urlscan.io logo urlscan.io
SecurityTrails logo

exe.app Open in urlscan Pro
2a06:98c1:3120::3  Public Scan

Go To Rescan Add Verdict Report
URL: https://exe.app/e0pQ1
Submission: On September 12 via manual from IE — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 4 countries across 15 domains to perform 39 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is exe.app.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 2nd 2021. Valid for: a year.
This is the only time exe.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

5    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
exe.app
1    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    23.109.82.147 (Netherlands)

ASN7979 (SERVERS-COM, US)
nh.eugeniecor.com
2    2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
9    188.114.96.12 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
pogothere.xyz
lcreatessque.xyz
5    18.66.147.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-17.fra60.r.cloudfront.net
xpectthatmy.shop
2    2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
4    2a00:1450:4001:802::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
1    139.45.197.15 (United Kingdom)

ASN9002 (RETN-AS, GB)
in-page-push.com
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    2600:9000:223f:6e00:10:564:4f40:21 (United States)

ASN16509 (AMAZON-02, US)
d31ph8fftb4r3x.cloudfront.net
3    139.45.197.154 (United Kingdom)

ASN9002 (RETN-AS, GB)
psoageeb.com
Apex Domain
Subdomains		 Transfer
5 lcreatessque.xyz
lcreatessque.xyz
2 KB
5 xpectthatmy.shop
xpectthatmy.shop
6 KB
5 exe.app
exe.app
164 KB
4 google.com
accounts.google.com — Cisco Umbrella Rank: 126
2 KB
4 pogothere.xyz
pogothere.xyz — Cisco Umbrella Rank: 854787
202 KB
3 psoageeb.com
psoageeb.com Failed
586 B
3 cloudfront.net
d31ph8fftb4r3x.cloudfront.net
2 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 94
20 KB
2 gstatic.com
fonts.gstatic.com
62 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 141
76 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 355
2 KB
1 in-page-push.com
in-page-push.com — Cisco Umbrella Rank: 73195
357 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 111
1 eugeniecor.com
nh.eugeniecor.com — Cisco Umbrella Rank: 316822
1 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 120
1 KB
39 15
Domain Requested by
5 lcreatessque.xyz exe.app
5 xpectthatmy.shop exe.app
5 exe.app exe.app
4 accounts.google.com 2 redirects exe.app
4 pogothere.xyz exe.app
3 psoageeb.com exe.app
3 d31ph8fftb4r3x.cloudfront.net xpectthatmy.shop
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 fonts.gstatic.com fonts.googleapis.com
2 www.googletagmanager.com exe.app
1 cdnjs.cloudflare.com exe.app
1 in-page-push.com exe.app
1 www.facebook.com exe.app
1 nh.eugeniecor.com exe.app
1 fonts.googleapis.com exe.app
39 15

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-11-02 -
2022-11-01		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-08-22 -
2022-11-14		 3 months crt.sh
nh.eugeniecor.com
R3		 2022-07-07 -
2022-10-05		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-08-22 -
2022-11-14		 3 months crt.sh
*.pogothere.xyz
E1		 2022-09-04 -
2022-12-03		 3 months crt.sh
xpectthatmy.shop
Amazon		 2022-08-21 -
2023-09-19		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-08-22 -
2022-11-14		 3 months crt.sh
*.lcreatessque.xyz
E1		 2022-09-06 -
2022-12-05		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-06-21 -
2022-09-19		 3 months crt.sh
in-page-push.com
R3		 2022-09-09 -
2022-12-08		 3 months crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
psoageeb.com
R3		 2022-07-19 -
2022-10-17		 3 months crt.sh

This page contains 5 frames:

Primary Page: https://exe.app/e0pQ1
Frame ID: 87222D6B45DBD9A05BCE07E9BD9A2B07
Requests: 29 HTTP requests in this frame

Frame: https://xpectthatmy.shop/cHg3Tm0RGlQjUhFFVWgYAhQKa182XQUICUNJRyZVFh5DLFkCS09gDhwXQioLAhdZOkMeHUNrXzY7VBgKQi1yLT4+SVB8CDEtTxsAQV0FCDxCF3MXAz4geiU4VUpxBTw2FFQNNAo2YyIaPktiBz1DLUcMARMLYwo/Rilveww9K1wZNyI5BgU/OhR1fTQdPmMhISo/cggmNhMAKwolAmAnDgUwYz4LIBFbFiEmHEMFBUQRbzQaAj1/fig2Fn0oDDI2XipcGw5vNFkaMF53KxQgYQwjGzIGKjg2CHUgWEMucDpdFCBhDCFBQBJ8LxMtYXcvIjJeH18YN20gIykeZmM/FzJQCwInEmI5KzQIUwE5Pi1WIC8cHHIUXzIvbSc8Qh9SARRIPnkYHUEcYwRUMj92PCo0NmMqNSY6Z38gCjR1exU1Sn19KBo6ch4UHy1RHzwnHFwIGTc/dT4/NxNnFDocOVYPP0EcYgsfJgJuIywKPWMXCjY9VjkrVUp1KigUXQUMPEJJBWgHAxdZPlA2DkMKDDYfBTcKMwF2
Frame ID: 5A4FB98E5CA70C09FB828616BACA616A
Requests: 2 HTTP requests in this frame

Frame: https://xpectthatmy.shop/RWJSY3AkADEOTyRfMEUFNw5vRkIDR2AlFHZTIgtIIwQmAUQ3USpNEykNJwcWNw08F14rByZGQgNWADsqdTdjCB0CMD1SKi8nNCY3cAo0NkkEAz9SGg0jMVs+PzQeKjIyEDEgOQMjYBATAjcbLzkdOBExHhAWAhs6DzthWwADGj1TKgIvBiQaBwk2JTETLCgXRBQOGw07Fg02MCMmGxkyNSEyKBADAiAiUjwGMB4kJDIIHiEfHC88G0MIJxRaERIgFzE4NhceIRcUMhFXQhBSCAk+PyQGMR0LDTY1GAAGPww4EFIICTwsFQsyHSFaNgkiFzsFCEkUJ38hRiMqNiQ2Fi8iKCIIJhwJAzAqJSFCJBUcJyJ3MGEHGwcwCzQcMSoAFB4LIT43Ii0gagdAHDsdCTkiN2I5GhULEzU4PxolOjUXJx8nNXYlAAhCIyoxFCISLCECQB8DCA4YfTNjExkkOjY3IigvIykyBDQbNzIiMBYpHSQMGDoidzR3UTYIJyYlVi8RPQ0AeDYdEUUREwJRKSpUChtDcVA
Frame ID: 646AB1E4EC3723CB66F727E99FCAFB3F
Requests: 2 HTTP requests in this frame

Frame: https://xpectthatmy.shop/Z1ZxTUYGNBIgeQZrE2szFTpMaHQhc0MLIlRnASV+ATAFL3IVZQljJQs5BCkgFTkfOWgJMwVodCEvJ38PHzQLJnYjAEkHBA4bPRsQLhQofAMjASAlPiQTOAwQHjIXFxcfHSgJHFUaHz4uLAcwdSc1biQLPhMSPHx+JQUnGHQjECseDh0fPBgqLh8SHAgxEiAfLDUTIAIEIzk/HjE9AD46CzIOKXQvMxc3BgVVMjofIT0OPDp3IB4zNSoyOkkvDiAAIgwAXw4rfSUkGiM1KjI9KAoQVRAmCwAfYRIhByUQBnQsNC4jKQUzDyIcFyk1OAwiMxQ3DCw1IVwANiMRIxsOViEhLiomFCN8D0JkNwsqEBI5ChMPEDd9DCghBSwFDy4dGCo+HSYnMSkRNCIKPSE3Fw4xD0cPPjUyF38cNBQ0CAwCABIMEAAuRBgxITI5ChA0BxZ4ICk+MxQVACUjGzEtDzd/FDIQCSIDPTFXJzUIOAFwEgQlRhkBJhQHBnc0Bjk7
Frame ID: D573B8B0E6BE35477CD28960501EA9D9
Requests: 2 HTTP requests in this frame

Frame: https://exe.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1662969600
Frame ID: 27D8D27CE0B84DEB26F8198C83F9DC95
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

exe.io

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

39
Requests

92 %
HTTPS

64 %
IPv6

15
Domains

15
Subdomains

15
IPs

4
Countries

539 kB
Transfer

1170 kB
Size

10
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
  • https://accounts.google.com/v3/signin/identifier?dsh=S-452296419%3A1662983436345580&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWr9jnVkrpRwnhkUH8LR8YHXUyX_GSIO9dR3HVtuAUK3-pJz4HbhdBV2nXtsFH-fVPHhahoTnQ
Request Chain 18
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
  • https://accounts.google.com/v3/signin/identifier?dsh=S-535867001%3A1662983436344385&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqdIRIjhYNuc9_O7YTyLW4eHdejWCx0UE0FrfPW4ExuEeziWJ0nYwSmhf-8Dg95soWtd1q3BQ

39 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request e0pQ1
exe.app/ 		395 KB
100 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0cdd1e70f45d789db5a97fa755efbc4d531dea09df58c9bbe40b5323d21d41a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
74986d2a08acb78a-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 12 Sep 2022 11:50:35 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VzzHWzHV%2BFi9iDoCuOD382%2Fefu6te6yX%2BDmxOrCkBd6%2FB843OsANIBphkIs9vMw5WiTYue6s614zlxHr4OepaJwPYVYdSDN9lQxWGnYNhp1ggdxqrGN9bsbNfbbb8qv8U8cpRDdE"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN, SAMEORIGIN
x-robots-tag
noindex, nofollow
x-xss-protection
1; mode=block
css
fonts.googleapis.com/ 		13 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
97d876b0796d55e1a4d9dec67f958fd62674617e5417b92e4584c0397974e9d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 12 Sep 2022 10:15:56 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 12 Sep 2022 11:50:36 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 12 Sep 2022 11:50:36 GMT
continue.css
exe.app/css/ 		179 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://exe.app/css/continue.css
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8f2d5487d860696dee2e6037ae07ff063ae5959b8d4b4658a284f9dc9711ca1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/e0pQ1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:35 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
326963
cf-polished
origSize=211643
cf-bgj
minify
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 20 Nov 2020 17:25:47 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,User-Agent
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kNHa%2F9UkIwUVcQf%2Fk4dRFqP3aDcATADXtWbXOfh7upXu1sqjH0uzohOVnV4%2BzhdG6cfLnMGTHQaRpaoqqQwksDnvoGn96wmTLOqP%2B5jvEiXfE8xqmMv%2FdJdGsYBOwfd5DJRVSpnA"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=2592000
cf-ray
74986d2a99b4b78a-AMS
expires
Sat, 08 Oct 2022 17:01:12 GMT
29529
nh.eugeniecor.com/1clkn/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nh.eugeniecor.com/1clkn/29529
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
23.109.82.147 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 12 Sep 2022 11:50:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Connection
keep-alive
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=1
Keep-Alive
timeout=20
js
www.googletagmanager.com/gtag/ 		105 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-135952122-1
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
32af21db8cb1188960f778468562075ec64e9cb7d4f1e2f2f4058e76fee453d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41970
x-xss-protection
0
last-modified
Mon, 12 Sep 2022 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 12 Sep 2022 11:50:36 GMT
asd100.bin
pogothere.xyz/ 		100 KB
101 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pogothere.xyz/asd100.bin
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.12 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
access-control-allow-methods
GET
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
686
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 12 Sep 2022 11:39:10 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xSwr4JHxrL%2B3LiRU5jMAG4uueRYYfU10jRFLuKGiSfmOXwF2kGj5S3ZyS2xfOK0NsdpWBAlHsq%2F8XizPMoW9ad140uhl4rOjR405Nljvf%2BS%2B5Mf8Kov0AjvR9u2AEK8N"}],"group":"cf-nel","max_age":604800}
content-type
binary/octet-stream
access-control-allow-origin
https://exe.app
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
74986d2c6877d0d5-AMS
access-control-allow-headers
X-Requested-With, content-type
/
pogothere.xyz/ 		27 B
362 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pogothere.xyz/
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.12 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6418c5ec9560cbb9876e575bc3d8f215fb31b05ab4f52290e9c2bf8206297547

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-allow-methods
GET
content-type
text/plain
access-control-allow-origin
https://exe.app
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mnF5v89zMlAHKgLzBPrgPeE4h%2FwvqmnSyvi1Kz6UUlDlbVZEUHeq4aJuJr6fiezDPD6xd%2BZLptePxaORpLq%2BuTGY3MRIJfD5Sq2iYRpxCeEf6J7nsYrULSpZv4k9x%2FVu"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
74986d2c687dd0d5-AMS
access-control-allow-headers
X-Requested-With, content-type
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
utx
xpectthatmy.shop/ 		0
483 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xpectthatmy.shop/utx?cb=fxGHYkLrFeHc&top=exe.app&tid=822524
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-17.fra60.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 12 Sep 2022 11:50:36 GMT
via
1.1 d81b69368e6f8be2907e338480e58682.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://exe.app
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id
p126iEVhCBE6xz12icBxCVd9fHELVNkmhse5cOnP82UuPO-3i6rgCg==
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://exe.app
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:50:24 GMT
x-content-type-options
nosniff
age
579612
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44856
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:20:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Sep 2023 18:50:24 GMT
memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
fonts.gstatic.com/s/opensans/v34/ 		17 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://exe.app
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:56:33 GMT
x-content-type-options
nosniff
age
579243
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17820
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:13:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Sep 2023 18:56:33 GMT
NxNnFDocOVYPP0EcYgsfJgJuIywKPWMXCjY9VjkrVUp1KigUXQUMPEJJBWgHAxdZPlA2DkMKDDYfBTcKMwF2
xpectthatmy.shop/cHg3Tm0RGlQjUhFFVWgYAhQKa182XQUICUNJRyZVFh5DLFkCS09gDhwXQioLAhdZOkMeHUNrXzY7VBgKQi1yLT4+SVB8CDEtTxsAQV0FCDxCF3MXAz4geiU4VUpxBTw2FFQNNAo2YyIaPktiBz1DLUcMARMLYwo/Rilveww9K1wZNyI5BgU/... Frame 5A4F 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xpectthatmy.shop/cHg3Tm0RGlQjUhFFVWgYAhQKa182XQUICUNJRyZVFh5DLFkCS09gDhwXQioLAhdZOkMeHUNrXzY7VBgKQi1yLT4+SVB8CDEtTxsAQV0FCDxCF3MXAz4geiU4VUpxBTw2FFQNNAo2YyIaPktiBz1DLUcMARMLYwo/Rilveww9K1wZNyI5BgU/OhR1fTQdPmMhISo/cggmNhMAKwolAmAnDgUwYz4LIBFbFiEmHEMFBUQRbzQaAj1/fig2Fn0oDDI2XipcGw5vNFkaMF53KxQgYQwjGzIGKjg2CHUgWEMucDpdFCBhDCFBQBJ8LxMtYXcvIjJeH18YN20gIykeZmM/FzJQCwInEmI5KzQIUwE5Pi1WIC8cHHIUXzIvbSc8Qh9SARRIPnkYHUEcYwRUMj92PCo0NmMqNSY6Z38gCjR1exU1Sn19KBo6ch4UHy1RHzwnHFwIGTc/dT4/NxNnFDocOVYPP0EcYgsfJgJuIywKPWMXCjY9VjkrVUp1KigUXQUMPEJJBWgHAxdZPlA2DkMKDDYfBTcKMwF2
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-17.fra60.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
5a2e76658896889dc5b94a1e236202f7aabfb04f8296a45c6197d1fa13ae4d82

Request headers

Referer
https://exe.app/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cache-control
no-store, no-cache, must-revalidate, no-transform
content-encoding
gzip
content-length
1240
content-type
text/html
date
Mon, 12 Sep 2022 11:50:36 GMT
p3p
CP="NID DSP ALL COR"
pragma
no-cache
server
openresty/1.17.8.2
via
1.1 d81b69368e6f8be2907e338480e58682.cloudfront.net (CloudFront)
x-amz-cf-id
pnDqs7RuJemwNuZpvcfA1OhBnQwZqMim3jidTy1vdL1AsNw8RryyWg==
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
asd100.bin
pogothere.xyz/ 		100 KB
100 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pogothere.xyz/asd100.bin
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.12 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
access-control-allow-methods
GET
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
686
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 12 Sep 2022 11:39:10 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2FeZvKtzmsQv8Aq4kmxAGDxart0mcMfh2XB91mXH9ohmq5IEU7bA59Z9Dbjvw56kEZAZ%2FGF3hrEbNckNh6NpSc%2B9%2Fn%2BeAY605Q3ke2fdpF%2Fpbcm645DDd4cp0xaqkSKb"}],"group":"cf-nel","max_age":604800}
content-type
binary/octet-stream
access-control-allow-origin
https://exe.app
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
74986d2c6881d0d5-AMS
access-control-allow-headers
X-Requested-With, content-type
/
pogothere.xyz/ 		27 B
370 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pogothere.xyz/
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.12 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94e810a24ddf7bcca6e65799554c6067a05361f452dbb1d25b7bb3a7fab1d2a3

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-allow-methods
GET
content-type
text/plain
access-control-allow-origin
https://exe.app
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kxdgLShuxYrR7CIp9J%2Bykj8T9oPSt6vilRSvLW3HF5JVb6hfA9%2BA3YbTD7RCsZLINZTibyf8kIxzvmEK93X%2FiTjj0acLfWyBZVVqgwUCoYACNR1iNz%2FrSdPJnVuvwWO8"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
74986d2c6884d0d5-AMS
access-control-allow-headers
X-Requested-With, content-type
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
utx
xpectthatmy.shop/ 		0
484 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xpectthatmy.shop/utx?cb=9NYjn85IyxD2&top=exe.app&tid=889494
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-17.fra60.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 12 Sep 2022 11:50:36 GMT
via
1.1 d81b69368e6f8be2907e338480e58682.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://exe.app
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id
b-XO3aexFUnPG5-k2r2-B87vFhZ8vOF_giMrOC1pfQz3T_F3RYR2Yg==
RWJSY3AkADEOTyRfMEUFNw5vRkIDR2AlFHZTIgtIIwQmAUQ3USpNEykNJwcWNw08F14rByZGQgNWADsqdTdjCB0CMD1SKi8nNCY3cAo0NkkEAz9SGg0jMVs+PzQeKjIyEDEgOQMjYBATAjcbLzkdOBExHhAWAhs6DzthWwADGj1TKgIvBiQaBwk2JTETLCgXRBQOG...
xpectthatmy.shop/ Frame 646A 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xpectthatmy.shop/RWJSY3AkADEOTyRfMEUFNw5vRkIDR2AlFHZTIgtIIwQmAUQ3USpNEykNJwcWNw08F14rByZGQgNWADsqdTdjCB0CMD1SKi8nNCY3cAo0NkkEAz9SGg0jMVs+PzQeKjIyEDEgOQMjYBATAjcbLzkdOBExHhAWAhs6DzthWwADGj1TKgIvBiQaBwk2JTETLCgXRBQOGw07Fg02MCMmGxkyNSEyKBADAiAiUjwGMB4kJDIIHiEfHC88G0MIJxRaERIgFzE4NhceIRcUMhFXQhBSCAk+PyQGMR0LDTY1GAAGPww4EFIICTwsFQsyHSFaNgkiFzsFCEkUJ38hRiMqNiQ2Fi8iKCIIJhwJAzAqJSFCJBUcJyJ3MGEHGwcwCzQcMSoAFB4LIT43Ii0gagdAHDsdCTkiN2I5GhULEzU4PxolOjUXJx8nNXYlAAhCIyoxFCISLCECQB8DCA4YfTNjExkkOjY3IigvIykyBDQbNzIiMBYpHSQMGDoidzR3UTYIJyYlVi8RPQ0AeDYdEUUREwJRKSpUChtDcVA
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-17.fra60.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
caaa7752b431f11810fd33c03585f6c159184cb6861dda205bc8a5ebc9414f88

Request headers

Referer
https://exe.app/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cache-control
no-store, no-cache, must-revalidate, no-transform
content-encoding
gzip
content-length
1248
content-type
text/html
date
Mon, 12 Sep 2022 11:50:36 GMT
p3p
CP="NID DSP ALL COR"
pragma
no-cache
server
openresty/1.17.8.2
via
1.1 d81b69368e6f8be2907e338480e58682.cloudfront.net (CloudFront)
x-amz-cf-id
kNQzj6QmbYFGBbTAVxHB1NFOf3LOF_U7GPVJyoc-19RBNYO4pGmH2w==
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
FDIQCSIDPTFXJzUIOAFwEgQlRhkBJhQHBnc0Bjk7
xpectthatmy.shop/Z1ZxTUYGNBIgeQZrE2szFTpMaHQhc0MLIlRnASV+ATAFL3IVZQljJQs5BCkgFTkfOWgJMwVodCEvJ38PHzQLJnYjAEkHBA4bPRsQLhQofAMjASAlPiQTOAwQHjIXFxcfHSgJHFUaHz4uLAcwdSc1biQLPhMSPHx+JQUnGHQjECseDh0fPBgq... Frame D573 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xpectthatmy.shop/Z1ZxTUYGNBIgeQZrE2szFTpMaHQhc0MLIlRnASV+ATAFL3IVZQljJQs5BCkgFTkfOWgJMwVodCEvJ38PHzQLJnYjAEkHBA4bPRsQLhQofAMjASAlPiQTOAwQHjIXFxcfHSgJHFUaHz4uLAcwdSc1biQLPhMSPHx+JQUnGHQjECseDh0fPBgqLh8SHAgxEiAfLDUTIAIEIzk/HjE9AD46CzIOKXQvMxc3BgVVMjofIT0OPDp3IB4zNSoyOkkvDiAAIgwAXw4rfSUkGiM1KjI9KAoQVRAmCwAfYRIhByUQBnQsNC4jKQUzDyIcFyk1OAwiMxQ3DCw1IVwANiMRIxsOViEhLiomFCN8D0JkNwsqEBI5ChMPEDd9DCghBSwFDy4dGCo+HSYnMSkRNCIKPSE3Fw4xD0cPPjUyF38cNBQ0CAwCABIMEAAuRBgxITI5ChA0BxZ4ICk+MxQVACUjGzEtDzd/FDIQCSIDPTFXJzUIOAFwEgQlRhkBJhQHBnc0Bjk7
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-17.fra60.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
2374fedc54585b61bd25befaa7fc720e10193ef72730fec9f653370121cb49f6

Request headers

Referer
https://exe.app/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cache-control
no-store, no-cache, must-revalidate, no-transform
content-encoding
gzip
content-length
1226
content-type
text/html
date
Mon, 12 Sep 2022 11:50:36 GMT
p3p
CP="NID DSP ALL COR"
pragma
no-cache
server
openresty/1.17.8.2
via
1.1 d81b69368e6f8be2907e338480e58682.cloudfront.net (CloudFront)
x-amz-cf-id
MGOaP9gMclGzhrbFvzpP_4PuATEcBgxfYaxfP-A-ORqbKP6olDiiYA==
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
cjg0NXRdB1dGSRNucmQgGGpWVCMwC3BjQR1ZfAU2Km9YRRIFYRJBHRYFDAdGRwoAEwQbXAkEUgFMVUEBAQUFEx0cXlsIUgQFBRtHRhYGDVpDHkEIRVRMRFQTTwkSRQAGVAkEQkQKDQ1HRgsCBEBD
lcreatessque.xyz/ 		0
242 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lcreatessque.xyz/cjg0NXRdB1dGSRNucmQgGGpWVCMwC3BjQR1ZfAU2Km9YRRIFYRJBHRYFDAdGRwoAEwQbXAkEUgFMVUEBAQUFEx0cXlsIUgQFBRtHRhYGDVpDHkEIRVRMRFQTTwkSRQAGVAkEQkQKDQ1HRgsCBEBD
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.12 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YmnU8dxpIhe55y82VdkB7lYyqY4wpKm9rgWhgz62m3tvlOpLHMsuKfY19E6%2B2sckMKz3WiUHMAdhhu8nPAYBT7%2F4CSU7Wly3ZFQ5rWczT41aXvteft1ZggyRvkyObDk6UD1G"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
74986d2ce884b749-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
login.php
www.facebook.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
identifier
accounts.google.com/v3/signin/
Redirect Chain
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
  • https://accounts.google.com/v3/signin/identifier?dsh=S-452296419%3A1662983436345580&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignI...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.google.com/v3/signin/identifier?dsh=S-452296419%3A1662983436345580&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWr9jnVkrpRwnhkUH8LR8YHXUyX_GSIO9dR3HVtuAUK3-pJz4HbhdBV2nXtsFH-fVPHhahoTnQ
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H3
Server
2a00:1450:4001:802::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
395
x-xss-protection
1; mode=block
pragma
no-cache
server
GSE
date
Mon, 12 Sep 2022 11:50:36 GMT
x-frame-options
DENY
report-to
{"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type
text/html; charset=UTF-8
location
https://accounts.google.com/v3/signin/identifier?dsh=S-452296419%3A1662983436345580&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWr9jnVkrpRwnhkUH8LR8YHXUyX_GSIO9dR3HVtuAUK3-pJz4HbhdBV2nXtsFH-fVPHhahoTnQ
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
require-trusted-types-for 'script';report-uri /cspreport, script-src 'report-sample' 'nonce-RKNifeF6hDyLiSiGoPK5RA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only
same-origin; report-to="coop_gse_qebhlk"
expires
Mon, 01 Jan 1990 00:00:00 GMT
identifier
accounts.google.com/v3/signin/
Redirect Chain
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
  • https://accounts.google.com/v3/signin/identifier?dsh=S-535867001%3A1662983436344385&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebS...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.google.com/v3/signin/identifier?dsh=S-535867001%3A1662983436344385&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqdIRIjhYNuc9_O7YTyLW4eHdejWCx0UE0FrfPW4ExuEeziWJ0nYwSmhf-8Dg95soWtd1q3BQ
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H3
Server
2a00:1450:4001:802::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
395
x-xss-protection
1; mode=block
pragma
no-cache
server
GSE
date
Mon, 12 Sep 2022 11:50:36 GMT
x-frame-options
DENY
report-to
{"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type
text/html; charset=UTF-8
location
https://accounts.google.com/v3/signin/identifier?dsh=S-535867001%3A1662983436344385&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqdIRIjhYNuc9_O7YTyLW4eHdejWCx0UE0FrfPW4ExuEeziWJ0nYwSmhf-8Dg95soWtd1q3BQ
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
script-src 'report-sample' 'nonce-Np_8yx6k6zZgea0vx17ysA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only
same-origin; report-to="coop_gse_qebhlk"
expires
Mon, 01 Jan 1990 00:00:00 GMT
Rzh4bE1oBxsfcBJVMloAEH4UOSYOcC1eDyZpHz4UHgkMKA8RfV4YJCMFQFR0cwFMSj0uXEVdazRMGRg4NAVJSiQpXhdRazEFSUJ+cxZKVGN2Hg1RfGFMCA0qegleHDkzVEVde3EKQVR+cwtOXXR1
lcreatessque.xyz/ 		0
244 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lcreatessque.xyz/Rzh4bE1oBxsfcBJVMloAEH4UOSYOcC1eDyZpHz4UHgkMKA8RfV4YJCMFQFR0cwFMSj0uXEVdazRMGRg4NAVJSiQpXhdRazEFSUJ+cxZKVGN2Hg1RfGFMCA0qegleHDkzVEVde3EKQVR+cwtOXXR1
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.12 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zf76c6fbnA3vFhYRzIL75Ii9%2F5oxLL94z0Btnv5A0dXMAbKHACVmwv7bqZfppVnYBw36oda%2BPZPhkyiv3ePQZnw8ntBiEk%2FY6dHUO0xL4ZdoK50wB98G5S4w9usvAylA9GPX"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
74986d2ce887b749-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
KUlidyM0EjxsbCxJYn96dEV9YmwvSWJ3PioVNGx7fAQnJSZnRWVneGNMYGV5bEZiYw
lcreatessque.xyz/U1FKWnR8bikpSQdhDBciBiVzPyxmPCw0ECk1DRxMNT8Af0YRMwJqUic4LmdMZ2J4bEV1ISM+SWJpbCkAMiU/ 		0
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lcreatessque.xyz/U1FKWnR8bikpSQdhDBciBiVzPyxmPCw0ECk1DRxMNT8Af0YRMwJqUic4LmdMZ2J4bEV1ISM+SWJpbCkAMiU/KUlidyM0EjxsbCxJYn96dEV9YmwvSWJ3PioVNGx7fAQnJSZnRWVneGNMYGV5bEZiYw
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.12 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cUtz5zpGOGqFymWqT10tJ18zTG%2FprPnadnCO92%2FuwqqWD0Ljg6W33x%2FUdouxORYg%2Fzkif1cPqkE2Ty63rov%2B%2BFA3F2YlIWotZA7sQcy2NW4lvxyhWUSBjLuC0jVfeCD0faQ1"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
74986d2ce889b749-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
3230648
in-page-push.com/400/ 		0
357 B 		Script
General
Check archive.org
Download Go to
Full URL
https://in-page-push.com/400/3230648
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.15 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-trace-id
cf6529a9d1fdacb9fb82b751da2e8926
pragma
no-cache
date
Mon, 12 Sep 2022 11:50:36 GMT
x-content-type-options
nosniff
server
nginx
vary
Origin
access-control-allow-origin
*
access-control-expose-headers
Link
cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials
true
strict-transport-security
max-age=1
timing-allow-origin
*, *
expires
Tue, 11 Jan 1994 10:00:00 GMT
js
www.googletagmanager.com/gtag/ 		89 KB
35 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8534a728ae02d31e003c8be0abb3d4e3c4cfcbd2e6599dc86526dfdf3abd5615
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
content-encoding
br
vary
Origin, Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35698
x-xss-protection
0
last-modified
Mon, 12 Sep 2022 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://exe.app
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 12 Sep 2022 11:50:36 GMT
fuckadblock.min.js
cdnjs.cloudflare.com/ajax/libs/fuckadblock/3.2.1/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/fuckadblock/3.2.1/fuckadblock.min.js
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c63c0a518fcd8243e365904eb4ec5162d2b6d066aa4f05027fb598089d73ebdc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://exe.app/
Origin
https://exe.app
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
8219343
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1309
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:19 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e6b-1285"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5NVqPhELWF2t7y5LgI7DakP8%2FUE3g6Khiltiibo2wzE0%2F%2BW8VIYROxM%2BznofNm%2B0U2tTFqa0r%2Fk%2FxMny82Wqp2XPcgaTu%2FDnL0cv53HIXouz9GhH9yStEW1P3TGG1YdOCG1izvMLQJ%2Fc%2BO9Kl5tEzTJh"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
74986d2d2db3b8fc-AMS
expires
Sat, 02 Sep 2023 11:50:36 GMT
invisible.js
exe.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 27D8 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://exe.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1662969600
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a38289095195cfdbeaea43a573b80c077992ca9d1dcbab297ce7bc890e93ef9

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aAyK0DJWe6uNsn5wYvNAzScHhk4PO5CaTYW%2FBLH%2BeLi8qdusdJNOyDAxhOTodPHEio08svPEzC8m7j1dCPizOsT1h4vClL8U34W0%2F8umsZ%2B07rlSncEOkTuh%2Btr3Jrp4Ruzkif8Q"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
74986d2cdf46b7eb-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-135952122-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
2078
date
Mon, 12 Sep 2022 11:15:58 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Mon, 12 Sep 2022 13:15:58 GMT
pica.js
exe.app/cdn-cgi/challenge-platform/h/g/scripts/ Frame 27D8 		25 KB
9 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://exe.app/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
537d231b7d30ba56fd9baa719d42854e6dcc78c72a1db8b40160b545895778cd

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=psuj8X6l6c13ZF3Fq3ruW4qxcJ033X3QiDF0246ia3r%2BpRDYMd4l2wStuQMCypqitg0WZ9PHYkbOzlEtQUsQpyuEHs4qvJw7%2F%2Fhjvph0EY5tGN4MVn53sFzY4QyqgOg9XkqQMkTN"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
74986d2d4fecb7eb-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
FlwDHGUhFF0JOwtaChxlUlYKWjwNGEoLZwFZHVY6BxRdf2ZSBEEJeVcAVgx5UwFdHGVSQg5fNhBYSgsRVwJYF2RUFxoEZg
d31ph8fftb4r3x.cloudfront.net/yV2Ixbzk0DV8JBiMLVVIBY1EDWQhxCEIAVydfZQxKYDZ2LnshKQA8aR8UFxtDM18BSVU2DFZSHzIMUlIIcQNVDQRjREQOBDoNSwZVOwMUXX9iTAFKC2dKRgZXMw1GHBxlUl8bHGVSAF8XZ0cCLRxlUkYGV2FWFFx7clABFw... Frame D573 		195 B
468 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d31ph8fftb4r3x.cloudfront.net/yV2Ixbzk0DV8JBiMLVVIBY1EDWQhxCEIAVydfZQxKYDZ2LnshKQA8aR8UFxtDM18BSVU2DFZSHzIMUlIIcQNVDQRjREQOBDoNSwZVOwMUXX9iTAFKC2dKRgZXMw1GHBxlUl8bHGVSAF8XZ0cCLRxlUkYGV2FWFFx7clABFw9jSxRdCTYSQQNcIAdTBFAjRw-MpDGRVH1wPclABR1I/FlwDHGUhFF0JOwtaChxlUlYKWjwNGEoLZwFZHVY6BxRdf2ZSBEEJeVcAVgx5UwFdHGVSQg5fNhBYSgsRVwJYF2RUFxoEZg
Requested by
Host: xpectthatmy.shop
URL: https://xpectthatmy.shop/Z1ZxTUYGNBIgeQZrE2szFTpMaHQhc0MLIlRnASV+ATAFL3IVZQljJQs5BCkgFTkfOWgJMwVodCEvJ38PHzQLJnYjAEkHBA4bPRsQLhQofAMjASAlPiQTOAwQHjIXFxcfHSgJHFUaHz4uLAcwdSc1biQLPhMSPHx+JQUnGHQjECseDh0fPBgqLh8SHAgxEiAfLDUTIAIEIzk/HjE9AD46CzIOKXQvMxc3BgVVMjofIT0OPDp3IB4zNSoyOkkvDiAAIgwAXw4rfSUkGiM1KjI9KAoQVRAmCwAfYRIhByUQBnQsNC4jKQUzDyIcFyk1OAwiMxQ3DCw1IVwANiMRIxsOViEhLiomFCN8D0JkNwsqEBI5ChMPEDd9DCghBSwFDy4dGCo+HSYnMSkRNCIKPSE3Fw4xD0cPPjUyF38cNBQ0CAwCABIMEAAuRBgxITI5ChA0BxZ4ICk+MxQVACUjGzEtDzd/FDIQCSIDPTFXJzUIOAFwEgQlRhkBJhQHBnc0Bjk7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:6e00:10:564:4f40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
eca56209bd005aa73e03b3a3c2db68a3a13c68dcdd2edf16bdb4aec1db3da492

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xpectthatmy.shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
content-encoding
gzip
x-amz-cf-pop
FRA56-P5
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
max-age=31556926
content-length
189
via
1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-id
QoFXF28FzuJK0vLXLPJxXXCNY-5JiZsOFfWuaUQw05PCYk5BmBzSbQ==
KQFlcCYzNTlwN3UIP3UpBlcsTDR6QX5aMSkWZRA1KRJlB3YmFToLZGEFKFk7egUzWicuHTpfPilXLVdtKh4iXzwrEH0EFnJfaBNid1kvXz4jHi9FdXVBNkJ1dUFpBn53VGt0dXVBL18+cUV9BRJiQ2hOZnNYfQ-RgJgEoWjUwFDpdOTNUanBldEZ2BWZiQ2geOy8F...
d31ph8fftb4r3x.cloudfront.net/CcVg2UEcSN1g2eAUxUm1/Q2oDYnNXMkU/ Frame 5A4F 		705 B
805 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d31ph8fftb4r3x.cloudfront.net/CcVg2UEcSN1g2eAUxUm1/Q2oDYnNXMkU/KQFlcCYzNTlwN3UIP3UpBlcsTDR6QX5aMSkWZRA1KRJlB3YmFToLZGEFKFk7egUzWicuHTpfPilXLVdtKh4iXzwrEH0EFnJfaBNid1kvXz4jHi9FdXVBNkJ1dUFpBn53VGt0dXVBL18+cUV9BRJiQ2hOZnNYfQ-RgJgEoWjUwFDpdOTNUanBldEZ2BWZiQ2geOy8FNVp1dTJ9BGArGDNTdXVBP1MzLB5xE2J3EjBEPyoUfQQWdkFtGGBpRGkPZWlAaAR1dUErVzYmAzETYgFEawF+dEd+Q212
Requested by
Host: xpectthatmy.shop
URL: https://xpectthatmy.shop/cHg3Tm0RGlQjUhFFVWgYAhQKa182XQUICUNJRyZVFh5DLFkCS09gDhwXQioLAhdZOkMeHUNrXzY7VBgKQi1yLT4+SVB8CDEtTxsAQV0FCDxCF3MXAz4geiU4VUpxBTw2FFQNNAo2YyIaPktiBz1DLUcMARMLYwo/Rilveww9K1wZNyI5BgU/OhR1fTQdPmMhISo/cggmNhMAKwolAmAnDgUwYz4LIBFbFiEmHEMFBUQRbzQaAj1/fig2Fn0oDDI2XipcGw5vNFkaMF53KxQgYQwjGzIGKjg2CHUgWEMucDpdFCBhDCFBQBJ8LxMtYXcvIjJeH18YN20gIykeZmM/FzJQCwInEmI5KzQIUwE5Pi1WIC8cHHIUXzIvbSc8Qh9SARRIPnkYHUEcYwRUMj92PCo0NmMqNSY6Z38gCjR1exU1Sn19KBo6ch4UHy1RHzwnHFwIGTc/dT4/NxNnFDocOVYPP0EcYgsfJgJuIywKPWMXCjY9VjkrVUp1KigUXQUMPEJJBWgHAxdZPlA2DkMKDDYfBTcKMwF2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:6e00:10:564:4f40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
ee352d1b32e7110b62a134811396781133d41681bd7d791af1094a0dcb35a1d1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xpectthatmy.shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
content-encoding
gzip
x-amz-cf-pop
FRA56-P5
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
max-age=31556926
content-length
528
via
1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-id
3s4oEkS_vV2GqjOiOQEc6EVtucXAjEbFMIPjMa_t32KmF-z-dt1XFg==
MEtF
d31ph8fftb4r3x.cloudfront.net/4RXZ0U1kmGRo1ZjEfEG5hfU9Aam1jHAc8NzVLIBwrcCIFA2scGUILIXZCRnUtPxJJY38pFxo0ZGMTGjBkdFAVNzt4QlInKSodSScyKQEdPzssGBp1LCRLGTwjLBoYMnx3MEF9aWBERHsuLBgQPC42U0ZjNzFTRmNodVhEdm... Frame 646A 		884 B
903 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d31ph8fftb4r3x.cloudfront.net/4RXZ0U1kmGRo1ZjEfEG5hfU9Aam1jHAc8NzVLIBwrcCIFA2scGUILIXZCRnUtPxJJY38pFxo0ZGMTGjBkdFAVNzt4QlInKSodSScyKQEdPzssGBp1LCRLGTwjLBoYMnx3MEF9aWBERHsuLBgQPC42U0ZjNzFTRmNodVhEdmoHU0ZjLiwYQmd8djRRYWk9QE-B6fHdGFSMpKRMDNjsuHwB2awNDR2R3dkBRYWltHRwnNClTRhB8d0YYOjIgU0ZjPiAVHzxwYEREMDE3GRk2fHcwRWNsa0ZaZmh8Q1piaXdTRmMqJBAVITBgRDJmanJYR2V/MEtF
Requested by
Host: xpectthatmy.shop
URL: https://xpectthatmy.shop/RWJSY3AkADEOTyRfMEUFNw5vRkIDR2AlFHZTIgtIIwQmAUQ3USpNEykNJwcWNw08F14rByZGQgNWADsqdTdjCB0CMD1SKi8nNCY3cAo0NkkEAz9SGg0jMVs+PzQeKjIyEDEgOQMjYBATAjcbLzkdOBExHhAWAhs6DzthWwADGj1TKgIvBiQaBwk2JTETLCgXRBQOGw07Fg02MCMmGxkyNSEyKBADAiAiUjwGMB4kJDIIHiEfHC88G0MIJxRaERIgFzE4NhceIRcUMhFXQhBSCAk+PyQGMR0LDTY1GAAGPww4EFIICTwsFQsyHSFaNgkiFzsFCEkUJ38hRiMqNiQ2Fi8iKCIIJhwJAzAqJSFCJBUcJyJ3MGEHGwcwCzQcMSoAFB4LIT43Ii0gagdAHDsdCTkiN2I5GhULEzU4PxolOjUXJx8nNXYlAAhCIyoxFCISLCECQB8DCA4YfTNjExkkOjY3IigvIykyBDQbNzIiMBYpHSQMGDoidzR3UTYIJyYlVi8RPQ0AeDYdEUUREwJRKSpUChtDcVA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:6e00:10:564:4f40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
5403908ac4ca59ae7bb7c8ab76e4a22997e96d4e3bafd28ffb924794b1b159fd

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://xpectthatmy.shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
content-encoding
gzip
x-amz-cf-pop
FRA56-P5
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
max-age=31556926
content-length
626
via
1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-id
ieQ-Z9w33pKfzLaZaJojfKMz9yzfGt6i9bQceDcKmLZjv1jNn790oQ==
bootstrap.css
psoageeb.com/ 		0
0
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1833074194&t=pageview&_s=1&dl=https%3A%2F%2Fexe.app%2Fe0pQ1&ul=en-us&de=UTF-8&dt=exe.io&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=264374657&gjid=238196953&cid=1249337648.1662983436&tid=UA-135952122-1&_gid=779365938.1662983436&_r=1&gtm=2ou970&z=1761194578
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://exe.app/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 12 Sep 2022 11:50:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://exe.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
header.png
psoageeb.com/ 		0
275 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://psoageeb.com/header.png?aHR0cHM6Ly9pbi1wYWdlLXB1c2guY29tLzQwMC8zNDUwMjA1
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.154 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://exe.app/
Origin
https://exe.app
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-trace-id
00488d33ed2dd78509d9aca3b263009f
pragma
no-cache
date
Mon, 12 Sep 2022 11:50:36 GMT
x-content-type-options
nosniff
server
nginx
vary
Origin
access-control-allow-origin
https://exe.app
access-control-expose-headers
Link
access-control-allow-credentials
true
strict-transport-security
max-age=1
timing-allow-origin
*, *
74986d2a08acb78a
exe.app/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 27D8 		2 B
644 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://exe.app/cdn-cgi/challenge-platform/h/g/cv/result/74986d2a08acb78a
Requested by
Host: exe.app
URL: https://exe.app/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1662969600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FWIMeAQqBeSj0rL5S2gu8vwi05QHXHzcTjIFltoxCP6%2FeS%2F7wwdorDNnXqhY3jBoAZfBN5fAJzULPVeFkV4WCarr7r%2FawOmcodjfG8%2BUE2uzgVEZPLEOzM6pM1a9Tn6BJxk1%2BTku"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
74986d2f7c55b7eb-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
WHR5RFF3Sxo3bDojKwoLHxgYEhkOJy51aDsQLwIAADJIdAQeH18wODxJQXxobE1NYiExEER1dysAGDAkK0lKdGFpUhAqNzdJSXRhaVIPeWB2R01qY2BaSGIkZUZLdmduREh3ZGxCT3FmbkVfMCE5E0R1dygADShsaUJPdmhgR013Z29ESw
lcreatessque.xyz/ 		0
392 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lcreatessque.xyz/WHR5RFF3Sxo3bDojKwoLHxgYEhkOJy51aDsQLwIAADJIdAQeH18wODxJQXxobE1NYiExEER1dysAGDAkK0lKdGFpUhAqNzdJSXRhaVIPeWB2R01qY2BaSGIkZUZLdmduREh3ZGxCT3FmbkVfMCE5E0R1dygADShsaUJPdmhgR013Z29ESw
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.12 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 12 Sep 2022 11:50:36 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vkFerSbGUoW0pKFBcjWR6YksGVmggN63o9D8xVAimd5YoNuO12r43hAk4zv%2FxoLuO9Jw3HgxeqimF%2FqDHdQA%2BA0qrJXRSk3H3luA2YoZP8izgWCkNVHmaCwYET3ghI3vnYuv"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
74986d2faa41b93f-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
config.json
psoageeb.com/ 		0
311 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://psoageeb.com/config.json
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.154 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://exe.app/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Token
aHR0cHM6Ly9pbi1wYWdlLXB1c2guY29tLzQwMC8zNDUwMjA1

Response headers

x-trace-id
0dfb5e0f0319f61e147a7ff7f35e30a1
pragma
no-cache
date
Mon, 12 Sep 2022 11:50:36 GMT
x-content-type-options
nosniff
server
nginx
vary
Origin
access-control-allow-origin
https://exe.app
access-control-expose-headers
Link
access-control-allow-credentials
true
strict-transport-security
max-age=1
timing-allow-origin
*, *
access-control-allow-headers
Token,Content-Type
config.json
psoageeb.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://psoageeb.com/config.json
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.154 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
token
Access-Control-Request-Method
GET
Origin
https://exe.app
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Token,Content-Type,X-Log-Type
access-control-allow-origin
https://exe.app
content-length
0
date
Mon, 12 Sep 2022 11:50:36 GMT
server
nginx
popunder.gif
lcreatessque.xyz/ 		35 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lcreatessque.xyz/popunder.gif
Requested by
Host: exe.app
URL: https://exe.app/e0pQ1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.12 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://exe.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
public
date
Mon, 12 Sep 2022 11:50:36 GMT
cf-cache-status
HIT
last-modified
Sat, 10 Sep 2022 11:35:16 GMT
server
cloudflare
age
173720
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hmDDsTwAwV%2BvmsUMliCEvL4Hs8E1QJ3yAIJop14zMUmmrwSIBJs7lJ2x9l6z%2BIHpVYvyqJW21nPdBAt7d7M5UNXxdFO4DxXqdozuO8kBglFbeudct2HszEotkf1TLO05Bzq%2B"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
74986d304b55b93f-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
psoageeb.com
URL
https://psoageeb.com/bootstrap.css?aHR0cHM6Ly9pbi1wYWdlLXB1c2guY29tLzQwMC8zNDUwMjA1

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| Z044 number| LAST_CORRECT_EVENT_TIME object| utr_822524 number| userTrackingInterval number| _1925719467 object| utr_889494 number| _223283703 string| k object| _gbk5480q7k object| do9ytqx85tk object| zfgformats function| setImmediate function| clearImmediate function| _zmtfzv function| _yeilc function| gtag object| dataLayer function| disableItToContinue object| importFAB object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| FuckAdBlock object| fuckAdBlock function| zfgproxyhttp object| gaplugins object| gaGlobal object| gaData number| iinf function| _raa3di0e65n

10 Cookies

Domain/Path Name / Value
exe.app/ Name: AppSession
Value: 4bd9526f2e2928c642e7a12f73dbdcba
exe.app/ Name: csrfToken
Value: 54d3d62b4a45bebc03a45bce3b9ea6db8274cf710b11bca36497e5299fce427b09701aab0369f91a23f1b420a17025b36a1e39304c0f4f768b4848b1ef3dd248
nh.eugeniecor.com/ Name: GL_UI4
Value: eJw9jUtugzAYhAHzaJSCOhIHyBEwAaIuqx6iS2TsH0IDdmTcoN6%2BVqV2NZ%2FmoQmCICoLhI%2BUgX2JFqe2k3Ujh7ZueH0R1dhwfu4kp1aeXzt%2BGXGYt96JYSEX43kiTXaWvTSKcrz46M%2B5abPrGMlghVY5ktU3lhzZYM2%2BkS0ZYi1WQvp%2BtcZrsopPY8F41XqeteewQmS2khUHZB%2BzVn5YHBHxqsjTAMf7Itxo7NrPKg2RTFYoQviGJykcTcZ%2BI1O03Zy5A2ZR%2FX%2F%2F95ftvEKq6DFLf27clewPDwtKKQ%3D%3D
nh.eugeniecor.com/ Name: GL_GI10
Value: eJxNjMFKw0AURdOJDobUyAU%2FoD%2FQ0Br7A%2Bqii5KFggs3Q0he24Fm3jDzKsavN21BXd3LuZybJIm6L6CsR1Ety4fFY7lcVWOukO6IoeoNpi0fnYTBuKYn5DXJnsKhcV2EDrSz7KA%2B1sgv3bTcEa7rzfwfO5u3b3yU%2FWzNh5OMq9bKgOyVRSh0TY%2FsBC76dNT%2FhtRGj9xWL6UjmT2V78jGYqIn6pA9c%2FAcGiEUv%2FT8olPc2Gh84K9BT3AntqdvdmR4u40kWmHyqdUPWiJNjg%3D%3D
.exe.app/ Name: _ga
Value: GA1.2.1249337648.1662983436
.exe.app/ Name: _gid
Value: GA1.2.779365938.1662983436
.exe.app/ Name: _gat_gtag_UA_135952122_1
Value: 1
pogothere.xyz/ Name: csu
Value: 2226601354665761@1@1662983436
.google.com/ Name: NID
Value: 511=NaZHxa0NKxise6WRwYo3kUeE_JW859w1XnQTiekv8IwWzzi8gy4RUyMUtmj9Gudr1A1Tmb69ce0__Na5fpV67oct5mTrLwJOWY-KCDRsgoCTy7S2CYAvrAavoplPtW7k8SmMPBB6-KjK1dZ6VBQcOqhJ40arD3vYzp6vTaX9U78
.exe.app/ Name: __cf_bm
Value: Z1wU4fKPoB3FeQlDcKqU3zN6r4laouQPrgOTKeKhr0s-1662983436-0-AcGGDQBARbRwTSFbqn6Y8/WBg5tIECRvDKXPZbvr+wNZWQ2D1co6VFgH1/iJDW9piIH7stlky4JSVZNS63fDFMh9SH9XcfGMNGbfIIL19ZFwzOkl4zbunt7PBrw01OMROQ==

4 Console Messages

Source Level URL
Text
security error URL: https://exe.app/e0pQ1
Message:
Refused to execute script from 'https://in-page-push.com/400/3230648' because its MIME type ('') is not executable, and strict MIME type checking is enabled.
security error URL: https://exe.app/e0pQ1
Message:
Refused to apply style from 'https://psoageeb.com/bootstrap.css?aHR0cHM6Ly9pbi1wYWdlLXB1c2guY29tLzQwMC8zNDUwMjA1' because its MIME type ('') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network error URL: https://accounts.google.com/v3/signin/identifier?dsh=S-535867001%3A1662983436344385&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqdIRIjhYNuc9_O7YTyLW4eHdejWCx0UE0FrfPW4ExuEeziWJ0nYwSmhf-8Dg95soWtd1q3BQ
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://accounts.google.com/v3/signin/identifier?dsh=S-452296419%3A1662983436345580&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWr9jnVkrpRwnhkUH8LR8YHXUyX_GSIO9dR3HVtuAUK3-pJz4HbhdBV2nXtsFH-fVPHhahoTnQ
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
cdnjs.cloudflare.com
d31ph8fftb4r3x.cloudfront.net
exe.app
fonts.googleapis.com
fonts.gstatic.com
in-page-push.com
lcreatessque.xyz
nh.eugeniecor.com
pogothere.xyz
psoageeb.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
xpectthatmy.shop
psoageeb.com
139.45.197.15
139.45.197.154
18.66.147.17
188.114.96.12
23.109.82.147
2600:9000:223f:6e00:10:564:4f40:21
2606:4700::6811:190e
2a00:1450:4001:802::200d
2a00:1450:4001:808::2003
2a00:1450:4001:809::2008
2a00:1450:4001:828::200a
2a00:1450:4001:829::200e
2a03:2880:f12d:83:face:b00c:0:25de
2a06:98c1:3120::3
0cdd1e70f45d789db5a97fa755efbc4d531dea09df58c9bbe40b5323d21d41a3
2374fedc54585b61bd25befaa7fc720e10193ef72730fec9f653370121cb49f6
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
32af21db8cb1188960f778468562075ec64e9cb7d4f1e2f2f4058e76fee453d6
537d231b7d30ba56fd9baa719d42854e6dcc78c72a1db8b40160b545895778cd
5403908ac4ca59ae7bb7c8ab76e4a22997e96d4e3bafd28ffb924794b1b159fd
5a2e76658896889dc5b94a1e236202f7aabfb04f8296a45c6197d1fa13ae4d82
6418c5ec9560cbb9876e575bc3d8f215fb31b05ab4f52290e9c2bf8206297547
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8534a728ae02d31e003c8be0abb3d4e3c4cfcbd2e6599dc86526dfdf3abd5615
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
94e810a24ddf7bcca6e65799554c6067a05361f452dbb1d25b7bb3a7fab1d2a3
97d876b0796d55e1a4d9dec67f958fd62674617e5417b92e4584c0397974e9d9
9a38289095195cfdbeaea43a573b80c077992ca9d1dcbab297ce7bc890e93ef9
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
c63c0a518fcd8243e365904eb4ec5162d2b6d066aa4f05027fb598089d73ebdc
caaa7752b431f11810fd33c03585f6c159184cb6861dda205bc8a5ebc9414f88
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8f2d5487d860696dee2e6037ae07ff063ae5959b8d4b4658a284f9dc9711ca1
eca56209bd005aa73e03b3a3c2db68a3a13c68dcdd2edf16bdb4aec1db3da492
ee352d1b32e7110b62a134811396781133d41681bd7d791af1094a0dcb35a1d1
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16