exey.io Open in urlscan Pro
2606:4700:3036::6815:1227 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://exe.io/MountYourFriendsSteamTrain
Effective URL:
https://exey.io/MountYourFriendsSteamTrain
Submission: On March 08 via manual (March 8th 2022, 8:45:33 am UTC) from CA — Scanned from CA

Summary HTTP 40 Redirects Behaviour Indicators

Summary

This website contacted 18 IPs in 3 countries across 18 domains to perform 40 HTTP transactions. The main IP is 2606:4700:3036::6815:1227, located in United States and belongs to CLOUDFLARENET, US. The main domain is exey.io. The Cisco Umbrella rank of the primary domain is 287015.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 14th 2021. Valid for: a year.

This is the only time exey.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	2606:4700:20:... 2606:4700:20::ac43:4728	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:303... 2606:4700:3036::6815:1227	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:808::200a	15169 (GOOGLE) (GOOGLE)
4	2600:9000:21e... 2600:9000:21ec:4c00:7:5c7d:44c0:21	16509 (AMAZON-02) (AMAZON-02)
1	142.91.159.153 142.91.159.153	7979 (SERVERS-COM) (SERVERS-COM)
2	2607:f8b0:400... 2607:f8b0:4006:808::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3030::6815:2dcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	13.32.181.96 13.32.181.96	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:303... 2606:4700:3036::6815:57e4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2607:f8b0:400... 2607:f8b0:4006:820::200d	15169 (GOOGLE) (GOOGLE)
3	139.45.197.239 139.45.197.239	9002 (RETN-AS) (RETN-AS)
1	2607:f8b0:400... 2607:f8b0:4006:80f::2008	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81c::2002	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:820::200e	15169 (GOOGLE) (GOOGLE)
2	139.45.197.236 139.45.197.236	9002 (RETN-AS) (RETN-AS)
5	139.45.197.241 139.45.197.241	9002 (RETN-AS) (RETN-AS)
2	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
40	18

4 2606:4700:20::ac43:4728 (United States)

ASN13335 (CLOUDFLARENET, US)

exe.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3036::6815:1227 (United States)

ASN13335 (CLOUDFLARENET, US)

exey.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:808::200a (Queens, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:21ec:4c00:7:5c7d:44c0:21 (United States)

ASN16509 (AMAZON-02, US)

dba9ytko5p72r.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.91.159.153 (Netherlands)

ASN7979 (SERVERS-COM, US)

varechphugoid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:808::2003 (Queens, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::6815:2dcf (United States)

ASN13335 (CLOUDFLARENET, US)

freychang.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.181.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-181-96.iad66.r.cloudfront.net

ydenoug.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3036::6815:57e4 (United States)

ASN13335 (CLOUDFLARENET, US)

uewasadi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:820::200d (Queens, United States)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.197.239 (United Kingdom)

ASN9002 (RETN-AS, GB)

forfrogadiertor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80f::2008 (Queens, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81c::2002 (Queens, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:820::200e (Queens, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.236 (United Kingdom)

ASN9002 (RETN-AS, GB)

cdn.itskiddoan.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 139.45.197.241 (United Kingdom)

ASN9002 (RETN-AS, GB)

cdn.itphanpytor.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	itphanpytor.club cdn.itphanpytor.club — Cisco Umbrella Rank: 37048	127 KB
4	cloudfront.net dba9ytko5p72r.cloudfront.net	134 KB
4	exe.io exe.io — Cisco Umbrella Rank: 361360	12 KB
3	forfrogadiertor.com forfrogadiertor.com — Cisco Umbrella Rank: 282994	32 KB
3	ydenoug.com ydenoug.com	4 KB
3	exey.io exey.io — Cisco Umbrella Rank: 287015	90 KB
2	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 10613	1 KB
2	itskiddoan.club cdn.itskiddoan.club — Cisco Umbrella Rank: 29809	29 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
2	google.com accounts.google.com — Cisco Umbrella Rank: 64
2	uewasadi.com uewasadi.com	1 KB
2	gstatic.com fonts.gstatic.com	62 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	37 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 96
1	freychang.fun freychang.fun — Cisco Umbrella Rank: 23442	695 B
1	varechphugoid.com varechphugoid.com	1 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	1 KB
40	18

	Domain	Requested by
5	cdn.itphanpytor.club	forfrogadiertor.com cdn.itphanpytor.club
4	dba9ytko5p72r.cloudfront.net	exey.io ydenoug.com
4	exe.io	exe.io exey.io
3	forfrogadiertor.com	exey.io forfrogadiertor.com
3	ydenoug.com	dba9ytko5p72r.cloudfront.net
3	exey.io	exey.io
2	my.rtmark.net	forfrogadiertor.com cdn.itskiddoan.club
2	cdn.itskiddoan.club	forfrogadiertor.com cdn.itskiddoan.club
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	accounts.google.com	exey.io
2	uewasadi.com	exey.io
2	fonts.gstatic.com	fonts.googleapis.com
1	pagead2.googlesyndication.com	exey.io
1	www.googletagmanager.com	exey.io
1	www.facebook.com	exey.io
1	freychang.fun	dba9ytko5p72r.cloudfront.net
1	varechphugoid.com	exey.io
1	fonts.googleapis.com	exey.io
40	18

This site contains no links.

Subject Issuer	Validity	Valid
exe.io Cloudflare Inc ECC CA-3	`2021-04-23` - `2022-04-22`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-04-14` - `2022-04-13`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
varechphugoid.com R3	`2022-02-15` - `2022-05-16`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
ydenoug.com Amazon	`2022-02-23` - `2023-03-24`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-12-15` - `2022-03-15`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
forfrogadiertor.com R3	`2022-03-03` - `2022-06-01`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
cdn.itskiddoan.club Sectigo RSA Domain Validation Secure Server CA	`2021-10-04` - `2022-10-04`	a year	crt.sh
itphanpytor.club R3	`2021-12-22` - `2022-03-22`	3 months	crt.sh
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2021-11-20` - `2022-11-26`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://exey.io/MountYourFriendsSteamTrain
Frame ID: 8AD6D39778F88AED30A3E96DC2EABA47
Requests: 34 HTTP requests in this frame

Frame: https://ydenoug.com/a1JmYXMKMAUMTApvBEcGGT5bREEtd1QnFwkzXxgHAD1TEURZIEgCHwQnAgcBBDwSTx0OJkNTNQEELi88PBQrUjsoE0NTMQkRJwA4BgQUOxgtZQcMFxIVMlFAOwE0LjFZahcsGiphLTAQWRMLBgAgBiQuFQVmQ1M1JQBWESkzBx4pIFo+Pw86OBkMEQYyFDNXOC8lQ1M1PzhSWDgBYiUxGlt3VCM+HAgJLSchIi4INgIdDAYVJ2FXCTYACAEAOzE/N1MqHR0MDisiAV4GED4UQ1MxJTsCGSIzZxY4QBsWB1MAOTEzJ1ZZECobHF0APhFKMhA8NhUsNRQ4GA88ADY1ABcMTEcEAhwkNiAoCVUjOjYUABs9OjcpH1kLISskDRUOViMTIVAvJ1IqNzBCUgsxMBUhKCtTED4UQ1MxOyg/UjQoFB4FHjEWKjUyAx0eVQENBSMyIAU2VDhAGxoCDAsFNw07VlkUADY1ABMlWVZZECsIKgozVA4lMgckVBcGEA83Jx8+QAsABDwWXDpcKwAyChoGBBA
Frame ID: 91E27E9DC8ECE4BD74AD7FCF0413DAF4
Requests: 2 HTTP requests in this frame

Frame: https://ydenoug.com/ajdVNVQLVTZYawsKNxMhGFtoEGYsEmdzMAhWbEwgAVhgRWNYRXtWOAVCMVMmBVkhGzoPQ3AHEj5TOVIuJWIMYxpbBjNQBSNPA0IGTwUXZDkZdREGMDt6PncDIXYPWQVbcgd8BVtcFGQjAnMdBBosYRRGBzwGYmc6X1ECdjM4bQdjNyF1A1kVAg87cD4FeBFiFS54BAABIWYiTQxbYjtgZhoGEXI8LVEEcB4IUBBNDDwHJXQHGWAWBg0zexdsGA5cMVocO1s/ZwYFYBYGDSh6AwUECVsbRzc4T2VnPStxEWJtPlYyew0kUAwFAgEDP3MQJFYBYhovfzIYDSFUA10mKGUtBQYEdQxgACNVG3cNJnUDeyUrBgBDHD4HAnZnM2UFYxY5fAMMbStmPlkcA0c2YxckYzRbAStRZF07ImZkEGYoZjhCMC5/MWE1DXkefywrAgRjFgBlFwETKVkTbDUdYjN4ZBkRP0Y7BEdoRTw9YABibCBgAXsgOQ
Frame ID: 08C64A8C79C6F041E29CB578888E302C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

exe.io

Page URL History Show full URLs

https://exe.io/MountYourFriendsSteamTrain Page URL
https://exey.io/MountYourFriendsSteamTrain Page URL

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

40
Requests

100 %
HTTPS

67 %
IPv6

18
Domains

18
Subdomains

18
IPs

3
Countries

551 kB
Transfer

1506 kB
Size

21
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://exe.io/MountYourFriendsSteamTrain Page URL
https://exey.io/MountYourFriendsSteamTrain Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

40 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 MountYourFriendsSteamTrain Show response
exe.io/ 626 B
1 KB 322ms
284ms Document
text/html 2606:4700:20::ac43:4728
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://exe.io/MountYourFriendsSteamTrain

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4728 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6f08fcd3813725a6bf7cdd611339bcff83e40e75ab63d57b89f991bc1a1806c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

date: Tue, 08 Mar 2022 08:45:27 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VeM%2FEip46yBcSS5r5%2BfEWXANWepT0J1OXo6lbl32TJF88vef4kYedZDJ%2BoHPC%2FCbTjZP4abfl%2FvQ88O0G4%2BXa5Y6szN9ZWYn9GKVJdEjVPDw%2Fgyoiuq0FU%2B9lAyewfa6c8i9fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6e8a4b738bae7145-YUL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 api.js
exe.io/cdn-cgi/bm/cv/669835187/ 35 KB
9 KB 13ms
13ms Script
text/javascript 2606:4700:20::ac43:4728
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://exe.io/cdn-cgi/bm/cv/669835187/api.js

Requested by

Host: exe.io
URL: https://exe.io/MountYourFriendsSteamTrain

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4728 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exe.io/MountYourFriendsSteamTrain
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 08:45:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QeyTI%2BhDeK4cEklhjurN3TX9h4aJnhofePpWIZh69ZlKxEsxrxAEQH%2B0uawBQqIAG%2Bbf5haQpyvzAFl8GptWHI%2Bz2Qh6Rg3mYNYeVn81vQVxRyaEfy2qWXz8IL8t7%2BVJB4jQaw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
cf-ray: 6e8a4b757d0e7145-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Primary Request MountYourFriendsSteamTrain Show response
exey.io/ 128 KB
49 KB 171ms
128ms Document
text/html 2606:4700:3036::6815:1227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://exey.io/MountYourFriendsSteamTrain

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:1227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3ec1012dab350dfa7db1e74dfd6d18754cea036dc8ae39a4738b36616fa85c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://exe.io/

Response headers

date: Tue, 08 Mar 2022 08:45:27 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0KT6sXeey4YAC3qnlFoJ7u7VTDA%2F%2Bf8ojvi4zoYFwNurqmEIXX5nFdW7WmXgCrh1zd2kPcKYw2mK7jDwQYLXH3m9vYUvkKQwTQAGzK5%2Fuz5fDoExyH24wyNfu1EWSWoxN%2F3CBDq6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6e8a4b75ef807139-YUL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 204 result
exe.io/cdn-cgi/bm/cv/ 0
727 B 15ms
14ms XHR
text/plain 2606:4700:20::ac43:4728
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://exe.io/cdn-cgi/bm/cv/result?req_id=6e8a4b738bae7145
Requested by: Host: exe.io
URL: https://exe.io/cdn-cgi/bm/cv/669835187/api.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4728 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://exe.io/MountYourFriendsSteamTrain
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 08 Mar 2022 08:45:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nCmMEHsJr8%2FtcYyPztVSD1amiadXA6Ul%2F538yeV9kKQ5hqPiULSGyfxfVEbncDdXq7IwL391UorxRrhjx10ys%2BHQJRsgF46FkPDI9krfyAN2tOTRx07RPRh%2BQLoMj8joqPrT%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 6e8a4b761a1e4bc5-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 90ms
42ms Stylesheet
text/css 2607:f8b0:4006:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Requested by

Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200a Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

04a391894f53929ef3fc81d5a87162bc5742cd87c0e15e0a4c1181b90cc64612

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 08:45:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 08 Mar 2022 08:45:27 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 08 Mar 2022 08:45:27 GMT

GET
H3 200 continue.css
exey.io/css/ 179 KB
41 KB 45ms
29ms Stylesheet
text/css 2606:4700:3036::6815:1227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://exey.io/css/continue.css

Requested by

Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:1227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8f2d5487d860696dee2e6037ae07ff063ae5959b8d4b4658a284f9dc9711ca1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/MountYourFriendsSteamTrain
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 08:45:27 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2033761
cf-polished: origSize=211643
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 20 Nov 2020 17:25:47 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gNiwJ5H7cx%2Fpnr4lZcPhmUcBcMikIIorndVdbFDrCKHh9oHxGrh0a2xZGNv5Yfy3e40Y%2BPU6hu8GeaAL7Wg1Yss8znWeT%2FbZk3tOmRphtQ6io%2BbEGwn0FtOlYJiSWKdQR7CmWmj5"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6e8a4b76eddfecf6-YUL
expires: Mon, 14 Mar 2022 19:49:26 GMT

GET
H3 200 nr.js Show response
exey.io/js/scripts/ 186 B
745 B 36ms
21ms Script
application/javascript 2606:4700:3036::6815:1227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://exey.io/js/scripts/nr.js

Requested by

Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:1227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26bbadf324d400b12bea32f232b42870889357c483db6c1c4b1baa0202a41539

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/MountYourFriendsSteamTrain
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 08:45:27 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2033761
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 06 May 2021 10:32:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wdkrm2SXk88fG5xnBXzy2sBNwzT%2BriJcagPPAXpDkUzxu%2BnRfaRe%2BMXiRVemT82VXJV1yGJMchBafA9IRk2Klbp400D0%2BZ%2FIJL1JwvpakE%2FfE1%2F7tr3U2XwH8IOrKvLHuhXiYRGz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2592000
cf-ray: 6e8a4b76ede1ecf6-YUL
expires: Mon, 14 Mar 2022 19:49:26 GMT

GET
H2 200 / Show response
dba9ytko5p72r.cloudfront.net/ 200 KB
67 KB 87ms
21ms Script
text/plain 2600:9000:21ec:4c00:7:5c7d:44c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dba9ytko5p72r.cloudfront.net/?tyabd=822524
Requested by: Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ec:4c00:7:5c7d:44c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 734f2a9f00d68687449a6e750399fb50d6a893a896e6ff1e0f9c07deb726faed

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Mar 2022 06:38:48 GMT
content-encoding: gzip
age: 7599
x-cache: Hit from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
x-amz-cf-pop: JFK51-C1
content-length: 67679
via: 1.1 88c99b4a125fda7fb36df6bd93b5daf0.cloudfront.net (CloudFront)
x-amz-cf-id: HRvKJNarDEX8kGabkRmE1VOq9C23Uh4PYqAwHA4CIFnn3AziWcjkqQ==

GET
H/1.1 200
OK 29529 Show response
varechphugoid.com/1clkn/ 0
1 KB 431ms
101ms Script
application/javascript 142.91.159.153
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://varechphugoid.com/1clkn/29529

Requested by

Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

142.91.159.153 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 08 Mar 2022 08:45:27 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=1
Keep-Alive: timeout=20

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v28/ 44 KB
44 KB 68ms
19ms Font
font/woff2 2607:f8b0:4006:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v28/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2003 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://exey.io
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 22:46:05 GMT
x-content-type-options: nosniff
age: 554362
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:03:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Mar 2023 22:46:05 GMT

GET
H2 200 memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
fonts.gstatic.com/s/opensans/v28/ 17 KB
17 KB 93ms
47ms Font
font/woff2 2607:f8b0:4006:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v28/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2003 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f27408b033a0195d0f29b0ecbc143f470c4fbb0807472a688b2f9e66403651e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://exey.io
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 22:46:41 GMT
x-content-type-options: nosniff
age: 554326
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17768
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:01:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Mar 2023 22:46:41 GMT

GET
H2 200 / Show response
freychang.fun/ 14 B
695 B 72ms
35ms Fetch
text/plain 2606:4700:3030::6815:2dcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://freychang.fun/
Requested by: Host: dba9ytko5p72r.cloudfront.net
URL: https://dba9ytko5p72r.cloudfront.net/?tyabd=822524
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:2dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e1ae164cf8450a5a6cc72c06ba71d4b14036a071641e41f60ff33cac05c9b3e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 08:45:27 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://exey.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K9EyojqiMC7HqBGmMNIhoGTo%2BxKUVhDkdzhA1rufFLcas9KkTmUXrwPbGGUpgvLXdA2Llmd0Ayj7aHdLZcebRhnpICCDt6ouNDoKgK%2FajpbU1L6YicCY9VcrA4VHLvMB6epr5XuxPlk6ktyu"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 6e8a4b77c911713f-YUL
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 204 utx Show response
ydenoug.com/ 0
483 B 92ms
31ms XHR
text/plain 13.32.181.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ydenoug.com/utx?cb=7xZBiSXaMPYu&top=exey.io&tid=822524
Requested by: Host: dba9ytko5p72r.cloudfront.net
URL: https://dba9ytko5p72r.cloudfront.net/?tyabd=822524
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.181.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-181-96.iad66.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Mar 2022 08:45:27 GMT
via: 1.1 077f711c23b8630fba0cd55c24dd3124.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
x-amz-cf-pop: IAD66-C2
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://exey.io
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id: -Oq1EPcHTlR5h7WNscWLdiX3w5gBTrdtVZ8tek8E2sWb6oRfWHe7OA==

GET
H2 200 UjQoFB4FHjEWKjUyAx0eVQENBSMyIAU2VDhAGxoCDAsFNw07VlkUADY1ABMlWVZZECsIKgozVA4lMgckVBcGEA83Jx8+QAsABDwWXDpcKwAyChoGBBA Show response
ydenoug.com/a1JmYXMKMAUMTApvBEcGGT5bREEtd1QnFwkzXxgHAD1TEURZIEgCHwQnAgcBBDwSTx0OJkNTNQEELi88PBQrUjsoE0NTMQkRJwA4BgQUOxgtZQcMFxIVMlFAOwE0LjFZahcsGiphLTAQWRMLBgAgBiQuFQVmQ1M1JQBWESkzBx4pIFo+Pw86OBkME... Frame 91E2 3 KB
2 KB 64ms
26ms Document
text/html 13.32.181.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ydenoug.com/a1JmYXMKMAUMTApvBEcGGT5bREEtd1QnFwkzXxgHAD1TEURZIEgCHwQnAgcBBDwSTx0OJkNTNQEELi88PBQrUjsoE0NTMQkRJwA4BgQUOxgtZQcMFxIVMlFAOwE0LjFZahcsGiphLTAQWRMLBgAgBiQuFQVmQ1M1JQBWESkzBx4pIFo+Pw86OBkMEQYyFDNXOC8lQ1M1PzhSWDgBYiUxGlt3VCM+HAgJLSchIi4INgIdDAYVJ2FXCTYACAEAOzE/N1MqHR0MDisiAV4GED4UQ1MxJTsCGSIzZxY4QBsWB1MAOTEzJ1ZZECobHF0APhFKMhA8NhUsNRQ4GA88ADY1ABcMTEcEAhwkNiAoCVUjOjYUABs9OjcpH1kLISskDRUOViMTIVAvJ1IqNzBCUgsxMBUhKCtTED4UQ1MxOyg/UjQoFB4FHjEWKjUyAx0eVQENBSMyIAU2VDhAGxoCDAsFNw07VlkUADY1ABMlWVZZECsIKgozVA4lMgckVBcGEA83Jx8+QAsABDwWXDpcKwAyChoGBBA
Requested by: Host: dba9ytko5p72r.cloudfront.net
URL: https://dba9ytko5p72r.cloudfront.net/?tyabd=822524
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.181.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-181-96.iad66.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 366d7a071b117f4b38d5c7bbd1fc17aadcfa7066bb4e2ebd5c374901249a423e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/

Response headers

content-type: text/html
content-length: 1230
date: Tue, 08 Mar 2022 08:45:27 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 077f711c23b8630fba0cd55c24dd3124.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
x-amz-cf-id: ByaBJ5bGSCGDMOko1uML9mpi4oQiPzCDqdgiMTmP939W784v5cD4YQ==

GET
H2 200 MWE1DXkefywrAgRjFgBlFwETKVkTbDUdYjN4ZBkRP0Y7BEdoRTw9YABibCBgAXsgOQ Show response
ydenoug.com/ajdVNVQLVTZYawsKNxMhGFtoEGYsEmdzMAhWbEwgAVhgRWNYRXtWOAVCMVMmBVkhGzoPQ3AHEj5TOVIuJWIMYxpbBjNQBSNPA0IGTwUXZDkZdREGMDt6PncDIXYPWQVbcgd8BVtcFGQjAnMdBBosYRRGBzwGYmc6X1ECdjM4bQdjNyF1A1kVAg87c... Frame 08C6 3 KB
2 KB 77ms
48ms Document
text/html 13.32.181.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ydenoug.com/ajdVNVQLVTZYawsKNxMhGFtoEGYsEmdzMAhWbEwgAVhgRWNYRXtWOAVCMVMmBVkhGzoPQ3AHEj5TOVIuJWIMYxpbBjNQBSNPA0IGTwUXZDkZdREGMDt6PncDIXYPWQVbcgd8BVtcFGQjAnMdBBosYRRGBzwGYmc6X1ECdjM4bQdjNyF1A1kVAg87cD4FeBFiFS54BAABIWYiTQxbYjtgZhoGEXI8LVEEcB4IUBBNDDwHJXQHGWAWBg0zexdsGA5cMVocO1s/ZwYFYBYGDSh6AwUECVsbRzc4T2VnPStxEWJtPlYyew0kUAwFAgEDP3MQJFYBYhovfzIYDSFUA10mKGUtBQYEdQxgACNVG3cNJnUDeyUrBgBDHD4HAnZnM2UFYxY5fAMMbStmPlkcA0c2YxckYzRbAStRZF07ImZkEGYoZjhCMC5/MWE1DXkefywrAgRjFgBlFwETKVkTbDUdYjN4ZBkRP0Y7BEdoRTw9YABibCBgAXsgOQ
Requested by: Host: dba9ytko5p72r.cloudfront.net
URL: https://dba9ytko5p72r.cloudfront.net/?tyabd=822524
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.181.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-181-96.iad66.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 5210c9e9ace92f3ad784ca1d0f1b70fb75d4e5ddef492c92b18916ffa7fe9539

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/

Response headers

content-type: text/html
content-length: 1214
date: Tue, 08 Mar 2022 08:45:27 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 077f711c23b8630fba0cd55c24dd3124.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
x-amz-cf-id: PunNBICZCSwPgN8zs4a3TDLZ14zwiSb4PS_L_MLrGNhROtq1S4kUqQ==

GET
H2 204 Sm9BbHVlUCIfSAcFKSoRHRwKKBsyLBk9IAsJBCoUCQgHXSEcImcYHC5SeV5Hf111SgUjC3xdUzkbIBgAOVJwShwkCS5RUzxScEJGfkFzWFt+STRRRGwbMQ0Sd15nHAE+A3xdQ35Zdl5Me112WkVy
uewasadi.com/ 0
489 B 70ms
30ms Image
text/plain 2606:4700:3036::6815:57e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uewasadi.com/Sm9BbHVlUCIfSAcFKSoRHRwKKBsyLBk9IAsJBCoUCQgHXSEcImcYHC5SeV5Hf111SgUjC3xdUzkbIBgAOVJwShwkCS5RUzxScEJGfkFzWFt+STRRRGwbMQ0Sd15nHAE+A3xdQ35Zdl5Me112WkVy
Requested by: Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:57e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 08:45:27 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gf4Gga2iXNMOTfJitZm3RE01WuVQoevrisEoyj5FMEfkGhGYYHIpNCgYwrO0B579iNDc52%2FMZ9LQeIrlHfYUsqeeubElFbP6Iuj4qRmIRFbDyFD%2FpiBNoEhnFf1dNoEdjcfmkSu%2BET6JmNQ%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 6e8a4b780ddc7142-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 login.php
www.facebook.com/ 0
0 101ms
62ms Image
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Requested by: Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 ServiceLogin
accounts.google.com/ 0
0 123ms
78ms Image
text/html 2607:f8b0:4006:820::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
Requested by: Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:820::200d Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 ServiceLogin
accounts.google.com/ 0
0 195ms
149ms Image
text/html 2607:f8b0:4006:820::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
Requested by: Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:820::200d Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 / Show response
dba9ytko5p72r.cloudfront.net/ 200 KB
67 KB 64ms
27ms Fetch 2600:9000:21ec:4c00:7:5c7d:44c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dba9ytko5p72r.cloudfront.net/?tyabd=822524
Requested by: Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ec:4c00:7:5c7d:44c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: d5eb5dc1e23f7d83a65d062f8c03e758337fd9fe506df536ff9bde33c4e2b6f5

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Mar 2022 07:23:49 GMT
content-encoding: gzip
age: 4898
x-cache: Hit from cloudfront
access-control-allow-origin: https://exey.io
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
access-control-allow-credentials: true
x-amz-cf-pop: JFK51-C1
content-length: 67679
via: 1.1 27f14fa3828b5a3937a29b10d6b5aa0e.cloudfront.net (CloudFront)
x-amz-cf-id: ZgNll_Zz008zWahjpGTTxLCt3VU9jNbxKhv6OePH-_SyHWu_DHgRSw==

GET
H2 200 3230648 Show response
forfrogadiertor.com/400/ 80 KB
31 KB 393ms
192ms Script
application/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://forfrogadiertor.com/400/3230648

Requested by

Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4eb5fae48ce01bc6e2004382d9b929d82b24534e523821642f4ae009e8d4b95a

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-trace-id: 97d5cc7ee398b4da4b09ef0dd6f5f801
pragma: no-cache
date: Tue, 08 Mar 2022 08:45:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Origin
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Link
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *, *
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 92 KB
37 KB 89ms
43ms Script
application/javascript 2607:f8b0:4006:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-135952122-1

Requested by

Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a6fad04a78ad6f957b6a8b5dbc38c6e63963283a6e5747b387692169f827a397

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 08:45:27 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36954
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 08 Mar 2022 08:45:27 GMT

GET
H3 200 prebid-ads.js Show response
exe.io/js/ 19 B
634 B 22ms
21ms Script
application/javascript 2606:4700:20::ac43:4728
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://exe.io/js/prebid-ads.js

Requested by

Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4728 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0e99c90d9cb7411a4b06a0132c284c9f507452ea0b2b01b893988460a7417d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 08:45:27 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 491362
cf-polished: origSize=21
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Mar 2022 16:13:09 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CMLevKiPvZQPYJ7Ctc%2FKx1huM3nCrP%2FzwPBsVk2ZHg8O%2B74jTCHKv80W5UyT6h27N%2BUS6Blc%2FIe67S9QoVKSyDmw49XoiWD8PaZdluuYZaRwDPnrSjuEcxZ8AitRBphEzmS27Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 6e8a4b784b7d4bc5-YUL
expires: Fri, 01 Apr 2022 16:16:05 GMT

GET
H2 200 fWFkAC8+MiYaa2oVYUB5dmBiVTtl Show response
dba9ytko5p72r.cloudfront.net/jVHNOWFM3HCA+bCAaKmVrZkF7amdyGT03PSROB28qMiA3KQc2AmgsKTBOfn4/NR0pZXUxHS1lYnISKjpuYFU6KDw/Tj49Kj0CPi0+MwZoLTJpHiEiOjgfL31hEkZgaHZmQ2YvOjoXIS8gcUF+NidxQX5pY3pDa2sRcUF+Lzo... Frame 91E2 638 B
743 B 98ms
97ms Script
text/plain 2600:9000:21ec:4c00:7:5c7d:44c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dba9ytko5p72r.cloudfront.net/jVHNOWFM3HCA+bCAaKmVrZkF7amdyGT03PSROB28qMiA3KQc2AmgsKTBOfn4/NR0pZXUxHS1lYnISKjpuYFU6KDw/Tj49Kj0CPi0+MwZoLTJpHiEiOjgfL31hEkZgaHZmQ2YvOjoXIS8gcUF+NidxQX5pY3pDa2sRcUF+Lzo6RXp9YBZWfGgrYkdnfWFkEj-4oPzEEKzo4PQdrahVhQHl2YGJWfGh7Pxs6NT9xQQ19YWQfJzM2cUF+PzY3GCFxdmZDLTAhOx4rfWESSnd2Y3pHdmxnekZ/fWFkAC8+MiYaa2oVYUB5dmBiVTtl
Requested by: Host: ydenoug.com
URL: https://ydenoug.com/a1JmYXMKMAUMTApvBEcGGT5bREEtd1QnFwkzXxgHAD1TEURZIEgCHwQnAgcBBDwSTx0OJkNTNQEELi88PBQrUjsoE0NTMQkRJwA4BgQUOxgtZQcMFxIVMlFAOwE0LjFZahcsGiphLTAQWRMLBgAgBiQuFQVmQ1M1JQBWESkzBx4pIFo+Pw86OBkMEQYyFDNXOC8lQ1M1PzhSWDgBYiUxGlt3VCM+HAgJLSchIi4INgIdDAYVJ2FXCTYACAEAOzE/N1MqHR0MDisiAV4GED4UQ1MxJTsCGSIzZxY4QBsWB1MAOTEzJ1ZZECobHF0APhFKMhA8NhUsNRQ4GA88ADY1ABcMTEcEAhwkNiAoCVUjOjYUABs9OjcpH1kLISskDRUOViMTIVAvJ1IqNzBCUgsxMBUhKCtTED4UQ1MxOyg/UjQoFB4FHjEWKjUyAx0eVQENBSMyIAU2VDhAGxoCDAsFNw07VlkUADY1ABMlWVZZECsIKgozVA4lMgckVBcGEA83Jx8+QAsABDwWXDpcKwAyChoGBBA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ec:4c00:7:5c7d:44c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 0d3b7714464e8073416fa0f91b915b71c30178f6afdc402f0abdabe5a3505d3f

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ydenoug.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 08:45:27 GMT
content-encoding: gzip
x-amz-cf-pop: JFK51-C1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 466
via: 1.1 88c99b4a125fda7fb36df6bd93b5daf0.cloudfront.net (CloudFront)
x-amz-cf-id: iHs1bH1OQcPfwejO1NKnRuYBdqBEe5hJPrZna8pQfpliuwOCGbd-Rw==

GET
H2 200 TdlgzOUYVN11feQIxVwR+QmsBD3dQMkBWKAZlQ1ERIQ1kAQwhDH1NFVAsSV17Rn5fWCgRZRVcKBVlAh8nEjoODWADOQ5UKQwxX1UnU2p1DGhGfQEJbgExXV0pASsWC3YYLBYLdkdoHQljRRoWC3YBMV0PclNrcRx0RiAFDW9TagNYNgY0Vk4jFDNaTWNEHg-YKcVh... Show response
dba9ytko5p72r.cloudfront.net/ Frame 08C6 177 B
455 B 97ms
97ms Script
text/plain 2600:9000:21ec:4c00:7:5c7d:44c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dba9ytko5p72r.cloudfront.net/TdlgzOUYVN11feQIxVwR+QmsBD3dQMkBWKAZlQ1ERIQ1kAQwhDH1NFVAsSV17Rn5fWCgRZRVcKBVlAh8nEjoODWADOQ5UKQwxX1UnU2p1DGhGfQEJbgExXV0pASsWC3YYLBYLdkdoHQljRRoWC3YBMV0PclNrcRx0RiAFDW9TagNYNgY0Vk4jFDNaTWNEHg-YKcVhrBRx0RnBYUTIbNBYLBVNqA1UvHT0WC3YRPVBSKV99AQklHipcVCNTanUAf1hoHQ1+QmwdDHdTagNKJxA5QVBjRB4GCnFYawUfM0s
Requested by: Host: ydenoug.com
URL: https://ydenoug.com/ajdVNVQLVTZYawsKNxMhGFtoEGYsEmdzMAhWbEwgAVhgRWNYRXtWOAVCMVMmBVkhGzoPQ3AHEj5TOVIuJWIMYxpbBjNQBSNPA0IGTwUXZDkZdREGMDt6PncDIXYPWQVbcgd8BVtcFGQjAnMdBBosYRRGBzwGYmc6X1ECdjM4bQdjNyF1A1kVAg87cD4FeBFiFS54BAABIWYiTQxbYjtgZhoGEXI8LVEEcB4IUBBNDDwHJXQHGWAWBg0zexdsGA5cMVocO1s/ZwYFYBYGDSh6AwUECVsbRzc4T2VnPStxEWJtPlYyew0kUAwFAgEDP3MQJFYBYhovfzIYDSFUA10mKGUtBQYEdQxgACNVG3cNJnUDeyUrBgBDHD4HAnZnM2UFYxY5fAMMbStmPlkcA0c2YxckYzRbAStRZF07ImZkEGYoZjhCMC5/MWE1DXkefywrAgRjFgBlFwETKVkTbDUdYjN4ZBkRP0Y7BEdoRTw9YABibCBgAXsgOQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ec:4c00:7:5c7d:44c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 02a4d91046d880d17428665b2954226b11343753854e368fe77d8d66e43a7234

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ydenoug.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 08:45:27 GMT
content-encoding: gzip
x-amz-cf-pop: JFK51-C1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 178
via: 1.1 88c99b4a125fda7fb36df6bd93b5daf0.cloudfront.net (CloudFront)
x-amz-cf-id: VJiH5nbjsr_1_Q7MYzuoOAXy5zmoyWnS8HXRO-SrZ0bakaPj8xC1Dg==

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 98ms
52ms Fetch
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Mar 2022 08:45:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 6292627521375470263
vary: Accept-Encoding, Origin
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Tue, 08 Mar 2022 08:45:27 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 64ms
19ms Script
text/javascript 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-135952122-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 91
date: Tue, 08 Mar 2022 08:43:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 08 Mar 2022 10:43:56 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 59ms
31ms XHR
text/plain 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=137972036&t=pageview&_s=1&dl=https%3A%2F%2Fexey.io%2FMountYourFriendsSteamTrain&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1326095220&gjid=1467684896&cid=1499314868.1646729128&tid=UA-135952122-1&_gid=1937483224.1646729128&_r=1&gtm=2ou370&z=1792393610

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://exey.io/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 08 Mar 2022 08:45:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://exey.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 popunder.gif
uewasadi.com/ 35 B
627 B 32ms
17ms Image
image/gif 2606:4700:3036::6815:57e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uewasadi.com/popunder.gif
Requested by: Host: exey.io
URL: https://exey.io/MountYourFriendsSteamTrain
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:57e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: public
date: Tue, 08 Mar 2022 08:45:28 GMT
cf-cache-status: HIT
last-modified: Mon, 07 Mar 2022 20:32:21 GMT
server: cloudflare
age: 43987
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VygwfYYjCdKH1Zp5ptPoV7oUwofP%2BEvnAUmWJseyQKJon4vOPpxbl4n8mgEbVlI%2B1RPQqejA7PjCf7Q%2F3nyW5lmNnJb8yMVjEp2PQT9fScHkJb%2B2nsX6PWd6gTYvq6qPAByRX59mSl%2FedgQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e8a4b7acc014bcb-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 apu.php Show response
cdn.itskiddoan.club/ 74 KB
29 KB 401ms
197ms Script
application/javascript 139.45.197.236
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.itskiddoan.club/apu.php?zoneid=3472522

Requested by

Host: forfrogadiertor.com
URL: https://forfrogadiertor.com/400/3230648

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

dd5e59ed6b421f6110dea818359bbf3a69a9409b7de05efe800819ff571a09a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 08:45:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-max-age: 86400
x-trace-id: ceffbd2bc00e4b4773bf7411d4f092c9
pragma: no-cache
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 1 Show response
cdn.itphanpytor.club/ 5 KB
3 KB 314ms
102ms Script
text/javascript 139.45.197.241
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.itphanpytor.club/1?z=4041180
Requested by: Host: forfrogadiertor.com
URL: https://forfrogadiertor.com/400/3230648
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.241 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: af31ba92e8d87e3111e803d8160d52c74fb41308d2e3302d71ae738ce18b86dd

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-trace-id: d6d1a962c5dee0154823c79046759ed0
pragma: no-cache
date: Tue, 08 Mar 2022 08:45:28 GMT
content-encoding: gzip
x-sc: SxwecajMcdekKc-uKvtrokhPRWpmoTu2W5lxbSt7qvA_Isc1vpL_azsEhk6Q-cCdYmE1kIXs6zoJZIjYsrgw3iQuR8U=
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
539 B 300ms
96ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: forfrogadiertor.com
URL: https://forfrogadiertor.com/400/3230648

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d2cd99653e26c2494fb3a311a244c190f318800eb972fd60dab6254dda67c265

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 08:45:28 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://exey.io
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 da08671c80620cb9ea8240cdc9466d29 Show response
cdn.itphanpytor.club/27/ 381 KB
122 KB 204ms
203ms Script
application/javascript 139.45.197.241
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.itphanpytor.club/27/da08671c80620cb9ea8240cdc9466d29

Requested by

Host: cdn.itphanpytor.club
URL: https://cdn.itphanpytor.club/1?z=4041180

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.241 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

49a256979378d1c9105960a6149c8158bf19dfd03eacad7c9857df239babc936

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 08:45:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Feb 2022 04:56:57 GMT
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin
cache-control: max-age:290304000, public
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Thu, 26 Mar 2082 04:56:57 GMT

GET
H2 200 38 Show response
cdn.itphanpytor.club/42/ 0
528 B 403ms
402ms Script
text/plain 139.45.197.241
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.itphanpytor.club/42/38?z=4041180
Requested by: Host: cdn.itphanpytor.club
URL: https://cdn.itphanpytor.club/1?z=4041180
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.241 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-trace-id: 44d651db08c8ccc1cb51a749d1312a30
pragma: no-cache
date: Tue, 08 Mar 2022 08:45:28 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
538 B 97ms
96ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=464dd16425984093bcefb3dcc2808df7

Requested by

Host: cdn.itskiddoan.club
URL: https://cdn.itskiddoan.club/apu.php?zoneid=3472522

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

2d2c5a5bd3f3277c2e4658e67db7d0f283cc17635c9072fbf184a3552ff0320e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 08:45:28 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://exey.io
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 204 3230648 Show response
forfrogadiertor.com/500/ 0
455 B 96ms
96ms XHR
text/plain 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://forfrogadiertor.com/500/3230648?excludes=&oaid=1547cc7a0f8e480db2f57496e8b7445d&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&pl=https%3A%2F%2Fexey.io%2FMountYourFriendsSteamTrain&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

Requested by

Host: forfrogadiertor.com
URL: https://forfrogadiertor.com/400/3230648

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://exey.io/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: a62035f13fe0129383e92db003de2ad6
pragma: no-cache
date: Tue, 08 Mar 2022 08:45:28 GMT
x-content-type-options: nosniff
server: nginx
vary: Origin
access-control-allow-origin: https://exey.io
access-control-expose-headers: Link
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *, *
expires: Tue, 11 Jan 1994 10:00:00 GMT

OPTIONS
H2 200 3230648
forfrogadiertor.com/500/ Frame 0
0 291ms
96ms Preflight 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://exey.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Tue, 08 Mar 2022 08:45:28 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
access-control-allow-origin: https://exey.io
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *

GET
H2 204 /
cdn.itskiddoan.club/ 0
0 98ms
97ms Fetch 139.45.197.236
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.itskiddoan.club/?rb=iQZTgAOPorz_l2rAu2yKXsOrMwLxMbdGk0QQwxnRFGvS9FH2uXL01RgX2-nDlSif50YSZRL--KpPemwvvXbk2R5XgNOfXl-n6fHnhOTErIh4sWJuTHUNN-lzlST1puvVvhIDcWKkYUoNWbSqWEvre_q_hokwTvKWiOgKuerfECT8mY-ahrIiwdSKR52ghruRzv8At9YGdu6Q_vIfG6q1Rq3jbiGezV1cfSBLcvCmU0Mpc9lLZqXBTy-vsPWzs6hD49pVKLPfM67GAZBN&request_ab2=0&zoneid=3472522&js_build=iclick-v1.364.0&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&pl=https%3A%2F%2Fexey.io%2FMountYourFriendsSteamTrain&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.364.0&bs=a58b4c6c-3ea1-4dde-89da-97e3c67a8fed&userId=464dd16425984093bcefb3dcc2808df7&m=link

Requested by

Host: cdn.itskiddoan.club
URL: https://cdn.itskiddoan.club/apu.php?zoneid=3472522

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://exey.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Mar 2022 08:45:28 GMT
x-content-type-options: nosniff
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://exey.io
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H2 204 9 Show response
cdn.itphanpytor.club/ 0
536 B 105ms
104ms XHR
text/plain 139.45.197.241
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.itphanpytor.club/9?z=4041180&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Fexey.io%2FMountYourFriendsSteamTrain&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&sah=1200&drf=&hil=1&ist=0
Requested by: Host: cdn.itphanpytor.club
URL: https://cdn.itphanpytor.club/27/da08671c80620cb9ea8240cdc9466d29
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.241 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://exey.io/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: fe193ef5bbe721d62e73d75a87c7a847
pragma: no-cache
date: Tue, 08 Mar 2022 08:45:29 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://exey.io
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Mon, 26 Jul 1997 05:00:00 GMT

OPTIONS
H2 204 9
cdn.itphanpytor.club/ Frame 0
0 286ms
96ms Preflight 139.45.197.241
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.itphanpytor.club/9?z=4041180&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Fexey.io%2FMountYourFriendsSteamTrain&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&sah=1200&drf=&hil=1&ist=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.241 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://exey.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Tue, 08 Mar 2022 08:45:29 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://exey.io
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cdn.itphanpytor.club/42	1970-01-20 10:11:05	Name: OAID Value: c40ebd6d0bf4410c85e7dacedbb88812
cdn.itphanpytor.club/42	1970-01-20 10:11:05	Name: oaidts Value: 1646729128
exe.io/	1969-12-31 23:59:59	Name: AppSession Value: 7626c2306d3bb920d20755b08e1f5fd8
exe.io/	1969-12-31 23:59:59	Name: csrfToken Value: a54e8ebd6bee374c621d6cad3bfd6d8838ae5387fb3136942efb4bafce2bfd44657274eda4cc743154ee7a943d4398c274adaaeba42cd5ee5d9c91ce166f5a45
.exe.io/	1970-01-20 01:25:30	Name: __cf_bm Value: WcLaCc5ms4kfqvbKBIursNxrEHJ98egYrDsIg_f5e5U-1646729127-0-AQBwrFX5EfLW0CARGNR94tvN/NWvHp7uuyQxfOTZ+14//2WC2cq28PDv61tnG4es81+BTdVxxkoxgf+j9ZRyOy7xOuo8DJDOWnF0KcnUacrLvxp6nC0gxBS/XsKL4Ywmgw==
exey.io/	1969-12-31 23:59:59	Name: AppSession Value: ce66b3e04f8cecf26cd0cb561b1d8660
exey.io/	1969-12-31 23:59:59	Name: csrfToken Value: 3c2fb6d1f1541150a54fabbe15cb4ed519175ce70cb068995e82667069191b56ac423d752d7a7b523a21f55e37773e7727c9dfb9ffd556a336f8f9383fff8ab2
freychang.fun/	1970-01-20 10:03:53	Name: csu Value: 62952234178966@1
.exey.io/	1970-01-20 18:56:41	Name: _ga Value: GA1.2.1499314868.1646729128
.exey.io/	1970-01-20 01:26:55	Name: _gid Value: GA1.2.1937483224.1646729128
.exey.io/	1970-01-20 01:25:29	Name: _gat_gtag_UA_135952122_1 Value: 1
varechphugoid.com/	1970-01-20 01:26:55	Name: GL_UI4 Value: eJw9jVtOhDAYhYFycTJCPAkLcAlFZJRH4yJ8JH9pYepAOyl1iLu3MdGn8%2BVccqIoSuoK8S1nYF%2FU4fEkeuK87dtJNCf%2BIjhJatruiU%2BvzTOJDge9DZ7EonyK%2B1kZ5fQ4jFaqEg8h%2BnMuxu4mRSYcGVkiW0NjKVEIZ%2FdNuZohNbQq5O9nZ4NmK31ah6TvA2oTMOZI7Faz6oDiQxsZdtURScOrMo9wvC7kJ%2BvWQcs8RjY7kgrxG%2B5G8mq27huFVNvF2ytgFzn8939v2d5w5FLd9Bi%2BrT8r9wMevUpU
varechphugoid.com/	1970-01-20 01:26:55	Name: GL_GI10 Value: eJxNjMFqwkAUReOkjgYlcsEP6A80EKyKyzAbN6WI0O0wTZ4yoPOGySjGr69tQLq798A5SZKIeQ5hPfLyfVMsV0W5XBTleoP0SAyhKkxrvrgYOu3MmSCVcaYxkIGOlh3ETmHSb11zQxiq6u0f66Xdhb6pxkttY4fxBz96ZE7Ifn%2BvTR7ak6e29Rh9fm1f99UemaOoW0%2FUIFMcPAcTCfmT%2FgVkirFttQ986%2BQAs2jPdGdHmg%2BHluJoiMFVih8c%2FEY0
cdn.itphanpytor.club/	1970-01-20 10:11:05	Name: scm Value: 1
cdn.itphanpytor.club/	1970-01-20 10:11:05	Name: OAID Value: c40ebd6d0bf4410c85e7dacedbb88812
cdn.itphanpytor.club/	1970-01-20 10:11:05	Name: oaidts Value: 1646729128
cdn.itskiddoan.club/	1970-01-20 10:11:05	Name: OAID Value: 464dd16425984093bcefb3dcc2808df7
cdn.itskiddoan.club/	1970-01-20 10:11:05	Name: oaidts Value: 1646729128
my.rtmark.net/	1970-01-20 10:11:05	Name: ID Value: 464dd16425984093bcefb3dcc2808df7
exey.io/	1970-01-20 01:25:29	Name: prefetchAd_3472522 Value: true
forfrogadiertor.com/	1970-01-20 10:11:05	Name: OAID Value: 1547cc7a0f8e480db2f57496e8b7445d

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
cdn.itphanpytor.club
cdn.itskiddoan.club
dba9ytko5p72r.cloudfront.net
exe.io
exey.io
fonts.googleapis.com
fonts.gstatic.com
forfrogadiertor.com
freychang.fun
my.rtmark.net
pagead2.googlesyndication.com
uewasadi.com
varechphugoid.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
ydenoug.com
13.32.181.96
139.45.195.8
139.45.197.236
139.45.197.239
139.45.197.241
142.91.159.153
2600:9000:21ec:4c00:7:5c7d:44c0:21
2606:4700:20::ac43:4728
2606:4700:3030::6815:2dcf
2606:4700:3036::6815:1227
2606:4700:3036::6815:57e4
2607:f8b0:4006:808::2003
2607:f8b0:4006:808::200a
2607:f8b0:4006:80f::2008
2607:f8b0:4006:81c::2002
2607:f8b0:4006:820::200d
2607:f8b0:4006:820::200e
2a03:2880:f112:83:face:b00c:0:25de
02a4d91046d880d17428665b2954226b11343753854e368fe77d8d66e43a7234
04a391894f53929ef3fc81d5a87162bc5742cd87c0e15e0a4c1181b90cc64612
0d3b7714464e8073416fa0f91b915b71c30178f6afdc402f0abdabe5a3505d3f
26bbadf324d400b12bea32f232b42870889357c483db6c1c4b1baa0202a41539
2d2c5a5bd3f3277c2e4658e67db7d0f283cc17635c9072fbf184a3552ff0320e
366d7a071b117f4b38d5c7bbd1fc17aadcfa7066bb4e2ebd5c374901249a423e
49a256979378d1c9105960a6149c8158bf19dfd03eacad7c9857df239babc936
4eb5fae48ce01bc6e2004382d9b929d82b24534e523821642f4ae009e8d4b95a
5210c9e9ace92f3ad784ca1d0f1b70fb75d4e5ddef492c92b18916ffa7fe9539
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
734f2a9f00d68687449a6e750399fb50d6a893a896e6ff1e0f9c07deb726faed
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
9e1ae164cf8450a5a6cc72c06ba71d4b14036a071641e41f60ff33cac05c9b3e
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3ec1012dab350dfa7db1e74dfd6d18754cea036dc8ae39a4738b36616fa85c6
a6fad04a78ad6f957b6a8b5dbc38c6e63963283a6e5747b387692169f827a397
af31ba92e8d87e3111e803d8160d52c74fb41308d2e3302d71ae738ce18b86dd
c0e99c90d9cb7411a4b06a0132c284c9f507452ea0b2b01b893988460a7417d5
d2cd99653e26c2494fb3a311a244c190f318800eb972fd60dab6254dda67c265
d5eb5dc1e23f7d83a65d062f8c03e758337fd9fe506df536ff9bde33c4e2b6f5
dd5e59ed6b421f6110dea818359bbf3a69a9409b7de05efe800819ff571a09a8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6f08fcd3813725a6bf7cdd611339bcff83e40e75ab63d57b89f991bc1a1806c
e8f2d5487d860696dee2e6037ae07ff063ae5959b8d4b4658a284f9dc9711ca1
f27408b033a0195d0f29b0ecbc143f470c4fbb0807472a688b2f9e66403651e0

exey.io Open in urlscan Pro 2606:4700:3036::6815:1227 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

40 Requests

100 %HTTPS

67 %IPv6

18 Domains

18 Subdomains

18 IPs

3 Countries

551 kBTransfer

1506 kBSize

21 Cookies

0 Outgoing links

Page URL History

Redirected requests

40 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

exey.io Open in urlscan Pro
2606:4700:3036::6815:1227 Public Scan

Screenshot
Live screenshot

Full Image

40
Requests

100 %
HTTPS

67 %
IPv6

18
Domains

18
Subdomains

18
IPs

3
Countries

551 kB
Transfer

1506 kB
Size

21
Cookies

40 HTTP transactions
0 data transactions