gestyy.com Open in urlscan Pro
104.26.8.155 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://gestyy.com/egVOOJ
Submission: On September 26 via manual (September 26th 2023, 3:19:36 pm UTC) from TH — Scanned from CH

Summary HTTP 87 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 36 IPs in 8 countries across 37 domains to perform 87 HTTP transactions. The main IP is 104.26.8.155, located in United States and belongs to CLOUDFLARENET, US. The main domain is gestyy.com. The Cisco Umbrella rank of the primary domain is 779919.

This is the only time gestyy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	104.26.8.155 104.26.8.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	216.58.212.142 216.58.212.142	15169 (GOOGLE) (GOOGLE)
2	142.250.185.234 142.250.185.234	15169 (GOOGLE) (GOOGLE)
3	104.26.6.218 104.26.6.218	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	52.222.232.60 52.222.232.60	16509 (AMAZON-02) (AMAZON-02)
10	139.45.197.250 139.45.197.250	9002 (RETN-AS) (RETN-AS)
1	95.216.206.230 95.216.206.230	24940 (HETZNER-AS) (HETZNER-AS)
3	23.109.82.11 23.109.82.11	7979 (SERVERS-COM) (SERVERS-COM)
3	142.250.186.104 142.250.186.104	15169 (GOOGLE) (GOOGLE)
2	142.250.185.67 142.250.185.67	15169 (GOOGLE) (GOOGLE)
1	104.26.5.107 104.26.5.107	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	172.64.97.14 172.64.97.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.65.39.78 18.65.39.78	16509 (AMAZON-02) (AMAZON-02)
3	18.65.39.33 18.65.39.33	16509 (AMAZON-02) (AMAZON-02)
4	172.67.204.112 172.67.204.112	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	157.240.251.35 157.240.251.35	32934 (FACEBOOK) (FACEBOOK)
4 6	142.250.186.173 142.250.186.173	15169 (GOOGLE) (GOOGLE)
3	185.162.85.1 185.162.85.1	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2	185.162.85.20 185.162.85.20	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2	172.255.6.131 172.255.6.131	7979 (SERVERS-COM) (SERVERS-COM)
1	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
4	23.109.248.47 23.109.248.47	7979 (SERVERS-COM) (SERVERS-COM)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1 1	104.21.85.99 104.21.85.99	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	216.239.34.36 216.239.34.36	15169 (GOOGLE) (GOOGLE)
1	142.250.184.228 142.250.184.228	15169 (GOOGLE) (GOOGLE)
1	172.217.18.99 172.217.18.99	15169 (GOOGLE) (GOOGLE)
1 1	23.109.150.205 23.109.150.205	7979 (SERVERS-COM) (SERVERS-COM)
1	51.195.5.185 51.195.5.185	16276 (OVH) (OVH)
1 1	23.109.150.155 23.109.150.155	7979 (SERVERS-COM) (SERVERS-COM)
1 2	198.134.116.29 198.134.116.29	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
2	45.133.44.32 45.133.44.32	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
1 1	172.67.74.33 172.67.74.33	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	139.45.197.238 139.45.197.238	9002 (RETN-AS) (RETN-AS)
1 1	109.206.162.121 109.206.162.121	50245 (SERVEREL-AS) (SERVEREL-AS)
1	104.21.234.72 104.21.234.72	() ()
1	142.91.159.157 142.91.159.157	7979 (SERVERS-COM) (SERVERS-COM)
87	36

7 104.26.8.155 (United States)

ASN13335 (CLOUDFLARENET, US)

gestyy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.142 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f142.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.26.6.218 (United States)

ASN13335 (CLOUDFLARENET, US)

static.sh.st	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.222.232.60 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-232-60.fra56.r.cloudfront.net

d3t3z4teexdk2r.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 139.45.197.250 (Ascension Island)

ASN9002 (RETN-AS, GB)

ptauxofi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.216.206.230 (Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.230.206.216.95.clients.your-server.de

ubbfpm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.109.82.11 (Netherlands)

ASN7979 (SERVERS-COM, US)

ja.rewashwudu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.104 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.5.107 (United States)

ASN13335 (CLOUDFLARENET, US)

analytics.shorte.st	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.64.97.14 (United States)

ASN13335 (CLOUDFLARENET, US)

pogothere.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.65.39.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-39-78.ams1.r.cloudfront.net

ejuiashsateampl.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.65.39.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-39-33.ams1.r.cloudfront.net

ejuiashsateampl.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.67.204.112 (United States)

ASN13335 (CLOUDFLARENET, US)

andhthrewdow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.251.35 (United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-fra5.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.173 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f13.1e100.net

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.162.85.1 (Moldova)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

xngqoc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.162.85.20 (Moldova)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

prhzxq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.255.6.131 (Netherlands)

ASN7979 (SERVERS-COM, US)

jurorstalar.uno	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.34 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.109.248.47 (Netherlands)

ASN7979 (SERVERS-COM, US)

sirossvanish.uno	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (Ascension Island)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.85.99 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

andhthrewdow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.114.96.3 (Italy)

ASN13335 (CLOUDFLARENET, US)

xdiwbc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.34.36 (Los Gatos, United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f3.1e100.net

www.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.109.150.205 (Netherlands) 1 redirects

ASN7979 (SERVERS-COM, US)

vickykilled.cfd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.195.5.185 (France)

ASN16276 (OVH, FR)
PTR: eu5.static1.gglx.me

intendrebend.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.109.150.155 (Netherlands) 1 redirects

ASN7979 (SERVERS-COM, US)

viewyentreat.guru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.134.116.29 (Garden City, United States) 1 redirects

ASN27257 (WEBAIR-INTERNET, US)

xml.yellow-resultsbidder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (Dallas, United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

static.servingserved.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.133.44.32 (Turkey)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

i.wmgtr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.74.33 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ads.shorte.st	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.238 (Ascension Island)

ASN9002 (RETN-AS, GB)

shorteh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.206.162.121 (Netherlands) 1 redirects

ASN50245 (SERVEREL-AS, US)
PTR: 121.162.serverel.net

icdns.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.234.72 (None, )

ASN- ()

imcdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.91.159.157 (Netherlands)

ASN7979 (SERVERS-COM, US)

scarpeweevily.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	ptauxofi.net ptauxofi.net — Cisco Umbrella Rank: 263807	60 KB
7	google.com 4 redirects accounts.google.com — Cisco Umbrella Rank: 71 www.google.com — Cisco Umbrella Rank: 11	3 KB
7	gestyy.com gestyy.com — Cisco Umbrella Rank: 779919	40 KB
5	andhthrewdow.com 1 redirects andhthrewdow.com	2 KB
5	ejuiashsateampl.info ejuiashsateampl.info	7 KB
4	sirossvanish.uno sirossvanish.uno — Cisco Umbrella Rank: 46858	5 KB
4	pogothere.xyz pogothere.xyz — Cisco Umbrella Rank: 19033	202 KB
4	cloudfront.net d3t3z4teexdk2r.cloudfront.net	117 KB
3	xngqoc.com xngqoc.com — Cisco Umbrella Rank: 48346	97 B
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 111	213 KB
3	rewashwudu.com ja.rewashwudu.com — Cisco Umbrella Rank: 952960	149 KB
3	sh.st static.sh.st — Cisco Umbrella Rank: 993398	115 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 96 region1.google-analytics.com — Cisco Umbrella Rank: 1878	21 KB
2	wmgtr.com i.wmgtr.com — Cisco Umbrella Rank: 13217	34 KB
2	yellow-resultsbidder.com 1 redirects xml.yellow-resultsbidder.com — Cisco Umbrella Rank: 55165	201 B
2	xdiwbc.com xdiwbc.com — Cisco Umbrella Rank: 121236	4 KB
2	jurorstalar.uno jurorstalar.uno — Cisco Umbrella Rank: 17115	2 KB
2	prhzxq.com prhzxq.com — Cisco Umbrella Rank: 43092	601 B
2	shorte.st 1 redirects analytics.shorte.st ads.shorte.st	754 B
2	gstatic.com fonts.gstatic.com	95 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 113	2 KB
1	scarpeweevily.top scarpeweevily.top — Cisco Umbrella Rank: 179856	10 KB
1	imcdn.co imcdn.co	6 KB
1	icdns.net 1 redirects icdns.net — Cisco Umbrella Rank: 14483	186 B
1	shorteh.com shorteh.com	514 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 969	15 KB
1	servingserved.com static.servingserved.com — Cisco Umbrella Rank: 51097	7 KB
1	viewyentreat.guru 1 redirects viewyentreat.guru — Cisco Umbrella Rank: 18550	1 KB
1	intendrebend.top intendrebend.top — Cisco Umbrella Rank: 22815	6 KB
1	vickykilled.cfd 1 redirects vickykilled.cfd — Cisco Umbrella Rank: 33500	1 KB
1	google.ch www.google.ch — Cisco Umbrella Rank: 18208	455 B
1	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 6646	540 B
1	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 66	2 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 109
1	ubbfpm.com ubbfpm.com — Cisco Umbrella Rank: 231817	197 KB
0	nr-data.net Failed bam.nr-data.net Failed
0	Failed function sub() { [native code] }. Failed
87	37

	Domain	Requested by
10	ptauxofi.net	gestyy.com ptauxofi.net
7	gestyy.com	gestyy.com static.sh.st
6	accounts.google.com	4 redirects gestyy.com
5	andhthrewdow.com	1 redirects gestyy.com
5	ejuiashsateampl.info	d3t3z4teexdk2r.cloudfront.net
4	sirossvanish.uno	ja.rewashwudu.com
4	pogothere.xyz	d3t3z4teexdk2r.cloudfront.net
4	d3t3z4teexdk2r.cloudfront.net	gestyy.com ejuiashsateampl.info
3	xngqoc.com	ubbfpm.com
3	www.googletagmanager.com	gestyy.com www.googletagmanager.com www.google-analytics.com
3	ja.rewashwudu.com	gestyy.com ja.rewashwudu.com
3	static.sh.st	gestyy.com
2	i.wmgtr.com	gestyy.com
2	xml.yellow-resultsbidder.com	1 redirects ja.rewashwudu.com
2	xdiwbc.com	ubbfpm.com
2	jurorstalar.uno	ja.rewashwudu.com
2	prhzxq.com	ubbfpm.com
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	client ja.rewashwudu.com
2	www.google-analytics.com	gestyy.com www.google-analytics.com
1	scarpeweevily.top	gestyy.com
1	imcdn.co	gestyy.com
1	icdns.net	1 redirects
1	shorteh.com	static.sh.st
1	ads.shorte.st	1 redirects
1	js-agent.newrelic.com	gestyy.com
1	static.servingserved.com
1	viewyentreat.guru	1 redirects
1	intendrebend.top
1	vickykilled.cfd	1 redirects
1	www.google.ch	gestyy.com
1	www.google.com	gestyy.com
1	region1.google-analytics.com	www.googletagmanager.com
1	my.rtmark.net	gestyy.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	www.facebook.com	gestyy.com
1	analytics.shorte.st	static.sh.st
1	ubbfpm.com	gestyy.com
0	bam.nr-data.net Failed	js-agent.newrelic.com
0	cuid Failed	ja.rewashwudu.com
87	40

This site contains links to these domains. Also see Links.

Domain
shorte.st

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
ptauxofi.net R3	`2023-08-28` - `2023-11-26`	3 months	crt.sh
ubbfpm.com R3	`2023-09-26` - `2023-12-25`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-28` - `2024-02-27`	a year	crt.sh
ejuiashsateampl.info Amazon RSA 2048 M01	`2023-09-21` - `2024-10-19`	a year	crt.sh
andhthrewdow.com GTS CA 1P5	`2023-09-13` - `2023-12-12`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-07-07` - `2023-10-03`	3 months	crt.sh
xngqoc.com R3	`2023-08-29` - `2023-11-27`	3 months	crt.sh
prhzxq.com R3	`2023-07-18` - `2023-10-16`	3 months	crt.sh
jurorstalar.uno R3	`2023-09-16` - `2023-12-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
rtmark.net R3	`2023-07-25` - `2023-10-23`	3 months	crt.sh
xdiwbc.com GTS CA 1P5	`2023-08-04` - `2023-11-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.google.ch GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
i.wmgtr.com R3	`2023-08-23` - `2023-11-21`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
shorteh.com R3	`2023-09-08` - `2023-12-07`	3 months	crt.sh

This page contains 11 frames:

Primary Page: http://gestyy.com/egVOOJ
Frame ID: F0D9C820FB158E28299DBA6D2F7AE9BB
Requests: 63 HTTP requests in this frame

Frame: http://ejuiashsateampl.info/WTJ5WVg4UBo0ZzgPG38tK15EfGofF0sfPGpGSiNsLVccITwyAAt3OzVdDD0+K10XLXY3Vw18ah8ELwE0EX0uCGofWxU/DyB3KBAvC1YgaSxqcy9oIhxIKw4bMGQ8F2k+QDEyYBZQOxs2CkoaFQ0YAjMADWlXNAwKaHoOPmgfSzgcCTNzIRMZC2QaIT8zZUg1MAFINxMbIwc8EDRhfDYYLzRkKDoxGnU/FBoOVSwSHRR8NgsNNHo/AAwNdRITCQ5WMztobXw2IWg2ZhE9LwoBHQEdEXA1PS8xZxxpNDBxEAMvCgEdFhwNRik6ICFqP2ggaHErITINZVRtOw9fLAAWaVkwFBltWy4uYGF2LhAUEF87EjsbViEAaSEDOgwvfAA7HAwXZzoRGhVwOyEPA2AsLA0+dA4Kaz1XOA0BCnk7GxoDAhIyDQtrTx8bEFEvMRYbVBE9DTwCSGkZDwNODTYMUS80DRJ4FWEeE0o7MBsgeB4KNhhqL2sWP38eCw5/WAo2NikPCTgXEgQwDCxrAClrbAFC
Frame ID: E175C906A7892746EC21F82687B7754E
Requests: 2 HTTP requests in this frame

Frame: http://ejuiashsateampl.info/NjE4OGRXU1tVW1cMWh4RRF0FHVZwFAp+AAVFC0JQQlRdQABdA0oWB1peTVwCRF5WTEpYVEwdVnAHbVUXQWRwcRx0dwwKMGVoe24jB31ifg93UG16VHdkdR1WcHl7cjNhVnFsNFFGenImRVR6UD1dcnxiM3dfYV0pQWdgWjJnAnpuKkJgC2kvYHVyaD5dAH51MQ4UCn4mc14NcA4Cen5vLQZrCG0lUmR6UTUGUg1wIG90akEqbmh+TAF8d1xfM0F3X2AjfH55QC5uaH5MLHljQFM8TmdSdSxSa3l7DHNrU3Eyb1pxQiMGcAB+HWN+bVIXVHtTDCdwWlxQPHQcDVI2flVieSxRa3dQXVJhflwDfXNuUTVcBXtvHmBpYX4Qbn9qfVF0c1QJNXF4cW8nf1VoT1BgaFJqFWNZDV88cWtheyNaUmJuD2BoU3EMdV1hQCVyRXd5DGx5YW4TU2gIalR+VglQQlxCV1YUC1tqWQhRAExRKFs
Frame ID: 486B12645FFE7C8334F09A593F2FE1B4
Requests: 2 HTTP requests in this frame

Frame: http://ejuiashsateampl.info/Vlg3a0o3OlQGdTdlVU0/JDQKTngQfQUtLmUsBBF+Ij1SEy49akVFKTo3Qg8sJDdZH2Q4PUNOeBA9VgYyAztxDAAXIlg8EC5scSYPZzBvWhw6CWApBxQxVA0EPihlLR89EnICEx4bdiEvBTF2IBoQPFIIIiFtdSo+Jg5dWw8SalspLDErfiUhZytjKS09EE0lEhUMfjEEBGB5JAgbLnBbJT4dYD4CFyEDMQQXAXkIHx89b1sAPQ5gGysEG3oxBDFscyI9GGFgLT1gGn9aEw4fYSouOih9MTAcYWAtPTwfYzEpARBxLw09YVIxCz4tbwAcLglaDAYeGxo6KQYKByEEPitPIyE6NXkGewwPBBsONDMODhAQP00qIjFtfyN7DxQELQk3GW4tGi4ODjwMISJxPzkUGQRaHDc0WDsaFxEEKT06IGYDfwUObxsLMjQCDSgTNAUzHGMgZgYtDBxjIhgdP3khEDwCQzwcIm5mWX8bH2AHCHAyRAQkJmV2UhsuEmQTEGI
Frame ID: 45FB36CFC2986BF883F1526D4E37E428
Requests: 2 HTTP requests in this frame

Frame: https://intendrebend.top/g/7c/71/7c7157d2cc3b2ab0459792419f85c177080b7b84.png
Frame ID: 7B4E8E6C64EA26160DE78B87FD9D1D48
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: E3441D2D0687F304A2F8A5351A6985DF
Requests: 1 HTTP requests in this frame

Frame: http://static.servingserved.com/n337/ad/192x192_pYWkl9DJl9pxqiRAbJaL.jpeg
Frame ID: 0D10FD86D5B753D45EDB6EEB6B903429
Requests: 1 HTTP requests in this frame

Frame: https://i.wmgtr.com/cic/iwnCbtLveBoH_qd59IDzad7l-L8yHmAF.png
Frame ID: 96719CE83E58A46AB9658FD21C5586C4
Requests: 1 HTTP requests in this frame

Frame: https://i.wmgtr.com/cic/IakVmspii6fVCJn2Ch-hds0ZLEP-lwzy.png
Frame ID: D6331D1AA53851DEC93C2D90E639716F
Requests: 1 HTTP requests in this frame

Frame: https://shorteh.com/afu.php?zoneid=1241630
Frame ID: ADD2CBAB42D73BDB65EA5483DC426BFD
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800
Frame ID: 050D5334058D0476644A974154985D05
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Earn money on short links. Make short links and earn the biggest money - shorte.stsawssad-ninja-vector-full-export-v2

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

87
Requests

54 %
HTTPS

0 %
IPv6

37
Domains

40
Subdomains

36
IPs

8
Countries

1314 kB
Transfer

2532 kB
Size

17
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://shorte.st/?utm_source=shst&utm_medium=intermediate&utm_campaign=logo

Search URL Search Domain Scan URL

URL: https://shorte.st/
Title: Shorten urls and earn money

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 27

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhd7iJNx2mbzbs8zPgf4jLkbg2dP_Hpzvj856U-rjzpRN1ynqM70z49Jhzc0MooFNFWcb3lQIw HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdD-v07rV71hjFy7t7BfcIuNlaGdgWJdDZWR6fsT926Ktr6H1eSFEfr74sfVM4Kl7qT2Zf0&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S923462713%3A1695741570167029&theme=glif

Request Chain 28

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVheHnsz0iz9ANKQO99cdUgaeSzzpw_MlVpyAFNh0Pp2uSEuRNeRpTJ8gT5Fhw7RyEg5863BM_A HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcWj7VQvnpnqDn3rduVNF5odfzTFZ2La2YViLign8p11DQPlcb-W8V0dc2lFgMcZgz4ho_P&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1308525985%3A1695741570159871&theme=glif

Request Chain 55

http://andhthrewdow.com/popunder.gif HTTP 301
https://andhthrewdow.com/popunder.gif

Request Chain 64

https://vickykilled.cfd/tsk/pDHGGoK8gcBDOGiyDw_5qxRKFV4tAoIbK53bsz7Yca0iUYxO3UvllhVuittAce4p2wirjiiwzleq_zlybapuQZqs9kmpHYacwVFeEMnIAIM HTTP 302
https://intendrebend.top/g/7c/71/7c7157d2cc3b2ab0459792419f85c177080b7b84.png

Request Chain 69

https://viewyentreat.guru/tsk/VkjHzDfkqN8cL73rZlMUksS2M6WfTHpM87Cb2yzeQoQeu22kdV9T8Anzqa6z2IXxxsx8GzI*xrZEcYa42MQ6iMgulM2boNB7CDn1s60gs98 HTTP 302
http://xml.yellow-resultsbidder.com/thumbnail?i=rHO1airIwL0_0&imgt=icon HTTP 302
http://static.servingserved.com/n337/ad/192x192_pYWkl9DJl9pxqiRAbJaL.jpeg

Request Chain 76

http://ads.shorte.st/ads.php?key=2ea5b261f06ca771033a5fa9e22493f1&width=1024&height=768&ch=1&cp.dest_domain=zabbetclub.com&cp.oid=1&cp.referrer=&cp.locked=0&cp.proxy=0&cp.quarantine_status=1&cp.vno=1&cp.enc_url=G8AS5D6Mxf4vy3Xj6JBjfedqF0YkCVxildyVVF358rc=&cp.asid=d5778c256b6f5fa8273356e0cd3acc31527e9ff4&title=&description=&keywords=&captcha_verified=0 HTTP 302
https://shorteh.com/afu.php?zoneid=1241630

Request Chain 83

https://icdns.net/b2/c/i/icon?cid=1&did=e1FQVUw&eid=622&nid=1&sid=3304215227EXxsXPTO&ts=1695741573&ttl=43200&v=v5.8.2 HTTP 302
https://imcdn.co/Xv0wX40qH9EyRn4SOKJSK9OY5v1zcCOuqvfMFe0r.png

87 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request egVOOJ Show response
gestyy.com/ 90 KB
35 KB 586ms
260ms Document
text/html 104.26.8.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://gestyy.com/egVOOJ

Protocol

HTTP/1.1

Server

104.26.8.155 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/5.6.40-0+deb8u16

Resource Hash

b4a9aa20efa10d587f887e2a7f85a60217fe77c179e2fa9d697309baafb989e7

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
CF-RAY: 80cc7c304e10bae2-MXP
Cache-Control: no-cache
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 26 Sep 2023 15:19:25 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ER3NDSui8SWJhewdyroV4N2IZ4xq%2BasJTcy6y2ZI%2BGx8%2B1DNHFgCaz1HOwlD%2FJZ8IqKmXVd6M0QO7xoYf%2FPv8ax%2FySS2kmpkVJbzG4YPunsONxajd58Gt%2BPXdwY%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: DENY
X-Powered-By: PHP/5.6.40-0+deb8u16
X-Server-ID: shn06
X-UA-Compatible: IE=Edge

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

52 KB
21 KB

1392ms
579ms

Script
text/javascript

216.58.212.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: gestyy.com
URL: http://gestyy.com/egVOOJ

Protocol

Server

216.58.212.142 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f142.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 26 Sep 2023 13:44:21 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5705
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 26 Sep 2023 15:44:21 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2 200 css
fonts.googleapis.com/ 3 KB
983 B 1246ms
576ms Stylesheet
text/css 142.250.185.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway:400,700

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f10.1e100.net

Software

ESF /

Resource Hash

c3c736b80c318c7323b9f2b6a3b2ddd6e78e5aeeed7e9d648c6b1d7e97691024

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 26 Sep 2023 15:19:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 26 Sep 2023 15:04:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 26 Sep 2023 15:19:26 GMT

GET
H/1.1 200
OK tracking.gif
gestyy.com/bundles/advertisement/img/ 0
731 B 373ms
366ms Image
image/gif 104.26.8.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://gestyy.com/bundles/advertisement/img/tracking.gif?test=d5778c256b6f5fa8273356e0cd3acc31527e9ff4
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: HTTP/1.1
Server: 104.26.8.155 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/egVOOJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 15:19:27 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 0
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 29 Jun 2022 08:56:54 GMT
Server: cloudflare
ETag: "62bc13d6-0"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qvvgm9zOgqp%2FJKgzseXTsRX78RdsHwlbf2vVCJXtqLocyiRIX75skLUYUgeNNu87Nqb1LKd9E26jjj3ZgiJy572U03hDRbWDUob6d4yb1zJjWnMq%2FAauqk23MzQ%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Access-Control-Allow-Origin: *
X-Server-ID: shn01
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 80cc7c39ca83bae2-MXP

GET
H/1.1 200
OK advertisement-tracking-1.gif
gestyy.com/bundles/smeweb/img/ 43 B
761 B 450ms
443ms Image
image/gif 104.26.8.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://gestyy.com/bundles/smeweb/img/advertisement-tracking-1.gif?t=1695741565
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: HTTP/1.1
Server: 104.26.8.155 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/egVOOJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 15:19:27 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 43
X-UA-Compatible: IE=Edge
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EPlkwLKMHmcmYfw0zJFwwL1YJIrzUTPbGOHAZ5LMYIIGsKtc420ApnYwHqOqr7Sd%2B%2BcWrUQNO1%2FF%2FCjel1okxEfSXB0LF1KDrOkFrJhBlO2EEYGr1%2BjJNap6d7w%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Access-Control-Allow-Origin: *
X-Server-ID: shn07
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 80cc7c39cc21bad9-MXP

GET
H/1.1 200
OK tracking-1.gif
gestyy.com/bundles/smeweb/img/ 43 B
753 B 689ms
381ms Image
image/gif 104.26.8.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://gestyy.com/bundles/smeweb/img/tracking-1.gif?t=1695741565
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: HTTP/1.1
Server: 104.26.8.155 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/egVOOJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 15:19:27 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 43
X-UA-Compatible: IE=Edge
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OTRYgI2OkL2wM8udixY84uNoTTTrRHQrz5NZ4uFHQIS4QJfrE6rjWww6hUFo5wnaMcVPr439Uv0BmnAC45DBJR67wiqzlE1%2FZlc3Q6kEaH4uC6qJlwQa8I9vEF8%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Access-Control-Allow-Origin: *
X-Server-ID: shn07
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 80cc7c3c2eaf0d6d-MXP

GET
H/1.1 200
OK logo1707.png
static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/ 6 KB
7 KB 581ms
255ms Image
image/png 104.26.6.218
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: HTTP/1.1
Server: 104.26.6.218 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 15:19:27 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 68531
Connection: keep-alive
Content-Length: 6226
X-UA-Compatible: IE=Edge
Last-Modified: Fri, 17 Jul 2015 13:29:04 GMT
Server: cloudflare
ETag: "55a90320-1852"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qtp0R64FiyofEJow%2FWkK8Vl3zoPVl65FxW%2BwbpMEkkG%2FpHqxguquRkaGaxIt3C%2Byx8W1dtK0KVhAOgbixhtq7YysaDXZAoG4JtUKHETKXrQAmefNbAMLy4xK9uhpJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
X-Server-ID: shn05
Cache-Control: max-age=86400
Accept-Ranges: bytes
CF-RAY: 80cc7c3c2f4c5238-MXP
Expires: Tue, 26 Sep 2023 20:17:16 GMT

GET
H/1.1 200
OK interstitial-page.js Show response
static.sh.st/js/packed/ 79 KB
25 KB 586ms
257ms Script
application/javascript 104.26.6.218
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: HTTP/1.1
Server: 104.26.6.218 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88bb3be0111402f5ca81aaa36cbf7c4a2755099c5d0446831331e1d1d8e7a1ef

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 15:19:27 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 12177
Cf-Polished: origSize=102880
Transfer-Encoding: chunked
Connection: keep-alive
X-UA-Compatible: IE=Edge
Cf-Bgj: minify
Last-Modified: Wed, 29 Jun 2022 08:57:49 GMT
Server: cloudflare
ETag: W/"62bc140d-191e0"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f74%2BjHPGB90TEKMDhFeTlIz86ck6kjhYI8Kg5K1G65K7d1PmUuNX4aKugUTK1Z%2BV01kGvBon2%2FvFzrNqijejTuWEt25My91UZLsNZPptAgXGnnYLdq9IS%2BBtKaJ0xA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
X-Server-ID: shn03
Cache-Control: max-age=86400
CF-RAY: 80cc7c3c29ef0dc5-MXP
Expires: Wed, 27 Sep 2023 11:56:30 GMT

GET
H/1.1 200
OK / Show response
d3t3z4teexdk2r.cloudfront.net/ 354 KB
115 KB 782ms
455ms Script
text/plain 52.222.232.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: HTTP/1.1
Server: 52.222.232.60 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-232-60.fra56.r.cloudfront.net
Software: /
Resource Hash: 852f7b7dd6d7923234a1d32b6887439c5147ebc6e327fec569f07fc2a2c58007

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 26 Sep 2023 15:19:27 GMT
Content-Encoding: gzip
Via: 1.1 82386e4e4f56a0c01411d1aea6f3fd46.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P4
X-Cache: Miss from cloudfront
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Connection: keep-alive
Content-Length: 117494
X-Amz-Cf-Id: MwMUEiYPBn9futxi_1ttqR341GhqUe-NT1bcx0iQVabotGqkaOxJXA==

GET
H2 200 tag.min.js Show response
ptauxofi.net/pfe/current/ 13 KB
6 KB 843ms
166ms Script
application/javascript 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ptauxofi.net/pfe/current/tag.min.js?z=4157053
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e58b4c163cb14f66ced74ce6a9fe37321b148a519af57a516335fc09851b0dcd

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 15:19:27 GMT
content-encoding: gzip
last-modified: Mon, 18 Sep 2023 12:11:16 GMT
server: nginx
etag: W/"65083e64-33d2"
content-type: application/javascript
cache-control: no-cache
access-control-allow-credentials: true

GET
H/1.1 200
OK inpage.js Show response
ubbfpm.com/ms/1102360/ 196 KB
197 KB 1150ms
459ms Script
application/javascript 95.216.206.230
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ubbfpm.com/ms/1102360/inpage.js

Requested by

Host: gestyy.com
URL: http://gestyy.com/egVOOJ

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

95.216.206.230 , Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.230.206.216.95.clients.your-server.de

Software

nginx /

Resource Hash

37800f9f2bb9d6543c17667dca9695da535d5b01fcf095db9d20d9782f1d22d0

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 15:19:27 GMT
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin
Last-Modified: Fri, 21 Apr 2023 15:45:14 GMT
Server: nginx
X-Permitted-Cross-Domain-Policies: none
ETag: "6442af8a-31022"
X-Download-Options: noopen
X-Frame-Options: sameorigin
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 200738
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 46223 Show response
ja.rewashwudu.com/fmwhVStpL4dxap/ 479 KB
147 KB 579ms
474ms Script
application/javascript 23.109.82.11
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

http://ja.rewashwudu.com/fmwhVStpL4dxap/46223

Requested by

Host: gestyy.com
URL: http://gestyy.com/egVOOJ

Protocol

HTTP/1.1

Server

23.109.82.11 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

32a72f2577fe6cc44c505a8215e48edcb84d3f48cea5b5b9a32ac4b7cefe02f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 15:19:27 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: http://gestyy.com
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Credentials: true
Vary: Accept-Encoding
Keep-Alive: timeout=20
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 156 KB
58 KB 837ms
266ms Script
application/javascript 142.250.186.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ

Requested by

Host: gestyy.com
URL: http://gestyy.com/egVOOJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

6ebd4dce73d9310e592cc8a46b8dd673770f8c1f6cac54913f23b50c8a3fc7ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:27 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58808
x-xss-protection: 0
last-modified: Tue, 26 Sep 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 26 Sep 2023 15:19:27 GMT

GET
H/1.1 200
OK widget-sprite.png
static.sh.st/bundles/smeweb/img/ 83 KB
83 KB 571ms
262ms Image
image/png 104.26.6.218
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: HTTP/1.1
Server: 104.26.6.218 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 15:19:27 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 15211
Connection: keep-alive
Content-Length: 84545
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 29 Jun 2022 08:56:53 GMT
Server: cloudflare
ETag: "62bc13d5-14a41"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FDBmFgOVtaCXy5B4SJqdAeiCV6E9ysrqqucEqZ4LpabhzfYl8KoFJ55%2BUnY4Gkq4EaxfU4YHqQrEWLKzWoFk0WrnoONGER%2F%2BZFHDRjj63Qmpm4gUExwAJ0bTnfIfjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
X-Server-ID: shn01
Cache-Control: max-age=86400
Accept-Ranges: bytes
CF-RAY: 80cc7c3c3c252bc5-FRA
Expires: Wed, 27 Sep 2023 11:05:56 GMT

GET
H2 200 1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v29/ 47 KB
48 KB 758ms
81ms Font
font/woff2 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v29/1Ptug8zYS_SKggPNyC0ITw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

sffe /

Resource Hash

8cbc049ddbd7ca67068451ce754401833499959c4c6ed7b98f664d42e0597808

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://gestyy.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 18:18:24 GMT
x-content-type-options: nosniff
age: 421263
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48208
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 Sep 2024 18:18:24 GMT

OPTIONS
H/1.1 403
Forbidden displayed
analytics.shorte.st/ Frame 0
0 692ms
366ms Preflight
text/html 104.26.5.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://analytics.shorte.st/displayed

Protocol

HTTP/1.1

Server

104.26.5.107 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Access-Control-Request-Headers: x-requested-with
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

CF-RAY: 80cc7c41ea632bfc-FRA
Cache-Control: max-age=15
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 26 Sep 2023 15:19:28 GMT
Expires: Tue, 26 Sep 2023 15:19:43 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Referrer-Policy: same-origin
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A7TPdlflkq4OaXigzJxjcISg7y4X9EbJXCTy81CE8I0OYDjrz0A5G1iohg%2FI7JmVbkZrF1viG4nzi5FiAaREUXdktreXbHJr1lENY6V4cqt%2BdA7HNv4iVkT2EshwJ0GaXggXIgM%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

POST displayed
analytics.shorte.st/ 0
0

GET
H2 200 asd100.bin Show response
pogothere.xyz/ 100 KB
101 KB 394ms
147ms Fetch
binary/octet-stream 172.64.97.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/asd100.bin
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.97.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2096
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 26 Sep 2023 14:44:32 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: http://gestyy.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8yd4vBiObNi427YACp%2BxlulUZ2O%2FlDJopgkFAbUrbG%2Bijy4n0cPOIkc62lTx%2Fce54sWmMYZcoOZSG4A4UuowjQtwbi1lm%2BVs9OQChQxaPhTHNw2eNaTu2OIwAo%2FC1241"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 80cc7c45cfcabb35-FRA
access-control-allow-headers: X-Requested-With, content-type

GET
H2 200 / Show response
pogothere.xyz/ 27 B
353 B 1253ms
1006ms Fetch
text/plain 172.64.97.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.97.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b38dddf40fd9ddd9015c53fb6cc03a0a02ee28b6995689465b95b22024b4a00

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:29 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2BN9v4KuHTQk7ZYdGm48JOmOdXPi6%2B%2BJ00Yxa6U6P0KGRk8MPvwcRkdNlelM1XtvUkpeDvkOU%2BkuAvscTjGXCXOqOur62fqjoRR%2F8anEuE3oV4Krx0hWSovIyKX5p3sC"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
access-control-allow-origin: http://gestyy.com
content-type: text/plain
access-control-allow-credentials: true
cf-ray: 80cc7c45cfcbbb35-FRA
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400

GET
H2 204 utx Show response
ejuiashsateampl.info/ 0
533 B 523ms
204ms XHR
text/plain 18.65.39.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ejuiashsateampl.info/utx?cb=roV93tzWjIzc&top=gestyy.com&tid=962089
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.39.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-39-78.ams1.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 15:19:29 GMT
via: 1.1 045d55468661252b6be78e701e36b492.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-amz-cf-pop: AMS1-P1
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: http://gestyy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: B9dhxpm9sRadWciDp29H-fFldcKQqUHTWqPYI0_h950V2LmHjkWkdA==

GET
H/1.1 200
OK WAo2NikPCTgXEgQwDCxrAClrbAFC Show response
ejuiashsateampl.info/WTJ5WVg4UBo0ZzgPG38tK15EfGofF0sfPGpGSiNsLVccITwyAAt3OzVdDD0+K10XLXY3Vw18ah8ELwE0EX0uCGofWxU/DyB3KBAvC1YgaSxqcy9oIhxIKw4bMGQ8F2k+QDEyYBZQOxs2CkoaFQ0YAjMADWlXNAwKaHoOPmgfSzgcCTNz... Frame E175 3 KB
2 KB 344ms
337ms Document
text/html 18.65.39.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ejuiashsateampl.info/WTJ5WVg4UBo0ZzgPG38tK15EfGofF0sfPGpGSiNsLVccITwyAAt3OzVdDD0+K10XLXY3Vw18ah8ELwE0EX0uCGofWxU/DyB3KBAvC1YgaSxqcy9oIhxIKw4bMGQ8F2k+QDEyYBZQOxs2CkoaFQ0YAjMADWlXNAwKaHoOPmgfSzgcCTNzIRMZC2QaIT8zZUg1MAFINxMbIwc8EDRhfDYYLzRkKDoxGnU/FBoOVSwSHRR8NgsNNHo/AAwNdRITCQ5WMztobXw2IWg2ZhE9LwoBHQEdEXA1PS8xZxxpNDBxEAMvCgEdFhwNRik6ICFqP2ggaHErITINZVRtOw9fLAAWaVkwFBltWy4uYGF2LhAUEF87EjsbViEAaSEDOgwvfAA7HAwXZzoRGhVwOyEPA2AsLA0+dA4Kaz1XOA0BCnk7GxoDAhIyDQtrTx8bEFEvMRYbVBE9DTwCSGkZDwNODTYMUS80DRJ4FWEeE0o7MBsgeB4KNhhqL2sWP38eCw5/WAo2NikPCTgXEgQwDCxrAClrbAFC
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: HTTP/1.1
Server: 18.65.39.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-39-33.ams1.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: a9b458069d6e75e212f4a8b6e1a1666fd191f30e3c699a35ffb077efe2cf0cb2

Request headers

Referer: http://gestyy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
Connection: keep-alive
Content-Length: 1237
Content-Type: text/html
Date: Tue, 26 Sep 2023 15:19:28 GMT
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Server: openresty/1.17.8.2
Via: 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
X-Amz-Cf-Id: HtjGw6tBfXgebd18ub9qZFpiIiGVqY5FmZZ4eJqqhUThNFjv_EuF7A==
X-Amz-Cf-Pop: AMS1-P1
X-Cache: Miss from cloudfront
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip

GET
H/1.1 200
OK NjE4OGRXU1tVW1cMWh4RRF0FHVZwFAp+AAVFC0JQQlRdQABdA0oWB1peTVwCRF5WTEpYVEwdVnAHbVUXQWRwcRx0dwwKMGVoe24jB31ifg93UG16VHdkdR1WcHl7cjNhVnFsNFFGenImRVR6UD1dcnxiM3dfYV0pQWdgWjJnAnpuKkJgC2kvYHVyaD5dAH51MQ4UC... Show response
ejuiashsateampl.info/ Frame 486B 3 KB
2 KB 317ms
311ms Document
text/html 18.65.39.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ejuiashsateampl.info/NjE4OGRXU1tVW1cMWh4RRF0FHVZwFAp+AAVFC0JQQlRdQABdA0oWB1peTVwCRF5WTEpYVEwdVnAHbVUXQWRwcRx0dwwKMGVoe24jB31ifg93UG16VHdkdR1WcHl7cjNhVnFsNFFGenImRVR6UD1dcnxiM3dfYV0pQWdgWjJnAnpuKkJgC2kvYHVyaD5dAH51MQ4UCn4mc14NcA4Cen5vLQZrCG0lUmR6UTUGUg1wIG90akEqbmh+TAF8d1xfM0F3X2AjfH55QC5uaH5MLHljQFM8TmdSdSxSa3l7DHNrU3Eyb1pxQiMGcAB+HWN+bVIXVHtTDCdwWlxQPHQcDVI2flVieSxRa3dQXVJhflwDfXNuUTVcBXtvHmBpYX4Qbn9qfVF0c1QJNXF4cW8nf1VoT1BgaFJqFWNZDV88cWtheyNaUmJuD2BoU3EMdV1hQCVyRXd5DGx5YW4TU2gIalR+VglQQlxCV1YUC1tqWQhRAExRKFs
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: HTTP/1.1
Server: 18.65.39.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-39-33.ams1.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: d8e19b40a2a90567d5cbb0d33e6ba54325cfee8c10f1fe82100c9fea2b2b1e87

Request headers

Referer: http://gestyy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
Connection: keep-alive
Content-Length: 1212
Content-Type: text/html
Date: Tue, 26 Sep 2023 15:19:28 GMT
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Server: openresty/1.17.8.2
Via: 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront)
X-Amz-Cf-Id: ldK5QMMQODTRH64LdvK4XdmvO3OXxZ1LrX7osExy3-Be2Ag-aj-Y6w==
X-Amz-Cf-Pop: AMS1-P1
X-Cache: Miss from cloudfront
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip

GET
H2 200 asd100.bin Show response
pogothere.xyz/ 100 KB
100 KB 660ms
507ms Fetch
binary/octet-stream 172.64.97.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/asd100.bin
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.97.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2096
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 26 Sep 2023 14:44:32 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: http://gestyy.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AtPPxdSkZlray2eKz7hHfs4qElVhRfYXgJ1TGajqBvFHbb%2FEnQasy9jkTKpewZ6V6iand6MbbrVl4joEzLAy2WLJQP1%2FVjsWx4l9RSkxUyik5l1CAoH2SRDDIbnwLaDx"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 80cc7c45cfccbb35-FRA
access-control-allow-headers: X-Requested-With, content-type

GET
H2 200 / Show response
pogothere.xyz/ 27 B
393 B 1159ms
1006ms Fetch
text/plain 172.64.97.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.97.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c31461e7d5878ea10e0a54861d26c7543f5d5464a6178c83ed6a8d6bad278e20

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:29 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZQhzgHYBD%2F8pFKm3GTxuAn6qXmulCxKB%2BPTQzDECemFLzLIEhqt3CnAhkU%2Fi0RaNQePk28OkMeZPpNyG4VRYsvSlmgYQuOaTSzaLbqeTXJl5RQ0Loyg7gyNm2eSXuVOd"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
access-control-allow-origin: http://gestyy.com
content-type: text/plain
access-control-allow-credentials: true
cf-ray: 80cc7c45cfcdbb35-FRA
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400

GET
H2 204 utx Show response
ejuiashsateampl.info/ 0
534 B 546ms
321ms XHR
text/plain 18.65.39.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ejuiashsateampl.info/utx?cb=f1rQHj94VMfT&top=gestyy.com&tid=959118
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.39.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-39-78.ams1.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 15:19:29 GMT
via: 1.1 045d55468661252b6be78e701e36b492.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-amz-cf-pop: AMS1-P1
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: http://gestyy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: kUYSEqoeEzRkJBCN1d-GYHM4NAltiR94ouxyJLf779oyfCSgT5XZ9g==

GET
H/1.1 200
OK JDQKTngQfQUtLmUsBBF+Ij1SEy49akVFKTo3Qg8sJDdZH2Q4PUNOeBA9VgYyAztxDAAXIlg8EC5scSYPZzBvWhw6CWApBxQxVA0EPihlLR89EnICEx4bdiEvBTF2IBoQPFIIIiFtdSo+Jg5dWw8SalspLDErfiUhZytjKS09EE0lEhUMfjEEBGB5JAgbLnBbJT4dY... Show response
ejuiashsateampl.info/Vlg3a0o3OlQGdTdlVU0/ Frame 45FB 3 KB
2 KB 440ms
434ms Document
text/html 18.65.39.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ejuiashsateampl.info/Vlg3a0o3OlQGdTdlVU0/JDQKTngQfQUtLmUsBBF+Ij1SEy49akVFKTo3Qg8sJDdZH2Q4PUNOeBA9VgYyAztxDAAXIlg8EC5scSYPZzBvWhw6CWApBxQxVA0EPihlLR89EnICEx4bdiEvBTF2IBoQPFIIIiFtdSo+Jg5dWw8SalspLDErfiUhZytjKS09EE0lEhUMfjEEBGB5JAgbLnBbJT4dYD4CFyEDMQQXAXkIHx89b1sAPQ5gGysEG3oxBDFscyI9GGFgLT1gGn9aEw4fYSouOih9MTAcYWAtPTwfYzEpARBxLw09YVIxCz4tbwAcLglaDAYeGxo6KQYKByEEPitPIyE6NXkGewwPBBsONDMODhAQP00qIjFtfyN7DxQELQk3GW4tGi4ODjwMISJxPzkUGQRaHDc0WDsaFxEEKT06IGYDfwUObxsLMjQCDSgTNAUzHGMgZgYtDBxjIhgdP3khEDwCQzwcIm5mWX8bH2AHCHAyRAQkJmV2UhsuEmQTEGI
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: HTTP/1.1
Server: 18.65.39.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-39-33.ams1.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 671f3e585e56535db1b04c2641867b567267f15f4f8fbe4e2953f66f151965c0

Request headers

Referer: http://gestyy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
Connection: keep-alive
Content-Length: 1228
Content-Type: text/html
Date: Tue, 26 Sep 2023 15:19:28 GMT
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Server: openresty/1.17.8.2
Via: 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 90eA2fOyZKhz0FHOLaUppvIj3DYvT5cXdVkNfj6EFWqy839PoF8LGg==
X-Amz-Cf-Pop: AMS1-P1
X-Cache: Miss from cloudfront
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip

GET
H2 204 R2UxYnV7AlhjbVYiOjRpdSUREW5DHT5hSxUhATYFCmNaYgAKcxg7XA5kTiFMUiEdIQUCcwE8XlxoTiQFAntbZhYAYUZiHkZoWXRMQzQPbwkVJRwmVA5kXmsNBGFZZw4LY11i
andhthrewdow.com/UjgzVWh9B1AmVR9/ 0
392 B 524ms
243ms Image
text/plain 172.67.204.112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://andhthrewdow.com/UjgzVWh9B1AmVR9/R2UxYnV7AlhjbVYiOjRpdSUREW5DHT5hSxUhATYFCmNaYgAKcxg7XA5kTiFMUiEdIQUCcwE8XlxoTiQFAntbZhYAYUZiHkZoWXRMQzQPbwkVJRwmVA5kXmsNBGFZZw4LY11i
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.204.112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:29 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rtw0egGedmlOYimRRVvxFA6hHzoCoGyyH%2F2ak%2FfmaiPtGv7hbHo8rs%2BOpXkgmQJfQmPtTKL3TMMo84JwjjmZA%2FnzznX%2FN%2BtoGGW%2F1ZRrSRRsO4rroTjgbgnOdoenxnPwrjKO"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 80cc7c46afd10e01-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 login.php
www.facebook.com/ 0
0 1120ms
487ms Image
text/html 157.240.251.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 157.240.251.35 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS: edge-star-mini-shv-01-fra5.facebook.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhd7iJNx2mbzbs8zPgf4jLkbg2dP_Hpzvj856U-rjzpRN1ynqM70z49Jhzc...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdD-v07rV71hjFy7t7BfcIuNlaGdgWJdDZWR6fsT926Ktr6H1eSFEfr74sfVM4Kl7qT2Zf0&passive=...

0
0

209ms
209ms

Image
text/html

142.250.186.173
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdD-v07rV71hjFy7t7BfcIuNlaGdgWJdDZWR6fsT926Ktr6H1eSFEfr74sfVM4Kl7qT2Zf0&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S923462713%3A1695741570167029&theme=glif
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: H2
Server: 142.250.186.173 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f13.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Tue, 26 Sep 2023 15:19:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-4WF9dlilX188ZYOXzRophw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 397
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdD-v07rV71hjFy7t7BfcIuNlaGdgWJdDZWR6fsT926Ktr6H1eSFEfr74sfVM4Kl7qT2Zf0&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S923462713%3A1695741570167029&theme=glif
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVheHnsz0iz9ANKQO99cdUgaeSzzpw_MlVpyAFNh0Pp2uSEuRNeRpTJ8...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcWj7VQvnpnqDn3rduVNF5odfzTFZ2La2YViLign8p11DQPlcb-W8V0dc2lFgMcZgz4ho_P&passive...

0
0

269ms
269ms

Image
text/html

142.250.186.173
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcWj7VQvnpnqDn3rduVNF5odfzTFZ2La2YViLign8p11DQPlcb-W8V0dc2lFgMcZgz4ho_P&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1308525985%3A1695741570159871&theme=glif
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: H2
Server: 142.250.186.173 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f13.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Tue, 26 Sep 2023 15:19:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-k43-aE7Rk8PdQ7GeIQv8Xg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 405
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcWj7VQvnpnqDn3rduVNF5odfzTFZ2La2YViLign8p11DQPlcb-W8V0dc2lFgMcZgz4ho_P&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1308525985%3A1695741570159871&theme=glif
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 HGFyMSwpCnkCSDY1CRICHQl6blwMOS9nQ05ie2NIXiAiPkdJaG0pDhkkPilHSXYiNBwXbW0sR0l+e3RIVmRtL0dJdj8qGx9tenwKDCQnZ0tOaX5tTkllfWJNSmE
andhthrewdow.com/S1p6eFBkZRkLbQYPKAoFHAM/ 0
242 B 524ms
244ms Image
text/plain 172.67.204.112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://andhthrewdow.com/S1p6eFBkZRkLbQYPKAoFHAM/HGFyMSwpCnkCSDY1CRICHQl6blwMOS9nQ05ie2NIXiAiPkdJaG0pDhkkPilHSXYiNBwXbW0sR0l+e3RIVmRtL0dJdj8qGx9tenwKDCQnZ0tOaX5tTkllfWJNSmE
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.204.112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:29 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wcM3Dpj6bQqlfwdq5ETo61iTFrXnnW%2F0jEi05gomqoilLIoIXWcI5IbvQ3BNlj2QXn51TzloxjrNIwxN5cLmVbZF1ZxxCFaO0b9ckhDXm9iFZeM6nFIdOA43RmoDnELM%2FmEc"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 80cc7c46bfd40e01-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 204 REFhcGxGW3x0ZABSY2I2BQ41eXNTHyYwLkheZH13QltjcXRNWGZ0
andhthrewdow.com/REJ1b1JrfRYcbyYXHR8fEy4gCT43BiApKnwVNAs0HApECxAodlMbOyB/TFprdXNNSSItJkhedDc2FBsnN39ESTsqJBpSdDJ/ 0
245 B 630ms
349ms Image
text/plain 172.67.204.112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://andhthrewdow.com/REJ1b1JrfRYcbyYXHR8fEy4gCT43BiApKnwVNAs0HApECxAodlMbOyB/TFprdXNNSSItJkhedDc2FBsnN39ESTsqJBpSdDJ/REFhcGxGW3x0ZABSY2I2BQ41eXNTHyYwLkheZH13QltjcXRNWGZ0
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.204.112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:29 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OkqwATLXCZKKB95hSgKjvyMMnBvMg7PBUPliBGN7bUN3p1FM3AWQK%2BnrGM4QWv6lxXHTWrglh0FZ3WdiXrrCUIootnxe1gPagrvMI8GSvAPxbxjQ4Zf6WCGDjNefQ%2FhiVKzd"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 80cc7c46bfd50e01-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 zone Show response
ptauxofi.net/ 909 B
1 KB 113ms
113ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=gestyy.com&var=&ymid=&var_3=&tg=0

Requested by

Host: ptauxofi.net
URL: https://ptauxofi.net/pfe/current/tag.min.js?z=4157053

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , Ascension Island, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

966e84071fa5e035c0b245bdaff9481689757ca515545bd1751062897f91459b

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-trace-id: 45ad165d21cd72daa33e669f32daa104
date: Tue, 26 Sep 2023 15:19:28 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 909

GET
H2 200 universal.min.js Show response
ptauxofi.net/pfe/current/ 85 KB
33 KB 420ms
150ms Fetch
application/javascript 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ptauxofi.net/pfe/current/universal.min.js?v=3.1.460
Requested by: Host: ptauxofi.net
URL: https://ptauxofi.net/pfe/current/tag.min.js?z=4157053
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 5d1d95a226026f763d0d086ef23b7cdc09e9dd0c68df56d6d638b0474a64e1e0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 15:19:29 GMT
content-encoding: gzip
last-modified: Mon, 18 Sep 2023 12:11:16 GMT
server: nginx
etag: W/"65083e64-155a7"
content-type: application/javascript
access-control-allow-origin: http://gestyy.com
cache-control: no-cache
access-control-allow-credentials: true

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 192 KB
70 KB 128ms
128ms Script
application/javascript 142.250.186.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

d929b28e66745f2bbf8eb65a1c26894e52a6825a8fcde11c5fd6a1fc5436b927

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72036
x-xss-protection: 0
last-modified: Tue, 26 Sep 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 26 Sep 2023 15:19:28 GMT

GET
H2 200 er
xngqoc.com/ 0
0 862ms
87ms Fetch 185.162.85.1
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://xngqoc.com/er?a=1
Requested by: Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 185.162.85.1 , Moldova, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 26 Sep 2023 15:19:30 GMT
access-control-allow-credentials: true
server: nginx/1.18.0
content-length: 0

GET
H2 204 cuload Show response
xngqoc.com/ 0
97 B 948ms
177ms Fetch 185.162.85.1
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://xngqoc.com/cuload?a=1&e=aeyJwaWQiOjExNDQ2NDYsInNpZCI6MTE5MDM3NSwid2lkIjo0MzMzNDAsImQiOiIiLCJsaSI6MX0=&tz=2&if=0&u=aHR0cDovL2dlc3R5eS5jb20vZWdWT09K
Requested by: Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 185.162.85.1 , Moldova, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 26 Sep 2023 15:19:30 GMT
accept-ch: Sec-CH-UA-Platform-Version
server: nginx/1.18.0

GET
BLOB 200
OK 82220270-8ccf-47c7-87c9-bc9d2c628cc5
http://gestyy.com/ 91 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://gestyy.com/82220270-8ccf-47c7-87c9-bc9d2c628cc5
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2d054b502d829accd15ff9cb78d1431df1c3ec2c67ca18d4008d2cbc973c6384

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/egVOOJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 91
Content-Type: application/javascript

GET
H2 200 wnload Show response
prhzxq.com/ 689 B
601 B 928ms
177ms Fetch
application/javascript 185.162.85.20
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE5NDYyMywid2lkIjo0Mzk2MzQsImQiOiIiLCJsaSI6Mn0=&tz=2&if=0&u=aHR0cDovL2dlc3R5eS5jb20vZWdWT09K&inc=0
Requested by: Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 185.162.85.20 , Moldova, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: d3cb41f5457b4b1e7b1ec282fadc75ab6f76e5e093df354c718bd86eae346fed

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:30 GMT
content-encoding: gzip
server: nginx/1.18.0
accept-ch: Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true

GET
BLOB 200
OK 37a0c3d2-9b92-4432-8b53-2e07ff1475f7
http://gestyy.com/ 91 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://gestyy.com/37a0c3d2-9b92-4432-8b53-2e07ff1475f7
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2d054b502d829accd15ff9cb78d1431df1c3ec2c67ca18d4008d2cbc973c6384

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/egVOOJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 91
Content-Type: application/javascript

GET
H/1.1 200
OK 6VXlHOWQ2FilfWyEQIwRdY0t3AV1zEzRWCiVEN1grHk8ObBBnSxcLUA0JYU0eMUR1Hwg0FyAEQjAXJARVcxgjW1lhXzNJCz5EIl8NOAwmVQciCGFMBWgUKEMNORUmHFYTTGkJQWdJb04NOx0oThdwS3dXEHBLdwhUe0liCiZwS3dODTtPcxxXF1x1CRxjTW-4cVmU... Show response
d3t3z4teexdk2r.cloudfront.net/ Frame E175 683 B
874 B 665ms
665ms Script
text/plain 52.222.232.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://d3t3z4teexdk2r.cloudfront.net/6VXlHOWQ2FilfWyEQIwRdY0t3AV1zEzRWCiVEN1grHk8ObBBnSxcLUA0JYU0eMUR1Hwg0FyAEQjAXJARVcxgjW1lhXzNJCz5EIl8NOAwmVQciCGFMBWgUKEMNORUmHFYTTGkJQWdJb04NOx0oThdwS3dXEHBLdwhUe0liCiZwS3dODTtPcxxXF1x1CRxjTW-4cVmUYN0kIMA4iWw88DWILImBKcBdXY1x1CUw+ETNUCHBLBBxWZRUuUgFwS3deATYSKBBBZ0kkURY6FCIcVhNBfhdUe010AV17TnUcVmUKJl8FJxBiCyJgSnAXV2NfMgRV
Requested by: Host: ejuiashsateampl.info
URL: http://ejuiashsateampl.info/WTJ5WVg4UBo0ZzgPG38tK15EfGofF0sfPGpGSiNsLVccITwyAAt3OzVdDD0+K10XLXY3Vw18ah8ELwE0EX0uCGofWxU/DyB3KBAvC1YgaSxqcy9oIhxIKw4bMGQ8F2k+QDEyYBZQOxs2CkoaFQ0YAjMADWlXNAwKaHoOPmgfSzgcCTNzIRMZC2QaIT8zZUg1MAFINxMbIwc8EDRhfDYYLzRkKDoxGnU/FBoOVSwSHRR8NgsNNHo/AAwNdRITCQ5WMztobXw2IWg2ZhE9LwoBHQEdEXA1PS8xZxxpNDBxEAMvCgEdFhwNRik6ICFqP2ggaHErITINZVRtOw9fLAAWaVkwFBltWy4uYGF2LhAUEF87EjsbViEAaSEDOgwvfAA7HAwXZzoRGhVwOyEPA2AsLA0+dA4Kaz1XOA0BCnk7GxoDAhIyDQtrTx8bEFEvMRYbVBE9DTwCSGkZDwNODTYMUS80DRJ4FWEeE0o7MBsgeB4KNhhqL2sWP38eCw5/WAo2NikPCTgXEgQwDCxrAClrbAFC
Protocol: HTTP/1.1
Server: 52.222.232.60 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-232-60.fra56.r.cloudfront.net
Software: /
Resource Hash: 25658be697fda9faf1d30108fc7d910caaa02beeb3b68cce6fece56fdf273b4a

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://ejuiashsateampl.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 15:19:30 GMT
Content-Encoding: gzip
Via: 1.1 82386e4e4f56a0c01411d1aea6f3fd46.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P4
X-Cache: Miss from cloudfront
access-control-allow-origin: *
Cache-Control: max-age=31556926
Connection: keep-alive
Content-Length: 487
X-Amz-Cf-Id: LYPduVvZHwQMIGZixBWG0llZbOGZR30Cst5q4PJ8jqJlYKRCyPPd2w==

GET
H/1.1 200
OK BEo5Hj4KFWI0Z0UAdUBiQ0c5HDYERyNXYFteJFdgWwFgXGJOAxJXYFtHORxkXxVjMHdZAChEZkIVYkIzG0A8FyUOUjsbJk4CFkdhXB-5jRHdZAHgZOh9dPFdgKBViQj4CWzVXYFtXNRE5BBl1QGIIWCIdPw4VYjRqUh5gXGZYCGlcZVkVYkIhClYxADtOAhZHYVwe... Show response
d3t3z4teexdk2r.cloudfront.net/6UmswUHIxBF42TSYCVG1LZFkAaUB0AUM/HCJWWgITPgwBJBseBhYkCDZWAnYeMwVXbVQ3BVNtQ3QKVDJPZk1FMU8/ Frame 486B 198 B
579 B 755ms
755ms Script
text/plain 52.222.232.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://d3t3z4teexdk2r.cloudfront.net/6UmswUHIxBF42TSYCVG1LZFkAaUB0AUM/HCJWWgITPgwBJBseBhYkCDZWAnYeMwVXbVQ3BVNtQ3QKVDJPZk1FMU8/BEo5Hj4KFWI0Z0UAdUBiQ0c5HDYERyNXYFteJFdgWwFgXGJOAxJXYFtHORxkXxVjMHdZAChEZkIVYkIzG0A8FyUOUjsbJk4CFkdhXB-5jRHdZAHgZOh9dPFdgKBViQj4CWzVXYFtXNRE5BBl1QGIIWCIdPw4VYjRqUh5gXGZYCGlcZVkVYkIhClYxADtOAhZHYVweY0R0Hg1h
Requested by: Host: ejuiashsateampl.info
URL: http://ejuiashsateampl.info/NjE4OGRXU1tVW1cMWh4RRF0FHVZwFAp+AAVFC0JQQlRdQABdA0oWB1peTVwCRF5WTEpYVEwdVnAHbVUXQWRwcRx0dwwKMGVoe24jB31ifg93UG16VHdkdR1WcHl7cjNhVnFsNFFGenImRVR6UD1dcnxiM3dfYV0pQWdgWjJnAnpuKkJgC2kvYHVyaD5dAH51MQ4UCn4mc14NcA4Cen5vLQZrCG0lUmR6UTUGUg1wIG90akEqbmh+TAF8d1xfM0F3X2AjfH55QC5uaH5MLHljQFM8TmdSdSxSa3l7DHNrU3Eyb1pxQiMGcAB+HWN+bVIXVHtTDCdwWlxQPHQcDVI2flVieSxRa3dQXVJhflwDfXNuUTVcBXtvHmBpYX4Qbn9qfVF0c1QJNXF4cW8nf1VoT1BgaFJqFWNZDV88cWtheyNaUmJuD2BoU3EMdV1hQCVyRXd5DGx5YW4TU2gIalR+VglQQlxCV1YUC1tqWQhRAExRKFs
Protocol: HTTP/1.1
Server: 52.222.232.60 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-232-60.fra56.r.cloudfront.net
Software: /
Resource Hash: a3c20afd8ce81bd9159a219bd8b18b166bf6074a490e9868a84740b6a49eb559

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://ejuiashsateampl.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 15:19:30 GMT
Content-Encoding: gzip
Via: 1.1 9987fa8ab620895e83d1d8f10c40f6d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P4
X-Cache: Miss from cloudfront
access-control-allow-origin: *
Cache-Control: max-age=31556926
Connection: keep-alive
Content-Length: 192
X-Amz-Cf-Id: SNdz8BTUnkS9EwdaAPcDHSh76WOcfXb80UwEIxGJNaD3b4zUtlupEQ==

GET
H/1.1 200
OK eamxUcFgJAzoWZx4FME1hX1VlQWBMBicfNhpRFUkJEiYHCAJeSiAKPFdechw5BAtpVj0ED2lBfgsINk1sTBgkHzNXCTIZNR8NOBMvG0ohEWUHAy4ZNAYNcUIeX0JkVWpaRCMZNg4DIwN9WFw6BH1YXGVAdlpJZzJ9WFwjGTZcWHFDGk9eZAhuXkVxQmgLHC-QcPR0... Show response
d3t3z4teexdk2r.cloudfront.net/ Frame 45FB 673 B
872 B 833ms
374ms Script
text/plain 52.222.232.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://d3t3z4teexdk2r.cloudfront.net/eamxUcFgJAzoWZx4FME1hX1VlQWBMBicfNhpRFUkJEiYHCAJeSiAKPFdechw5BAtpVj0ED2lBfgsINk1sTBgkHzNXCTIZNR8NOBMvG0ohEWUHAy4ZNAYNcUIeX0JkVWpaRCMZNg4DIwN9WFw6BH1YXGVAdlpJZzJ9WFwjGTZcWHFDGk9eZAhuXkVxQmgLHC-QcPR0JNhsxHklmNm1ZW3pDbk9eZFgzAhg5HH1YL3FCaAYFPxV9WFwzFTsBA31ValoPPAI3BwlxQh5SVXpAdl5fbEl2XV5xQmgZDTIRKgNJZjZtWVt6Q25MGWlB
Requested by: Host: ejuiashsateampl.info
URL: http://ejuiashsateampl.info/Vlg3a0o3OlQGdTdlVU0/JDQKTngQfQUtLmUsBBF+Ij1SEy49akVFKTo3Qg8sJDdZH2Q4PUNOeBA9VgYyAztxDAAXIlg8EC5scSYPZzBvWhw6CWApBxQxVA0EPihlLR89EnICEx4bdiEvBTF2IBoQPFIIIiFtdSo+Jg5dWw8SalspLDErfiUhZytjKS09EE0lEhUMfjEEBGB5JAgbLnBbJT4dYD4CFyEDMQQXAXkIHx89b1sAPQ5gGysEG3oxBDFscyI9GGFgLT1gGn9aEw4fYSouOih9MTAcYWAtPTwfYzEpARBxLw09YVIxCz4tbwAcLglaDAYeGxo6KQYKByEEPitPIyE6NXkGewwPBBsONDMODhAQP00qIjFtfyN7DxQELQk3GW4tGi4ODjwMISJxPzkUGQRaHDc0WDsaFxEEKT06IGYDfwUObxsLMjQCDSgTNAUzHGMgZgYtDBxjIhgdP3khEDwCQzwcIm5mWX8bH2AHCHAyRAQkJmV2UhsuEmQTEGI
Protocol: HTTP/1.1
Server: 52.222.232.60 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-232-60.fra56.r.cloudfront.net
Software: /
Resource Hash: bbc559ac3e90d94ded0e9f929a75f16a1d3a58198513e66a3261715bd2572601

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://ejuiashsateampl.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 15:19:30 GMT
Content-Encoding: gzip
Via: 1.1 89e34e3fd814f1393ef77867b93dd12e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P4
X-Cache: Miss from cloudfront
access-control-allow-origin: *
Cache-Control: max-age=31556926
Connection: keep-alive
Content-Length: 485
X-Amz-Cf-Id: fIcEaaeBnNbgWn1QgoT7PuTO8uiIz-unmauPZ0ViXINg78Oe-YCbeg==

OPTIONS /
cuid/ Frame 0
0

POST /
cuid/ 0
0

POST
H/1.1 200
OK 4Dei1PaLfOxMSWTfg0sQWPsAsvlfXLzHkRe9wSaXA_Z1UFxsDvOSPCdVAEiPJQtPT4dPKcgf1oF7SCxqp7pxxgNsBOtCPuD Show response
jurorstalar.uno/ 845 B
2 KB 1357ms
965ms Fetch
application/json 172.255.6.131
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://jurorstalar.uno/4Dei1PaLfOxMSWTfg0sQWPsAsvlfXLzHkRe9wSaXA_Z1UFxsDvOSPCdVAEiPJQtPT4dPKcgf1oF7SCxqp7pxxgNsBOtCPuD?ck9=weiEmI6kTM1QDLiMnI6ISM2ADM4FjMwAjIsIiYiojIxYDMwgXMyADMiwiIyJiOiICLiEnI6ICa0RHc68yLnV2c0lXeuM2bt9SZnZ1TPpkIsICaiojN1ADMsICbiojIl5WLVNlIsICdioTLxIDMsIieioTO0cTOsIyaioDMsISdiojIiwiImJiOmFGbzVGLiUmI6ICdwhTdzknMzdXbvFWa4xmIsIybioDdyVXZsISbioTM2kTN3QTM1YTO0kjNsIydiojIlcjQlIjM0lGdsVWJyITJzEUJyITRhJnblIDMt9mbllXJyAzbuViMwMHavJHdlIDMslmbrNnLlIDMNF2alViMwMHavJHdlIDMslmbrNXJyATYuRWJyATZhViMyUiMDViMysWZ5d3byR2clIjMlMTQlUjQlUDRlIzQlIjM09Gc39mckNXJyITJzEUJ1IUJ1QUJ3QkIsICcyJiOxwiIoNmI6QDLiIGbioTLxwiIiNmI6MDLiYndiojIJ5GdlxGIJ52YuICLiYnciojIJ5GdlxGIJJXazByTwVmbHxEIF52Zp5WZiwiIhNmI6ADLiMGdiojI152au92duJCLiMWZ0JiOiQzZiwiIjRGbtJiOtEDLiMGZsJiO54yMsIyYyRHdioDMsICdtNnI6ETf

Requested by

Host: ja.rewashwudu.com
URL: http://ja.rewashwudu.com/fmwhVStpL4dxap/46223

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

172.255.6.131 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

2ec2be79bdd565c0282717c3809e7125dea0387cdebd0a134b3f2cab8a0bb098

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Tue, 26 Sep 2023 15:19:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: http://gestyy.com
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=20
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires

OPTIONS
H/1.1 200
OK 4Dei1PaLfOxMSWTfg0sQWPsAsvlfXLzHkRe9wSaXA_Z1UFxsDvOSPCdVAEiPJQtPT4dPKcgf1oF7SCxqp7pxxgNsBOtCPuD
jurorstalar.uno/ Frame 0
0 973ms
111ms Preflight
text/html 172.255.6.131
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

172.255.6.131 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: http://gestyy.com
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 26 Sep 2023 15:19:30 GMT
Keep-Alive: timeout=20
Server: nginx
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
217 B 464ms
464ms XHR
text/plain 216.58.212.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1671440753&t=pageview&_s=1&dl=http%3A%2F%2Fgestyy.com%2FegVOOJ&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAAABAAAAAC~&jid=587900179&gjid=889826526&cid=1215778776.1695741567&uid=1&tid=UA-42296749-1&_gid=322023050.1695741567&_r=1&_slc=1&cd2=2022-06-29.0&cd7=1&cd5=0&z=1297851641

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.142 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f142.1e100.net

Software

Golfe2 /

Resource Hash

6acd8bce6481db9a9462ccbd6702dba686bb978e07d836648512a4c5563a1b49

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 15:19:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://gestyy.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/ 3 KB
2 KB 891ms
234ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/?random=1695741569518&cv=11&fst=1695741569518&bg=ffffff&guid=ON&async=1&gtm=45be39k2&u_w=1600&u_h=1200&url=http%3A%2F%2Fgestyy.com%2FegVOOJ&hn=www.googleadservices.com&frm=0&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=573634982.1695741570&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

13d563a91dfaa58d9eacaa3a935c77417d0639d1b7d9880c21ff5b41c3d3f95e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 15:19:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1365
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK 46223 Show response
ja.rewashwudu.com/opf/ 1 KB
2 KB 852ms
851ms Fetch
application/javascript 23.109.82.11
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

http://ja.rewashwudu.com/opf/46223?md=snI0hmI6ICdoVWbl9VMfdjIsIyYvJiOiQWYytmIsISYiojMzkzNsIyciojIxYDMwgXMyADMiwiIiJiOiEjNwADexIDMwICLiInI6IiIsISciojIoRHdwpzLvcWZzRXe55yYv12LldmVP9kSiwiIoJiO0UDN3wiIsJiOiUmbtU1UiwiI0JiOtEjMwwiI6JiOxMDNsIyaioDMsISdiojIiwiImJiOmFGbzVGLiUmI6ICb4JXNkF3Z0oXboVHdzgjIsIybioDdyVXZsISbioTM2kTN3QTM1YTO1gzNsIydiojIlcjQlIjM0lGdsVWJyITJzEUJyITRhJnblIDMt9mbllXJyAzbuViMwMHavJHdlIDMslmbrNnLlIDMNF2alViMwMHavJHdlIDMslmbrNXJyATYuRWJyATZhViMyUiMDViMysWZ5d3byR2clIjMlMTQlUjQlIjMzh2byRXZuMHdlIjMlIzQlIjMzh2byRXZzRXJyITJyMUJyIzco9mc0ViMwwWaut2clIjMlIzQlIjMslmbrViMwMHavJHdl5WZyViMyUiMDViMyIWa0xWelIjMlUDRlIzQlIjM09Gc39mckNXJyITJzEUJ1IUJyITaj9mblMTQ3UiMyUiMDViMyIXZmJXZzhWJzE0NlIjMlIzQlIjM0hWazVyMBZTJyITJyMUJyIzYsl2YrVyMBZTJyITJyMUJyIjYy92dzVmclMTQ2UiMyUiMDViMyMHavVHbkVyMBVTJyITJyMUJyITZhJnblMTQ0UiMyUiMDViMyEGZix2bjtWJzEENlIjMlIzQlIjMwF2ZlVyMBRTJyITJyMUJyITbv5WZ5VyMBNTJyITJyMUJyIDcsVWYzVWJzE0MlIjMlIzQlIjM59WdyVyMBNTJyITJyMUJyIDahZXZlMTQzUiMyUiMDViMyQXdy5WZkVyMBNTJyITJyMUJyIzZyVWelMTQzUiMyUiMDViMyQWak52J0VyMBNTJyITJyMUJyITY1R3btFGdpNWYsxWelMTQzUiMyUiMDViMyQHah52azFSJzE0MlIjMlIzQlIjM0V2c0VyMBNTJyITJ1QUJ3QkIsICcyJiOxwiIoNmI6QDLiIGbioTLxwiIiNmI6MDLiYndiojIJ5GdlxGIJ52YuICLiYnciojIJ5GdlxGIJJXazByTwVmbHxEIF52Zp5WZiwiIhNmI6ADLiMGdiojI152au92duJCLiMWZ0JiOiQzZiwiIjRGbtJiOtEDLiMGZsJiO54yMsIyYyRHdioDMsICdtNnI6ETf

Requested by

Host: ja.rewashwudu.com
URL: http://ja.rewashwudu.com/fmwhVStpL4dxap/46223

Protocol

HTTP/1.1

Server

23.109.82.11 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

09a1c2b9ff402566e131b28389e336119675ba49f5a61cb6d56bbf44dba5b41b

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Tue, 26 Sep 2023 15:19:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: http://gestyy.com
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=20
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires

OPTIONS
H/1.1 200
OK 46223
ja.rewashwudu.com/opf/ Frame 0
0 582ms
272ms Preflight
text/html 23.109.82.11
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

HTTP/1.1

Server

23.109.82.11 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: http://gestyy.com
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 26 Sep 2023 15:19:30 GMT
Keep-Alive: timeout=20
Server: nginx
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

POST
H/1.1 200
OK jvfegsm4QGYfYmM6CwU4QjonaNXximzFuoqeftz4iG95G0CxMBJRqM*UFajam6ZZHu7g4nbuIv_AQYaGhNG*KWzY4ugNtCDBwWIisXf2avIdwsextfyu Show response
sirossvanish.uno/ 643 B
2 KB 282ms
275ms Fetch
application/javascript 23.109.248.47
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

http://sirossvanish.uno/jvfegsm4QGYfYmM6CwU4QjonaNXximzFuoqeftz4iG95G0CxMBJRqM*UFajam6ZZHu7g4nbuIv_AQYaGhNG*KWzY4ugNtCDBwWIisXf2avIdwsextfyu?ck9=7JCd2NmI6ADLiEmI6gzM0YDLiMnI6ISM2ADM4FjMwAjIsIiYiojIxYDMwgXMyADMiwiIyJiOiICLiEnI6ICa0RHc68yLnV2c0lXeuM2bt9SZnZ1TPpkIsICaioDNwcTMsICbiojIl5WLVNlIsICdioTLxIDMsIieioDNwYTNsIyaioDMsISdiojIiwiImJiOmFGbzVGLiUmI6Iia3ZWOzQGM0IWMjh2aylnIsIybioDdyVXZsISbioTM2kTN3QTM1YTO1kDMsIydiojIlcjQlIjM0lGdsVWJyITJzEUJyITRhJnblIDMt9mbllXJyAzbuViMwMHavJHdlIDMslmbrNnLlIDMNF2alViMwMHavJHdlIDMslmbrNXJyATYuRWJyATZhViMyUiMDViMysWZ5d3byR2clIjMlMTQlUjQlIjMzh2byRXZuMHdlIjMlIzQlIjMzh2byRXZzRXJyITJyMUJyIzco9mc0ViMwwWaut2clIjMlIzQlIjMslmbrViMwMHavJHdl5WZyViMyUiMDViMyIWa0xWelIjMlUDRlIzQlIjM09Gc39mckNXJyITJzEUJ1IUJyITaj9mblMTQ3UiMyUiMDViMyIXZmJXZzhWJzE0NlIjMlIzQlIjM0hWazVyMBZTJyITJyMUJyIzYsl2YrVyMBZTJyITJyMUJyIjYy92dzVmclMTQ2UiMyUiMDViMyMHavVHbkVyMBVTJyITJyMUJyITZhJnblMTQ0UiMyUiMDViMyEGZix2bjtWJzEENlIjMlIzQlIjMwF2ZlVyMBRTJyITJyMUJyITbv5WZ5VyMBNTJyITJyMUJyIDcsVWYzVWJzE0MlIjMlIzQlIjM59WdyVyMBNTJyITJyMUJyIDahZXZlMTQzUiMyUiMDViMyQXdy5WZkVyMBNTJyITJyMUJyIzZyVWelMTQzUiMyUiMDViMyQWak52J0VyMBNTJyITJyMUJyITY1R3btFGdpNWYsxWelMTQzUiMyUiMDViMyQHah52azFSJzE0MlIjMlIzQlIjM0V2c0VyMBNTJyITJ1QUJ3QkIsICcyJiOxwiIoNmI6QDLiIGbioTLxwiIiNmI6MDLiYndiojIJ5GdlxGIJ52YuICLiYnciojIJ5GdlxGIJJXazByTwVmbHxEIF52Zp5WZiwiIhNmI6ADLiMGdiojI152au92duJCLiMWZ0JiOiQzZiwiIjRGbtJiOtEDLiMGZsJiO54yMsIyYyRHdioDMsICdtNnI6ETf

Requested by

Host: ja.rewashwudu.com
URL: http://ja.rewashwudu.com/fmwhVStpL4dxap/46223

Protocol

HTTP/1.1

Server

23.109.248.47 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

234207a371cff4e2830158c59cc355544a0527478e415b5e39df05294295809f

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Tue, 26 Sep 2023 15:19:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: http://gestyy.com
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=20
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires

OPTIONS
H/1.1 200
OK jvfegsm4QGYfYmM6CwU4QjonaNXximzFuoqeftz4iG95G0CxMBJRqM*UFajam6ZZHu7g4nbuIv_AQYaGhNG*KWzY4ugNtCDBwWIisXf2avIdwsextfyu
sirossvanish.uno/ Frame 0
0 600ms
293ms Preflight
text/html 23.109.248.47
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

HTTP/1.1

Server

23.109.248.47 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: http://gestyy.com
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 26 Sep 2023 15:19:30 GMT
Keep-Alive: timeout=20
Server: nginx
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

OPTIONS
H2 200 custom
ptauxofi.net/ Frame 0
0 383ms
382ms Preflight
text/plain 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ptauxofi.net/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: http://gestyy.com
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Tue, 26 Sep 2023 15:19:29 GMT
server: nginx

POST
H2 200 custom Show response
ptauxofi.net/ 39 B
320 B 104ms
104ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ptauxofi.net/custom

Requested by

Host: gestyy.com
URL: http://gestyy.com/egVOOJ

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , Ascension Island, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: f21f814e3e94e90379434caf111ee41c
date: Tue, 26 Sep 2023 15:19:30 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
540 B 667ms
76ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=90404ad745b74c82b6f245211b3f22ef&zoneId=4157053&checkDuplicate=true&ymid=&var=

Requested by

Host: gestyy.com
URL: http://gestyy.com/egVOOJ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , Ascension Island, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

8996b13621789a424b4c36f978b57c6b5ccf4696e1a65830284dcd23b02cedfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:30 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: http://gestyy.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2

200

popunder.gif
andhthrewdow.com/
Redirect Chain

http://andhthrewdow.com/popunder.gif
https://andhthrewdow.com/popunder.gif

35 B
415 B

74ms
73ms

Image
image/gif

172.67.204.112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://andhthrewdow.com/popunder.gif
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: H2
Server: 172.67.204.112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Tue, 26 Sep 2023 15:19:30 GMT
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2023 02:19:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 46780
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nu6N7yOdzuFAbu2MmH3RpNExYilxGQvIs5DSUbbOJalT84VLtR650RRBirBUxlylr6r5buA5GfQ3%2Fd0RHe4aa1aDLPskyHCIlY1w5mdoloEQC%2BmYZrMQ%2FQpTmqIR5PEQKB15"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800, immutable
cf-ray: 80cc7c4dd8db0e01-MXP
alt-svc: h3=":443"; ma=86400

Redirect headers

Date: Tue, 26 Sep 2023 15:19:30 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VW44S9lRvkPcW0mnBe8Uv%2BynvVacefKvu6wW4ouw6GuHFwADXX%2BO4j9dlKziQIRZrqZcq3nxS%2BzqSuaRcMmzsxios%2FyWS%2FfZddlSeyjElO1ks3L2Wuq7vY2nFFMmIqbKal56"}],"group":"cf-nel","max_age":604800}
Location: https://andhthrewdow.com/popunder.gif
Cache-Control: max-age=3600
Vary: Accept-Encoding
Connection: keep-alive
CF-RAY: 80cc7c4c9c4659ad-MXP
alt-svc: h3=":443"; ma=86400
Expires: Tue, 26 Sep 2023 16:19:30 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 244 KB
84 KB 121ms
121ms Script
application/javascript 142.250.186.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7C6F2JT500&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

afe2e6964d60fd5367708acb4fd9afa7d570a1574cd1d31b41178d0566eef271

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86314
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 26 Sep 2023 15:19:30 GMT

GET
H2 200 trt
xngqoc.com/ 0
0 150ms
150ms Fetch 185.162.85.1
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://xngqoc.com/trt?a=1&t=867
Requested by: Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 185.162.85.1 , Moldova, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 26 Sep 2023 15:19:30 GMT
access-control-allow-credentials: true
server: nginx/1.18.0
content-length: 0

GET
H2 200 defaultSkin.min.js Show response
ptauxofi.net/pfe/current/ 56 KB
19 KB 260ms
259ms Fetch
application/javascript 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ptauxofi.net/pfe/current/defaultSkin.min.js
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 7b23e3a7155161323573e58616ff1bfdaffd0560483db31315d181f6b394ddd5

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 15:19:30 GMT
content-encoding: gzip
last-modified: Mon, 18 Sep 2023 12:11:16 GMT
server: nginx
etag: W/"65083e64-df63"
content-type: application/javascript
access-control-allow-origin: http://gestyy.com
cache-control: no-cache
access-control-allow-credentials: true

GET
H2 200 livechat1.html Show response
xdiwbc.com/template/ 6 KB
2 KB 830ms
230ms Fetch
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xdiwbc.com/template/livechat1.html
Requested by: Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 , Italy, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79c07fd74a6195368c8dd1a9ef19cf0949bbc819909b6c09d335745e7503a2f2

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2023 14:48:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1846
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OKmqXPy10RutC4Q4%2BGTPmuBgwhjwT3V3VOtOG66JV5W7ZW6%2Fb0jR7xo%2Bd%2Fr2PF%2FenbxKIHxEPWVLmH1UD7qNgN0dIkcUX8aAyWAq4fX1KqC3SObojzQBcyl9ta%2BF"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: http://gestyy.com
cache-control: max-age=14400
cf-ray: 80cc7c52c9050d69-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 livechat1.html Show response
xdiwbc.com/template/ 6 KB
2 KB 707ms
107ms Fetch
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xdiwbc.com/template/livechat1.html
Requested by: Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 , Italy, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79c07fd74a6195368c8dd1a9ef19cf0949bbc819909b6c09d335745e7503a2f2

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2023 14:48:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1846
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F0b4EE2qrYR9j7ozZsNATUE8lc2LV36%2B91o%2FckFDmGRslFCp2RxxsOEDyswpI5WHGg2soMIjP%2FK3hi9WdT0J8napUZmur%2FCisF6aRAeo3n4nMpyYqMUztvfYN7cs"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: http://gestyy.com
cache-control: max-age=14400
cf-ray: 80cc7c52c9070d69-MXP
alt-svc: h3=":443"; ma=86400

POST
H2 204 collect
region1.google-analytics.com/g/ 0
241 B 773ms
119ms Ping
text/plain 216.239.34.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-7C6F2JT500&gtm=45je39k2&_p=1671440753&ul=en-us&sr=1600x1200&cid=1215778776.1695741567&_eu=ABAI&_s=1&dl=http%3A%2F%2Fgestyy.com%2FegVOOJ&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&uid=1&sid=1695741570&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&ep.ua_dimension_2=2022-06-29.0&ep.ua_dimension_7=1&ep.ua_dimension_5=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7C6F2JT500&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.36 Los Gatos, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 15:19:31 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://gestyy.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/997869120/ 42 B
455 B 730ms
116ms Image
image/gif 142.250.184.228
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/997869120/?random=1695741569518&cv=11&fst=1695740400000&bg=ffffff&guid=ON&async=1&gtm=45be39k2&u_w=1600&u_h=1200&url=http%3A%2F%2Fgestyy.com%2FegVOOJ&frm=0&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2188011127&rmt_tld=0&ipr=y

Requested by

Host: gestyy.com
URL: http://gestyy.com/egVOOJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.228 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 15:19:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ch/pagead/1p-user-list/997869120/ 42 B
455 B 909ms
237ms Image
image/gif 172.217.18.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ch/pagead/1p-user-list/997869120/?random=1695741569518&cv=11&fst=1695740400000&bg=ffffff&guid=ON&async=1&gtm=45be39k2&u_w=1600&u_h=1200&url=http%3A%2F%2Fgestyy.com%2FegVOOJ&frm=0&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2188011127&rmt_tld=1&ipr=y

Requested by

Host: gestyy.com
URL: http://gestyy.com/egVOOJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 15:19:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

7c7157d2cc3b2ab0459792419f85c177080b7b84.png
intendrebend.top/g/7c/71/ Frame 7B4E
Redirect Chain

https://vickykilled.cfd/tsk/pDHGGoK8gcBDOGiyDw_5qxRKFV4tAoIbK53bsz7Yca0iUYxO3UvllhVuittAce4p2wirjiiwzleq_zlybapuQZqs9kmpHYacwVFeEMnIAIM
https://intendrebend.top/g/7c/71/7c7157d2cc3b2ab0459792419f85c177080b7b84.png

6 KB
6 KB

588ms
187ms

Image
image/png

51.195.5.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://intendrebend.top/g/7c/71/7c7157d2cc3b2ab0459792419f85c177080b7b84.png
Protocol: HTTP/1.1
Server: 51.195.5.185 , France, ASN16276 (OVH, FR),
Reverse DNS: eu5.static1.gglx.me
Software: nginx /
Resource Hash: 1cc1496df0e158cb70929cd29191a4ed7210452c24695213c50750b514baef7a

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 15:19:32 GMT
Last-Modified: Thu, 17 Sep 2020 14:56:19 GMT
Server: nginx
ETag: "5f637913-180e"
Content-Type: image/png
Cache-Control: max-age=864000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=20
Content-Length: 6158
Expires: Fri, 06 Oct 2023 15:19:32 GMT

Redirect headers

Date: Tue, 26 Sep 2023 15:19:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Connection: keep-alive
Referrer-Policy: no-referrer
Server: nginx
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Location: https://intendrebend.top/g/7c/71/7c7157d2cc3b2ab0459792419f85c177080b7b84.png
Vary: Accept-Encoding
Keep-Alive: timeout=20
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires

POST
H/1.1 200
OK update-ads-events Show response
gestyy.com/shortener/ 16 B
1 KB 166ms
165ms XHR
application/json 104.26.8.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://gestyy.com/shortener/update-ads-events
Requested by: Host: static.sh.st
URL: http://static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
Protocol: HTTP/1.1
Server: 104.26.8.155 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40-0+deb8u16
Resource Hash: c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Request headers

Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://gestyy.com/egVOOJ
X-Requested-With: XMLHttpRequest
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Tue, 26 Sep 2023 15:19:30 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
X-Powered-By: PHP/5.6.40-0+deb8u16
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EGVagfmKrm2yYOVZ6u9aXK3LXwsgBhT%2F8GPODJjcyjGxfNsDjt9ADUfxyqdXmb7uXCIuyToy9IYT1wkDcugiZHeIVONk7NvD1Y7Qsku52cYUx7qxXEUKpUNCqPs%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/json
Access-Control-Allow-Origin: *
X-Server-ID: shn05
Cache-Control: no-cache
Connection: keep-alive
CF-RAY: 80cc7c4fad790d6d-MXP
X-UA-Compatible: IE=Edge

GET
DATA 200
OK truncated
/ Frame E344 255 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad3995ed8857c7c6c71609fb70c4c77bc564d9279424bc5b9945134720730d24

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 custom Show response
ptauxofi.net/ 39 B
320 B 152ms
152ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ptauxofi.net/custom

Requested by

Host: gestyy.com
URL: http://gestyy.com/egVOOJ

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , Ascension Island, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 6edd410acbaa7ae16a1f34421d081f67
date: Tue, 26 Sep 2023 15:19:30 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

OPTIONS
H2 200 custom
ptauxofi.net/ Frame 0
0 94ms
94ms Preflight
text/plain 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ptauxofi.net/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: http://gestyy.com
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Tue, 26 Sep 2023 15:19:30 GMT
server: nginx

GET
H/1.1

200
OK

192x192_pYWkl9DJl9pxqiRAbJaL.jpeg
static.servingserved.com/n337/ad/ Frame 0D10
Redirect Chain

https://viewyentreat.guru/tsk/VkjHzDfkqN8cL73rZlMUksS2M6WfTHpM87Cb2yzeQoQeu22kdV9T8Anzqa6z2IXxxsx8GzI*xrZEcYa42MQ6iMgulM2boNB7CDn1s60gs98
http://xml.yellow-resultsbidder.com/thumbnail?i=rHO1airIwL0_0&imgt=icon
http://static.servingserved.com/n337/ad/192x192_pYWkl9DJl9pxqiRAbJaL.jpeg

6 KB
7 KB

280ms
238ms

Image
image/jpeg

151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://static.servingserved.com/n337/ad/192x192_pYWkl9DJl9pxqiRAbJaL.jpeg
Protocol: HTTP/1.1
Server: 151.139.128.10 Dallas, United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: fbs /
Resource Hash: d4f6e490f7ce250a7f89d2b15391bc6e41eebf134ad92e220e6cdb863693c6d7

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 15:19:32 GMT
Last-Modified: Fri, 07 Apr 2023 12:23:19 GMT
Server: fbs
ETag: "64300b37-18d1"
X-HW: 1695741572.cds137.fr8.h2,1695741572.cds337.fr8.c
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6353

Redirect headers

Location: http://static.servingserved.com/n337/ad/192x192_pYWkl9DJl9pxqiRAbJaL.jpeg
Pragma: no-cache
Cache-Control: no-store
Connection: keep-alive
Age: 0
Content-Length: 0

GET
H/1.1 200
OK pixel
xml.yellow-resultsbidder.com/ 42 B
0 390ms
368ms Fetch
image/gif 198.134.116.29
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: http://xml.yellow-resultsbidder.com/pixel?i=rHO1airIwL0_0
Requested by: Host: ja.rewashwudu.com
URL: http://ja.rewashwudu.com/fmwhVStpL4dxap/46223
Protocol: HTTP/1.1
Server: 198.134.116.29 Garden City, United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-store
Connection: keep-alive
Age: 0
Content-Length: 42
Content-Type: image/gif

POST
H/1.1 200
OK update-ads-events Show response
gestyy.com/shortener/ 17 B
1 KB 158ms
158ms XHR
application/json 104.26.8.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://gestyy.com/shortener/update-ads-events
Requested by: Host: static.sh.st
URL: http://static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
Protocol: HTTP/1.1
Server: 104.26.8.155 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40-0+deb8u16
Resource Hash: 06e5f7e2d702e0110271dd33c198e1f312a785bcf41ca4fbed2fa6d67722dc03

Request headers

Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://gestyy.com/egVOOJ
X-Requested-With: XMLHttpRequest
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Tue, 26 Sep 2023 15:19:31 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
X-Powered-By: PHP/5.6.40-0+deb8u16
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C0QdgpdJfUODTtzQogL0RPpWZkS3X%2BdqN86KXxNCgFPSNw5CSM3Va0aEUSfYxr7lS7prsuCbQ3uwWmC8VS2ifZFEF4X%2FuDSdeGPCBMekuvu03CRNtpcXK3QZwzc%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/json
Access-Control-Allow-Origin: *
X-Server-ID: shn03
Cache-Control: no-cache
Connection: keep-alive
CF-RAY: 80cc7c5329d20d6d-MXP
X-UA-Compatible: IE=Edge

GET
H2 200 iwnCbtLveBoH_qd59IDzad7l-L8yHmAF.png
i.wmgtr.com/cic/ Frame 9671 15 KB
15 KB 422ms
108ms Image
image/png 45.133.44.32
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.wmgtr.com/cic/iwnCbtLveBoH_qd59IDzad7l-L8yHmAF.png

Requested by

Host: gestyy.com
URL: http://gestyy.com/egVOOJ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

45.133.44.32 , Turkey, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

0538a0f435a8ad4564209311759c5612f5d3cb4bef551b3131a73f74c06465a5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Wed, 27 Sep 2023 14:19:31 GMT
date: Tue, 26 Sep 2023 15:19:31 GMT
content-encoding: gzip
server: nginx/1.19.0
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=82800
x-content-type-option: nosniff
x-xss-protection: 1; mode=block
x-proxy-cache: HIT

GET
H2 200 wnrw
prhzxq.com/ 0
0 138ms
137ms Fetch 185.162.85.20
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://prhzxq.com/wnrw?aid=13720858398054305099&a=1
Requested by: Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 185.162.85.20 , Moldova, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: http://gestyy.com
date: Tue, 26 Sep 2023 15:19:31 GMT
server: nginx/1.18.0
content-length: 0

GET
H2 200 IakVmspii6fVCJn2Ch-hds0ZLEP-lwzy.png
i.wmgtr.com/cic/ Frame D633 18 KB
19 KB 1154ms
866ms Image
image/png 45.133.44.32
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.wmgtr.com/cic/IakVmspii6fVCJn2Ch-hds0ZLEP-lwzy.png

Requested by

Host: gestyy.com
URL: http://gestyy.com/egVOOJ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

45.133.44.32 , Turkey, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

dd0430d1bb050773ddf22990d1857a36019b535a6951effb0944e4c671b80a3d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Wed, 27 Sep 2023 14:19:31 GMT
date: Tue, 26 Sep 2023 15:19:31 GMT
content-encoding: gzip
server: nginx/1.19.0
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=82800
x-content-type-option: nosniff
x-xss-protection: 1; mode=block
x-proxy-cache: HIT

GET
H2 200 nr-rum.3709cb75-1.238.0.min.js Show response
js-agent.newrelic.com/ 43 KB
15 KB 331ms
67ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-rum.3709cb75-1.238.0.min.js

Requested by

Host: gestyy.com
URL: http://gestyy.com/egVOOJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

626b55eec0c819bcc0e797faccf7393babe486645f1860673218e9aaa0697f4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 6NYP7CC916llrFhVilA2_41lRSPLl92y
content-encoding: br
via: 1.1 varnish
date: Tue, 26 Sep 2023 15:19:31 GMT
strict-transport-security: max-age=300
x-amz-request-id: NEDNRY5KSFD9EHRP
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 15279
x-amz-id-2: EjgY77Ywuo286JHWU72SqhECak5llQ3ND8mtMB2D2TQwoZK2eG4uDrzIkoum5CHkJYxfRx7s8Bk=
x-served-by: cache-fra-eddf8230034-FRA
last-modified: Wed, 16 Aug 2023 21:40:47 GMT
server: AmazonS3
x-timer: S1695741572.680002,VS0,VE0
etag: "f59a391a3f3bdc521e37f4984b33bf21"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2

GET
H2

403

afu.php Show response
shorteh.com/ Frame ADD2
Redirect Chain

http://ads.shorte.st/ads.php?key=2ea5b261f06ca771033a5fa9e22493f1&width=1024&height=768&ch=1&cp.dest_domain=zabbetclub.com&cp.oid=1&cp.referrer=&cp.locked=0&cp.proxy=0&cp.quarantine_status=1&cp.vno...
https://shorteh.com/afu.php?zoneid=1241630

7 B
514 B

455ms
100ms

Document
text/plain

139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://shorteh.com/afu.php?zoneid=1241630
Requested by: Host: static.sh.st
URL: http://static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.238 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 00e3fbbf542561da72fdc5ea89cfd1405c17739dd49210252e611c3122018efe

Request headers

Referer: http://gestyy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
content-length: 7
content-type: text/plain; charset=utf-8
date: Tue, 26 Sep 2023 15:19:32 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 80cc7c57cbd02ba3-FRA
Cache-Control: max-age=0, must-revalidate, no-store, private, s-maxage=0
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 26 Sep 2023 15:19:31 GMT
Location: https://shorteh.com/afu.php?zoneid=1241630
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LTk4vw3GoBK4hlGuIqAkgkPSu7TIGYgdqXprruHi1i269KadIOGPB%2BI8yEzQ13aBwiQfNM66tsxFhK5cK4jB2buRWLPSAZ49XgDZ0y5CJ536CYRq20c1IRlXCnx8RG0%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
X-Powered-By: PHP/5.6.40-0+deb8u16
X-Server-ID: shn08
X-UA-Compatible: IE=Edge

OPTIONS
H2 200 custom
ptauxofi.net/ Frame 0
0 89ms
89ms Preflight
text/plain 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ptauxofi.net/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: http://gestyy.com
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Tue, 26 Sep 2023 15:19:31 GMT
server: nginx

POST
H2 200 custom Show response
ptauxofi.net/ 39 B
321 B 216ms
216ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ptauxofi.net/custom

Requested by

Host: gestyy.com
URL: http://gestyy.com/egVOOJ

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , Ascension Island, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 1968defc1e92d3b7839b0cae1bb28be0
date: Tue, 26 Sep 2023 15:19:31 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

POST 28e0508023
bam.nr-data.net/1/ 0
0

POST
H/1.1 200
OK XLsFNt4yc7FFjUKe97Gw9VUwxod7kcvwQpfMzziJOXB9r4gY8w_uV6RqZ4JUSMu3yz62Z1MjYDNp48OtCkjangBCuCDvDEw Show response
sirossvanish.uno/ 4 KB
3 KB 210ms
209ms Fetch
application/json 23.109.248.47
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

http://sirossvanish.uno/XLsFNt4yc7FFjUKe97Gw9VUwxod7kcvwQpfMzziJOXB9r4gY8w_uV6RqZ4JUSMu3yz62Z1MjYDNp48OtCkjangBCuCDvDEw?ck9=snIhJiOzAzM4wiIzJiOiEjNwADexIDMwICLiImI6ISM2ADM4FjMwAjIsIiciojIiwiIxJiOigGd0BnOv8yZlNHd5lnLj9WbvU2ZW90TKJCLigmI6EDN0EDLiwmI6ISZu1SVTJCLiQnI60SMyADLionI6QzMyUDLismI6QDLiUnI6IiIsIiZiojZhx2clxiIlJiOiQzd5ITdl52MnhWezFzb4JCLi8mI6Qnc1VGLi0mI6EjN5UzN0ETN3MTN5YDLicnI6ISJ3IUJyIDdpRHblViMyUyMBViMyUUYy5WJyATbv5WZ5ViMw8mblIDMzh2byRXJyADbp52az5SJyATThtWZlIDMzh2byRXJyADbp52azViMwEmbkViMwUWYlIjMlIzQlIjMrVWe39mckNXJyITJzEUJ1IUJyIzco9mc0VmLzRXJyITJyMUJyIzco9mc0V2c0ViMyUiMDViMyMHavJHdlIDMslmbrNXJyITJyMUJyIDbp52alIDMzh2byRXZuVmclIjMlIzQlIjMilGdslXJyITJ1QUJyMUJyIDdvB3dvJHZzViMyUyMBVSNCViMyk2Yv5WJzE0NlIjMlIzQlIjMyVmZyV2coVyMBdTJyITJyMUJyIDdol2clMTQ2UiMyUiMDViMyMGbpN2alMTQ2UiMyUiMDViMyImcvd3clJXJzEkNlIjMlIzQlIjMzh2b1xGZlMTQ1UiMyUiMDViMyUWYy5WJzEENlIjMlIzQlIjMhRmYs92YrVyMBRTJyITJyMUJyIDchdWZlMTQ0UiMyUiMDViMy02buVWelMTQzUiMyUiMDViMyAHblF2clVyMBNTJyITJyMUJyITevVnclMTQzUiMyUiMDViMygWY2VWJzE0MlIjMlIzQlIjM0VncuVGZlMTQzUiMyUiMDViMycmcllXJzE0MlIjMlIzQlIjMklGZudCdlMTQzUiMyUiMDViMyEWd09WbhRXajFGbslXJzE0MlIjMlIzQlIjM0hWYut2chUyMBNTJyITJ1QUJ3QkIsICcyJiOxwiIoNmI6QDLiIGbioTLxwiIiNmI6MDLiYndiojIJ5GdlxGIJ52YuICLiYnciojIJ5GdlxGIJJXazByTwVmbHxEIF52Zp5WZiwiIhNmI6ADLiMGdiojI152au92duJCLiMWZ0JiOiQzZiwiIjRGbtJiOtEDLiMGZsJiO54yMsIyYyRHdioDMsICdtNnI6ETf

Requested by

Host: ja.rewashwudu.com
URL: http://ja.rewashwudu.com/fmwhVStpL4dxap/46223

Protocol

HTTP/1.1

Server

23.109.248.47 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

d5f6de02b61aeb46b420d23d18ae36b2f3f6636b89996e4ae90fceabf4133fbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Tue, 26 Sep 2023 15:19:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: http://gestyy.com
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=20
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires

OPTIONS
H/1.1 200
OK XLsFNt4yc7FFjUKe97Gw9VUwxod7kcvwQpfMzziJOXB9r4gY8w_uV6RqZ4JUSMu3yz62Z1MjYDNp48OtCkjangBCuCDvDEw
sirossvanish.uno/ Frame 0
0 110ms
110ms Preflight
text/html 23.109.248.47
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

HTTP/1.1

Server

23.109.248.47 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: http://gestyy.com
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 26 Sep 2023 15:19:33 GMT
Keep-Alive: timeout=20
Server: nginx
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
H2 200 css
fonts.googleapis.com/ Frame 050D 11 KB
883 B 270ms
269ms Stylesheet
text/css 142.250.185.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800

Requested by

Host: ja.rewashwudu.com
URL: http://ja.rewashwudu.com/fmwhVStpL4dxap/46223

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f10.1e100.net

Software

ESF /

Resource Hash

0f7d13dd5f5050995a5c0fc2f19a0be93dcfac0da0ab80f5173857052089ce37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 26 Sep 2023 15:19:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 26 Sep 2023 14:37:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 26 Sep 2023 15:19:34 GMT

GET
H2

200

Xv0wX40qH9EyRn4SOKJSK9OY5v1zcCOuqvfMFe0r.png
imcdn.co/ Frame 050D
Redirect Chain

https://icdns.net/b2/c/i/icon?cid=1&did=e1FQVUw&eid=622&nid=1&sid=3304215227EXxsXPTO&ts=1695741573&ttl=43200&v=v5.8.2
https://imcdn.co/Xv0wX40qH9EyRn4SOKJSK9OY5v1zcCOuqvfMFe0r.png

6 KB
6 KB

779ms
91ms

Image
image/webp

104.21.234.72

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imcdn.co/Xv0wX40qH9EyRn4SOKJSK9OY5v1zcCOuqvfMFe0r.png
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: H2
Server: 104.21.234.72 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 88de3634c22160b35c27603cb9f203648de0ccec282448018a2339aa70121362

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 15:19:35 GMT
cf-cache-status: HIT
last-modified: Fri, 08 Sep 2023 05:05:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1592060
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xeUCFBgTywhEfLVbEAWUFvnyes2y4pJEyIbd4rnmDBF1rN1CSca%2FTfYsDvmYuHa0lvoIdO65RwFlklGKemxv5tAfz6qotwXsl3pexJzgP7Oh0nH47RbblOb6vA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 80cc7c6dcafe3ce6-CDG
alt-svc: h3=":443"; ma=86400
content-length: 5798
expires: Sun, 08 Oct 2023 05:05:15 GMT

Redirect headers

location: https://imcdn.co/Xv0wX40qH9EyRn4SOKJSK9OY5v1zcCOuqvfMFe0r.png
date: Tue, 26 Sep 2023 15:19:34 GMT
referrer-policy: no-referrer, no-referrer
server: dspclick-v3.9.0
content-length: 0

GET
H/1.1 200
OK 6b0c955046cc3909ef347f7c95ec7cd9a3672503.png
scarpeweevily.top/g/6b/0c/ Frame 050D 10 KB
10 KB 550ms
260ms Image
image/png 142.91.159.157
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://scarpeweevily.top/g/6b/0c/6b0c955046cc3909ef347f7c95ec7cd9a3672503.png
Requested by: Host: gestyy.com
URL: http://gestyy.com/egVOOJ
Protocol: HTTP/1.1
Server: 142.91.159.157 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: cff0daa9ac0fe904d11b8bd23445e06094586cabb4327b323ba57f2a8fa135ac

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 15:19:34 GMT
Last-Modified: Tue, 13 Jul 2021 07:32:39 GMT
Server: nginx
ETag: "60ed4197-28af"
Content-Type: image/png
Cache-Control: max-age=864000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=20
Content-Length: 10415
Expires: Fri, 06 Oct 2023 15:19:34 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v36/ Frame 050D 47 KB
47 KB 98ms
98ms Font
font/woff2 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

sffe /

Resource Hash

9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://gestyy.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 18:17:53 GMT
x-content-type-options: nosniff
age: 421301
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48432
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 Sep 2024 18:17:53 GMT

POST
H/1.1 200
OK update-ads-events Show response
gestyy.com/shortener/ 17 B
1 KB 231ms
231ms XHR
application/json 104.26.8.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://gestyy.com/shortener/update-ads-events
Requested by: Host: static.sh.st
URL: http://static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
Protocol: HTTP/1.1
Server: 104.26.8.155 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40-0+deb8u16
Resource Hash: 06e5f7e2d702e0110271dd33c198e1f312a785bcf41ca4fbed2fa6d67722dc03

Request headers

Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://gestyy.com/egVOOJ
X-Requested-With: XMLHttpRequest
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Tue, 26 Sep 2023 15:19:35 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
X-Powered-By: PHP/5.6.40-0+deb8u16
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4o2DyU11lMeCBZmYW7jp2wfugv6T80OL6OoLiZlc3h5Aq0dCZeIgzLrdSeuNYCd0qblgqdOXGTjyz0NnnO4ecvfaAoU0kS%2BcUueNNVM20hLi7N6CRvfy5bwfAes%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/json
Access-Control-Allow-Origin: *
X-Server-ID: shn09
Cache-Control: no-cache
Connection: keep-alive
CF-RAY: 80cc7c6bdf360d6d-MXP
X-UA-Compatible: IE=Edge

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: analytics.shorte.st
URL: http://analytics.shorte.st/displayed

Domain: cuid
URL: https://cuid/?f=http%3A%2F%2Fgestyy.com

Domain: cuid
URL: https://cuid/?f=http%3A%2F%2Fgestyy.com

Domain: bam.nr-data.net
URL: https://bam.nr-data.net/1/28e0508023?a=9451001&v=1.238.0&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=6716&ck=0&s=ea7b5833cde18e76&ref=http://gestyy.com/egVOOJ&ap=95&be=587&fe=5740&dc=3847&at=GBNTEw1LGR8%3D&perf=%7B%22timing%22:%7B%22of%22:1695741565076,%22n%22:0,%22dn%22:1,%22dne%22:20,%22c%22:20,%22ce%22:327,%22rq%22:327,%22rp%22:587,%22rpe%22:611,%22di%22:4421,%22ds%22:4429,%22de%22:4433,%22dc%22:6306,%22l%22:6312,%22le%22:6327%7D,%22navigation%22:%7B%7D%7D&fp=1910&fcp=1910

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
gestyy.com/	1970-01-20 23:47:57	Name: hl Value: en
gestyy.com/	1969-12-31 23:59:59	Name: cookies-enable Value: 1
.gestyy.com/	1970-01-21 00:38:21	Name: _ga Value: GA1.2.1215778776.1695741567
.gestyy.com/	1970-01-20 15:03:47	Name: _gid Value: GA1.2.322023050.1695741567
.gestyy.com/	1970-01-20 15:02:21	Name: _gat Value: 1
.gestyy.com/	1970-01-20 17:11:57	Name: _gcl_au Value: 1.1.573634982.1695741570
pogothere.xyz/	1970-01-20 23:40:45	Name: csu Value: 1841154289435591@1@1695741568
my.rtmark.net/	1970-01-20 23:47:57	Name: ID Value: 90404ad745b74c82b6f245211b3f22ef
.doubleclick.net/	1970-01-20 15:02:22	Name: test_cookie Value: CheckForPermission
.gestyy.com/	1970-01-21 00:38:21	Name: _ga_7C6F2JT500 Value: GS1.2.1695741570.1.0.1695741570.0.0.0
gestyy.com/	1970-01-20 15:03:47	Name: referrer_url Value: http%3A%2F%2Fgestyy.com%2FegVOOJ
viewyentreat.guru/	1970-01-20 15:03:47	Name: GL_UI4 Value: eJw9jd1OhDAYRPln1QWdhAfwEUDELJfGh9hLUtqvbF1oN6VCfHsbE72ak8mZTBAEUfWIcMsSxF%2Bsw7NsX6l%2F6%2FtOCNlK2dHYjFJQ0564pJee406tg2PjTC7BYV2YdYPbEhwn0mQVH7gRVODJW3%2FNVZtdJ0hHy7QokC7emAvkozX7SraKkWi2ELKPizU%2B04V9Govo1HtU2mNYIzJrFZf3yM9KC78rj4iauiyzAA%2B3mTlp7DIokYVIJ8sEIXzHgTNHk7HfyAWtV2dugJnF8O%2F%2F3sZ7UyMTtCnuv427kP0B83FPOw%3D%3D
viewyentreat.guru/	1970-01-20 15:03:47	Name: GL_GI10 Value: eJwNyrEKwjAURuHci0SlOvzS56iEDtU5HRzcCt1jGiQQ05JUBZ%2FeDGf5OEIIrg9gv%2BCoukujrqW2axToCdY3sI2ohq9ffy4FEydQAo89OEVsRvMuYLHVwSQXM8hjV%2Bac7fwCF9hr8wju3A930CIFeJ0lg%2FNUC9BHnv70yByY
vickykilled.cfd/	1970-01-20 15:03:47	Name: GL_UI4 Value: eJw9jd1OhDAYRPln1QWdhAfwEUDELJfGh9hLUtqvbF1oN6VCfHsbE72ak8mZTBAEUfWIcMsSxF%2Bsw7NsX6l%2F6%2FtOCNlK2dHYjFJQ0564pJee406tg2PjTC7BYV2YdYPbEhwn0mQVH7gRVODJW3%2FNVZtdJ0hHy7QokC7emAvkozX7SraKkWi2ELKPizU%2B04V9Govo1HtU2mNYIzJrFZf3yM9KC78rj4iauiyzAA%2B3mTlp7DIokYVIJ8sEIXzHgTNHk7HfyAWtV2dugJnF8O%2F%2F3sZ7UyMTtCnuv427kP0B83FPOw%3D%3D
vickykilled.cfd/	1970-01-20 15:03:47	Name: GL_GI10 Value: eJwNyrEKwjAURuHci0SlOvzS56iEDtU5HRzcCt1jGiQQ05JUBZ%2FeDGf5OEIIrg9gv%2BCoukujrqW2axToCdY3sI2ohq9ffy4FEydQAo89OEVsRvMuYLHVwSQXM8hjV%2Bac7fwCF9hr8wju3A930CIFeJ0lg%2FNUC9BHnv70yByY
jurorstalar.uno/	1970-01-20 15:03:47	Name: GL_UI4 Value: eJw9jd1OhDAYRPln1QWdhAfwEUDELJfGh9hLUtqvbF1oN6VCfHsbE72ak8mZTBAEUfWIcMsSxF%2Bsw7NsX6l%2F6%2FtOCNlK2dHYjFJQ0564pJee406tg2PjTC7BYV2YdYPbEhwn0mQVH7gRVODJW3%2FNVZtdJ0hHy7QokC7emAvkozX7SraKkWi2ELKPizU%2B04V9Govo1HtU2mNYIzJrFZf3yM9KC78rj4iauiyzAA%2B3mTlp7DIokYVIJ8sEIXzHgTNHk7HfyAWtV2dugJnF8O%2F%2F3sZ7UyMTtCnuv427kP0B83FPOw%3D%3D
jurorstalar.uno/	1970-01-20 15:03:47	Name: GL_GI10 Value: eJwNyrEKwjAURuHci0SlOvzS56iEDtU5HRzcCt1jGiQQ05JUBZ%2FeDGf5OEIIrg9gv%2BCoukujrqW2axToCdY3sI2ohq9ffy4FEydQAo89OEVsRvMuYLHVwSQXM8hjV%2Bac7fwCF9hr8wju3A930CIFeJ0lg%2FNUC9BHnv70yByY

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://gestyy.com/egVOOJ Message: Access to XMLHttpRequest at 'http://analytics.shorte.st/displayed' from origin 'http://gestyy.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: http://analytics.shorte.st/displayed Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://cuid/?f=http%3A%2F%2Fgestyy.com Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcWj7VQvnpnqDn3rduVNF5odfzTFZ2La2YViLign8p11DQPlcb-W8V0dc2lFgMcZgz4ho_P&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1308525985%3A1695741570159871&theme=glif Message: Failed to load resource: the server responded with a status of 403 ()
security	warning	Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdD-v07rV71hjFy7t7BfcIuNlaGdgWJdDZWR6fsT926Ktr6H1eSFEfr74sfVM4Kl7qT2Zf0&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S923462713%3A1695741570167029&theme=glif Message: Failed to load resource: the server responded with a status of 403 ()
javascript	error	URL: http://gestyy.com/egVOOJ Message: Access to XMLHttpRequest at 'https://bam.nr-data.net/1/28e0508023?a=9451001&v=1.238.0&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=6716&ck=0&s=ea7b5833cde18e76&ref=http://gestyy.com/egVOOJ&ap=95&be=587&fe=5740&dc=3847&at=GBNTEw1LGR8%3D&perf=%7B%22timing%22:%7B%22of%22:1695741565076,%22n%22:0,%22dn%22:1,%22dne%22:20,%22c%22:20,%22ce%22:327,%22rq%22:327,%22rp%22:587,%22rpe%22:611,%22di%22:4421,%22ds%22:4429,%22de%22:4433,%22dc%22:6306,%22l%22:6312,%22le%22:6327%7D,%22navigation%22:%7B%7D%7D&fp=1910&fcp=1910' from origin 'http://gestyy.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bam.nr-data.net/1/28e0508023?a=9451001&v=1.238.0&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=6716&ck=0&s=ea7b5833cde18e76&ref=http://gestyy.com/egVOOJ&ap=95&be=587&fe=5740&dc=3847&at=GBNTEw1LGR8%3D&perf=%7B%22timing%22:%7B%22of%22:1695741565076,%22n%22:0,%22dn%22:1,%22dne%22:20,%22c%22:20,%22ce%22:327,%22rq%22:327,%22rp%22:587,%22rpe%22:611,%22di%22:4421,%22ds%22:4429,%22de%22:4433,%22dc%22:6306,%22l%22:6312,%22le%22:6327%7D,%22navigation%22:%7B%7D%7D&fp=1910&fcp=1910 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://shorteh.com/afu.php?zoneid=1241630 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
ads.shorte.st
analytics.shorte.st
andhthrewdow.com
bam.nr-data.net
cuid
d3t3z4teexdk2r.cloudfront.net
ejuiashsateampl.info
fonts.googleapis.com
fonts.gstatic.com
gestyy.com
googleads.g.doubleclick.net
i.wmgtr.com
icdns.net
imcdn.co
intendrebend.top
ja.rewashwudu.com
js-agent.newrelic.com
jurorstalar.uno
my.rtmark.net
pogothere.xyz
prhzxq.com
ptauxofi.net
region1.google-analytics.com
scarpeweevily.top
shorteh.com
sirossvanish.uno
static.servingserved.com
static.sh.st
ubbfpm.com
vickykilled.cfd
viewyentreat.guru
www.facebook.com
www.google-analytics.com
www.google.ch
www.google.com
www.googletagmanager.com
xdiwbc.com
xml.yellow-resultsbidder.com
xngqoc.com
analytics.shorte.st
bam.nr-data.net
cuid
104.21.234.72
104.21.85.99
104.26.5.107
104.26.6.218
104.26.8.155
109.206.162.121
139.45.195.8
139.45.197.238
139.45.197.250
142.250.184.228
142.250.185.234
142.250.185.67
142.250.186.104
142.250.186.173
142.91.159.157
151.101.66.137
151.139.128.10
157.240.251.35
172.217.18.99
172.255.6.131
172.64.97.14
172.67.204.112
172.67.74.33
18.65.39.33
18.65.39.78
185.162.85.1
185.162.85.20
188.114.96.3
198.134.116.29
216.239.34.36
216.58.206.34
216.58.212.142
23.109.150.155
23.109.150.205
23.109.248.47
23.109.82.11
45.133.44.32
51.195.5.185
52.222.232.60
95.216.206.230
00e3fbbf542561da72fdc5ea89cfd1405c17739dd49210252e611c3122018efe
0538a0f435a8ad4564209311759c5612f5d3cb4bef551b3131a73f74c06465a5
06e5f7e2d702e0110271dd33c198e1f312a785bcf41ca4fbed2fa6d67722dc03
09a1c2b9ff402566e131b28389e336119675ba49f5a61cb6d56bbf44dba5b41b
0f7d13dd5f5050995a5c0fc2f19a0be93dcfac0da0ab80f5173857052089ce37
13d563a91dfaa58d9eacaa3a935c77417d0639d1b7d9880c21ff5b41c3d3f95e
1cc1496df0e158cb70929cd29191a4ed7210452c24695213c50750b514baef7a
234207a371cff4e2830158c59cc355544a0527478e415b5e39df05294295809f
25658be697fda9faf1d30108fc7d910caaa02beeb3b68cce6fece56fdf273b4a
2d054b502d829accd15ff9cb78d1431df1c3ec2c67ca18d4008d2cbc973c6384
2ec2be79bdd565c0282717c3809e7125dea0387cdebd0a134b3f2cab8a0bb098
32a72f2577fe6cc44c505a8215e48edcb84d3f48cea5b5b9a32ac4b7cefe02f7
37800f9f2bb9d6543c17667dca9695da535d5b01fcf095db9d20d9782f1d22d0
5d1d95a226026f763d0d086ef23b7cdc09e9dd0c68df56d6d638b0474a64e1e0
626b55eec0c819bcc0e797faccf7393babe486645f1860673218e9aaa0697f4b
671f3e585e56535db1b04c2641867b567267f15f4f8fbe4e2953f66f151965c0
6acd8bce6481db9a9462ccbd6702dba686bb978e07d836648512a4c5563a1b49
6b38dddf40fd9ddd9015c53fb6cc03a0a02ee28b6995689465b95b22024b4a00
6ebd4dce73d9310e592cc8a46b8dd673770f8c1f6cac54913f23b50c8a3fc7ed
79c07fd74a6195368c8dd1a9ef19cf0949bbc819909b6c09d335745e7503a2f2
7b23e3a7155161323573e58616ff1bfdaffd0560483db31315d181f6b394ddd5
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
852f7b7dd6d7923234a1d32b6887439c5147ebc6e327fec569f07fc2a2c58007
88bb3be0111402f5ca81aaa36cbf7c4a2755099c5d0446831331e1d1d8e7a1ef
88de3634c22160b35c27603cb9f203648de0ccec282448018a2339aa70121362
8996b13621789a424b4c36f978b57c6b5ccf4696e1a65830284dcd23b02cedfd
8cbc049ddbd7ca67068451ce754401833499959c4c6ed7b98f664d42e0597808
966e84071fa5e035c0b245bdaff9481689757ca515545bd1751062897f91459b
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
a3c20afd8ce81bd9159a219bd8b18b166bf6074a490e9868a84740b6a49eb559
a9b458069d6e75e212f4a8b6e1a1666fd191f30e3c699a35ffb077efe2cf0cb2
ad3995ed8857c7c6c71609fb70c4c77bc564d9279424bc5b9945134720730d24
afe2e6964d60fd5367708acb4fd9afa7d570a1574cd1d31b41178d0566eef271
b4a9aa20efa10d587f887e2a7f85a60217fe77c179e2fa9d697309baafb989e7
bbc559ac3e90d94ded0e9f929a75f16a1d3a58198513e66a3261715bd2572601
c31461e7d5878ea10e0a54861d26c7543f5d5464a6178c83ed6a8d6bad278e20
c3c736b80c318c7323b9f2b6a3b2ddd6e78e5aeeed7e9d648c6b1d7e97691024
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cff0daa9ac0fe904d11b8bd23445e06094586cabb4327b323ba57f2a8fa135ac
d3cb41f5457b4b1e7b1ec282fadc75ab6f76e5e093df354c718bd86eae346fed
d4f6e490f7ce250a7f89d2b15391bc6e41eebf134ad92e220e6cdb863693c6d7
d5f6de02b61aeb46b420d23d18ae36b2f3f6636b89996e4ae90fceabf4133fbb
d8e19b40a2a90567d5cbb0d33e6ba54325cfee8c10f1fe82100c9fea2b2b1e87
d929b28e66745f2bbf8eb65a1c26894e52a6825a8fcde11c5fd6a1fc5436b927
dd0430d1bb050773ddf22990d1857a36019b535a6951effb0944e4c671b80a3d
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e58b4c163cb14f66ced74ce6a9fe37321b148a519af57a516335fc09851b0dcd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

gestyy.com Open in urlscan Pro 104.26.8.155 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

87 Requests

54 %HTTPS

0 %IPv6

37 Domains

40 Subdomains

36 IPs

8 Countries

1314 kBTransfer

2532 kBSize

17 Cookies

2 Outgoing links

Redirected requests

87 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

gestyy.com Open in urlscan Pro
104.26.8.155 Public Scan

Screenshot
Live screenshot

Full Image

87
Requests

54 %
HTTPS

0 %
IPv6

37
Domains

40
Subdomains

36
IPs

8
Countries

1314 kB
Transfer

2532 kB
Size

17
Cookies

87 HTTP transactions
1 data transactions