Report - exe.io/EJYyq

Report Overview

Submitted URL
exe.io/EJYyq
IP
172.67.71.40
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-11 05:00:31
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	48 kB	142.250.74.3
pogothere.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	107 kB	188.114.97.1
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.213.92.18
d31ph8fftb4r3x.cloudfront.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	2.5 kB	54.230.245.208
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	423 B	6.0 kB	157.240.200.35
tzegilo.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	337 B	827 B	104.21.22.169
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	7.1 kB	95.101.11.115
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
lcreatessque.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	2.3 kB	104.21.81.70
accounts.google.com	81	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	460 B	1.9 kB	216.58.207.237
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	396 B	746 B	142.250.74.10
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	3.6 kB	23.33.119.27
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	356 B	1.5 kB	139.45.195.8
fleraprt.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	460 B	475 B	139.45.195.254
nh.eugeniecor.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	344 B	1.1 kB	23.109.82.147
pectthatmye.shop	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	4.2 kB	65.9.44.24
in-page-push.com	67877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.8 kB	102 kB	139.45.197.15
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	733 B	79 kB	142.250.74.72
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	352 B	21 kB	142.250.74.174
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	67 kB	34.120.237.76
exe.app	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	430 B	1.1 kB	172.67.136.149
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	986 B	65 kB	142.250.74.163
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	404 B	2.5 kB	104.17.24.14
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.8 kB	93.184.220.29
exe.io	154401	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	760 B	1.6 kB	172.67.71.40
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.27
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	964 B	104.18.32.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-10	medium	fleraprt.com	Sinkholed

Files detected

URL
my.rtmark.net/gid.js
IP
139.45.195.8
ASN
#9002 RETN Limited

File type
gzip compressed data, max compression\012- data
Size
872 B (872 bytes)
Hash
cba7163d60e8e457c8f761a1e769dc3b
1518d591704eb51347fa6550b296b64edbaffe2a
d4cb770f2cb7d2347180677b643cdee5e183b41f7af7412abaedab2e8d7f3641

Detections

Analyzer	Verdict	Alert
VirusTotal	0/0

JavaScript (19)

	URL	Size	First Seen	Last Seen
	exe.app/EJYyq	60 kB	2023-03-07	2023-03-17
Pretty URL exe.app/EJYyq IP 172.67.136.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:31 Last Seen2023-03-17 12:44:18 Times Seen1 Hash 7834d3b4314a06038cacce16b160f971 82c4c57827e020f42de91a4d7f007ac5be0c3ef4 d2e1df8669adb7c7a587baa69e7ac165ba92952e6b7c4f53eddbfd4dab182ee5 Loading...

	in-page-push.com/400/3230648	85 kB	2023-03-07	2023-03-07
Pretty URL in-page-push.com/400/3230648 IP 139.45.197.15 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:37:10 Last Seen2023-03-07 14:37:10 Times Seen1 Hash 8523c20fd3c5621bdd383fab33662ac8 9eba0be3a232525aec6d52d5854992c10c8d7490 3fd0f092a7890eb3d436c5d248dbb00d04f69a7b25589581f08deced16b4b153 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-04-13
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-13 18:55:10 Times Seen838 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	d31ph8fftb4r3x.cloudfront.net/1aWlVaGgKBjsOVx0AMVVQXVpnXllPAyYHBhlUGyICGiAQKRlbWWMnJjoncxwSDVRlTgQIBzJVTgwHNlVZTwgxClVdTyAJVQQGLwEEBQhwWi5cR2VNWllBLVlZTFoXTVpZBTwGHRFMZ1gQUV8KXlxMWhdNWlkbI01bKFBjRlhATGdYDwwKPgdNWy9nWFlZWW-RYWUxbZQ4BGwwzBxBMWxNRXkdZcx1VWA	195 B	2023-03-07	2023-03-07
Pretty URL d31ph8fftb4r3x.cloudfront.net/1aWlVaGgKBjsOVx0AMVVQXVpnXllPAyYHBhlUGyICGiAQKRlbWWMnJjoncxwSDVRlTgQIBzJVTgwHNlVZTwgxClVdTyAJVQQGLwEEBQhwWi5cR2VNWllBLVlZTFoXTVpZBTwGHRFMZ1gQUV8KXlxMWhdNWlkbI01bKFBjRlhATGdYDwwKPgdNWy9nWFlZWW-RYWUxbZQ4BGwwzBxBMWxNRXkdZcx1VWA IP 54.230.245.208 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:37:10 Last Seen2023-03-07 14:37:10 Times Seen1 Hash edd5f9fba136d8b7b6e065da89731e53 208c86d02f8d6ad16701080c8279477675e3671e 96b60019ee1aa6a9e55d13c1be57ee510a0edd17ae40f1b821a6e240b176d008 Loading...

	d31ph8fftb4r3x.cloudfront.net/FdHVmQUkXGggndgAcAnxxRkdTc31SHxUuJwRICzsnAC1WNz5CMzAUMVIBHCV0RFMKICcTSEAkJxdIV2coEBdbdW8ABQkqdAYFEic7FxcPJy1SAAd8JBsPDy0lFVBUB3xaRUNzeVwNV3BsRzdDc3kYHAg0MVFHVjlxQipQdWxHN0NzeQYDQ3IITUNIcWBRR1-YmLBceCWR7MkdWcHlERFZwbEZFACg7ERMJOWxGM193Z0RTE3x4	709 B	2023-03-07	2023-03-07
Pretty URL d31ph8fftb4r3x.cloudfront.net/FdHVmQUkXGggndgAcAnxxRkdTc31SHxUuJwRICzsnAC1WNz5CMzAUMVIBHCV0RFMKICcTSEAkJxdIV2coEBdbdW8ABQkqdAYFEic7FxcPJy1SAAd8JBsPDy0lFVBUB3xaRUNzeVwNV3BsRzdDc3kYHAg0MVFHVjlxQipQdWxHN0NzeQYDQ3IITUNIcWBRR1-YmLBceCWR7MkdWcHlERFZwbEZFACg7ERMJOWxGM193Z0RTE3x4 IP 54.230.245.208 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:37:10 Last Seen2023-03-07 14:37:10 Times Seen1 Hash 0e943038ed82c50c522886db7d8e7068 cbe3be5f289a2de816486a18fd6c0c0124f58ab1 d1f6a84dfeb47e797ec40a7cb8f2b730dd49f34b4afe34027c450e0a5ec75a50 Loading...

	exe.app/EJYyq	235 B	2023-03-07	2023-03-17
Pretty URL exe.app/EJYyq IP 172.67.136.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:31 Last Seen2023-03-17 12:44:18 Times Seen1 Hash f2ed08b999ffa072ef63bbb112b3fa11 ad5558d7bd88035c2f1edba6a7c27b3f70cc039b 72ed21129c7e1eb90285d7e83d272eaaa0a1153e60d506b882b41c8799c2a487 Loading...

	exe.app/EJYyq	1.4 kB	2023-03-07	2023-03-07
Pretty URL exe.app/EJYyq IP 172.67.136.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:37:10 Last Seen2023-03-07 14:37:10 Times Seen1 Hash 642f6ccb678ee5c2bad2a994c04cbb06 702a460e4d29285663e85c2a32061277a596adad a17717d5354dfb6849568b8390d52cec5a146839dfce7674ea6bf7c2966a6d4b Loading...

	cdnjs.cloudflare.com/ajax/libs/fuckadblock/3.2.1/fuckadblock.min.js	4.7 kB	2023-03-07	2024-03-21
Pretty URL cdnjs.cloudflare.com/ajax/libs/fuckadblock/3.2.1/fuckadblock.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:31 Last Seen2024-03-21 16:52:47 Times Seen148 Hash 89845c96bf17f40288b22f74883e9001 43c5cb10bc3ab8799f232b403be19eb11effd9f2 c63c0a518fcd8243e365904eb4ec5162d2b6d066aa4f05027fb598089d73ebdc Loading...

	pectthatmye.shop/cnA4eTYTElsUCRNNWl9DABwFXAQ0VQo/UkFBSBEOFBZMGwIAQ0BXVR4fTR1QAB9WDRgcFUxcBDQ2XDFgHyFtEm41F18XUhUxWzhYCghqElImEwtIZToIbQx8BSJxOkwBHnk6ByU+Qkx1Pwp5LHskOXoxdSRAaj97OTl7GmIhNXkSfAoUcS8EER99O1IQFG9BdzAhUwhSMyl+PF8RR34BVSI6QUhlMzFcQXwwA2g9T0Icfi90JzILAVcgJXYDUyQHdi8FMANqA1I2EwsSbzoxX0l7JDZwL1weCGkQRiMUbwF+PEB2A1MjKXwoBTs5bCx4OxNvO2QgQRUgWz4yWxx1JSIPNF0WJ1sxWjcifiNBEDViP3cxFw88ZD86dy5ONT0JQAUoQGotc0EIDF9cAR9WCQsfClYNbkIGT09wJCVA	2.9 kB	2023-03-07	2023-03-07
Pretty URL pectthatmye.shop/cnA4eTYTElsUCRNNWl9DABwFXAQ0VQo/UkFBSBEOFBZMGwIAQ0BXVR4fTR1QAB9WDRgcFUxcBDQ2XDFgHyFtEm41F18XUhUxWzhYCghqElImEwtIZToIbQx8BSJxOkwBHnk6ByU+Qkx1Pwp5LHskOXoxdSRAaj97OTl7GmIhNXkSfAoUcS8EER99O1IQFG9BdzAhUwhSMyl+PF8RR34BVSI6QUhlMzFcQXwwA2g9T0Icfi90JzILAVcgJXYDUyQHdi8FMANqA1I2EwsSbzoxX0l7JDZwL1weCGkQRiMUbwF+PEB2A1MjKXwoBTs5bCx4OxNvO2QgQRUgWz4yWxx1JSIPNF0WJ1sxWjcifiNBEDViP3cxFw88ZD86dy5ONT0JQAUoQGotc0EIDF9cAR9WCQsfClYNbkIGT09wJCVA IP 65.9.44.24 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:37:10 Last Seen2023-03-07 14:37:10 Times Seen1 Hash ae1600afb875d2434cb3ca9e317e58eb 74d1a11fc8426176a49fffb65550419515744bce c00ec5963265559b1b55e0d996a9a40bd7031f8f53efaee03fd1599ee38da8e0 Loading...

	pectthatmye.shop/cDZhZEIRVAIJfRELA0I3AlpcQXA2E1MiJkMHEQx6FlAVBnYCBRlKIRxZFAAkAlkPEGweUxVBcDYHADMuJlcmAwkyXBIrFAgGICkUJmc5MjIebg0IEjFPOCwAGFo0Izs5dSYNAyF9MwggJ2EsCggaWQ8HOgdlJTIQHGIGNQsyTCsyFhdBKSouJmw1EyUIdQ0yJiRPIC4UIWcmKDU1cyM1KgdhCFEhIgQ3KhUcWiMoFBxsNSItKGI3FBgyYhYjCiJwLD5zF2c0Mno7bg0cDydeBSoVHF0DLXJBVCoiABpkDQwDJHEFPQYHQSo0JRR4Nh17HmEnCBgnYUw2GydjGQYYIQIjIzUHTCMcAD1hGSoQKF0FPiEIBzczA1ZcEgssAAsvLigDfyQlM0IGVysMI3g	2.9 kB	2023-03-07	2023-03-07
Pretty URL pectthatmye.shop/cDZhZEIRVAIJfRELA0I3AlpcQXA2E1MiJkMHEQx6FlAVBnYCBRlKIRxZFAAkAlkPEGweUxVBcDYHADMuJlcmAwkyXBIrFAgGICkUJmc5MjIebg0IEjFPOCwAGFo0Izs5dSYNAyF9MwggJ2EsCggaWQ8HOgdlJTIQHGIGNQsyTCsyFhdBKSouJmw1EyUIdQ0yJiRPIC4UIWcmKDU1cyM1KgdhCFEhIgQ3KhUcWiMoFBxsNSItKGI3FBgyYhYjCiJwLD5zF2c0Mno7bg0cDydeBSoVHF0DLXJBVCoiABpkDQwDJHEFPQYHQSo0JRR4Nh17HmEnCBgnYUw2GydjGQYYIQIjIzUHTCMcAD1hGSoQKF0FPiEIBzczA1ZcEgssAAsvLigDfyQlM0IGVysMI3g IP 65.9.44.24 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:37:10 Last Seen2023-03-07 14:37:10 Times Seen1 Hash f7189c962d21c00a49ab53203ea21c64 c1330dbf06189cb3c1108a229042fd3ba842e785 0b5d3f815bfe0ec1b2fa064ec8da12e4af8ac5374aafcdefb54e83926e72533b Loading...

	exe.app/EJYyq	1.1 kB	2023-03-07	2023-03-17
Pretty URL exe.app/EJYyq IP 172.67.136.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:29:40 Last Seen2023-03-17 12:44:18 Times Seen1 Hash 97a282796d59027a7bfaada46d5be3e3 7abefec46e8093e27c714934a78e07d290eaf891 65a3a8f4a1738b9f7de8739791faec05552f6eae4528fe66684b9ee3ce042f62 Loading...

	nh.eugeniecor.com/1clkn/29529	6 B	2023-03-07	2024-04-18
Pretty URL nh.eugeniecor.com/1clkn/29529 IP 23.109.82.147 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:04 Last Seen2024-04-18 16:43:45 Times Seen13393 Hash 9082dc37e5e8046929da411544ad071a 41e0e3963ed94e59e8a2f115994c382712411537 b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550 Loading...

	http:blank	580 B	2023-03-07	2023-03-07
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:37:10 Last Seen2023-03-07 14:37:10 Times Seen1 Hash 025ebe79a3647012e22ec8b22df95595 a52fe7cc9ba15a9f94f6c7a1c25b84bd3eaead05 18e902d96cce61e8326b3cd353827121f4cec6e7ef13038b575fdf5220ab03d5 Loading...

	pectthatmye.shop/dU1IWHoULys1RRRwKn4PByF1fUgzaHoeHkZ8ODBCEys8Ok4HfjB2GRkiPTwcByImLFQbKDx9SDM6LDMCLCgNPyw8NxE9HgIEJAg/IzocNiwGHBAgKz8kOwAwEhcwFTtFPwAhFT8MDGgMPBkkERgSBHoIPyN5HRs7QAshYTYUJ3gPMUU5cT4SHj4OEDwGFSIvPTw3Bh41EhR8CB0aPw4bL1B/ChA9QQkEDy8jBz8vFjsPGSgvRnktDC0vCikPCjwUCW1DFBt5bzQyITkLOSQrATFKNC8dCkI8CAp9SDcGECgJLRU7aBsiPQEXHTc9KSIWDRwPEhUgGnkdHDFgcDwxDX0iPi8aAhoQAgUeADAyEwokPB8eFDkVKxo5DRs3EhUQNw0RGn0PHzMMfQIvHmsiKxUbPXUwDxYkLgkCABQlOUo	2.9 kB	2023-03-07	2023-03-07
Pretty URL pectthatmye.shop/dU1IWHoULys1RRRwKn4PByF1fUgzaHoeHkZ8ODBCEys8Ok4HfjB2GRkiPTwcByImLFQbKDx9SDM6LDMCLCgNPyw8NxE9HgIEJAg/IzocNiwGHBAgKz8kOwAwEhcwFTtFPwAhFT8MDGgMPBkkERgSBHoIPyN5HRs7QAshYTYUJ3gPMUU5cT4SHj4OEDwGFSIvPTw3Bh41EhR8CB0aPw4bL1B/ChA9QQkEDy8jBz8vFjsPGSgvRnktDC0vCikPCjwUCW1DFBt5bzQyITkLOSQrATFKNC8dCkI8CAp9SDcGECgJLRU7aBsiPQEXHTc9KSIWDRwPEhUgGnkdHDFgcDwxDX0iPi8aAhoQAgUeADAyEwokPB8eFDkVKxo5DRs3EhUQNw0RGn0PHzMMfQIvHmsiKxUbPXUwDxYkLgkCABQlOUo IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:37:10 Last Seen2023-03-07 14:37:10 Times Seen1 Hash c6662834a26955a5eb0d6f40653dda58 4d3b74b0ed8c9b33716b1dcc9a9d95121334a6f7 7b3087f2b7b3d1087f15e5c125a7814681c0646a8ca3173897124ac643ef152b Loading...

	exe.app/EJYyq	338 kB	2023-03-07	2023-03-07
Pretty URL exe.app/EJYyq IP 172.67.136.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:36:45 Last Seen2023-03-07 14:37:10 Times Seen1 Hash 22b90a925b10c019debc0e2b2b8593ff 4ca619b1233b0342a10a982cf04a661c85d9d90d 9c639baa84c52ab15df2af55356dbe133b186647345a398efb441374c95129a7 Loading...

	exe.app/EJYyq	283 B	2023-03-07	2023-07-02
Pretty URL exe.app/EJYyq IP 172.67.136.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:29:40 Last Seen2023-07-02 16:55:57 Times Seen184 Hash b291dcd2ab2c7355776970c094fb8abf befb28b56eb21d57285f318375866f39da5ff892 e59d3cfa0429a49076e698e6ab15f3632b01e03fd951a66b4e22a49e57cded37 Loading...

	www.googletagmanager.com/gtag/js?id=UA-135952122-1	108 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=UA-135952122-1 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:37:10 Last Seen2023-03-07 14:37:10 Times Seen1 Hash d9bc88157a7aa6b2b7ffbb2c53ba6359 29b6d4052c6afa66059f48b6122a670654c63991 553bd5dfd6478893ead72b647f16cea6a51c5b818317cd20557824890960fc6c Loading...

	d31ph8fftb4r3x.cloudfront.net/wdkxYeEgVIzYedwIlPEVwTnVsQXxQJisXJgZxMA0rHyoJAD0vITlIbgI2PEV4UCA5Fi9Laj0WK0t9fhksFHFsXjwGIzNFOgY4PgorFCU+HG4DLWUVJwwlNBQpU34eTWZGaWpIYA59aV17NGlqSCQfIi0AbUR8IEB+KXpsXXs0aWpIOgBpazlxQGJoUW1EfD-8dKx0jfUoORHxpSHhHfGldekYqMQotECMgXXowdW5WeFA5ZUk	884 B	2023-03-07	2023-03-07
Pretty URL d31ph8fftb4r3x.cloudfront.net/wdkxYeEgVIzYedwIlPEVwTnVsQXxQJisXJgZxMA0rHyoJAD0vITlIbgI2PEV4UCA5Fi9Laj0WK0t9fhksFHFsXjwGIzNFOgY4PgorFCU+HG4DLWUVJwwlNBQpU34eTWZGaWpIYA59aV17NGlqSCQfIi0AbUR8IEB+KXpsXXs0aWpIOgBpazlxQGJoUW1EfD-8dKx0jfUoORHxpSHhHfGldekYqMQotECMgXXowdW5WeFA5ZUk IP 54.230.245.208 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:37:10 Last Seen2023-03-07 14:37:10 Times Seen1 Hash b9dd661b9ccb51199d2486cc952ed60a dafb7fc8da14c6d4536811e19a47a69103f99f60 f8a5df41fc804b3738a77318913a99c60065ef4c8e0a00a3909277f9c2731d43 Loading...

	tzegilo.com/stattag.js	33 kB	2023-03-07	2023-03-17
Pretty URL tzegilo.com/stattag.js IP 104.21.22.169 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:13:21 Last Seen2023-03-17 12:47:57 Times Seen1 Hash df875929410d71d763e9fa10b830bb2a b0711a8d2bf6ad4ffa4640534588b423f2ef7fec 0be796b658c6cee0d55aa164994d0d83f9ec7aa7ecf1eb41c1ddf208bba9e3b1 Loading...

HTTP Transactions (73)

URL IP Response Size

exe.io/EJYyq

172.67.71.40

301 Moved Permanently

0 B

URL HTTP/1.1
exe.io/EJYyq
IP
172.67.71.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /EJYyq HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Sep 2022 05:00:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 11 Sep 2022 06:00:19 GMT
Location: https://exe.io/EJYyq
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mIIGQuQFb9WJTW%2Fh1K%2Fhxr76IJe8GsfsryxFJJvWPcTgPbmZXwQ8rJLYwwjF6qs6XGWw2DSV5NfqtPEdwHptef5B3L2yYba4D%2FjG%2BycM%2Fd%2BAoFSvJI9dag%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 748dd6ce9f45b517-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 04:07:16 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: elyPYJGfSPX13Y3ZHHQtQGarwRHWaylhI8GSzPjSQjw5VvA-PUW4qQ==
Age: 3183

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2188
Expires: Sun, 11 Sep 2022 05:36:47 GMT
Date: Sun, 11 Sep 2022 05:00:19 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 10 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jwBNaVylGN0gTVZ8u7RUXSBW7T-mfC4AUvFbLvArZCRsSs0GXYQDSg==
age: 78187
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 05:00:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
65deebab57142db522e6c874673bdd9f
bfd022181afaec5035f868ccd05fac58113f81dc
7470143c8bd79f00190a3766ebaa9c632d0aa47693fc4c146f097873865da327

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 05:00:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

42 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
42 kB (41825 bytes)
Hash
2e8b67bc37fb29a69e386d4671146c38
8c8f4fc15c33486225877f6f6c0ccf87b8b7da63
cd87f152a788dc51e615afad13a9d319c9614858aaa4347110dbcf8b48e78b43

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 05:00:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
248a3bc0e29f0ee8890fc3e91bbf6f36
adf63f9d9e195e747a4e94fbcdeddb0eb74cf83c
8c51a323ff5212d353d59e03287e11ce6552bf97f07dd151de614c8be0c16fae

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C51A323FF5212D353D59E03287E11CE6552BF97F07DD151DE614C8BE0C16FAE"
Last-Modified: Thu, 08 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2386
Expires: Sun, 11 Sep 2022 05:40:06 GMT
Date: Sun, 11 Sep 2022 05:00:20 GMT
Connection: keep-alive

www.googletagmanager.com/gtag/js?id=UA-135952122-1

142.250.74.72

200 OK

42 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-135952122-1
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1615)
Size
42 kB (41921 bytes)
Hash
fe86b8a2106b606b103cc79b6032525d
f3be6375803b034b43379b76347e705007fbea50
7b82ba6e7a65df90b6f239b0734ba23951100173910772f1eb55045993aae0da

HTTP Headers

GET /gtag/js?id=UA-135952122-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 11 Sep 2022 05:00:20 GMT
expires: Sun, 11 Sep 2022 05:00:20 GMT
cache-control: private, max-age=900
last-modified: Sun, 11 Sep 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41921
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

nh.eugeniecor.com/1clkn/29529

23.109.82.147

200 OK

26 B

URL HTTP/1.1
nh.eugeniecor.com/1clkn/29529
IP
23.109.82.147:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa

HTTP Headers

GET /1clkn/29529 HTTP/1.1
Host: nh.eugeniecor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 05:00:20 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Mon, 12-Sep-2022 05:00:20 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Mon, 12-Sep-2022 05:00:20 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
65deebab57142db522e6c874673bdd9f
bfd022181afaec5035f868ccd05fac58113f81dc
7470143c8bd79f00190a3766ebaa9c632d0aa47693fc4c146f097873865da327

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 05:00:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
57b75ea93de540716c45f1397781431a
431cc2c684385c4e46facd7210b5ac49b9dd09cc
4581d7dd422dc110fa7cfe667297cdb75d92a02ce7226db6db89448befa5b780

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 05:00:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
4ab4266788d64f4bfdc9f1efb429c49a
3533a113e8560a9dc1bb01888a538cf405f86069
17549e4f8b4c5885030c9fa965bcf2d8ea33440e96819ae80f58dea13735a57f

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "17549E4F8B4C5885030C9FA965BCF2D8EA33440E96819AE80F58DEA13735A57F"
Last-Modified: Fri, 09 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3523
Expires: Sun, 11 Sep 2022 05:59:03 GMT
Date: Sun, 11 Sep 2022 05:00:20 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
4ab4266788d64f4bfdc9f1efb429c49a
3533a113e8560a9dc1bb01888a538cf405f86069
17549e4f8b4c5885030c9fa965bcf2d8ea33440e96819ae80f58dea13735a57f

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "17549E4F8B4C5885030C9FA965BCF2D8EA33440E96819AE80F58DEA13735A57F"
Last-Modified: Fri, 09 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3523
Expires: Sun, 11 Sep 2022 05:59:03 GMT
Date: Sun, 11 Sep 2022 05:00:20 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
32072ab048df69ad6db8b7e4ac7ea796
c7b466b36a3cc9b0b65a03283128b2a9004ec3c3
9abf5e9d5bacc2f13c1366d4c90aea5caa66c2e34050a3ae575b3133eeecb0f2

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9ABF5E9D5BACC2F13C1366D4C90AEA5CAA66C2E34050A3AE575B3133EEECB0F2"
Last-Modified: Fri, 09 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17252
Expires: Sun, 11 Sep 2022 09:47:52 GMT
Date: Sun, 11 Sep 2022 05:00:20 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 11 Sep 2022 04:56:07 GMT
Expires: Sun, 11 Sep 2022 05:04:20 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VumoHXih7WZZ0VOleY_47P5AREEJ-V9WfU0SX6aKeqqQ6u7xwfXJ_A==
Age: 253

pectthatmye.shop/utx?cb=YrUNwJ6bFi2C&top=exe.app&tid=822524

65.9.44.24

204 No Content

0 B

URL HTTP/2
pectthatmye.shop/utx?cb=YrUNwJ6bFi2C&top=exe.app&tid=822524
IP
65.9.44.24:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=YrUNwJ6bFi2C&top=exe.app&tid=822524 HTTP/1.1
Host: pectthatmye.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exe.app
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sun, 11 Sep 2022 05:00:20 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://exe.app
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 11 Sep 2022 05:01:20 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bdc4e02725e6de1af31e5bb25800f68.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: KLPpeLuXWX-6-ORyAU02K0jwGf44V0xdQlkuETK_ds4aZshMaFrJYw==
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 05:00:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 05:00:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
4ab4266788d64f4bfdc9f1efb429c49a
3533a113e8560a9dc1bb01888a538cf405f86069
17549e4f8b4c5885030c9fa965bcf2d8ea33440e96819ae80f58dea13735a57f

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "17549E4F8B4C5885030C9FA965BCF2D8EA33440E96819AE80F58DEA13735A57F"
Last-Modified: Fri, 09 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3523
Expires: Sun, 11 Sep 2022 05:59:03 GMT
Date: Sun, 11 Sep 2022 05:00:20 GMT
Connection: keep-alive

pectthatmye.shop/cnA4eTYTElsUCRNNWl9DABwFXAQ0VQo/UkFBSBEOFBZMGwIAQ0BXVR4fTR1QAB9WDRgcFUxcBDQ2XDFgHyFtEm41F18XUhUxWzhYCghqElImEwtIZToIbQx8BSJxOkwBHnk6ByU+Qkx1Pwp5LHskOXoxdSRAaj97OTl7GmIhNXkSfAoUcS8EER99O1IQFG9BdzAhUwhSMyl+PF8RR34BVSI6QUhlMzFcQXwwA2g9T0Icfi90JzILAVcgJXYDUyQHdi8FMANqA1I2EwsSbzoxX0l7JDZwL1weCGkQRiMUbwF+PEB2A1MjKXwoBTs5bCx4OxNvO2QgQRUgWz4yWxx1JSIPNF0WJ1sxWjcifiNBEDViP3cxFw88ZD86dy5ONT0JQAUoQGotc0EIDF9cAR9WCQsfClYNbkIGT09wJCVA

65.9.44.24

200 OK

1.2 kB

URL HTTP/2
pectthatmye.shop/cnA4eTYTElsUCRNNWl9DABwFXAQ0VQo/UkFBSBEOFBZMGwIAQ0BXVR4fTR1QAB9WDRgcFUxcBDQ2XDFgHyFtEm41F18XUhUxWzhYCghqElImEwtIZToIbQx8BSJxOkwBHnk6ByU+Qkx1Pwp5LHskOXoxdSRAaj97OTl7GmIhNXkSfAoUcS8EER99O1IQFG9BdzAhUwhSMyl+PF8RR34BVSI6QUhlMzFcQXwwA2g9T0Icfi90JzILAVcgJXYDUyQHdi8FMANqA1I2EwsSbzoxX0l7JDZwL1weCGkQRiMUbwF+PEB2A1MjKXwoBTs5bCx4OxNvO2QgQRUgWz4yWxx1JSIPNF0WJ1sxWjcifiNBEDViP3cxFw88ZD86dy5ONT0JQAUoQGotc0EIDF9cAR9WCQsfClYNbkIGT09wJCVA
IP
65.9.44.24:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Size
1.2 kB (1176 bytes)
Hash
74a7c0fb8b42f3cf1417ffbefdcf7bc4
e490f0de938de11a3a5c1e6eb45ed60ded09d506
030d76b054aca5fcdda0aacebdde5508452eb33e40da665037b5b15f42351f34

HTTP Headers

GET /cnA4eTYTElsUCRNNWl9DABwFXAQ0VQo/UkFBSBEOFBZMGwIAQ0BXVR4fTR1QAB9WDRgcFUxcBDQ2XDFgHyFtEm41F18XUhUxWzhYCghqElImEwtIZToIbQx8BSJxOkwBHnk6ByU+Qkx1Pwp5LHskOXoxdSRAaj97OTl7GmIhNXkSfAoUcS8EER99O1IQFG9BdzAhUwhSMyl+PF8RR34BVSI6QUhlMzFcQXwwA2g9T0Icfi90JzILAVcgJXYDUyQHdi8FMANqA1I2EwsSbzoxX0l7JDZwL1weCGkQRiMUbwF+PEB2A1MjKXwoBTs5bCx4OxNvO2QgQRUgWz4yWxx1JSIPNF0WJ1sxWjcifiNBEDViP3cxFw88ZD86dy5ONT0JQAUoQGotc0EIDF9cAR9WCQsfClYNbkIGT09wJCVA HTTP/1.1
Host: pectthatmye.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1176
date: Sun, 11 Sep 2022 05:00:20 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bdc4e02725e6de1af31e5bb25800f68.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: Ugt8tIpvufpWiE6O8FYGDxlG9Dzgo5JeGn8Q3oQVw5b70rveZwYtoA==
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exe.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 08:31:01 GMT
expires: Wed, 06 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 419359
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2

142.250.74.163

200 OK

18 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Size
18 kB (17820 bytes)
Hash
3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31

HTTP Headers

GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exe.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 19:07:15 GMT
expires: Tue, 05 Sep 2023 19:07:15 GMT
cache-control: public, max-age=31536000
age: 467585
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

188.114.97.1

200 OK

104 kB

URL HTTP/2
pogothere.xyz/asd100.bin
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
104 kB (103571 bytes)
Hash
e30975c9d97a938ab9c50afa3f4ddf0e
ece1aad3b14ccc7c70159fecb89b9082caeb7b0b
59abd9c464c9fd36cb833d0782b3ce705e14f73267503e411011f42ebd174afa

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exe.app/
Origin: https://exe.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 11 Sep 2022 05:00:20 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exe.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 668
last-modified: Sun, 11 Sep 2022 04:49:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n29ScgsRWyT8XNFCMHRT8zFSWqC3sTqq06V0UlsrLR9uA1JcAIYBZ%2BVqg83OcIsOc0vGwSFvQnBIUmGoePrS%2FT15l%2FW1ncQqv%2Fve9LGwryamBC5MBZv4p3qzHZXwPG3e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748dd6d49af9b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

pectthatmye.shop/cDZhZEIRVAIJfRELA0I3AlpcQXA2E1MiJkMHEQx6FlAVBnYCBRlKIRxZFAAkAlkPEGweUxVBcDYHADMuJlcmAwkyXBIrFAgGICkUJmc5MjIebg0IEjFPOCwAGFo0Izs5dSYNAyF9MwggJ2EsCggaWQ8HOgdlJTIQHGIGNQsyTCsyFhdBKSouJmw1EyUIdQ0yJiRPIC4UIWcmKDU1cyM1KgdhCFEhIgQ3KhUcWiMoFBxsNSItKGI3FBgyYhYjCiJwLD5zF2c0Mno7bg0cDydeBSoVHF0DLXJBVCoiABpkDQwDJHEFPQYHQSo0JRR4Nh17HmEnCBgnYUw2GydjGQYYIQIjIzUHTCMcAD1hGSoQKF0FPiEIBzczA1ZcEgssAAsvLigDfyQlM0IGVysMI3g

65.9.44.24

200 OK

1.2 kB

URL HTTP/2
pectthatmye.shop/cDZhZEIRVAIJfRELA0I3AlpcQXA2E1MiJkMHEQx6FlAVBnYCBRlKIRxZFAAkAlkPEGweUxVBcDYHADMuJlcmAwkyXBIrFAgGICkUJmc5MjIebg0IEjFPOCwAGFo0Izs5dSYNAyF9MwggJ2EsCggaWQ8HOgdlJTIQHGIGNQsyTCsyFhdBKSouJmw1EyUIdQ0yJiRPIC4UIWcmKDU1cyM1KgdhCFEhIgQ3KhUcWiMoFBxsNSItKGI3FBgyYhYjCiJwLD5zF2c0Mno7bg0cDydeBSoVHF0DLXJBVCoiABpkDQwDJHEFPQYHQSo0JRR4Nh17HmEnCBgnYUw2GydjGQYYIQIjIzUHTCMcAD1hGSoQKF0FPiEIBzczA1ZcEgssAAsvLigDfyQlM0IGVysMI3g
IP
65.9.44.24:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3004), with no line terminators
Size
1.2 kB (1161 bytes)
Hash
275b1a40a7ebea9ed07a7ceb0bc12f43
8c002651ad8478c71a83dc39fd7c949d84c294f7
3d80125e7f00afa27d6150e5519dbb9fae6369a8317174565167140df959376a

HTTP Headers

GET /cDZhZEIRVAIJfRELA0I3AlpcQXA2E1MiJkMHEQx6FlAVBnYCBRlKIRxZFAAkAlkPEGweUxVBcDYHADMuJlcmAwkyXBIrFAgGICkUJmc5MjIebg0IEjFPOCwAGFo0Izs5dSYNAyF9MwggJ2EsCggaWQ8HOgdlJTIQHGIGNQsyTCsyFhdBKSouJmw1EyUIdQ0yJiRPIC4UIWcmKDU1cyM1KgdhCFEhIgQ3KhUcWiMoFBxsNSItKGI3FBgyYhYjCiJwLD5zF2c0Mno7bg0cDydeBSoVHF0DLXJBVCoiABpkDQwDJHEFPQYHQSo0JRR4Nh17HmEnCBgnYUw2GydjGQYYIQIjIzUHTCMcAD1hGSoQKF0FPiEIBzczA1ZcEgssAAsvLigDfyQlM0IGVysMI3g HTTP/1.1
Host: pectthatmye.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1161
date: Sun, 11 Sep 2022 05:00:20 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bdc4e02725e6de1af31e5bb25800f68.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: jQzusXcfltAZiLTl3buseSXZCbzDPSnELNhXyqbyo3e4EikIeedvVQ==
X-Firefox-Spdy: h2

lcreatessque.xyz/ZDJEb3lLDSccRCpqEhodMHMAPkgIfAYINyNldAw6IGcWOCslVWIbEAAPfF1LUQBwSQkNVnleXxdGJRsMFw91SRAKVCtSXxIPdUFKUBx2V1dVFDFSSEJGNA4eWQNiHw0QXnleT1IAfFhLUAN0X0tW

104.21.81.70

204 No Content

0 B

URL HTTP/2
lcreatessque.xyz/ZDJEb3lLDSccRCpqEhodMHMAPkgIfAYINyNldAw6IGcWOCslVWIbEAAPfF1LUQBwSQkNVnleXxdGJRsMFw91SRAKVCtSXxIPdUFKUBx2V1dVFDFSSEJGNA4eWQNiHw0QXnleT1IAfFhLUAN0X0tW
IP
104.21.81.70:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ZDJEb3lLDSccRCpqEhodMHMAPkgIfAYINyNldAw6IGcWOCslVWIbEAAPfF1LUQBwSQkNVnleXxdGJRsMFw91SRAKVCtSXxIPdUFKUBx2V1dVFDFSSEJGNA4eWQNiHw0QXnleT1IAfFhLUAN0X0tW HTTP/1.1
Host: lcreatessque.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sun, 11 Sep 2022 05:00:20 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xv5vHJfAdz0RZhDiEUQugtKL9bKdsEoTxWfAnhhSTvzZR7vx4Ettz9ioFe3ZhtVsdD4H2a1An%2FlXUNy6Ko2L%2FXmjToeBzN2WNUNovYpkqyx7cg5ljXO8ETQuwC9SG0xittju"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748dd6d58c46b517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/fuckadblock/3.2.1/fuckadblock.min.js

104.17.24.14

200 OK

1.3 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/fuckadblock/3.2.1/fuckadblock.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (4741), with no line terminators
Size
1.3 kB (1309 bytes)
Hash
66105838a23d33ffeaff1b46e91493da
5ca20cb4e7995221de8b651b358ec60d0a657adb
06cf1ec54b9a6bf5bddc7baba5a4ed8d2306f40872681a0234b57526eab1643f

HTTP Headers

GET /ajax/libs/fuckadblock/3.2.1/fuckadblock.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exe.app
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 11 Sep 2022 05:00:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 1309
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e6b-1285"
last-modified: Mon, 04 May 2020 16:10:19 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 3316856
expires: Fri, 01 Sep 2023 05:00:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hUp0nGJqwv0YH%2BlUvMkl7Ne%2BjQmTj3UGwNUEplaul%2B%2B60D%2BPK8iiN%2BA4dgWmnuh%2Fb%2BMhP5m8xqRc9ySFV8Vu959TyPQEBuWfqUq3p6IudGjcAR%2BcOsXPQjZf9LvMRlqWk6IlUlAT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 748dd6d67f9db500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/

188.114.97.1

200 OK

29 B

URL HTTP/2
pogothere.xyz/
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
b478a19d1ca1c31ad58ac5f51c1d2538
81a0592ff6baf1022f257c0e3916bf1a792ca2af
f23640ed05c3bc5379ad15c73068b9d76da0ca667b8f64b65390560b633a0d13

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exe.app/
Origin: https://exe.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 11 Sep 2022 05:00:20 GMT
content-type: text/plain
set-cookie: csu=370915182972220@1@1662872420; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exe.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=msXWhlvBF%2FN8N%2FgxUFdAi3lCiZTO3u0NTPOmHWyjn6NrR3PUf6ezbb8QI1g68XX894zJqiiSBqeHMm4HyZo%2B6LGhqLlbo6EoVES3zmzC5R4tD9E29wHD3RDu%2BMspUpdB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748dd6d49af5b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
36fe04277220227ba5ecfe7d2ff1d9d9
2eb9f6560336248cc45c1cd66d87505b5ebdf5d4
94f8f2f8f3b67db18825ea48740ff0ce218d7156fe851d6b023ef43b6bee4f7f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3817
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 05:00:20 GMT
Last-Modified: Sun, 11 Sep 2022 03:56:43 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

lcreatessque.xyz/Q1E4ejJsblsJDxo8XA1/BGBqIgISFmAWViUDaRJrFT1uMnEFZR4OWydsAEILd2gMXEIqNQVLFDAlWQ5HMGwJXFstN1dHFDVsCVQBd38KQhxyd01HA2UlSBtVfmAeCkY3PQVLBHVjAE0Ad2AISgt0

104.21.81.70

204 No Content

0 B

URL HTTP/2
lcreatessque.xyz/Q1E4ejJsblsJDxo8XA1/BGBqIgISFmAWViUDaRJrFT1uMnEFZR4OWydsAEILd2gMXEIqNQVLFDAlWQ5HMGwJXFstN1dHFDVsCVQBd38KQhxyd01HA2UlSBtVfmAeCkY3PQVLBHVjAE0Ad2AISgt0
IP
104.21.81.70:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Q1E4ejJsblsJDxo8XA1/BGBqIgISFmAWViUDaRJrFT1uMnEFZR4OWydsAEILd2gMXEIqNQVLFDAlWQ5HMGwJXFstN1dHFDVsCVQBd38KQhxyd01HA2UlSBtVfmAeCkY3PQVLBHVjAE0Ad2AISgt0 HTTP/1.1
Host: lcreatessque.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Sun, 11 Sep 2022 05:00:20 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GjRRHhl%2BuPzxRrp5Lq%2F1Ph80jhrmo0OP4O9JJ%2FeLFsbueNreAjZb2eTVQcddloHlUA54Gnug0JsQbIPIQeHs6QK5SuQODHxh6sNQS4%2BpmUpNmso%2FrEEIn8XEsn68H0QcH1xq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748dd6d5cc72b517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

lcreatessque.xyz/YkN1UkpNfBYhdzRwNwAcNXoZACc4MCIVECEiIhAoO3MjOhNTd1MmIwZ+TWZ5UHVEdDoLJ0hjckQwATM+FzBIY2wLLRM9d0Q1SGNkUm1EfHlENkhjbBYzFDV3U2UFJj4OfkRkfFB7QmB+U3NEY38

104.21.81.70

204 No Content

0 B

URL HTTP/2
lcreatessque.xyz/YkN1UkpNfBYhdzRwNwAcNXoZACc4MCIVECEiIhAoO3MjOhNTd1MmIwZ+TWZ5UHVEdDoLJ0hjckQwATM+FzBIY2wLLRM9d0Q1SGNkUm1EfHlENkhjbBYzFDV3U2UFJj4OfkRkfFB7QmB+U3NEY38
IP
104.21.81.70:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /YkN1UkpNfBYhdzRwNwAcNXoZACc4MCIVECEiIhAoO3MjOhNTd1MmIwZ+TWZ5UHVEdDoLJ0hjckQwATM+FzBIY2wLLRM9d0Q1SGNkUm1EfHlENkhjbBYzFDV3U2UFJj4OfkRkfFB7QmB+U3NEY38 HTTP/1.1
Host: lcreatessque.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Sun, 11 Sep 2022 05:00:20 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UWJCVhzzdHjHmL8CkUc%2F2ga7%2Bwuo9TEp0GlVIp4DDT5KvV6aJTfdlrVXmrhpE4q9Dev3xcQU82VdcD3jaMBiGoWJk26kBPoY8qjzTrxh7bSuOCXnByZ7hs2tdjGZRBN5eFgw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748dd6d5dc7bb517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js

142.250.74.72

200 OK

36 kB

URL HTTP/2
www.googletagmanager.com/gtag/js
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1615)
Size
36 kB (35748 bytes)
Hash
585172c7aa54c67e045ded4e857a20f2
4d399d64e946a6da08ccad92bc82e6039d012176
6af229f271e4f01a2c863086b92bf293158e0133e3abb6cbf90d556e27118cf0

HTTP Headers

GET /gtag/js HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exe.app/
Origin: https://exe.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
access-control-allow-origin: https://exe.app
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
date: Sun, 11 Sep 2022 05:00:20 GMT
expires: Sun, 11 Sep 2022 05:00:20 GMT
cache-control: private, max-age=900
last-modified: Sun, 11 Sep 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 35748
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lcreatessque.xyz/TVl5elpiZhoJZy5rIz87Chc4LGkpPS4RAB49LxIIHmgjSg0hHF8OMylkQUhoeGtNXCokPURLfD4tGA4vPmRKXDMjPxZHOSEwGhF8O2RIVGl5d0tCdHx/DEdray0JGz1waF8KLjk1REtse2tBTWh5aElLYnQ

104.21.81.70

204 No Content

0 B

URL HTTP/2
lcreatessque.xyz/TVl5elpiZhoJZy5rIz87Chc4LGkpPS4RAB49LxIIHmgjSg0hHF8OMylkQUhoeGtNXCokPURLfD4tGA4vPmRKXDMjPxZHOSEwGhF8O2RIVGl5d0tCdHx/DEdray0JGz1waF8KLjk1REtse2tBTWh5aElLYnQ
IP
104.21.81.70:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /TVl5elpiZhoJZy5rIz87Chc4LGkpPS4RAB49LxIIHmgjSg0hHF8OMylkQUhoeGtNXCokPURLfD4tGA4vPmRKXDMjPxZHOSEwGhF8O2RIVGl5d0tCdHx/DEdray0JGz1waF8KLjk1REtse2tBTWh5aElLYnQ HTTP/1.1
Host: lcreatessque.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Sun, 11 Sep 2022 05:00:20 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3973EZi2j19QBhSzgmAwMCA7VUvJMITrcLj7pR2mjaK0%2FeQPiU29ckpE8T6uWvw2geeNAMoSnCHOOJ09AXhNyRRC3ex9Z6O3yYOAmhs6Ux0rLxkt%2BGNyfSJHiOtqBfxiG%2B%2FB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748dd6d61cacb517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 05:00:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

23.33.119.27

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
32072ab048df69ad6db8b7e4ac7ea796
c7b466b36a3cc9b0b65a03283128b2a9004ec3c3
9abf5e9d5bacc2f13c1366d4c90aea5caa66c2e34050a3ae575b3133eeecb0f2

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9ABF5E9D5BACC2F13C1366D4C90AEA5CAA66C2E34050A3AE575B3133EEECB0F2"
Last-Modified: Fri, 09 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17252
Expires: Sun, 11 Sep 2022 09:47:52 GMT
Date: Sun, 11 Sep 2022 05:00:20 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
abff5166fbd49f3162da898c1ed1b0c5
2fa6d7f7ae9da60c6ace36303821320ad5b4a67c
1aefea1673ceaaed1856797bf8de2743c897c162f63f6f6c1bea4c98f203e338

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1AEFEA1673CEAAED1856797BF8DE2743C897C162F63F6F6C1BEA4C98F203E338"
Last-Modified: Fri, 09 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2393
Expires: Sun, 11 Sep 2022 05:40:13 GMT
Date: Sun, 11 Sep 2022 05:00:20 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4a8b934802b39ce62326f039ac83cd96
dbfe44bfbec869b99291881ce7c2539d34d7ca9c
c1d5a7058b585d2207c7162b7d0ed62443426b9b2e1262391ad3118884bda651

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6565
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 05:00:21 GMT
Last-Modified: Sun, 11 Sep 2022 03:10:56 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8a3f147ac37bcccd79750e4229a8d99b
f76459233b24f681045ed0476a63d95a0f12623e
6ecda86d440d58447955acca8d5181db4951cd6f92cd7ad595511d3c9c54d82a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 05:00:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

34.213.92.18

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.213.92.18:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IbqS9zz0QRUsUxI5mhhuCw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hw8ckybmZw1rq+PML+erSUb+71w=

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20006 bytes)
Hash
56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Sun, 11 Sep 2022 04:41:12 GMT
expires: Sun, 11 Sep 2022 06:41:12 GMT
cache-control: public, max-age=7200
age: 1149
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8a3f147ac37bcccd79750e4229a8d99b
f76459233b24f681045ed0476a63d95a0f12623e
6ecda86d440d58447955acca8d5181db4951cd6f92cd7ad595511d3c9c54d82a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 05:00:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

d31ph8fftb4r3x.cloudfront.net/wdkxYeEgVIzYedwIlPEVwTnVsQXxQJisXJgZxMA0rHyoJAD0vITlIbgI2PEV4UCA5Fi9Laj0WK0t9fhksFHFsXjwGIzNFOgY4PgorFCU+HG4DLWUVJwwlNBQpU34eTWZGaWpIYA59aV17NGlqSCQfIi0AbUR8IEB+KXpsXXs0aWpIOgBpazlxQGJoUW1EfD-8dKx0jfUoORHxpSHhHfGldekYqMQotECMgXXowdW5WeFA5ZUk

54.230.245.208

200 OK

621 B

URL HTTP/2
d31ph8fftb4r3x.cloudfront.net/wdkxYeEgVIzYedwIlPEVwTnVsQXxQJisXJgZxMA0rHyoJAD0vITlIbgI2PEV4UCA5Fi9Laj0WK0t9fhksFHFsXjwGIzNFOgY4PgorFCU+HG4DLWUVJwwlNBQpU34eTWZGaWpIYA59aV17NGlqSCQfIi0AbUR8IEB+KXpsXXs0aWpIOgBpazlxQGJoUW1EfD-8dKx0jfUoORHxpSHhHfGldekYqMQotECMgXXowdW5WeFA5ZUk
IP
54.230.245.208:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (884), with no line terminators
Size
621 B (621 bytes)
Hash
a9e580979b0673294f070e38ad0f6745
9d66c1b1ab618b6826f04f5a835bd6bea3c24b8c
0e601afe41aedaacbf7b152a6d758ab89514b2a473fc8cf03b3bfc363e9b4e52

HTTP Headers

GET /wdkxYeEgVIzYedwIlPEVwTnVsQXxQJisXJgZxMA0rHyoJAD0vITlIbgI2PEV4UCA5Fi9Laj0WK0t9fhksFHFsXjwGIzNFOgY4PgorFCU+HG4DLWUVJwwlNBQpU34eTWZGaWpIYA59aV17NGlqSCQfIi0AbUR8IEB+KXpsXXs0aWpIOgBpazlxQGJoUW1EfD-8dKx0jfUoORHxpSHhHfGldekYqMQotECMgXXowdW5WeFA5ZUk HTTP/1.1
Host: d31ph8fftb4r3x.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pectthatmye.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 621
date: Sun, 11 Sep 2022 05:00:21 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5KTejnrVTYeQ1gImp196ePU-zHmcDdhREGw2Avz51toxs62wsLc5wg==
X-Firefox-Spdy: h2

d31ph8fftb4r3x.cloudfront.net/1aWlVaGgKBjsOVx0AMVVQXVpnXllPAyYHBhlUGyICGiAQKRlbWWMnJjoncxwSDVRlTgQIBzJVTgwHNlVZTwgxClVdTyAJVQQGLwEEBQhwWi5cR2VNWllBLVlZTFoXTVpZBTwGHRFMZ1gQUV8KXlxMWhdNWlkbI01bKFBjRlhATGdYDwwKPgdNWy9nWFlZWW-RYWUxbZQ4BGwwzBxBMWxNRXkdZcx1VWA

54.230.245.208

200 OK

188 B

URL HTTP/2
d31ph8fftb4r3x.cloudfront.net/1aWlVaGgKBjsOVx0AMVVQXVpnXllPAyYHBhlUGyICGiAQKRlbWWMnJjoncxwSDVRlTgQIBzJVTgwHNlVZTwgxClVdTyAJVQQGLwEEBQhwWi5cR2VNWllBLVlZTFoXTVpZBTwGHRFMZ1gQUV8KXlxMWhdNWlkbI01bKFBjRlhATGdYDwwKPgdNWy9nWFlZWW-RYWUxbZQ4BGwwzBxBMWxNRXkdZcx1VWA
IP
54.230.245.208:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
188 B (188 bytes)
Hash
20c134a5ddc908e49ae666f31a54e661
8e34eba9d2b629f6776a84896ec88ad28380e6f2
c94cdbca6456b06da3cced7b5fe10e28a65af853183eb32cff2f84f63ae8fd1c

HTTP Headers

GET /1aWlVaGgKBjsOVx0AMVVQXVpnXllPAyYHBhlUGyICGiAQKRlbWWMnJjoncxwSDVRlTgQIBzJVTgwHNlVZTwgxClVdTyAJVQQGLwEEBQhwWi5cR2VNWllBLVlZTFoXTVpZBTwGHRFMZ1gQUV8KXlxMWhdNWlkbI01bKFBjRlhATGdYDwwKPgdNWy9nWFlZWW-RYWUxbZQ4BGwwzBxBMWxNRXkdZcx1VWA HTTP/1.1
Host: d31ph8fftb4r3x.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pectthatmye.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 188
date: Sun, 11 Sep 2022 05:00:21 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BBYd8fgVY7VdMNsGg_0TgsWmVRuCdsoW3j54agt2r5I22kRxP5F54g==
X-Firefox-Spdy: h2

in-page-push.com/400/3230648

139.45.197.15

200 OK

32 kB

URL HTTP/2
in-page-push.com/400/3230648
IP
139.45.197.15:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
32 kB (32490 bytes)
Hash
648cd5482276aaec445f04a1daf32585
9a871c447a5da529f0d603ea790bb956c9381449
d36320b38d9632fdc3d38b0b173a7148f790b574b010523efb84534fea389453

HTTP Headers

GET /400/3230648 HTTP/1.1
Host: in-page-push.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 05:00:21 GMT
content-type: application/javascript
x-trace-id: 9c858c27273d6e94f52b4089590386cf
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=0d7d005344f74ac88f074e6d75acf45c; expires=Mon, 11 Sep 2023 05:00:21 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

216.58.207.237

302 Found

391 B

URL HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (377)
Size
391 B (391 bytes)
Hash
59a8dbe297213448aae74ad6f3fa37ae
25432d7fb4a405a629c48273ddf15f4201d01e53
6c88626116225721b1a1df353aa718cac39a5818a4cff9b80cdba5e933e82b5c

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 11 Sep 2022 05:00:21 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-83567024%3A1662872421195132&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWpxY5DQWxYw-gJJFCHCfKszVKRhQJ6L-zPeIg_3R7bDntAHsgZJ0zgqaauKZSBIvbotoh02
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-FYCn5BU6kt3bYs3De3ce8w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 391
server: GSE
set-cookie: __Host-GAPS=1:Ac5fTB_EeaKks6GWwzStxDEELCCUfA:V52BEFJsLzgePCmI;Path=/;Expires=Tue, 10-Sep-2024 05:00:21 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

d31ph8fftb4r3x.cloudfront.net/FdHVmQUkXGggndgAcAnxxRkdTc31SHxUuJwRICzsnAC1WNz5CMzAUMVIBHCV0RFMKICcTSEAkJxdIV2coEBdbdW8ABQkqdAYFEic7FxcPJy1SAAd8JBsPDy0lFVBUB3xaRUNzeVwNV3BsRzdDc3kYHAg0MVFHVjlxQipQdWxHN0NzeQYDQ3IITUNIcWBRR1-YmLBceCWR7MkdWcHlERFZwbEZFACg7ERMJOWxGM193Z0RTE3x4

54.230.245.208

200 OK

525 B

URL HTTP/2
d31ph8fftb4r3x.cloudfront.net/FdHVmQUkXGggndgAcAnxxRkdTc31SHxUuJwRICzsnAC1WNz5CMzAUMVIBHCV0RFMKICcTSEAkJxdIV2coEBdbdW8ABQkqdAYFEic7FxcPJy1SAAd8JBsPDy0lFVBUB3xaRUNzeVwNV3BsRzdDc3kYHAg0MVFHVjlxQipQdWxHN0NzeQYDQ3IITUNIcWBRR1-YmLBceCWR7MkdWcHlERFZwbEZFACg7ERMJOWxGM193Z0RTE3x4
IP
54.230.245.208:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (709), with no line terminators
Size
525 B (525 bytes)
Hash
8404f063f4f0991c91a024c731f5d2a9
e7cd77c30323da292afa7734ee125589fea89278
09aacfc0e5bb731882744c386130a3fb7da21f2fb3f3f0cac42cc0dd65972a49

HTTP Headers

GET /FdHVmQUkXGggndgAcAnxxRkdTc31SHxUuJwRICzsnAC1WNz5CMzAUMVIBHCV0RFMKICcTSEAkJxdIV2coEBdbdW8ABQkqdAYFEic7FxcPJy1SAAd8JBsPDy0lFVBUB3xaRUNzeVwNV3BsRzdDc3kYHAg0MVFHVjlxQipQdWxHN0NzeQYDQ3IITUNIcWBRR1-YmLBceCWR7MkdWcHlERFZwbEZFACg7ERMJOWxGM193Z0RTE3x4 HTTP/1.1
Host: d31ph8fftb4r3x.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pectthatmye.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 525
date: Sun, 11 Sep 2022 05:00:21 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wDE6CYzEY_iUtXp_JamTk8sd4EPVaNCtIIDLOod649U6s1oTNgosoQ==
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6c2fea93ba89de81c2b01aaca1a87835
0a7f50001f709285bc10f6ef044ef39a60535bff
6cae8a5f9949975a3adedc41088196b8c9dd984e4023e54bbe655800a9478349

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 05:00:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4a8b934802b39ce62326f039ac83cd96
dbfe44bfbec869b99291881ce7c2539d34d7ca9c
c1d5a7058b585d2207c7162b7d0ed62443426b9b2e1262391ad3118884bda651

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6565
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 05:00:21 GMT
Last-Modified: Sun, 11 Sep 2022 03:10:56 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp

157.240.200.35

200 OK

3.1 kB

URL HTTP/2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
157.240.200.35:0
ASN
#32934 FACEBOOK

File type
data
Size
3.1 kB (3116 bytes)
Hash
ea4c8c8b1c14f101db4e1917d964a5c6
8184abd3269343490e24bfee08cf22ee4ae8cc09
0f55a53209f0afa4c70e27057c5993a0d9988fcda0449569fd2c8c3219e42e3e

HTTP Headers

GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: zm5N+L8VdZ6EHZbNTO99pGOMiUyyO5/liHYp5hL6trQAtzh/uaGICOzftcxD4KoyaT2B99m9paBnFYSX0QNuCg==
date: Sun, 11 Sep 2022 05:00:21 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

my.rtmark.net/gid.js

139.45.195.8

200 OK

872 B

URL HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
gzip compressed data, max compression\012- data
Size
872 B (872 bytes)
Hash
cba7163d60e8e457c8f761a1e769dc3b
1518d591704eb51347fa6550b296b64edbaffe2a
d4cb770f2cb7d2347180677b643cdee5e183b41f7af7412abaedab2e8d7f3641

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exe.app
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 05:00:21 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://exe.app
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=d3dc63d51df24529a522321e563ff324; expires=Mon, 11 Sep 2023 05:00:21 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
431bccffdaad5a26e75e6dd4f8b1abaa
e4b0ac57e7c2d6d00e508cd99231b0f8d58942af
d2b9c8db43c744d36bc73630962238d7fb9017730f8ef8df9b6af1913b08cf35

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 05:00:21 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 12:52:23 GMT
Expires: Thu, 15 Sep 2022 12:52:22 GMT
Etag: "e4b0ac57e7c2d6d00e508cd99231b0f8d58942af"
Cache-Control: max-age=373320,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748dd6db0c04b52d-OSL

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exe.app/
Content-Type: text/plain;charset=UTF-8
Origin: https://exe.app
Content-Length: 1509
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 11 Sep 2022 05:00:33 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://exe.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

in-page-push.com/500/3230648?excludes=&oaid=d3dc63d51df24529a522321e563ff324&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FEJYyq&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.15

200 OK

0 B

URL HTTP/2
in-page-push.com/500/3230648?excludes=&oaid=d3dc63d51df24529a522321e563ff324&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FEJYyq&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.15:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/3230648?excludes=&oaid=d3dc63d51df24529a522321e563ff324&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FEJYyq&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: in-page-push.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://exe.app/
Origin: https://exe.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 05:00:21 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://exe.app
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
948acca30381a2178ac8673c9399431a
55d6a2433c134aedf598159742c34756e47e5894
5b5317cd9ddf0e1c710aa8c54d360d4fbfa7fcaaa6c704a068a08f34fa223b05

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5994
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 05:00:21 GMT
Last-Modified: Sun, 11 Sep 2022 03:20:27 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 280

139.45.197.15

200 OK

67 kB

URL HTTP/2
in-page-push.com/500/3230648?excludes=&oaid=d3dc63d51df24529a522321e563ff324&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FEJYyq&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.15:0
ASN
#9002 RETN Limited

File type
data
Size
67 kB (67216 bytes)
Hash
b9cddb2f1c6024767106921e833d8725
fc1a5409dee10538594bd4a2b21688f3a2431992
fb5251d977feb15e83b2ed705143cd1d6bec3461f3416667939062b6bbbba8cd

HTTP Headers

GET /500/3230648?excludes=&oaid=d3dc63d51df24529a522321e563ff324&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FEJYyq&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: in-page-push.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://exe.app
Connection: keep-alive
Referer: https://exe.app/
Cookie: OAID=0d7d005344f74ac88f074e6d75acf45c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 05:00:21 GMT
content-type: application/javascript
x-trace-id: ccd945ecae7734fb1a1edaf9c525613d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://exe.app
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=d3dc63d51df24529a522321e563ff324; expires=Mon, 11 Sep 2023 05:00:21 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

in-page-push.com/impression/88xAvPQPXvPu7KOAtV-Klp9FAoM-6W6TmnxMsXJyBvsBfnH7qt0paL_1N6lZNkZAmu0y83MaMDXU76uz_uD5Z8--0aWpB5Tj6YxoucOmgEyheFMtYh5xy4fpzh8YDb8EjxtwK9kI1k67j5_iGJ_Tq6EfUVaeLt-PAzFnW5X3CE297HTJBiKHdUH0b3jDbWjh48SBD6E1dkWyRBC65V0v7sIUVTQgoF9CYDfYn_X02OhWe13VQ3w8zJqLBK_lYBnaGcgiw0SY14HQTdxo-VEeRtNeFNWKDX_4FBI9GPmgtmpQRSyLPk3A_M2iq9XSJdEfA_94_rY5Ln7NmAL6bufq0MzZPeyp1WjA57Zfww2Yiag78mVUaVZZqzoS5YtBWyjNqlRyxgk1hCJu4KGBeiUN2FRrr1MTnu9GqLSxqdyiqmWkvljXj94aTdozTeKCy8kXY5uTYLn_dNyctJkL6tVXQ-WAIvHfMBbgD2YE7QpA-NICU4x2r9R2LloYnqATIRJzzh62KpYFjv2VY9DHY46Xiyz3Uf881F-n?_z=3230648&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FEJYyq&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.15

200 OK

43 B

URL HTTP/2
in-page-push.com/impression/88xAvPQPXvPu7KOAtV-Klp9FAoM-6W6TmnxMsXJyBvsBfnH7qt0paL_1N6lZNkZAmu0y83MaMDXU76uz_uD5Z8--0aWpB5Tj6YxoucOmgEyheFMtYh5xy4fpzh8YDb8EjxtwK9kI1k67j5_iGJ_Tq6EfUVaeLt-PAzFnW5X3CE297HTJBiKHdUH0b3jDbWjh48SBD6E1dkWyRBC65V0v7sIUVTQgoF9CYDfYn_X02OhWe13VQ3w8zJqLBK_lYBnaGcgiw0SY14HQTdxo-VEeRtNeFNWKDX_4FBI9GPmgtmpQRSyLPk3A_M2iq9XSJdEfA_94_rY5Ln7NmAL6bufq0MzZPeyp1WjA57Zfww2Yiag78mVUaVZZqzoS5YtBWyjNqlRyxgk1hCJu4KGBeiUN2FRrr1MTnu9GqLSxqdyiqmWkvljXj94aTdozTeKCy8kXY5uTYLn_dNyctJkL6tVXQ-WAIvHfMBbgD2YE7QpA-NICU4x2r9R2LloYnqATIRJzzh62KpYFjv2VY9DHY46Xiyz3Uf881F-n?_z=3230648&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FEJYyq&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.15:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/88xAvPQPXvPu7KOAtV-Klp9FAoM-6W6TmnxMsXJyBvsBfnH7qt0paL_1N6lZNkZAmu0y83MaMDXU76uz_uD5Z8--0aWpB5Tj6YxoucOmgEyheFMtYh5xy4fpzh8YDb8EjxtwK9kI1k67j5_iGJ_Tq6EfUVaeLt-PAzFnW5X3CE297HTJBiKHdUH0b3jDbWjh48SBD6E1dkWyRBC65V0v7sIUVTQgoF9CYDfYn_X02OhWe13VQ3w8zJqLBK_lYBnaGcgiw0SY14HQTdxo-VEeRtNeFNWKDX_4FBI9GPmgtmpQRSyLPk3A_M2iq9XSJdEfA_94_rY5Ln7NmAL6bufq0MzZPeyp1WjA57Zfww2Yiag78mVUaVZZqzoS5YtBWyjNqlRyxgk1hCJu4KGBeiUN2FRrr1MTnu9GqLSxqdyiqmWkvljXj94aTdozTeKCy8kXY5uTYLn_dNyctJkL6tVXQ-WAIvHfMBbgD2YE7QpA-NICU4x2r9R2LloYnqATIRJzzh62KpYFjv2VY9DHY46Xiyz3Uf881F-n?_z=3230648&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=2&pl=https%3A%2F%2Fexe.app%2FEJYyq&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: in-page-push.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Cookie: OAID=d3dc63d51df24529a522321e563ff324
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 05:00:22 GMT
content-type: image/gif
content-length: 43
x-trace-id: 7925b05cc14d1984b7530672c834c6d6
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3251
Expires: Sun, 11 Sep 2022 05:54:33 GMT
Date: Sun, 11 Sep 2022 05:00:22 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3251
Expires: Sun, 11 Sep 2022 05:54:33 GMT
Date: Sun, 11 Sep 2022 05:00:22 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3251
Expires: Sun, 11 Sep 2022 05:54:33 GMT
Date: Sun, 11 Sep 2022 05:00:22 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3251
Expires: Sun, 11 Sep 2022 05:54:33 GMT
Date: Sun, 11 Sep 2022 05:00:22 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3251
Expires: Sun, 11 Sep 2022 05:54:33 GMT
Date: Sun, 11 Sep 2022 05:00:22 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3d8bcb1-416c-44eb-ac9e-6196bed61280.jpeg

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3d8bcb1-416c-44eb-ac9e-6196bed61280.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8005 bytes)
Hash
0119f7d5458bbad12e972d04221e49ea
f05c46d74d8dfdd7fee763ec1e80e498399fffd2
eaefac45720584447a601fd90300464fbca5092117a670ac73be3b47884ba7fe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3d8bcb1-416c-44eb-ac9e-6196bed61280.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8005
x-amzn-requestid: 63121855-7f9b-4c3f-b9d3-0c3bc06c700d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3yx5HN3oAMFxxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312fe72-7edeec96509ac24b442836cb;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 07:12:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MjYVR_YRfhLgchDlWjHka0Ggdp-upZ10LFrJSMjtVnsGe4oqxSnepg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:11 GMT
age: 26411
etag: "f05c46d74d8dfdd7fee763ec1e80e498399fffd2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8092dc3d-1f2d-4e22-b40a-bf1c53ea42e6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10298 bytes)
Hash
99bd16c51d8e4853d6ee542d2ec9fb22
a9f77626875d68e1aea2516f78d491eba9969e37
b360c3c9fa12dc4f57fdbfc88fe820ecee1c049f2d43f44cd38b740513d8e9f8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8092dc3d-1f2d-4e22-b40a-bf1c53ea42e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10298
x-amzn-requestid: f2e2d57b-1f6f-401a-bf0d-ca5c05dd5e59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE-nmHBKIAMFrZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63184496-52d1369463143fc94894e347;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:13:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PRnDEhi5jnNROYiVXzfn4b_vf-OHnwO5RD38I1bLV8JEJb2gDYrqvg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:34 GMT
age: 26388
etag: "a9f77626875d68e1aea2516f78d491eba9969e37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

20 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F575cbeea-0492-4077-860e-f45cbde03214.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
data
Size
20 kB (19900 bytes)
Hash
6deb85279b21bb8b96374eb7b84625bc
2f9e3be94f80c413b5bedac0573f9106545ab697
56c52d8d5197ac60f5ece0bc235ef92739718bb2955cdb8f770d5a59b2082c58

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F575cbeea-0492-4077-860e-f45cbde03214.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6481
x-amzn-requestid: ea2eede0-9777-4af2-b5c3-71f4183e8ffc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YBrqeGcyoAMFajw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6316f30f-72e823577e73983d407fc0ef;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 07:13:19 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: OMxua15pFb1lTLQQeF0JavYDqnZdSgJb2ZJGg7fN2lWcvf0dA5lE2w==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 09:38:12 GMT
age: 69730
etag: "5d9988e20cc17fe6d1e039245e6d3093d828a5f3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7519 bytes)
Hash
bb1a86dcf94db0a29a6ebe21866766d4
b3491a6f12c97c8e1848a206a185fae29213c1e5
d05619e519fed6c0b6c0616cf540908006a68f127b25e38fb9d041dfe2546df4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7519
x-amzn-requestid: 8d8a8df6-abf5-45dd-8d78-de5ae715a9d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE_UNEoWoAMFRLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631845b4-0101ca7a09e432f305aa7066;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:18:12 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: Z0Z4IozbbythqWA7mNaqtO4NWbLi1zL2G6HmMGP0c9VqIzMugvVh_Q==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 00:00:49 GMT
age: 17973
etag: "b3491a6f12c97c8e1848a206a185fae29213c1e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a259cc7-2536-471f-9418-7af13fd48fcb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7510 bytes)
Hash
00fa4b539031363ee66c3de2238bf884
35ff2e7a501fb51de4ee133583ead600a7c91900
a2482ba3cc3f4e5825b11bc898d2f93c12dda0b16283020d7063687ad4cbb02b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a259cc7-2536-471f-9418-7af13fd48fcb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7510
x-amzn-requestid: 6063b674-d146-4549-b9fc-4ce949fbd0cf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XnTa-H89oAMFpPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630c65df-28b8f85a7daef0746b579d98;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 07:08:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -njXK9eshUEseaCCMTzcRdSqoGfBpr1uAPNbOQYp-qO876Pe1FIhLQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:54:41 GMT
age: 25541
etag: "35ff2e7a501fb51de4ee133583ead600a7c91900"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7017 bytes)
Hash
fea5dfc4a6a5093fd81899ee4a79d446
c893d7475856809a59486e0bcebd6d662d1fc56f
915fb97690be97d97cb298fc60ceb4cf7c3ed8fb437836beb2d590a8e238363c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7017
x-amzn-requestid: df5e57d7-e54c-4b5a-aa1b-a9aee889842e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_Et0oAMFSjQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-50d15bba03579a935342e22f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LsqH-LbjMGWrhYB93Qkvq2qVhqNs-3MWgrrOFzC8qPcY3fF5ujSD_g==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:54:44 GMT
age: 25538
etag: "c893d7475856809a59486e0bcebd6d662d1fc56f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

pogothere.xyz/

188.114.97.1

200 OK

0 B

URL HTTP/2
pogothere.xyz/
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exe.app/
Origin: https://exe.app
Connection: keep-alive
Cookie: csu=370915182972220@1@1662872420
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 11 Sep 2022 05:00:20 GMT
content-type: text/plain
set-cookie: csu=370915182972220@2@1662872420; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://exe.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ITEa%2BdXyfM8Qbxu1%2BrcvXyX8%2Fb7GjYjrKtBJ0jJHoqlNoRZJNZChC9E3Ry8uNRQZKQgrB3idoJ8K0InvpHn3n950OqsGrLwz9qj7wvtkYx5wEWk5Cl%2FG8HYWsntImXy9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748dd6d5cb66b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

104.21.22.169

200 OK

0 B

URL HTTP/2
tzegilo.com/stattag.js
IP
104.21.22.169:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 11 Sep 2022 05:00:21 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 708
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oiqPblORBjjjEhMr5VjsEO5qY%2BYykWmOlcgDNS5jTv54%2FiVZWay5gykZnVWKnug2vdWoL1PSxGSkm0iDV58m0y3gvLzKb7sR8YJnbKtto8hXwfLN7GcLQrm%2Bthju1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748dd6d91c030b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

188.114.97.1

200 OK

0 B

URL HTTP/2
pogothere.xyz/asd100.bin
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exe.app/
Origin: https://exe.app
Connection: keep-alive
Cookie: csu=370915182972220@1@1662872420
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 11 Sep 2022 05:00:20 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://exe.app
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 668
last-modified: Sun, 11 Sep 2022 04:49:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1g3Kv%2F2AT9YBYNDqY3knyAfoCOU5HJJ8p%2FS3nVsiWri%2FV6%2B%2BmSygkQtiw60yWRXs4iyOT8rfosYTewhK%2FmXL3gLIPtC4Qdx1XoBYoMLWJEv6CTx3igJkjY2uk7fupPM0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748dd6d5bb61b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

exe.io/EJYyq

172.67.71.40

302 Found

0 B

URL HTTP/2
exe.io/EJYyq
IP
172.67.71.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /EJYyq HTTP/1.1
Host: exe.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
date: Sun, 11 Sep 2022 05:00:20 GMT
content-type: text/html; charset=UTF-8
location: https://exe.app/EJYyq
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=becfa5cf79d12788b49b0f98009ee34b; path=/; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nVTYW6Bvg3yXsXMzsNHLqD90sJYx1aHDZXj2uEcgjlhBcXg%2By%2FfNOikELZYxClfbpPIMbpmvdhsVPb%2BzlikbABtFw%2FD4pVIr9BdmWNPYbUxNhj%2F7cjVruw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748dd6d09bc8b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

exe.app/EJYyq

172.67.136.149

200 OK

0 B

URL HTTP/2
exe.app/EJYyq
IP
172.67.136.149:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /EJYyq HTTP/1.1
Host: exe.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sun, 11 Sep 2022 05:00:20 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
set-cookie: AppSession=48f737444d2f8cd9c117ac07882c14bd; path=/; HttpOnly
csrfToken=850c7fcb50d950962c942d06728aa53a5425c697094495b913eccefea65f075127b976029d97ca2d4896683e3ecf83fcaf1c380fb47fe6032603f67043beab5d; path=/; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MIxxFaqhdQk39dmBOPVPNU3SBFhJZeeUIG00jrg6MKIOHYnEJv2OpKy8D7KcSJBVy%2BGCbdi7h%2BqkZIPLKBXr6w9uuyHfJcdEawe9iUOOw6wETD7doVi%2B6xi9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748dd6d18d38b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Open+Sans:300,400,400italic,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exe.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 11 Sep 2022 05:00:20 GMT
date: Sun, 11 Sep 2022 05:00:20 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML