id%3D%7Edcut%3D35%7Edogb%3D0-1~ibc%3D1~mxe%3Dcbx1~mxbn%3DA1~nsz%3D1~tgs%3D728x90~bsb%3D0~bsp%3D0~tmx%3D218&utime=607&sf=0&cpr=0.5792599250231014

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.72.21 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-72-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: max-age=3600
date: Fri, 23 Dec 2022 18:43:03 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
server: Apache
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=21600
content-length: 35
expires: Sat, 24 Dec 2022 00:43:03 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F43D 1 KB
643 B 21ms
19ms Document
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 19856
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 23 Dec 2022 13:12:07 GMT
etag: 48472445140208031
expires: Sat, 24 Dec 2022 13:12:07 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 8549 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2bce40034e4d97156c3e5a0e93f4ae98e2e4b685e77e8d5a9703ea5231eefaca

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

cksync
cs.media.net/ Frame 7E25
Redirect Chain

https://cm.g.doubleclick.net/pixel?cs=6&google_nid=media&google_cm=1&google_hm=MzE0ODIyNTgzMTQ1NDczNzAwMFYxMA%3D%3D&google_sc=1
https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEMqsuCzpW2kFuXIobharybw&google_cver=1

45 B
446 B

59ms
43ms

Image
image/gif

23.205.72.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEMqsuCzpW2kFuXIobharybw&google_cver=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUU9JF8H&prvid=99%2C77%2C4%2C20000%2C313%2C10000%2C9%2C319%2C294&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1
Protocol: H2
Server: 23.205.72.21 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-72-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:03 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 45
x-mnet-hl2: E
expires: Fri, 23 Dec 2022 18:43:03 GMT

Redirect headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEMqsuCzpW2kFuXIobharybw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F43D
Redirect Chain

https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEDm9zC_O1-zyWtAnI6pCWeM&google_cver=1&google_push=AavPq0PzPzDs6x_cBk0_Kz6L99IAsOEp0dts9_xjPkaj9F1AoFsKR-n...
https://dclk-match.dotomi.com/match/bounce/current?DotomiTest=4535af307915140f&is_secure=true&networkId=14000&version=1&google_gid=CAESEDm9zC_O1-zyWtAnI6pCWeM&google_cver=1&google_push=AavPq0PzPzDs...
https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAAHIFe__HaxiwNVb3qnAAAAAAA&expiration=1671907383&google_cver=1&is_secure=true&google_gid=CAESEDm9zC_O1-zyWtAnI6pCW...

170 B
188 B

36ms
36ms

Image
image/png

142.251.40.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAAHIFe__HaxiwNVb3qnAAAAAAA&expiration=1671907383&google_cver=1&is_secure=true&google_gid=CAESEDm9zC_O1-zyWtAnI6pCWeM&google_push=AavPq0PzPzDs6x_cBk0_Kz6L99IAsOEp0dts9_xjPkaj9F1AoFsKR-nocgDnyyp_-RhEENk1Wda5ei9bI0IMPiA0mKkHApcUoe2p

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.251.40.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:03 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAAHIFe__HaxiwNVb3qnAAAAAAA&expiration=1671907383&google_cver=1&is_secure=true&google_gid=CAESEDm9zC_O1-zyWtAnI6pCWeM&google_push=AavPq0PzPzDs6x_cBk0_Kz6L99IAsOEp0dts9_xjPkaj9F1AoFsKR-nocgDnyyp_-RhEENk1Wda5ei9bI0IMPiA0mKkHApcUoe2p
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame F43D
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESECHFHRGE47UndsLMmzzdk00&google_cver=1&google_push=AavPq0NRnP-LfxL2mNJGoKuJGgLIj8opibhT84MMkQOZIvfYHNYnyuT3pxvN7KlXQAO_Dg9nT0YgG9xZNm4a7BOS7qG6sdSe8Ts&r...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECHFHRGE47UndsLMmzzdk00&google_cver=1&google_push=AavPq0NRnP-LfxL2mNJGoKuJGgLIj8opibhT84MMkQOZIvfYHNYnyuT3pxvN7KlXQAO_Dg9nT0YgG9xZNm4a7BOS7qG6sdSe8Ts...

43 B
412 B

121ms
104ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECHFHRGE47UndsLMmzzdk00&google_cver=1&google_push=AavPq0NRnP-LfxL2mNJGoKuJGgLIj8opibhT84MMkQOZIvfYHNYnyuT3pxvN7KlXQAO_Dg9nT0YgG9xZNm4a7BOS7qG6sdSe8Ts&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAavPq0NRnP-LfxL2mNJGoKuJGgLIj8opibhT84MMkQOZIvfYHNYnyuT3pxvN7KlXQAO_Dg9nT0YgG9xZNm4a7BOS7qG6sdSe8Ts%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:03 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 77e33d9c7d073fd2-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:03 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 286
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECHFHRGE47UndsLMmzzdk00&google_cver=1&google_push=AavPq0NRnP-LfxL2mNJGoKuJGgLIj8opibhT84MMkQOZIvfYHNYnyuT3pxvN7KlXQAO_Dg9nT0YgG9xZNm4a7BOS7qG6sdSe8Ts&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAavPq0NRnP-LfxL2mNJGoKuJGgLIj8opibhT84MMkQOZIvfYHNYnyuT3pxvN7KlXQAO_Dg9nT0YgG9xZNm4a7BOS7qG6sdSe8Ts%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 77e33d9bbbfd3fd2-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F43D
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEEJmbpSZutYA2SX0F0vKp7Y&google_cver=1&google_push=AavPq0NErGNOlN5FMO2uySiQEJ0b7G5HUj0uA4R9qzGZYB1K8XQ8BROULF4wtWquiPvFeIJZ7nKuuBd1e7-4lZFdcYu78hehvgro
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFE5E8AC8C5F4D99B891BAA8A305B6A6&google_push=AavPq0NErGNOlN5FMO2uySiQEJ0b7G5HUj0uA4R9qzGZYB1K8XQ8BROULF4wtWquiPvFeIJZ7nKuuBd1e7-4lZF...

170 B
188 B

47ms
38ms

Image
image/png

142.251.40.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFE5E8AC8C5F4D99B891BAA8A305B6A6&google_push=AavPq0NErGNOlN5FMO2uySiQEJ0b7G5HUj0uA4R9qzGZYB1K8XQ8BROULF4wtWquiPvFeIJZ7nKuuBd1e7-4lZFdcYu78hehvgro

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.251.40.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 23 Dec 2022 18:43:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFE5E8AC8C5F4D99B891BAA8A305B6A6&google_push=AavPq0NErGNOlN5FMO2uySiQEJ0b7G5HUj0uA4R9qzGZYB1K8XQ8BROULF4wtWquiPvFeIJZ7nKuuBd1e7-4lZFdcYu78hehvgro
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 22 Dec 2022 18:43:03 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F43D
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEApr8JIq0Sdg7jYtnqCStdQ&google_cver=1&google_push=AavPq0P-K2inoiUo64Fv_EFgxyUCBDA16F9yIu1_26Z8YZJOKC3ujhPN93XvyFJ5O1M5ryKBD6A4aSg6mVv5xbvAqHDW...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEApr8JIq0Sdg7jYtnqCStdQ&google_cver=1&google_push=AavPq0P-K2inoiUo64Fv_EFgxyUCBDA16F9yIu1_26Z8YZJOKC3ujhPN93XvyFJ5O1M5ryKBD6A4aSg6mVv5xb...
https://t.pswec.com/bsw_sync?ssp=google&bsw_user_id=95101237-887a-4059-ab0c-dceb4f397408
https://t.pswec.com/ul_cb/bsw_sync?ssp=google&bsw_user_id=95101237-887a-4059-ab0c-dceb4f397408
https://x.bidswitch.net/sync?dsp_id=2&user_id=b0ec8122-bcdd-4925-a188-929ac9eff74a&expires=3&user_group=1&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AavPq0P-K2inoiUo64Fv_EFgxyUCBDA16F9yIu1_26Z8YZJOKC3ujhPN93XvyFJ5O1M5ryKBD6A4aSg6mVv5xbvAqHDW9KTUbfdH&google_hm=lRASN4h6QFmrDNzrTzl0CA==

170 B
188 B

37ms
36ms

Image
image/png

142.251.40.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AavPq0P-K2inoiUo64Fv_EFgxyUCBDA16F9yIu1_26Z8YZJOKC3ujhPN93XvyFJ5O1M5ryKBD6A4aSg6mVv5xbvAqHDW9KTUbfdH&google_hm=lRASN4h6QFmrDNzrTzl0CA==

Protocol

Server

142.251.40.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AavPq0P-K2inoiUo64Fv_EFgxyUCBDA16F9yIu1_26Z8YZJOKC3ujhPN93XvyFJ5O1M5ryKBD6A4aSg6mVv5xbvAqHDW9KTUbfdH&google_hm=lRASN4h6QFmrDNzrTzl0CA==
Date: Fri, 23 Dec 2022 18:43:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F43D
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAavPq0MrP2dfrnuC_PNzAh__w-Nli3_om1qsyWn6hYrGwFwvzId1yUCYE5v_MTiHCK2sUiihnGNDdEVmXN...
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AavPq0MrP2dfrnuC_PNzAh__w-Nli3_om1qsyWn6hYrGwFwvzId1yUCYE5v_MTiHCK2sUiihnGNDdEVmXN741rPNfkm4fZUQCj23&google_hm=32101165-8128-4682-8e...

170 B
188 B

80ms
39ms

Image
image/png

142.251.40.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AavPq0MrP2dfrnuC_PNzAh__w-Nli3_om1qsyWn6hYrGwFwvzId1yUCYE5v_MTiHCK2sUiihnGNDdEVmXN741rPNfkm4fZUQCj23&google_hm=32101165-8128-4682-8e9c-98ce5304d675

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.251.40.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 23 Dec 2022 18:43:03 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-65
Content-Type: text/plain; charset=utf8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AavPq0MrP2dfrnuC_PNzAh__w-Nli3_om1qsyWn6hYrGwFwvzId1yUCYE5v_MTiHCK2sUiihnGNDdEVmXN741rPNfkm4fZUQCj23&google_hm=32101165-8128-4682-8e9c-98ce5304d675
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F43D
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEDyDJuj3ngIichz85wE6KII&google_cver=1&google_push=AavPq0NCab83W9ufBf2QkbBlT_V0eno17i9g5alDfU4iz3qUAY8katISPlC0puSRSNafESL56I0pnwIfZS_sZBKS5UxSMN...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEDyDJuj3ngIichz85wE6KII&google_cver=1&google_push=AavPq0NCab83W9ufBf2QkbBlT_V0eno17i9g5alDfU4iz3qUAY8katISPlC0puSRSNafESL56I0pnwIfZS_sZBKS...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=McKpm-RqTK2tNX9xB4DR5Q&google_push=AavPq0NCab83W9ufBf2QkbBlT_V0eno17i9g5alDfU4iz3qUAY8katISPlC0puSRSNafESL56I0pnwIfZS_sZBK...

170 B
188 B

65ms
39ms

Image
image/png

142.251.40.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=McKpm-RqTK2tNX9xB4DR5Q&google_push=AavPq0NCab83W9ufBf2QkbBlT_V0eno17i9g5alDfU4iz3qUAY8katISPlC0puSRSNafESL56I0pnwIfZS_sZBKS5UxSMNBlkxNK

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.251.40.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=McKpm-RqTK2tNX9xB4DR5Q&google_push=AavPq0NCab83W9ufBf2QkbBlT_V0eno17i9g5alDfU4iz3qUAY8katISPlC0puSRSNafESL56I0pnwIfZS_sZBKS5UxSMNBlkxNK
access-control-allow-origin: *
date: Fri, 23 Dec 2022 18:43:03 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F43D
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEKAnJp_UwQdnWwjA4QrBrQ&google_cver=1&google_push=AavPq0OxVKFMwqtsmAZ9Aw2uuK4tiPyPIxLElJfjPj26E1E2EYNQjvLEaRqVhKD1oHfxVEWYED...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEKAnJp_UwQdnWwjA4QrBrQ&google_cver=1&google_push=AavPq0OxVKFMwqtsmAZ9Aw2uuK4tiPyPIxLElJfjPj26E1E2EYNQjvLEaRqVhKD1oHfxVEWYED...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1kY2hRaWZaRTJ1SEtCa1BuNW9GWDdPWGsxRHExSUw4M35B&google_push=AavPq0OxVKFMwqtsmAZ9Aw2uuK4tiPyPIxLElJfjPj26E1E2EYNQjvLEa...

170 B
188 B

49ms
37ms

Image
image/png

142.251.40.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1kY2hRaWZaRTJ1SEtCa1BuNW9GWDdPWGsxRHExSUw4M35B&google_push=AavPq0OxVKFMwqtsmAZ9Aw2uuK4tiPyPIxLElJfjPj26E1E2EYNQjvLEaRqVhKD1oHfxVEWYEDbQb10GRQJh8Rg9yeQr9PFzNX0GFg

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.251.40.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1kY2hRaWZaRTJ1SEtCa1BuNW9GWDdPWGsxRHExSUw4M35B&google_push=AavPq0OxVKFMwqtsmAZ9Aw2uuK4tiPyPIxLElJfjPj26E1E2EYNQjvLEaRqVhKD1oHfxVEWYEDbQb10GRQJh8Rg9yeQr9PFzNX0GFg
date: Fri, 23 Dec 2022 18:43:03 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame F43D 0
232 B 87ms
34ms Image
text/html 142.251.40.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jt_hE55Cb_Kyyj98VqakaGLBGrWNhf3OWKqynZC1pNcHBFGI27SdyASDuyUr2Be1XoG58rLQ

Requested by

Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK bfp_ssn.js Show response
pxlclnmdecom-a.akamaihd.net/javascripts/ Frame 1609 12 KB
4 KB 20ms
20ms Document
text/html 104.126.116.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=3
Requested by: Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU7Q771E&noCookies=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.126.116.147 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-116-147.deploy.static.akamaitechnologies.com
Software: / Express
Resource Hash: 7ec5561af74114c3b4b8e0a3e4e2d6f0718e60449f99d4266d8c026bfba8ddcc

Request headers

Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1800
Cache-Control: max-age=300
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 3751
Content-Type: text/html; charset=utf-8
Date: Fri, 23 Dec 2022 18:43:03 GMT
Expires: Fri, 23 Dec 2022 18:48:03 GMT
Vary: Accept-Encoding
x-powered-by: Express

POST
H2 200 ptmdP
dts.clnmde.com/ Frame 8549 7 B
366 B 72ms
37ms Ping
text/html 34.111.96.116
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dts.clnmde.com/ptmdP
Requested by: Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU7Q771E&noCookies=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.96.116 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 116.96.111.34.bc.googleusercontent.com
Software: / Express
Resource Hash: aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Request headers

Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 23 Dec 2022 18:43:03 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-powered-by: Express
etag: W/"7-Jgyp3YpFd/wAt71YECmAdg"
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
content-length: 7
alt-svc: clear

GET
H2 200 ptmdDual
dts6.clnmde.com/ Frame 8549 70 B
335 B 72ms
37ms Image
image/gif 2600:1901:0:cba2::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dts6.clnmde.com/ptmdDual?t=%7B%22gh%22%3A%2216718209835803701951438%22%2C%22za%22%3A1%2C%22gcd%22%3A1671820983601%2C%22al%22%3A3%2C%22bcnd%22%3A1%7D
Requested by: Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:cba2:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:03 GMT
via: 1.1 google
x-powered-by: Express
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
alt-svc: clear

GET
H2 200 cenw.js Show response
dts.clnmde.com/ Frame 1609 36 B
355 B 61ms
37ms XHR
text/html 34.111.96.116
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dts.clnmde.com/cenw.js
Requested by: Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.96.116 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 116.96.111.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 81b177fc54eb90fe204553a9f899b3e975996e50ae367a46e366de3266b13bbf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pxlclnmdecom-a.akamaihd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:03 GMT
via: 1.1 google
etag: W/"24-ORdCwocdw+ARctUmpNxqtg"
x-powered-by: Express
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
content-length: 36
alt-svc: clear

GET
DATA 200
OK truncated
/ Frame 22BC 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 22BC 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 22BC 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK Raleway-bold.woff
res-a.akamaihd.net/__media__/fonts/Raleway-bold/ Frame 22BC 31 KB
31 KB 89ms
21ms Font
application/font-woff 23.204.152.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://res-a.akamaihd.net/__media__/fonts/Raleway-bold/Raleway-bold.woff
Requested by: Host: 6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
URL: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 23.204.152.27 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e789f7935d6d7776a0c2341570220c445bc1c493381518c085e641f9128b8938

Request headers

Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
Origin: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 23 Dec 2022 18:43:03 GMT
Last-Modified: Mon, 16 May 2016 10:39:41 GMT
Server: nginx
ETag: "5739a36d-7cc4"
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31940

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 22BC 15 B
159 B 20ms
20ms Script
text/html 23.205.72.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?vgd_len=5238&&&vgd_l2type=scs_newfl&fp=CCzR5U7Pj0VSq-x9T8aKmPuZMYUK1pN6VpVefVE9N8C2a87ycG-slqP3b5TjDLz4o_mMqH7Dk3UP8UPSfNomXJKCyqRlpCsmZDClvCSxBXvHLb7NZYcds_apdNRwlCxD&cme=ECXoKSfXcn4IfDHUyWDKBJdQD0jMMY16vX7-DwNDtX3jlN07DsXpYSq3xXH5c0Ry09HFmJyHG2cHiQBV440Xfxp3I-Va5de5CtlhHuRq_njxWr49_haoo47-rqZ233rpmC79Ja3bKitF8Pj59XazKyhmdEZah8zKzVPoNHXcFoH1LN8dmPe17M-PfUKOg0nLzBkXHWJKsZYVKQCE5Ww_osLQdxxhxtylXF_U8SReqeBk70t3L6uT01E2XXrxSa4IkHHcQkDD0-YQbGrJyz-AB8MQMhr9Ug0sqs9j0R_2vJs%3D%7C%7Cu8A6SM53vAcxkZY9VHWafLSuY-HKDieQ%7CYfC2eZepuu0iO4bN1L0Y5DHOMnHYLvLj%7CdsA6EMpZ47R6ljdz__nQtthZoUpm2bb5%7Ca0AmFUYXmD461RyLAaVIq68F3P1HIWcjqrwGYi8D-sk%3D%7C9zuFdk8QYJCaHWNVd55WArXjYkCRqZ_NFheyIC3L83KgDycamgxQrYE5dd02fNpqwJBSbA5_b3IkBwiCT-EpW1BbLLUbjLlONf0L7-363qMVoF5uADx5Lefpj5tqzBg6ajMhjkSau_isu1tQdH5VM9NQ0DQWDU4YUIyrGb6jRFWhRMSwLMlL8GpKU76LimDpoHtBTntaEUMmR0amVO9HYPr_oIxXITjrjf4hG9S7O4_Kf60MSfmEEkooJb2al3GN%7C&ksu=224&fdkt=267&vgde_kbbh=fuoyxQBuG&kwd[]=Free+Phone+Calls&kwt[]=267&kbc[]=250088&kwp[]=1&kid[]=11627457&kbc2[]=250088%7C%7C%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C12%3D0.48%7C63%3D0.12%7C60%3D0.27%7C62%3D0.26%7C10%3D3.03%7C66%3D1.41%7C1%3D0.28%7C2%3D1.32%7Cps%3D0.443%7C3%3D0.11%7C4%3D2.55&ktd[]=274911527168&ktrkt[]=Free+Phone+Calls&kwd[]=Free+Mobile+Apps&kwt[]=267&kbc[]=250088&kwp[]=2&kid[]=208356129&kbc2[]=250088%7C%7C%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C12%3D0.41%7C63%3D0.12%7C60%3D0.80%7C62%3D1.68%7C10%3D3.03%7C66%3D0.60%7C1%3D0.78%7C2%3D2.29%7Cps%3D0.443%7C3%3D0.27%7C4%3D2.45&ktd[]=274911527168&ktrkt[]=Free+Mobile+Apps&kwd[]=Mobile+App+Developers&kwt[]=267&kbc[]=250088&kwp[]=3&kid[]=316624966&kbc2[]=250088%7C%7C%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C12%3D0.41%7C63%3D0.12%7C60%3D0.47%7C62%3D1.68%7C10%3D3.03%7C66%3D0.60%7C1%3D0.46%7C2%3D2.40%7Cps%3D0.443%7C3%3D0.43%7C4%3D1.79&ktd[]=274911527168&ktrkt[]=Mobile+App+Developers&kwd[]=Download+Zelle+App&kwt[]=267&kbc[]=250088&kwp[]=4&kid[]=350466785&kbc2[]=250088%7C%7C%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C12%3D0.99%7C63%3D0.12%7C60%3D0.84%7C62%3D0.71%7C10%3D3.03%7C66%3D0.58%7C1%3D0.88%7C2%3D2.65%7Cps%3D0.443%7C3%3D0.32%7C4%3D1.57&ktd[]=824650563840&ktrkt[]=Download+Zelle+App&v=1&geo=45.5%7C-73.58&dlper=20&lper=100&lpid=&tsid=4&hint=&cc=CA&wsip=170763202&bca=0&ugd=4&vgde_setid=Nfu&cid=8CU7Q771E&vi=1671820983414785806&vsid=3148225831454758&tdAdd[]=asnum%3D16276&vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D&vgd_implt=3&vgd_cage=2&vgd_l3_sc=QC&vgd_chost=contextual.media.net&vgd_hb_audit_1=8CUU9JF8H&vgd_hb_audit_2=410519468&vgd_kalog=UUID%3D2IakUVGZ3qE3vH1CzE%7C%7CSI%3D2952%7C%7CHID%3D0%7C%7CCI%3D2956%7C%7CMI%3D2956%7C%7CMPTD%3D640%7C%7CTLID%3D6%7C%7CTPTD%3D706505787704836%7C%7CSID%3D8&vgd_katid=808076828&vgd_katbid=-21&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_kals=ttype%3D10018%7C%7Cpt%3D1%7C%7Clmid%3DvDef%7C%7Caghl%3Dna%7C%7Cttd%3D8&vgd_pdtid=1&vgd_nrrv=4901&vgd_nrrmf=1ca0a&vgd_nrrsf=scrr&vgd_cty=montreal&&tdAdd[]=%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_ifrmode=11&vgd_l1rakh=1671820983163339232&tsrc=autotemplate&sttm=1671820983451&upk=1671820983.2966&hvsid=00001671820983451025035145478613&verid=3111299&vgd_matchstr=hr%3D0%7C&sbdrId=196&vgd_ecrid=1700080807682800728009000000500&vgd_isiolc=1&vgd_fcm_enc_mis=1&pid=8PO6CSQ66&&abpl=2&&kbbq=%26asn%3D16276&&vgd_vstrid=3148225831454758&vgde_bdata=QOfvzxjj~8xLjMjvf9~myJLEYv9.9H~eBMJ-Nv9.hu~e8QMQOvXFH~ONfvu~QNOv%20N~eM1QzvuFfhF~ejfLMQOvf9ffuffAuf~8xLjMGvuiHW.FA~xLjM7UNv9~Q7Ov~j1Q7v~e8QMxLjMGv9.WF~8EvuiTAL6VAPc8Lr%2Fsc8AKgIf~kGGv9~e8QMxLjMjvf9~L88Ex1vf%2Cf~J7vuX~LNvu~L8Qx8Ov9%2C9~LEQMQOvf9ffuffAuA~e8QMGvW9h.Wi~xLjMGv9.Xu~ejfLMxLjMGv9~ejfLMxLjMe8vu4ouF~xLjM7e8v9~xLjMjvf9~yN17vou~GGvuiF~eev9~jfLMGvu999~JLEYv9.9H~ejfLMxLjMUNv949~GYvu~Q8OvXAuHAFhFA~QOvu~x8OvfV1ZwcYyx6zdhe18-3~G7OvfFh99FFfAAFWiWHiHAXf9fA9Hhf9HFFHF9uihXAiXWhAfu9W9i9XiFAFHhfHHHFFfW9WuhuAFAWhWiuW9AuHuh9WWuiiWWHW~OfEMjvA9~AENkvu999.Au~x8Yv9~OYYMQ7Lyvw1LYmz5~OfEMGv9.ih~myOfEMGv9.iX~exLjMGv9.WA~QQvIK~x8Bvou~NJv9~LEQMGvFA.X~exLjMjvf9~%3DVvfWuu~z7Qvu~7Gvou~N7vYmz7LJ1j~G1Q8QfvuiF~G1Q8QuvuiF~8QDJkv9~8exLjMGvu.fu~8Q8kv9~jNvu~G8Ov9.9H~ONvW~ejfLMGv9.WA~8exLjMjvf9~QxEEj5M71yM8Ov~e8JB1G8j875v9.hu~1YEvu~NGOEv9.9fF~OYYvw1LYmz5~Qx8Ov%3DK4b4azzmNrC-eD%3D_ckhHtKzfEm~QyY7vjmzyM718jM8zkmLY178mzM7JNwzmjmy5MdmGQ~QOvu~O7NvJ1Q7MQN~-8OvKrtoExGoAWAuWiHXXi9uHFuH~O1jyvOJk1xj7~w7Yjvu~1OGjUvfAu9hAuWHi~QmGEv~N7LvF.H9hAuAF4oH~GOEN1EOv9~OYYMJLEYv7LxJ~GkjLv9.9u9~myG8Ov9.9H9~1NM75EJvu~875EJM8Ovuh~QJjjJLM71yM8Ov~OJ7JN7JOM71yM8Ov~ONx7vAX~OmyGv9ou~8GNvu~Y-JvNG-u~Y-GzvKu~zQlvu~7yQvhfW-i9~GQGv9~GQEv9~7Y-vfuW&vgd_optout=0&vgd_bhv_kbb=-1&vgd_cfud=220401&vgd_scsver=377&vgd_scr_h=1200&vgd_scr_w=1600&vgd_ect=4g&vgd_dtc=east_sc&vgd_mbr=1&vgd_l1rpth=%2Fnmedianet.js&vgd_pgids=1&&tdAdd[]=uiparams%3D%3Brend_w%3A728%3Brend_h%3A90&&vgd_uspa=0&vgd_sc=QC&vgd_l1rhst=contextual.media.net&hvsid=00001671820983451025035145478613&subBdr=196&bdrid=313&rc=0&rand=1671820983784&acid=55145fd0ff824c8aa3851716f401eb19&matm=1671820983784&requrl=https%3A%2F%2Fexeo.app%2FixXzPT&vgd_ltimesrc=1&vgd_ltime=615&vgd_rtime=531&vgd_etm=13&vgd_l1hcsd=Odsjj%7C8516&vgd_l1ch=1&vgd_lhl=2852&vgd_pgid=p1549000777t202212231843&vgd_adprefflag=11&vgd_csip=rtb-appnexus-ee-7c44c646b9-mfsdg.SC&vgd_sbSup=1&vgd_nrrs=4901&vgd_cntrdt=SF%7C6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com&vgd_eadm=1&vgd_end=1

Requested by

Host: exeo.app
URL: https://exeo.app/ixXzPT

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.72.21 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-72-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=21600
date: Fri, 23 Dec 2022 18:43:03 GMT
server: Apache
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: max-age=11572
content-length: 15

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame EA43 42 B
64 B 47ms
46ms Image
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvibArppxvy03czwQAfFoTrr9BYBYGLxNrOkf6tSQm3ei-RqSSRPnhGvtd4xDZ4e398P9j1Ax7hGk_es3ZwdwZ852d9DPm5SlZ7RNOXPeatNjuFGK76_krbsidbDPTwDuQ3Y04&sai=AMfl-YTK5d7qvkTIhTmVHp7IsS4PqiseH-AGBEI0mXiR6flbgQgqZYOa-CWQ2Mkz8qnUvRHGGnAd2kh6vWXYGAO5nFvSHQj7T66ZCT-1h-5nh9Qgm7bPwgkPgATfVpLGzOp81WYSaGAvhXR-sGR86XA&sig=Cg0ArKJSzHFT3koAdmrYEAE&cid=CAQSSwDq26N9Y2JKXqHkrOF0TN9HjFM6g9g-ifuwFCm5Lyfc78ZTkNiCVeg4DruQ0ivP7HSEliaC18X4aGI9nw_09fdX5g4KBqtu3LLhvxgBIBM&id=ampim&o=330,145&d=940,280&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,0,1001,1001&tos=0,0,0,1001,0&tfs=258&tls=1259&g=100&h=100&tt=1259&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://exeo.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ptmd
dts.clnmde.com/ Frame 8549 70 B
140 B 39ms
38ms Image
image/gif 34.111.96.116
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dts.clnmde.com/ptmd?t=16718209835803701951438_N4IgxmAWDWIFwG0QFYDMBGALKgbAdh1RAF0AaEABwEsATAF3iQAYTyAnAUwDMBVNgGwaIQrEAGc2YPoMYhIdOhTEBSVAEFlAJgBiW7RwAeHAPYA6AIYUKeqgYAaALwAKAFVEA3MQH1aQhADsAV35+MjlPH3pZJhimdHx0AA5NJgBORNRMZHQmTWQmVGyszDxEnHQiMLBAsTpIvxBEgGEePABFPDx0AFFRMDZ3WWAAHRQMbHxCUbgRkDoATwoOadH+yNHSUfcqdfhR+K7ktIzMLFLkRKYcDdHICNoVkFi4hKP0zOzc-MKsZBKyiqjAC+QNE-nMjEwmlSmFS+E0OEwpAqmCYiTwBVSpDQMUSmAyTDC4LE8Gh5Co5gAtoxCeTzCS4IlyIZ4E8QOQxGBjKyDkkUu8vIkcqlNJpUDE-kQOVyuPB0NLjEIQLy3hlBcLReKmJLBQAjFLo3U5TRgVIcVAcZBcLgcGjoMBnRK2xK60rs8RcuiyuDyj2KmisgByandnP93oAtJpmdAIXAQOZNOhXUwuEwI8kuOgI+h0LaI6kLWAI0w8Kl0Im8BwXVwITHdXLyGBPKzZvxjGBzPwvLVjGxzABzZZ7BNJlNpjOaLM5vM0AtFktliuaKs18w3cQcMRiKjGfw9uh9wfDuCjRPJjETzPZ3P5wscYul8uV6u62sbrnGaBUDheGjmOh1xHc9x3Ta8ZzvBcn2XVc3yA0FyUGOAmFMZAOUAugakhUhUFQHCkUKHCcBwvAcKZVAsTJMVkVSMIHDjX0KAHVlBnIAdIB5V5+QyC4CgxdBUiKVBEndFt4xwUwUOyPB3S7eA8JALgwHgHNmToKhOMObipXAMAA3jJoQ3Q5jkI5WB4xVbT1TSTUJWwd0OCoCgeVhVCJPQNBTHQMtRI4NhWQoNhjADZlAgY8hAg0n1mXcfhGFAcFKQ4VldVoGg-Mid1-0A+BQFSmh0rYTL4wwHTtmK5UuOOTJHV4nAQBBUgEqpZL43MMBaCygC41AdrOvjZAiitGhUy4ZJMDARJzHMYTpPiLhUTzI1UlEnZ+sqrTqtOf46oaoEwgoMSEDCMR+FqTS+Wq5AundfhvV9apagq5pWg6LpenIcr1ssrbasueq2OUn0qvSU40nIABHVrfS4KLNCBIA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.96.116 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 116.96.111.34.bc.googleusercontent.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:04 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-powered-by: Express
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
alt-svc: clear

GET
H2 200 log
hblg.media.net/ Frame 8549 35 B
200 B 19ms
19ms Image
image/gif 23.205.72.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hblg.media.net/log?log=kfk&evtid=adplog&&lper=1&itypeid=17&itype=ADX&cc=CA&cid=8CUU9JF8H&reqid=oWgDeqH12fRpDin5wNouCw&vid=oWgDeqH12fRpDin5wNouCw&dn=exeo.app&rawDn=exeo.app&pid=8PR113JGC&ugd=4&fleet=appnexus-ee&requrl=https%3A%2F%2Fexeo.app%2FixXzPT&cliIPV6=2607%3A5300%3A0060%3A0000%3A0000%3A0000%3A0000%3A0000&cliIPType=v6&coppa_enf=true&lmt_status=N&lmt_applied=N&lmt_enf=true&dnt_enf=false&geo_source=2&sc=CA-QC&ct=Montreal&pubid=pub-ADX-116310109131&tgtval=pub-ADX-116310109131&csip=rtb-appnexus-ee-7c44c646b9-mfsdg.SC&dtc=east_sc&zone=d&sd=1&ptype=23&tmax=300&xtmax=290&gdpr=0&app=0&sat=1&device_id=4&asn=514&sckfl=1&suid=CAESEOnnocDKxvRCTMf74XAn2po&smbrid=adx-unknown&cxtSgmt=long_tail_information_technology_jobs&usp_status=0&usp_enf=1&gqid=ADdJoTvd6xTVM5muHf7cAPRGkUix3TxzW90sDqHUGoum0hG_gO2YkotrBnIwFn4jVEBwZMuu&pexid=ADX-pub-3831894559014614&geoll=false&is_ortb=false&s_ip=74.125.19.8&s_city=morganton&commit_id=48929b14&ocurr=USD&omul=1.0&currsrc=API&currsrc_date=2022-12-23+00%3A00%3A00&schain_cmpl=0&dummy_vsid=false&amptype=1&second_call=false&supply_cc=CA&ipcc=CA&rtttime=70&pvid=313&prvAccId=531436763&prvApiId=8CU7Q771E&adj0=0.0&adj1=0.0&adj2=0.0&pst=0&crid=410519468&prspt=headerBid&prvReqId=95182431685869_1834146521_41051946813131&reqsize=728x90&size=728x90&chnl=HARMONY&bdp=0.040&cbdp=0.026&og_cbdp=0.040&ogbdp=0.04&pv_adtype=0&res_mtype=0&mnet_ckfl=0&ckfl=0&be=0&cat=IAB-3&advUrl=https%3A%2F%2Ftopics.businessfocus.online&dfpBd=0.026&dt=O&dbf=1&epc=531436763&s=1&snm=SUCCESS&pcrid=8CU7Q771E-531436763-52-14&tpbTkn=false&exid=31&bidflr=0.010&pbidflr=0.010&opbidflr=0.010&spbf=0&viewability=71&slotVisibility=1&adpos=1&iframingState=0&sbdrid=196&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Csch%3D1%7Cclt%3D3%7CssProfile%3D0%7Cdbr%3D1%7Ctpi%3D1&mnrf=0&seat=BID_API&brsrclk=0&bidrestime=1671820982855&fpuReq=0&bfs=103&acsn=1&ybnca_erpm=0.04&dmm_erpm=true&dmm_ogerpm=false&bcrid=1700080807682800728009000000500&strg=HARMONY&vls=0&scrid=1700080807682800728009000000500&mang=1&pvdTmax=218&fpusp=false&ae=false&epcexp=false&moau=true&incentive_type=0&ucrid_ver=2&omid=0&spIvt=3&spSource=0&spTo=3&spIsReq=3&spFst=0&spCst=0&mx_sbp=-10.0&mx_sua_cvg=1111111&mx_epbc=8CU7Q771E&mx_SPRIG=2&mx_bsBucket=0&mx_ssProfile=0&mx_sua_os_n=Windows+NT&mx_lr=0&mx_TAS=1&mx_g_one_uid_sent=None&mx_uid_sent=0&mx_sua_os_v=10.0&mx_bsBucketRa=0&mx_sid=8CUU9JF8H&mx_SC=0&mx_lr_seg_deal=0&mx_aqcpl_crid=0&mx_nsz=1&mx_GCID=0&mx_maq_call=false&mx_aurt=0&mx_sua_model=x64&mx_crsw_exp=cbx1&mx_tgs=728x90&mx_bsProfileRa=0&mx_IAB2=2&mx_bss_algos%3C%3E=0&mx_aurl_hc=0&mx_aabpc=0&mx_PC=1&mx_UCC=5&mx_crsw_bckt=A1&mx_isLossNtf=false&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=3&mx_gpid_sent=false&mx_commit_id=666c5078e6&acid=55145fd0ff824c8aa3851716f401eb19&rtime=16.0&wsip=mowx-lite-6c9b7f6669-8xb7q&ltime=28.0&act=headerBid&abs=0%7C0%7Cxtmax%3D290%7Cbrr%3D0&adtypes=0&adblk=2310731849&impId=1&reftime=0&reftype=0&sticky=false%7Cfalse%7Ctrue&psrc=fail&mowxReqId=55145fd0ff824c8aa3851716f401eb19_1&policy_enf=2&pub_blk_enf=1&renderer=0&ifst=0&ifdp=0&media=0&req_mtype%3C%3E=0&vcmplrt=-1.0&ctr=6.4073136E-4&ctr_vendor=EXCHANGE&rfc=-1&feedback_id=oWgDeqH12fRpDin5wNouCw&mnrfc=-1&viewability_vendor=EXCHANGE&actltime=28&mp_seg%3C%3E=10000740&debug_ts=2022-12-23+18%3A43%3A02&__expireat=1671821583110&mview=1&rme=adm&bdata=sd2%3Dnull~iurl_l%3D20~ogerpm%3D0.04~vw_exc%3D0.71~vis_sd%3D564~dc2%3D1~scd%3Dqc~v_asn%3D16276~vl2r_sd%3D2022122312~iurl_b%3D1948.63~url_tkc%3D0~std%3D~last%3D~vis_url_b%3D0.86~ip%3D19L3rJI3UMirDVFMi3AQN2~fbb%3D0~vis_url_l%3D20~riipua%3D2%2C2~et%3D15~rc%3D1~risuid%3D0%2C0~rps_sd%3D2022122313~vis_b%3D807.89~url_b%3D0.51~vl2r_url_b%3D0~vl2r_url_vi%3D1E-16~url_tvi%3D0~url_l%3D20~gcat%3D-1~bb%3D196~vv%3D0~l2r_b%3D1000~erpm%3D0.04~vl2r_url_kc%3D0E0~bm%3D1~sid%3D531436763~sd%3D1~uid%3D2IaGhMmguJnj7vaixY~btd%3D267006623368984943520230472046646019753958732108090596364724446628081713638789180314170881998848~d2p_l%3D30~3pcf%3D1000.31~uim%3D0~dmm_strg%3Dharmony~d2p_b%3D0.97~ogd2p_b%3D0.95~vurl_b%3D0.83~ss%3DNA~uiw%3D-1~ce%3D0~rps_b%3D63.5~vurl_l%3D20~CI%3D2811~nts%3D1~tb%3D-1~ct%3Dmontreal~basis2%3D196~basis1%3D196~isRef%3D0~ivurl_b%3D1.21~isif%3D0~lc%3D1~bid%3D0.04~dc%3D8~vl2r_b%3D0.83~ivurl_l%3D20~supply_tag_id%3D%7Eviewability%3D0.71%7Eamp%3D1%7Ecbdp%3D0.026%7Edmm%3Dharmony%7Esuid%3DCAESEOnnocDKxvRCTMf74XAn2po%7Esgmt%3Dlong_tail_information_technology_jobs%7Esd%3D1%7Edtc%3Deast_sc%7Exid%3DADX-pub-3831894559014614%7Edalg%3Ddefault%7Ehtml%3D1%7Eadblk%3D2310731849%7Esobp%3D%7Ectr%3D6.4073136E-4%7Ebdpcapd%3D0%7Edmm_erpm%3Dtrue%7Ebflr%3D0.010%7Eogbid%3D0.040%7Eac_type%3D1%7Eitype_id%3D17%7Eseller_tag_id%3D%7Edetected_tag_id%3D%7Edcut%3D35%7Edogb%3D0-1~ibc%3D1~mxe%3Dcbx1~mxbn%3DA1~nsz%3D1~tgs%3D728x90~bsb%3D0~bsp%3D0~tmx%3D218&utime=607&sf=0&cpr=0.5792599250231014&evttyp=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.72.21 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-72-21.deploy.static.akamaitechnologies.com

Software

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:04 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Fri, 23 Dec 2022 18:43:04 GMT

GET
H2 200 bqi.php
lg3.media.net/ Frame 8549 15 B
15 B 25ms
25ms Image
text/html 23.205.72.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?vgd_len=3302&lf=3&&vgd_hb_audit_1=8CUU9JF8H&vgd_hb_audit_2=410519468&vgd_l2type=scs_newfl&pid=8PO6CSQ66&katid=808076828&kals=ttype=10018||pt=1||lmid=vDef||aghl=na||ttd=8&kata=aton&kasts=tstype=-10408||gbid=-1&kalog=UUID=2IakUVGZ3qE3vH1CzE||SI=2952||HID=0||CI=2956||MI=2956||MPTD=640||TLID=6||TPTD=706505787704836||SID=8&katen=1&pc=29&katbid=-21&cme=ECXoKSfXcn4IfDHUyWDKBJdQD0jMMY16vX7-DwNDtX3jlN07DsXpYSq3xXH5c0Ry09HFmJyHG2cHiQBV440Xfxp3I-Va5de5CtlhHuRq_njxWr49_haoo47-rqZ233rpmC79Ja3bKitF8Pj59XazKyhmdEZah8zKzVPoNHXcFoH1LN8dmPe17M-PfUKOg0nLzBkXHWJKsZYVKQCE5Ww_osLQdxxhxtylXF_U8SReqeBk70t3L6uT01E2XXrxSa4IkHHcQkDD0-YQbGrJyz-AB8MQMhr9Ug0sqs9j0R_2vJs=||u8A6SM53vAcxkZY9VHWafLSuY-HKDieQ|YfC2eZepuu0iO4bN1L0Y5DHOMnHYLvLj|dsA6EMpZ47R6ljdz__nQtthZoUpm2bb5|a0AmFUYXmD461RyLAaVIq68F3P1HIWcjqrwGYi8D-sk=|9zuFdk8QYJCaHWNVd55WArXjYkCRqZ_NFheyIC3L83KgDycamgxQrYE5dd02fNpqwJBSbA5_b3IkBwiCT-EpW1BbLLUbjLlONf0L7-363qMVoF5uADx5Lefpj5tqzBg6ajMhjkSau_isu1tQdH5VM9NQ0DQWDU4YUIyrGb6jRFWhRMSwLMlL8GpKU76LimDpoHtBTntaEUMmR0amVO9HYPr_oIxXITjrjf4hG9S7O4_Kf60MSfmEEkooJb2al3GN|&gdpr=0&prid=8PRVCXX19&cid=8CU7Q771E&crid=531436763&requrl=https%3A%2F%2Fexeo.app%2FixXzPT&vi=1671820983414785806&ugd=4&cc=CA&sc=QC&bdrid=313&subBdr=196&startTime=1671820983442&vgd_l1rakh=1671820983163339232&l1ch=1&tsrc=autotemplate&sttm=1671820983451&upk=1671820983.2966&hvsid=00001671820983451025035145478613&acid=55145fd0ff824c8aa3851716f401eb19&verid=3111299&vgd_bdata=sd2%3Dnull~iurl_l%3D20~ogerpm%3D0.04~vw_exc%3D0.71~vis_sd%3D564~dc2%3D1~scd%3Dqc~v_asn%3D16276~vl2r_sd%3D2022122312~iurl_b%3D1948.63~url_tkc%3D0~std%3D~last%3D~vis_url_b%3D0.86~ip%3D19L3rJI3UMirDVFMi3AQN2~fbb%3D0~vis_url_l%3D20~riipua%3D2%2C2~et%3D15~rc%3D1~risuid%3D0%2C0~rps_sd%3D2022122313~vis_b%3D807.89~url_b%3D0.51~vl2r_url_b%3D0~vl2r_url_vi%3D1E-16~url_tvi%3D0~url_l%3D20~gcat%3D-1~bb%3D196~vv%3D0~l2r_b%3D1000~erpm%3D0.04~vl2r_url_kc%3D0E0~bm%3D1~sid%3D531436763~sd%3D1~uid%3D2IaGhMmguJnj7vaixY~btd%3D267006623368984943520230472046646019753958732108090596364724446628081713638789180314170881998848~d2p_l%3D30~3pcf%3D1000.31~uim%3D0~dmm_strg%3Dharmony~d2p_b%3D0.97~ogd2p_b%3D0.95~vurl_b%3D0.83~ss%3DNA~uiw%3D-1~ce%3D0~rps_b%3D63.5~vurl_l%3D20~CI%3D2811~nts%3D1~tb%3D-1~ct%3Dmontreal~basis2%3D196~basis1%3D196~isRef%3D0~ivurl_b%3D1.21~isif%3D0~lc%3D1~bid%3D0.04~dc%3D8~vl2r_b%3D0.83~ivurl_l%3D20~supply_tag_id%3D%7Eviewability%3D0.71%7Eamp%3D1%7Ecbdp%3D0.026%7Edmm%3Dharmony%7Esuid%3DCAESEOnnocDKxvRCTMf74XAn2po%7Esgmt%3Dlong_tail_information_technology_jobs%7Esd%3D1%7Edtc%3Deast_sc%7Exid%3DADX-pub-3831894559014614%7Edalg%3Ddefault%7Ehtml%3D1%7Eadblk%3D2310731849%7Esobp%3D%7Ectr%3D6.4073136E-4%7Ebdpcapd%3D0%7Edmm_erpm%3Dtrue%7Ebflr%3D0.010%7Eogbid%3D0.040%7Eac_type%3D1%7Eitype_id%3D17%7Eseller_tag_id%3D%7Edetected_tag_id%3D%7Edcut%3D35%7Edogb%3D0-1~ibc%3D1~mxe%3Dcbx1~mxbn%3DA1~nsz%3D1~tgs%3D728x90~bsb%3D0~bsp%3D0~tmx%3D218&matchstring=hr%3D0%7C&vgd_matchstr=hr%3D0%7C&vgd_sc=QC&infr=1&twna=1&stime=1671820983267&vgd_ecrid=1700080807682800728009000000500&l1hcsd=l1!Odsjj|8516&vgd_l1rhst=contextual.media.net&vgd_uspa=0&tdAdd[]=%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_isiolc=1&pvl=%7B%22dtc%22%3A%22east_sc%22%2C%22mbr%22%3A1%2C%22l1rpth%22%3A%22%2Fnmedianet.js%22%2C%22pgids%22%3A1%7D&vgd_fcm_enc_mis=1&vgd_pgid=p1549000777t202212231843&vgd_pgids=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.72.21 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-72-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=21600
date: Fri, 23 Dec 2022 18:43:04 GMT
server: Apache
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: max-age=21234
content-length: 15

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8549 42 B
64 B 85ms
41ms Fetch
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst6bLEuvvgJ3GRkqWz-0bugvX09mKqdNGi3P3LSk0sWSUUSWvnXdSLewbkWbkoefMncQXCkBtdc5QMOGsfBlq7qSdfF&sig=Cg0ArKJSzO4IQ1c_-lAnEAE&cid=CAASFeRo-XnMLIigwuNYCQxLbqX1EVhb_g&id=lidar2&mcvt=1000&p=1110,436,1204,1164&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&vu=1&app=0&itpl=20&adk=2310731849&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1671820983188&rpt=698&isd=0&lsd=0&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Dec 2022 18:43:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ptmd
dts.clnmde.com/ Frame 8549 70 B
132 B 39ms
39ms Image
image/gif 34.111.96.116
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dts.clnmde.com/ptmd?t=16718209835803701951438_N4IgpghgNiBcDaBdANOCAHO8QEYAsAnAHQCsAbETiQMyUDsBIKIAtgJ5bw7IAMydAJgAcvZAR6JmAdwCOWZuwBO81AGMWqgEZwQNfNTJ0y1EGsUtMCXIZxCBPAkOp58dISSE8yAfRYQAlgB23jhMqNAALlgSqADOAPZw3CD+AG5wAnEREBEArrFYtsjUyDgEzABeEEmo6ADmOumodQAWOjg2dg5OHjzUdDxlJPpCpiCpBbAgFDykOHRj0HAlIABmqnAAtMlgEf7tnfaOJmqqACY6AMIAgmOxEQ2wfCCxANYHdLZHTt5COA4CATUHg8Eh4E7gfyWXCEUgUKi0eaMVCpMDKKboRTxC6oMC5aqwZK5faE3GpGAIUCBCAsMA6TT+M5nNHeRljM45AmgBlMllsqbUHAQ1L+VkXKYdT5dY4uPBuXpkEAAXyVyCpNLpUwgqjZqA52TgoG1-N0wzwJFWZx4q1WdjwqiEEAg1Hc8w6qzwgzAmjKYxFYo+X26zlc7k8ipVzHQEywIB4AAJ7ID46FmLEoPdA9Kep8xlBVjUQKp8hEA1MhJcAKp0ACKdE+AFE-aKTZKgzLQwqxnUNoTDt1yA5UDJNclViTqEqgA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.96.116 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 116.96.111.34.bc.googleusercontent.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:05 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-powered-by: Express
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
alt-svc: clear

GET
H2 200 ptmd
dts.clnmde.com/ Frame 8549 70 B
132 B 40ms
39ms Image
image/gif 34.111.96.116
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dts.clnmde.com/ptmd?t=16718209835803701951438_N4IgHgZiBcIAwDYIEYDGAmAnAEwEbowHYBWADnQFNcBmXUuAFhXWIWvULhABoQIBDGAG1qJUsjiFSrbhNLc4CpYpXK1qlQF1eAgM4wEvABZHhybi218o0RSACu9mMmTUdANxggeIAJafoBl5dABd+EPt9aBFFFllMKwAvQWhzEAAHAHMvT15M01hkBEJkcjhMUmoyOFE4ZExiZAZqUh93KJAEADo4LsbCH34AGxg3PlQYAFo0ihDfLyKSsorqH1RUbC8AYQBBH1Ds22CAawXi0vRyyoB9cXL0dGo4OGJmnwpfdIWGTD7u5GI1C6yEImDaFAATl50hCAPabXgUewpNL2eapRHuEbRUAAO34AFsKF5cL5sNhIdcyT5sOEUqBSeTKdTYNRXG1fFTNoVzstKgwmlJqggQABfUXcPGE4mwfioam8WlhGCgOUskDERoMYgQbBwCAQcgMVCkfj8Fr9IoQBh1Kj1Dlcs5LS4rAUMIX0EXiqzpdrCKy6IahJ0XK5VEo+IY2NKoSIhR2wUhbACqhAAioQSgBRB3qxah12C6SenyZCapXku0iEBDlXgARxlaQg6IYoqAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.96.116 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 116.96.111.34.bc.googleusercontent.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 18:43:07 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-powered-by: Express
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
alt-svc: clear

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuFHNBugiHnS24kQOZUfzxQqC_P7aP-E-v0hyk3fq9i6gx4njQvwhSD4g3CkqU10_DtJCzRar7_Uw7boKsuvnJ-kjdiRMcv_40foLqCh_4hdyitu9SBdnM3Z2sU9ycD3iDq8K-Dls-U-roi6Or7jWOpfCdlKUavJqU3YW8jcA7xI0ZOECxPo9wWkF6LgarJhwjisLit-cexG4v1XXX8sp8K-Qfrx9VLp2ygeFQ6-kMdmhiO7ZPdfj-8nIgNP2Afo5TnCFS5CnVVs4e2nVqFmiiJTq-6OTshuVFsULMIOm69E8x263LE4iwFLeLfvNeW7bPEbLkv_gEHbnITnF_ix7PsMClNVM6vBi0EfV0PZZhQenfqG_T6R9yqF4TlQWaW&sai=AMfl-YQCJotcJ9M-ZtsO_kYYTnqZB2IBQGU-y3deqHf9vCZG8S3w2kt7ORj6XKwjqXLuqxtvSqd0uQyogqAxUa4hbODGOx--Exf-BORoh6NcNqt3KPTRPiJRe1fxCWY77BIBWpy5TvscTC33Hrz4Jgse7l0&sig=Cg0ArKJSzPoHIuzIuuXrEAE&uach_m=[UACH]&urlfix=1&adurl=

Domain: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
exe.io/	1969-12-31 23:59:59	Name: AppSession Value: 3f0b161a6f69ca5435190ebe5b389b6c
exeo.app/	1969-12-31 23:59:59	Name: AppSession Value: 5b8f563b1136f9296f86565c15a769a1
exeo.app/	1969-12-31 23:59:59	Name: csrfToken Value: 95fd1f40e215f0c5629c36a603851633fdb119c8f7633c9224958ed410c55fb334b6d90030fc62738c6f537475d2a27fe2e5705a1ffa27c9790134d63ec6eecc
pogothere.xyz/	1970-01-20 17:02:04	Name: csu Value: 31495310622738@1@1671820981
live.demand.supply/	1970-01-20 17:59:40	Name: demandSupplyTi Value: dfa0771a-5558-4d70-b927-ed335f9ba110
.exeo.app/	1970-01-20 17:59:40	Name: _ga Value: GA1.2.708064460.1671820982
.exeo.app/	1970-01-20 08:25:07	Name: _gid Value: GA1.2.116737404.1671820982
.exeo.app/	1970-01-20 08:23:41	Name: _gat_gtag_UA_135952122_1 Value: 1
qj.wimplesbooklet.com/	1970-01-20 08:25:07	Name: GL_UI4 Value: eJw9jUtugzAYhAHzaJSCOhIH6BFMAlGyrHqILpGNf4gbsCPjBvX2tSq1q%2Fk0D00URUldIX7kDOxLdHgdx4M4yZPkspWdPAztkS5t1%2FCW87M6dhfs9Np7IWfyKZ4nMuT00A9WUYmXEP05N2M3kyKTThhVIltCYy5RSGe3lVzNkBqxEPL3q7NBs0V8WgfW8HNgbQLHHIlda1btUHxoo8Kw2iNpeFXmEfb3WfjRuqXXKo%2BRTU4oQvyGp0F4mqz7RqFovXl7B%2Bys%2Bv%2F%2B7y%2FbGo5c0UMP4dz6K7kfcs1Kig%3D%3D
qj.wimplesbooklet.com/	1970-01-20 08:25:07	Name: GL_GI10 Value: eJxNjMFqwkAUReOkjgYlcsEP6A80EKyKyzAbN6WI0O0wTZ4yoPOGySjGr69tQLq798A5SZKIeQ5hPfLyfVMsV0W5XBTleoP0SAyhKkxrvrgYOu3MmSCVcaYxkIGOlh3ETmHSb11zQxiq6u0f66Xdhb6pxkttY4fxBz96ZE7Ifn%2BvTR7ak6e29Rh9fm1f99UemaOoW0%2FUIFMcPAcTCfmT%2FgVkirFttQ986%2BQAs2jPdGdHmg%2BHluJoiMFVih8c%2FEY0
.exeo.app/	1970-01-20 08:23:42	Name: __cf_bm Value: YDif2PZN07W6Qd0CD1Z4m9I5F8mOTdAN5V_iKoPDOxM-1671820982-0-Adfpta02mqFPGGavl8J72aJT/57V18fxKBd/qoIoLE2uP0hkMiIrRuamKBWfDhiIRICIA9D+PjoR8nohDJ4cDWodb/NUIZnYx466kts25SwquYJtrc/JeROaZ6MtOADti43z9iioVqPBtD0NjfR7O5c=
.exeo.app/	1970-01-20 17:45:16	Name: __gads Value: ID=6154d40e17ed9881:T=1671820982:S=ALNI_MZtELnOkr6EEFAE263RRZHXVA-Hhw
.exeo.app/	1970-01-20 17:45:16	Name: __gpi Value: UID=000008e2e5c31a4f:T=1671820982:RT=1671820982:S=ALNI_MZmV2kwGNa8h18kkI93x2-VRuhYxA
.doubleclick.net/	1970-01-20 17:59:40	Name: IDE Value: AHWqTUlGY-seA5v9Me_iBiHpI7b9DPTuf8ta6IykNOxLSo9J9l5c-AehezKlKMFpe8w
.pxlclnmdecom-a.akamaihd.net/	1970-01-20 08:23:42	Name: bfp_sn Value: 1671820983_810922300543
.pxlclnmdecom-a.akamaihd.net/	1970-01-20 08:23:42	Name: bfp_sn_t_8b2087b102c9e3e5ffed1c1478ed8b78 Value: 1671820983_810922300543_8b2087b102c9e3e5ffed1c1478ed8b78
.360yield.com/	1970-01-20 10:33:16	Name: tuuid Value: 31c2a99b-e46a-4cad-ad35-7f710780d1e5
.360yield.com/	1970-01-20 10:33:16	Name: tuuid_lu Value: 1671820983
.yahoo.com/	1970-01-20 17:09:38	Name: A3 Value: d=AQABBLf2pWMCEL1K0YDGA_0W34Jy9-W9rF4FEgEBAQFIp2OvYwAAAAAA_eMAAA&S=AQAAAkwLm5QpHkyPF7X-Lpc3lPs
.go.sonobi.com/	1970-01-20 09:06:52	Name: __uis Value: 32101165-8128-4682-8e9c-98ce5304d675
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8S Value: s8655\|Y6X2u
.bidswitch.net/	1970-01-20 17:09:16	Name: tuuid Value: 95101237-887a-4059-ab0c-dceb4f397408
.bidswitch.net/	1970-01-20 17:09:16	Name: c Value: 1671820983
.bidswitch.net/	1970-01-20 17:09:16	Name: tuuid_lu Value: 1671820983
.dotomi.com/	1970-01-20 08:23:41	Name: DotomiTest Value: 4535af307915140f
.analytics.yahoo.com/	1970-01-20 17:09:16	Name: IDSYNC Value: 18yx~290i
.pxlclnmdecom-a.akamaihd.net/	1970-01-20 17:59:40	Name: bafp_t Value: a21b70f0-82f1-11ed-93ec-0791a27e8bfa
.simpli.fi/	1970-01-20 17:10:43	Name: suid Value: DFE5E8AC8C5F4D99B891BAA8A305B6A6
.media.net/	1970-01-20 08:43:50	Name: data-g Value: CAESEMqsuCzpW2kFuXIobharybw~~6
.media.net/	1970-01-20 17:09:16	Name: visitor-id Value: 3148225831454758000V10
.pswec.com/	1970-01-20 17:59:40	Name: tuuid Value: b0ec8122-bcdd-4925-a188-929ac9eff74a
.pswec.com/	1970-01-20 17:59:40	Name: c Value: 1671820983
.pswec.com/	1970-01-20 17:59:40	Name: tuuid_lu Value: 1671820983
.tribalfusion.com/	1970-01-20 10:33:16	Name: ANON_ID Value: annseFoZdUQcR2Hp9vcgeLlfGAt2Zdohcvy5HEMHR7Y2BfBPyiZd7qqW36oyTA2tBhNBd1RfU0GI6NVYA4rjXH8

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://accounts.google.com/v3/signin/identifier?dsh=S1006849899%3A1671820981671983&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh7zvBsueRUqrwJ3XASrqijtgeZbYL6sSzzldWjrB8eR6rw56Lqbs-3M9v1423GXWNGk-vN2jg Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://accounts.google.com/v3/signin/identifier?dsh=S17805143%3A1671820981674949&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh58TkbeGtmEexdomItmqn5nLohJEbJsnLBqxmyMvJOPtqw83ERbvMCZVyKGNlMdkBDVHkwl_w Message: Failed to load resource: the server responded with a status of 403 ()
other	warning	URL: https://cdn.ampproject.org/rtv/022211060024000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU7Q771E&noCookies=true(Line 14) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6f01e6353726e6a34649bdf9baaae9a6.safeframe.googlesyndication.com
a.tribalfusion.com
accounts.google.com
adservice.google.ca
adservice.google.com
aightutaitlastwe.xyz
api.demand.supply
cdn.ampproject.org
cdn.id5-sync.com
cdntechone.com
cm.g.doubleclick.net
contextual.media.net
cs.media.net
d3zd5ejbi4l9w.cloudfront.net
datatechone.com
dclk-match.dotomi.com
dts.clnmde.com
dts6.clnmde.com
ersfohiplaceof.xyz
exe.io
exeo.app
fonts.googleapis.com
fonts.gstatic.com
hblg.media.net
id5-sync.com
lg3.media.net
live.demand.supply
match.360yield.com
pagead2.googlesyndication.com
pogothere.xyz
pxlclnmdecom-a.akamaihd.net
qj.wimplesbooklet.com
qsearch-a.akamaihd.net
res-a.akamaihd.net
s.tribalfusion.com
securepubads.g.doubleclick.net
sync.go.sonobi.com
t.pswec.com
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
warp.media.net
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
securepubads.g.doubleclick.net
www.googletagservices.com
104.126.116.147
142.251.40.130
162.19.138.120
172.64.173.27
172.67.181.150
173.237.16.126
18.160.46.115
184.29.128.24
23.204.152.27
23.204.152.54
23.205.72.21
2600:1901:0:cba2::
2600:9000:2073:ca00:14:7514:ad00:21
2606:4700:10::ac43:266a
2606:4700:20::681a:267
2606:4700:20::681a:8e9
2606:4700:3037::ac43:9599
2606:4700::6810:8516
2606:4700::6810:8616
2606:4700::6812:18ad
2606:ae80:1451:14::1080
2607:f8b0:4006:808::2001
2607:f8b0:4006:808::2002
2607:f8b0:4006:809::2001
2607:f8b0:4006:809::2004
2607:f8b0:4006:80b::2001
2607:f8b0:4006:80b::2002
2607:f8b0:4006:80b::200d
2607:f8b0:4006:816::2002
2607:f8b0:4006:817::2008
2607:f8b0:4006:81d::2002
2607:f8b0:4006:81f::2002
2607:f8b0:4006:81f::200a
2607:f8b0:4006:820::200e
2607:f8b0:4006:822::2003
2607:f8b0:4006:823::2002
2a03:2880:f112:182:face:b00c:0:25de
3.222.12.191
34.111.96.116
34.171.234.26
35.211.178.172
37.48.68.71
52.45.33.138
54.243.126.57
69.166.1.10
000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c
079c6467b414dec800f8f6e68e55cea648c0e780486eef7a02ad549ba2afd28b
07d7a6d17445bae4ae3ba039ef1a6161a8ffa65470f8d2b7d71db859776e7785
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
0ac55ddcbb7be11489a30a6e0e1f850fd33b3bb8f0921df9ef8aec8af5b4ced2
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ea842ad92b2cb342a00d74293e6036981ec07854e082223080525efa9c88528
1063eb461bdaf9aa0d050d9427958130c528dd447729e3dc5c0a5b080fcabef4
182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c
196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e
1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0
1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf
1eb6a860427095d495e066d7a3911ef977a5266b874f76d762fbca1b9b6739ae
23998750e040d16d7cdcc67be18f2c98db45cc55e098f1548107d04a4666d6fa
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2b9e2b7f5c251c5b5490e5e8adbda9acdf687b74eb8d5a8d8f2ee1a0104bae3f
2bce40034e4d97156c3e5a0e93f4ae98e2e4b685e77e8d5a9703ea5231eefaca
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32426c0d52b7060fd03ace71dea2a36e83d9c7319f3cbc4d30f2c04fb7b691cf
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
3378135f525fc551ce49d2c117e9967735794757a4c71910d8c1b8fa38bf3f2c
339867a8c23fcd59c6e08f75d1e940eac48da82321c41b21980f652e7a465346
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36da7816c87e88cf482e72b8da992a2a048dd254e2a53c7f80400753fde4ceb5
3aee902ff04fa13dfd08c4acfac12da9e54888d94e7332522cb42b5891fc2df0
3cb666e68f7d1fcf0c9170658fcd2602c2b15f6478c42831b1255213d1f770fa
427a99fb7613ffa4df0be9f02c583feed0f5039efb56847a41b5ff6207df6590
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
45d54f85dd5e4beef9f10f319457389dbb8d6215eca82e51d9241bc48ccc3055
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
469b7eb15dfa890167a023387fd690afa2f4586f94eac286c9d36f912e7c556d
46c9383627e5bae8d0d1fd819f1ad634f61f3a65544451a51da76d69cfd37e37
476d8d8a5ee6c842a16e5ae6a58cec35ff7649729b77de0319644cdc128340eb
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59023d598bb6b4972249c7a764e7a71e50295fde01e6d93a28d0e4ed58e0e624
5eadb3853810c64a037b947f6355ca7f98036d56bfb46ee9f51a01f881259ed6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63b411ae55ed14f464cd64e29163d66f3a63b7dc4069f6d2d7c908e63a5e219d
6897bb6819f7aee2a7bc1c182b48a62fd046ab67bd6fe768a3bec6d7037c611b
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ec3f31ac6bcf2d5eb977371cd2639801ed272bcd6d5f90d2ff790f239090954
6ec89f0fb726bb064ce3f88797f6636f57840b48ac6612e87461162b86c48eb6
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7b5909e1e74fbd27e91e37fb276c6a440ee23d05cf4a03fb6af5455e0812686c
7ec5561af74114c3b4b8e0a3e4e2d6f0718e60449f99d4266d8c026bfba8ddcc
7f7e8adca6fa45e986b7398d0c866c6e1072d66b9f09ebe18b30610c792b6ac4
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
81b177fc54eb90fe204553a9f899b3e975996e50ae367a46e366de3266b13bbf
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178
90074df5566c450240350edc720624a1c1e44aac9d13f99aaaa98f8fc5f94d05
90534bebd79a2ab2fc9defb980c65df6a76828d438654e9b3f033c10cdb0915a
9717d708c1623c40a183aa51f6a8f3e5ef2eea3d0f10510fa921d082e74eb0e7
97d876b0796d55e1a4d9dec67f958fd62674617e5417b92e4584c0397974e9d9
99456b3711ac205efcbdbc08ae9dae0124aa6a94d0edf9701a80caa6fc38b5db
9a32c9c3d2556412e648e01280cde0cb4c2bbfab8785db1bcbd419e895c9896e
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a97afd769b3d774563606be9e943789398af5a1bf3583c2bc9a81f99832aa2b2
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550
b880d67c493b8b92a7367c3e7a33cb1b09377e446354c818ad2d54e6806504b9
bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309
c25400baa21004d7076c49c2af8e5145740dd19461b845dea76f90e7b8f4468c
c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f
c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
d1f5e62eb0dcb3004fe9df0edfb501b640686ba31571a1681a5f7803d138b32f
d40ffd23257ca9f17ffa07552e1bc167fe27830757bfed221bbedf30475e69ae
d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd
d92cb09c9c751edff17a3e671e8fcdbac0137dbbe2e2246cb76cd4091434069c
db9ecd413f476e5f3c0a83540a7d61bee02e7ac4529a3f35b1386090a54215c7
dce9f5afda30bc387f9f1090b155cbb90596e3c7c1374ea9e135b7184c8fc707
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e748d47e0930e87a515df7e2a11e9d797dd670598254900fdbd654593f001a9a
e789f7935d6d7776a0c2341570220c445bc1c493381518c085e641f9128b8938
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3d682e8595752e0039efb02e582ef6d6d9546c73671fa464a9168b6afe8b9f
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
fa3100754769df99c4c3410ecfb0dcf80c5a9d2b5ebec87d135b6f642a7b2ac6

exeo.app Open in urlscan Pro 2606:4700:20::681a:8e9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

128 Requests

91 %HTTPS

58 %IPv6

33 Domains

48 Subdomains

39 IPs

3 Countries

1388 kBTransfer

3402 kBSize

34 Cookies

3 Outgoing links

Page URL History

Redirected requests

128 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

exeo.app Open in urlscan Pro
2606:4700:20::681a:8e9 Public Scan

Screenshot
Live screenshot

Full Image

128
Requests

91 %
HTTPS

58 %
IPv6

33
Domains

48
Subdomains

39
IPs

3
Countries

1388 kB
Transfer

3402 kB
Size

34
Cookies

128 HTTP transactions
9 data transactions