urlscan.io logo urlscan.io
SecurityTrails logo

sh.st Open in urlscan Pro
2606:4700:20::681a:6da  Public Scan

Go To Rescan Add Verdict Report
URL: http://sh.st/Wpovq
Submission Tags: falconsandbox
Submission: On September 30 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 21 IPs in 6 countries across 19 domains to perform 41 HTTP transactions. The main IP is 2606:4700:20::681a:6da, located in United States and belongs to CLOUDFLARENET, US. The main domain is sh.st. The Cisco Umbrella rank of the primary domain is 235521.
This is the only time sh.st was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

7    2606:4700:20::681a:6da (United States)

ASN13335 (CLOUDFLARENET, US)
sh.st
1    2a00:1450:400d:80a::200a (Ireland)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:400d:807::200e (Ireland)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    2606:4700:20::ac43:44fa (United States)

ASN13335 (CLOUDFLARENET, US)
static.sh.st
1    192.243.61.225 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
endangersquarereducing.com
10    139.45.197.250 (United Kingdom)

ASN9002 (RETN-AS, GB)
ptauxofi.net
1    95.216.206.230 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.230.206.216.95.clients.your-server.de
ubbfpm.com
1    23.109.248.134 (Netherlands)

ASN7979 (SERVERS-COM, US)
blastsbigener.com
2    2a00:1450:400d:80e::2008 (Ireland)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:400d:80d::2003 (Ireland)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700:20::ac43:4a21 (United States)

ASN13335 (CLOUDFLARENET, US)
analytics.shorte.st
1    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
www.googleadservices.com
1    139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)
my.rtmark.net
1    2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:400d:80a::2004 (Ireland)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:400d:804::2003 (Ireland)

ASN15169 (GOOGLE, US)
www.google.de
1    2a02:b4a:1:7::9165:1 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
prhzxq.com
1    151.101.130.137 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
1    2606:4700:20::681a:56b (United States)

ASN13335 (CLOUDFLARENET, US)
ads.shorte.st
1    139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)
shorteh.com
1    162.247.241.14 (United States)

ASN23467 (NEWRELIC-AS-1, US)
bam.nr-data.net
Apex Domain
Subdomains		 Transfer
10 ptauxofi.net
ptauxofi.net — Cisco Umbrella Rank: 64667
73 KB
10 sh.st
sh.st — Cisco Umbrella Rank: 235521
static.sh.st — Cisco Umbrella Rank: 254216
175 KB
2 shorte.st
analytics.shorte.st — Cisco Umbrella Rank: 279200 Failed
ads.shorte.st — Cisco Umbrella Rank: 343294
774 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64
82 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 28
20 KB
1 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 217
1 shorteh.com
shorteh.com — Cisco Umbrella Rank: 501382
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 318
14 KB
1 prhzxq.com
prhzxq.com — Cisco Umbrella Rank: 83089
128 B
1 google.de
www.google.de — Cisco Umbrella Rank: 6301
548 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
548 B
1 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 42
2 KB
1 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 12684
537 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 129
15 KB
1 gstatic.com
fonts.gstatic.com
46 KB
1 blastsbigener.com
blastsbigener.com — Cisco Umbrella Rank: 248259
1 ubbfpm.com
ubbfpm.com — Cisco Umbrella Rank: 176859
105 KB
1 endangersquarereducing.com
endangersquarereducing.com — Cisco Umbrella Rank: 355204
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 41
1 KB
41 19
Domain Requested by
10 ptauxofi.net sh.st
ptauxofi.net
7 sh.st sh.st
3 static.sh.st sh.st
2 www.googletagmanager.com sh.st
www.googletagmanager.com
2 www.google-analytics.com sh.st
www.google-analytics.com
1 bam.nr-data.net js-agent.newrelic.com
1 shorteh.com static.sh.st
1 ads.shorte.st 1 redirects
1 js-agent.newrelic.com sh.st
1 prhzxq.com ubbfpm.com
1 www.google.de sh.st
1 www.google.com sh.st
1 googleads.g.doubleclick.net www.googleadservices.com
1 my.rtmark.net sh.st
1 www.googleadservices.com www.googletagmanager.com
1 analytics.shorte.st static.sh.st
1 fonts.gstatic.com fonts.googleapis.com
1 blastsbigener.com sh.st
1 ubbfpm.com sh.st
1 endangersquarereducing.com sh.st
1 fonts.googleapis.com sh.st
41 21

This site contains links to these domains. Also see Links.

Domain
shorte.st
Subject Issuer Validity Valid
upload.video.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
ptauxofi.net
R3		 2022-07-24 -
2022-10-22		 3 months crt.sh
ubbfpm.com
R3		 2022-09-29 -
2022-12-28		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-09-05 -
2022-11-28		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-09-05 -
2022-11-28		 3 months crt.sh
www.googleadservices.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.rtmark.net
Sectigo RSA Domain Validation Secure Server CA		 2021-11-20 -
2022-11-26		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-09-05 -
2022-11-28		 3 months crt.sh
prhzxq.com
R3		 2022-08-28 -
2022-11-26		 3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2022 Q2		 2022-07-10 -
2023-08-11		 a year crt.sh
shorteh.com
R3		 2022-08-28 -
2022-11-26		 3 months crt.sh
*.nr-data.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-10 -
2023-02-10		 a year crt.sh

This page contains 4 frames:

Primary Page: http://sh.st/Wpovq
Frame ID: C4FFC3BAE724CB7F6A6E35FC3D96F867
Requests: 33 HTTP requests in this frame

Frame: data://truncated
Frame ID: BED850F3A3175AD43AC8113CE3773660
Requests: 1 HTTP requests in this frame

Frame: http://sh.st/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1664510400
Frame ID: B815C33C960E1AABCF5BDCA984E6D540
Requests: 3 HTTP requests in this frame

Frame: https://shorteh.com/afu.php?zoneid=1241630
Frame ID: AE3E525249B01D73AC34FBCB5C02EFB3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Earn money on short links. Make short links and earn the biggest money - shorte.stsawssad-ninja-vector-full-export-v2

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

41
Requests

61 %
HTTPS

57 %
IPv6

19
Domains

21
Subdomains

21
IPs

6
Countries

535 kB
Transfer

989 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://www.google-analytics.com/analytics.js HTTP 307
  • https://www.google-analytics.com/analytics.js
Request Chain 35
  • http://ads.shorte.st/ads.php?key=2ea5b261f06ca771033a5fa9e22493f1&width=1024&height=768&ch=388082&cp.dest_domain=userscloud.com&cp.oid=388082&cp.referrer=&cp.locked=0&cp.proxy=0&cp.quarantine_status=1&cp.vno=1&cp.enc_url=51A4NHUPh8InfcEQKlSx77ApDvKAOXhMtsIX1SgJJ/8ecKJVlcxOwD+ORGTSedHO&cp.asid=e7e6ea855220ea3bd2ce0d4b7c68cc1b92545576&title=&description=&keywords=&captcha_verified=0 HTTP 302
  • https://shorteh.com/afu.php?zoneid=1241630

41 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Wpovq
sh.st/ 		74 KB
31 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://sh.st/Wpovq
Protocol
HTTP/1.1
Server
2606:4700:20::681a:6da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.6.40-0+deb8u15
Resource Hash
04323c877b1fbf191724b2ec36468bc1a11a35d70b68cd69fd055b2379709d8b
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
CF-Cache-Status
DYNAMIC
CF-RAY
752a2523ff2e918f-FRA
Cache-Control
no-cache
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 30 Sep 2022 04:16:46 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FQANXRs%2Bnn1fgM6DiJ1yBb8fHpmRXxdS8WjtH6h73rOLXNm4WT5gxO4EZ9uG3YMaZXuPvsRICgs4OWl7eRSku3JdjVkZVzcS0Vxtl5ba5FSOPkGqUQpTGpK2tZZoJB0mhMXP"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Frame-Options
DENY
X-Powered-By
PHP/5.6.40-0+deb8u15
X-Server-ID
shn05
X-UA-Compatible
IE=Edge
css
fonts.googleapis.com/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Raleway:400,700
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c639475111ae9c7a6c89e022ab7a77eb6e9d82145e845dfba037b53650297288
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 30 Sep 2022 04:16:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 30 Sep 2022 03:54:24 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 30 Sep 2022 04:16:46 GMT
analytics.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
H2
Server
2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 30 Sep 2022 02:27:31 GMT
last-modified
Sun, 11 Sep 2022 13:50:09 GMT
server
Golfe2
age
6555
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19826
expires
Fri, 30 Sep 2022 04:27:31 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
tracking.gif
sh.st/bundles/advertisement/img/ 		0
745 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://sh.st/bundles/advertisement/img/tracking.gif?test=e7e6ea855220ea3bd2ce0d4b7c68cc1b92545576
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
HTTP/1.1
Server
2606:4700:20::681a:6da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/Wpovq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Fri, 30 Sep 2022 04:16:47 GMT
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
Content-Length
0
X-UA-Compatible
IE=Edge
Last-Modified
Wed, 29 Jun 2022 08:56:54 GMT
Server
cloudflare
ETag
"62bc13d6-0"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ofFC6%2Fbgf2edOxS4JN0d4x2r6HL5oMwmfZqJxakLP0eX18ganI99nwC%2BM%2FMzCoLZmqH%2BlnfnALwt2X3kP0QT6AqJkQaFHycOO2HQ4tXzNHuvSUg%2FYXSvSlzmoAxIrO%2BBWvfe"}],"group":"cf-nel","max_age":604800}
Content-Type
image/gif
Access-Control-Allow-Origin
*
X-Server-ID
shn06
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
752a2525d918918f-FRA
advertisement-tracking-388082.gif
sh.st/bundles/smeweb/img/ 		43 B
761 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://sh.st/bundles/smeweb/img/advertisement-tracking-388082.gif?t=1664511406
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
HTTP/1.1
Server
2606:4700:20::681a:6da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/Wpovq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Fri, 30 Sep 2022 04:16:47 GMT
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
Content-Length
43
X-UA-Compatible
IE=Edge
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pCpMwO%2FFVbbrp0CNrJLzcF1QOL0SgLNbqxf%2BuLEWLUfgAIrK5clBKea421j0wl9L3gfFo3JzQxttolQdoZvTn8Bp433rOkRAXCIcmzjOw835Vg307WcCkXXvnxaXPHWDqroL"}],"group":"cf-nel","max_age":604800}
Content-Type
image/gif
Access-Control-Allow-Origin
*
X-Server-ID
shn07
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
752a2525ec4e91e4-FRA
tracking-388082.gif
sh.st/bundles/smeweb/img/ 		43 B
761 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://sh.st/bundles/smeweb/img/tracking-388082.gif?t=1664511406
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
HTTP/1.1
Server
2606:4700:20::681a:6da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/Wpovq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Fri, 30 Sep 2022 04:16:47 GMT
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
Content-Length
43
X-UA-Compatible
IE=Edge
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aK5FtgFIMHxY3QVCWHfc%2Bgc6O3GmHEZUFYFxZTSqkDBM9HKSyJ9FOIc3f0Qx7GMLkjQ%2BacypIVBowlF33sxKeVjCAfPUcoTkZdVEIWuydkuqhiP1FL6XuXIacirfgLWX4Gm5"}],"group":"cf-nel","max_age":604800}
Content-Type
image/gif
Access-Control-Allow-Origin
*
X-Server-ID
shn09
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
752a2525eb4e9271-FRA
logo1707.png
static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
HTTP/1.1
Server
2606:4700:20::ac43:44fa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Fri, 30 Sep 2022 04:16:47 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
67168
Connection
keep-alive
Content-Length
6226
X-UA-Compatible
IE=Edge
Last-Modified
Fri, 17 Jul 2015 13:29:04 GMT
Server
cloudflare
ETag
"55a90320-1852"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Lde0HVjJjq%2FDWbLcT1owfiUwH%2FZ2wcZ1RR1c%2BDz1AskrJ5FiEQvvaY6NDFStEBP4n2n%2B8V7zg2Ywnbp3QeTQdbdm7eWQGcQLWPiiF5lK0ZbHezBZCR7iRsfc%2FdcA%2FTbr1E7m6LysKBD0g%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
X-Server-ID
shn05
Cache-Control
max-age=86400
Accept-Ranges
bytes
CF-RAY
752a2525ff799a3c-FRA
Expires
Fri, 30 Sep 2022 09:37:19 GMT
interstitial-page.js
static.sh.st/js/packed/ 		79 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
HTTP/1.1
Server
2606:4700:20::ac43:44fa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88bb3be0111402f5ca81aaa36cbf7c4a2755099c5d0446831331e1d1d8e7a1ef

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Fri, 30 Sep 2022 04:16:47 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
67156
Cf-Polished
origSize=102880
Transfer-Encoding
chunked
Connection
keep-alive
X-UA-Compatible
IE=Edge
Cf-Bgj
minify
Last-Modified
Wed, 29 Jun 2022 08:57:49 GMT
Server
cloudflare
ETag
W/"62bc140d-191e0"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tLzHRjhgG1I7tHCya56J0UAnmXdANLctHGMoX%2BaBPRDDr9H5f%2BbZeztMDhYjQ7mrWS1t7SjU2hMVY8pyYNB24NiOhFeTc1OdMbQW3SA3aF5HOBEjeh7z4TC1L51AsaueWG0VqK%2BTQi%2Bdow%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
X-Server-ID
shn01
Cache-Control
max-age=86400
CF-RAY
752a2525fa0f92ad-FRA
Expires
Fri, 30 Sep 2022 09:37:31 GMT
34c6b37755370ea4318f4ff4946df449.js
endangersquarereducing.com/34/c6/b3/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
HTTP/1.1
Server
192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.22.0 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Fri, 30 Sep 2022 04:16:47 GMT
Server
nginx/1.22.0
Accept-CH
Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
tag.min.js
ptauxofi.net/pfe/current/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ptauxofi.net/pfe/current/tag.min.js?z=4157053
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
c8a0fb0320831047a2276f2759bd6650de39079719e9f0486329532239236d3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 30 Sep 2022 04:16:47 GMT
content-encoding
gzip
last-modified
Tue, 27 Sep 2022 13:19:37 GMT
server
nginx
etag
W/"6332f869-39be"
content-type
application/javascript
cache-control
no-cache
access-control-allow-credentials
true
inpage.js
ubbfpm.com/ms/1102360/ 		104 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ubbfpm.com/ms/1102360/inpage.js
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.216.206.230 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.230.206.216.95.clients.your-server.de
Software
nginx /
Resource Hash
2c1559da16a1c17633887a66ea3e2ea6d8ebf00ad759c87a60d95fb44295a099
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Fri, 30 Sep 2022 04:16:47 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Last-Modified
Thu, 29 Sep 2022 10:03:02 GMT
Server
nginx
X-Permitted-Cross-Domain-Policies
none
ETag
"63356d56-1a18b"
X-Download-Options
noopen
X-Frame-Options
sameorigin
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
106891
X-XSS-Protection
1; mode=block
46223
blastsbigener.com/fQpSd6yCOk7Ox9L/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://blastsbigener.com/fQpSd6yCOk7Ox9L/46223
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
HTTP/1.1
Server
23.109.248.134 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers
gtm.js
www.googletagmanager.com/ 		92 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a87915cdd25eaa3eb27ba29856a4da3463870c4132bc083d99de68e5808156e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 04:16:47 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36714
x-xss-protection
0
last-modified
Fri, 30 Sep 2022 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 30 Sep 2022 04:16:47 GMT
widget-sprite.png
static.sh.st/bundles/smeweb/img/ 		83 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
HTTP/1.1
Server
2606:4700:20::ac43:44fa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Fri, 30 Sep 2022 04:16:47 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
67149
Connection
keep-alive
Content-Length
84545
X-UA-Compatible
IE=Edge
Last-Modified
Wed, 29 Jun 2022 08:56:53 GMT
Server
cloudflare
ETag
"62bc13d5-14a41"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rGH3wc9vnn4j11yncOnb2B6SW%2BBbQzy6bRX%2FqRph%2FkEx%2BSZ5rlH9sM0HxPwWBIjMU8pNo8Vq9qkLmnURxuz3I9T42heKf7mM2pLvR69wmEDNwr6LGEYQt1EW0oJzczDbEREzVBzBHthwOg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
X-Server-ID
shn08
Cache-Control
max-age=86400
Accept-Ranges
bytes
CF-RAY
752a2525ff389c0a-FRA
Expires
Fri, 30 Sep 2022 09:37:38 GMT
1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v28/ 		45 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://sh.st
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Mon, 26 Sep 2022 21:05:10 GMT
x-content-type-options
nosniff
age
285097
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46524
x-xss-protection
0
last-modified
Mon, 18 Jul 2022 19:58:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 26 Sep 2023 21:05:10 GMT
displayed
analytics.shorte.st/ 		0
0
displayed
analytics.shorte.st/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
http://analytics.shorte.st/displayed
Protocol
HTTP/1.1
Server
2606:4700:20::ac43:4a21 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Access-Control-Request-Headers
x-requested-with
Access-Control-Request-Method
POST
Origin
http://sh.st
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

CF-RAY
752a25265c8b9bfe-FRA
Cache-Control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 30 Sep 2022 04:16:47 GMT
Expires
Thu, 01 Jan 1970 00:00:01 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Referrer-Policy
same-origin
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=agunbTXhGgHfuaP1QlhNVxITNRL8Z%2FxlrHLVQZ24kIAkNzlI%2FwxJeO5%2F49sL02E1Rtz7dZSuWMIoQXMqVFQ7F4oj4JmPYnfDIZhCH55FIOuSUkVmotWtFjRPqJNY7hkpyZ8m%2BokSh6Xe1YP0gFrDsIU%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
js
www.googletagmanager.com/gtag/ 		116 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
848dcace6bbb6244369140d0efb6abef41bbfdeef7efd5fe4cd4b1e8eb475247
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 04:16:47 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46780
x-xss-protection
0
last-modified
Fri, 30 Sep 2022 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 30 Sep 2022 04:16:47 GMT
zone
ptauxofi.net/ 		733 B
1013 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=sh.st&var=&ymid=&var_3=
Requested by
Host: ptauxofi.net
URL: https://ptauxofi.net/pfe/current/tag.min.js?z=4157053
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
2d842985f379923391f0f6a0d8f01c684195ba25db083a11f1d2b0e5a380a227
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-trace-id
5b9877c598bd333b68e93edb1a189671
date
Fri, 30 Sep 2022 04:16:47 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
content-type
application/json; charset=utf-8
access-control-allow-origin
http://sh.st
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
733
universal.min.js
ptauxofi.net/pfe/current/ 		127 KB
46 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ptauxofi.net/pfe/current/universal.min.js?v=3.1.396
Requested by
Host: ptauxofi.net
URL: https://ptauxofi.net/pfe/current/tag.min.js?z=4157053
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
dbcf2d2489fe991f2567d769d6cbb194799facf40660cc3eac7e1624f3cf746c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 30 Sep 2022 04:16:47 GMT
content-encoding
gzip
last-modified
Tue, 27 Sep 2022 13:19:37 GMT
server
nginx
etag
W/"6332f869-1fafa"
content-type
application/javascript
access-control-allow-origin
http://sh.st
cache-control
no-cache
access-control-allow-credentials
true
conversion_async.js
www.googleadservices.com/pagead/ 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
f42283e0ca17a52688c5250e714ecd1b6a53af8b0f6e54ac64546499b0ec1b19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 04:16:47 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15192
x-xss-protection
0
server
cafe
etag
699633608045481581
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 30 Sep 2022 04:16:47 GMT
custom
ptauxofi.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ptauxofi.net/custom
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
http://sh.st
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
http://sh.st
access-control-max-age
86400
content-length
0
content-type
text/plain; charset=utf-8
date
Fri, 30 Sep 2022 04:16:47 GMT
server
nginx
custom
ptauxofi.net/ 		39 B
317 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ptauxofi.net/custom
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
http://sh.st/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
application/json

Response headers

x-trace-id
3c637fa95189a26ba2201d8c70ff1049
date
Fri, 30 Sep 2022 04:16:47 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
content-type
application/json; charset=utf-8
access-control-allow-origin
http://sh.st
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
39
gid.js
my.rtmark.net/ 		65 B
537 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=99ea7d74e083473495c47478873dfcda&zoneId=4157053&checkDuplicate=true&ymid=&var=
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
224967df78dcc2f41c17715d325d7fa840e77cde2cd5c25d1d8adf71dd2ad731
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 04:16:47 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
http://sh.st
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/?random=1664511407352&cv=9&fst=1664511407352&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9s0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fsh.st%2FWpovq&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=1412807423.1664511407&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7546ef4360ab31ac459deea64da0be2c8ca938a2b271886e081161cbbeb705e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 30 Sep 2022 04:16:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1067
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
defaultSkin.min.js
ptauxofi.net/pfe/current/ 		56 KB
19 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ptauxofi.net/pfe/current/defaultSkin.min.js
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
7b23e3a7155161323573e58616ff1bfdaffd0560483db31315d181f6b394ddd5

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 30 Sep 2022 04:16:47 GMT
content-encoding
gzip
last-modified
Tue, 27 Sep 2022 13:19:37 GMT
server
nginx
etag
W/"6332f869-df63"
content-type
application/javascript
access-control-allow-origin
http://sh.st
cache-control
no-cache
access-control-allow-credentials
true
/
www.google.com/pagead/1p-user-list/997869120/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/997869120/?random=1664511407352&cv=9&fst=1664510400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9s0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fsh.st%2FWpovq&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&async=1&fmt=3&is_vtc=1&random=2222323565&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 30 Sep 2022 04:16:47 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/997869120/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/997869120/?random=1664511407352&cv=9&fst=1664510400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9s0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fsh.st%2FWpovq&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&async=1&fmt=3&is_vtc=1&random=2222323565&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 30 Sep 2022 04:16:47 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
wnload
prhzxq.com/ 		0
128 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE2MTk5MSwid2lkIjozODAyMTUsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL3NoLnN0L1dwb3Zx
Requested by
Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2a02:b4a:1:7::9165:1 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 30 Sep 2022 04:16:49 GMT
access-control-allow-credentials
true
server
nginx/1.18.0
content-length
0
content-type
application/javascript; charset=utf-8
30114b24-dce0-4e5c-945e-120c264db55c
http://sh.st/ 		91 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:http://sh.st/30114b24-dce0-4e5c-945e-120c264db55c
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2d054b502d829accd15ff9cb78d1431df1c3ec2c67ca18d4008d2cbc973c6384

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/Wpovq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Length
91
Content-Type
application/javascript
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j97&a=354062637&t=pageview&_s=1&dl=http%3A%2F%2Fsh.st%2FWpovq&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAAABAAAAAC~&jid=620231920&gjid=369447400&cid=162173595.1664511407&uid=388082&tid=UA-42296749-1&_gid=171406313.1664511407&_r=1&_slc=1&cd2=2022-06-29.0&cd7=388082&cd5=0&z=760829050
Requested by
Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://sh.st/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 30 Sep 2022 04:16:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://sh.st
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame BED8 		255 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ad3995ed8857c7c6c71609fb70c4c77bc564d9279424bc5b9945134720730d24

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
custom
ptauxofi.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ptauxofi.net/custom
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
http://sh.st
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
http://sh.st
access-control-max-age
86400
content-length
0
content-type
text/plain; charset=utf-8
date
Fri, 30 Sep 2022 04:16:49 GMT
server
nginx
custom
ptauxofi.net/ 		39 B
317 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ptauxofi.net/custom
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
http://sh.st/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
application/json

Response headers

x-trace-id
4646203662a0e4d0be658b9126e3a2c1
date
Fri, 30 Sep 2022 04:16:49 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
content-type
application/json; charset=utf-8
access-control-allow-origin
http://sh.st
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
39
invisible.js
sh.st/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame B815 		39 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://sh.st/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1664510400
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
HTTP/1.1
Server
2606:4700:20::681a:6da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6a8845ccb6a33b7d2d0fa661311aabdc317dfe36f98f8205f80a90492618b0e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Fri, 30 Sep 2022 04:16:49 GMT
content-encoding
gzip
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
vary
accept-encoding
Content-Type
application/javascript; charset=UTF-8
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p3RcqavzMoGbOcRHQswVFl2azuqXmGibwAzP9MresTmdb4EbmB6bRJEw%2BqmAYqZhIOsbg12V%2B5fiJwibxIg%2B8omL9hqb2YxCK455vuc4M39AK4HY5Bj7Dmj7c3kLDfPlxkkt"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400, public
Connection
keep-alive
x-control-type-options
nosniff
CF-RAY
752a253738f091e4-FRA
nr-1216.min.js
js-agent.newrelic.com/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1216.min.js
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id
mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-encoding
gzip
via
1.1 varnish
date
Fri, 30 Sep 2022 04:16:49 GMT
x-amz-request-id
JX9BJ5A0T3RCWFDS
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
14391
x-amz-id-2
ckmsmDhUIvz1QbnxT2nu3XBCq1gIKwkgVKhIckRNmT43GYHAXnE3CtPYejwHTlBXhS5DcyT13/U=
x-served-by
cache-cdg20754-CDG
last-modified
Thu, 14 Apr 2022 16:45:57 GMT
server
AmazonS3
x-timer
S1664511410.854526,VS0,VE0
etag
"9f533d8cd24b2c5e3b4dc886ecbd43e8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
1807
afu.php
shorteh.com/ Frame AE3E
Redirect Chain
  • http://ads.shorte.st/ads.php?key=2ea5b261f06ca771033a5fa9e22493f1&width=1024&height=768&ch=388082&cp.dest_domain=userscloud.com&cp.oid=388082&cp.referrer=&cp.locked=0&cp.proxy=0&cp.quarantine_statu...
  • https://shorteh.com/afu.php?zoneid=1241630
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://shorteh.com/afu.php?zoneid=1241630
Requested by
Host: static.sh.st
URL: http://static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
http://sh.st/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
date
Fri, 30 Sep 2022 04:16:49 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=1
timing-allow-origin
* *
x-content-type-options
nosniff

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
752a25375c2d9006-FRA
Cache-Control
max-age=0, must-revalidate, no-store, private, s-maxage=0
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Fri, 30 Sep 2022 04:16:49 GMT
Location
https://shorteh.com/afu.php?zoneid=1241630
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wwuugw5ZAM%2BpbqOXIN%2F6z0ImCiTbaVnnVEZOf7VJXykRKblfv3p8wp7XzmCeFB4QcyFeAzEvCjUCzMQh3IpG7kpHuXfqTktjU0NqQivOM0yaOqHUupcGLxpnJZfCcrUjr5wh8FtmU%2FxNRR0%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
X-Powered-By
PHP/5.6.40-0+deb8u15
X-Server-ID
shn08
X-UA-Compatible
IE=Edge
custom
ptauxofi.net/ 		39 B
317 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ptauxofi.net/custom
Requested by
Host: sh.st
URL: http://sh.st/Wpovq
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
http://sh.st/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
application/json

Response headers

x-trace-id
40cd1bd48b34cebe1e3e4b19b50460c5
date
Fri, 30 Sep 2022 04:16:49 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
content-type
application/json; charset=utf-8
access-control-allow-origin
http://sh.st
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
39
custom
ptauxofi.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ptauxofi.net/custom
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
http://sh.st
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
http://sh.st
access-control-max-age
86400
content-length
0
content-type
text/plain; charset=utf-8
date
Fri, 30 Sep 2022 04:16:49 GMT
server
nginx
pica.js
sh.st/cdn-cgi/challenge-platform/h/b/scripts/ Frame B815 		20 KB
9 KB 		Other
General
Check archive.org
Download Go to
Full URL
http://sh.st/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol
HTTP/1.1
Server
2606:4700:20::681a:6da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae844d3885c03d6eadb60abe338e74032b832f059d9808b4037e35a2b5dc7707

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Fri, 30 Sep 2022 04:16:49 GMT
content-encoding
gzip
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
vary
accept-encoding
Content-Type
application/javascript; charset=UTF-8
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wf0ygQYX9mzK3wiwTR0iJ56lbioMwtkuajcEuIvadXKKdlIfnxP%2BClUEAIxLfcqW9kQM9nNtAkrPiXUCH1%2FBSq8ZQIrP3ycLT0aC8QA7kFkHvUWY50UzDcW%2FBojwCzqoGffp"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400, public
Connection
keep-alive
x-control-type-options
nosniff
CF-RAY
752a2537693191e4-FRA
28e0508023
bam.nr-data.net/1/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/28e0508023?a=9451001&v=1216.487a282&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=3189&ck=1&ref=http://sh.st/Wpovq&ap=109&be=196&fe=3094&dc=3074&perf=%7B%22timing%22:%7B%22of%22:1664511406683,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:1,%22c%22:1,%22ce%22:16,%22rq%22:16,%22rp%22:176,%22rpe%22:188,%22dl%22:178,%22di%22:3074,%22ds%22:3074,%22de%22:3093,%22dc%22:3093,%22l%22:3093,%22le%22:3098%7D,%22navigation%22:%7B%7D%7D&fp=329&fcp=329&at=GBNTEw1LGR8%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1216.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sh.st/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Fri, 30 Sep 2022 04:16:50 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
752a25383d5499d4-CDG
Content-Length
2
Vary
Accept-Encoding
Content-Type
text/plain;charset=UTF-8
752a2523ff2e918f
sh.st/cdn-cgi/challenge-platform/h/b/cv/result/ Frame B815 		2 B
879 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://sh.st/cdn-cgi/challenge-platform/h/b/cv/result/752a2523ff2e918f
Requested by
Host: sh.st
URL: http://sh.st/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1664510400
Protocol
HTTP/1.1
Server
2606:4700:20::681a:6da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
application/json

Response headers

Date
Fri, 30 Sep 2022 04:16:50 GMT
Content-Encoding
gzip
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oiLyHFcO9Wq580TmeqfB0ve1iZxxEKhI5RTHfe%2Fw9lnzV9b7yB9ZRak2pBCBWn3n8MC314deQ1O8VAwZanL5hWOdYpcUOA7snB5uoPUILnE%2F6LgXRdCFuNBZnHfeTd5lSy0o"}],"group":"cf-nel","max_age":604800}
Content-Type
text/plain; charset=UTF-8
Connection
keep-alive
CF-RAY
752a25395bda91e4-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
analytics.shorte.st
URL
http://analytics.shorte.st/displayed

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation object| NREUM object| newrelic function| __nr_require string| GoogleAnalyticsObject function| ga object| dataLayer function| gtag object| app object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| bindInfoButtons function| showClickedInfo object| bean function| domready function| reqwest function| Fingerprint2 object| fuckAdBlock object| google_tag_manager object| zfgformats object| sdk boolean| installOnFly boolean| zfgloadedpush boolean| zfgloadedpushopt boolean| zfgloadedpushcode function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| onClickExcludes

8 Cookies

Domain/Path Name / Value
sh.st/ Name: hl
Value: en
sh.st/ Name: cookies-enable
Value: 1
.sh.st/ Name: _ga
Value: GA1.2.162173595.1664511407
.sh.st/ Name: _gid
Value: GA1.2.171406313.1664511407
.sh.st/ Name: _gcl_au
Value: 1.1.1412807423.1664511407
my.rtmark.net/ Name: ID
Value: 99ea7d74e083473495c47478873dfcda
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.sh.st/ Name: _gat
Value: 1

4 Console Messages

Source Level URL
Text
javascript error URL: http://sh.st/Wpovq
Message:
Access to XMLHttpRequest at 'http://analytics.shorte.st/displayed' from origin 'http://sh.st' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: http://analytics.shorte.st/displayed
Message:
Failed to load resource: net::ERR_FAILED
network error URL: http://endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
network error URL: https://bam.nr-data.net/1/28e0508023?a=9451001&v=1216.487a282&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=3189&ck=1&ref=http://sh.st/Wpovq&ap=109&be=196&fe=3094&dc=3074&perf=%7B%22timing%22:%7B%22of%22:1664511406683,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:1,%22c%22:1,%22ce%22:16,%22rq%22:16,%22rp%22:176,%22rpe%22:188,%22dl%22:178,%22di%22:3074,%22ds%22:3074,%22de%22:3093,%22dc%22:3093,%22l%22:3093,%22le%22:3098%7D,%22navigation%22:%7B%7D%7D&fp=329&fcp=329&at=GBNTEw1LGR8%3D&jsonp=NREUM.setToken
Message:
Failed to load resource: the server responded with a status of 402 (Payment Required)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.shorte.st
analytics.shorte.st
bam.nr-data.net
blastsbigener.com
endangersquarereducing.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
js-agent.newrelic.com
my.rtmark.net
prhzxq.com
ptauxofi.net
sh.st
shorteh.com
static.sh.st
ubbfpm.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
analytics.shorte.st
139.45.195.8
139.45.197.238
139.45.197.250
142.250.185.66
151.101.130.137
162.247.241.14
192.243.61.225
23.109.248.134
2606:4700:20::681a:56b
2606:4700:20::681a:6da
2606:4700:20::ac43:44fa
2606:4700:20::ac43:4a21
2a00:1450:4001:80e::2002
2a00:1450:400d:804::2003
2a00:1450:400d:807::200e
2a00:1450:400d:80a::2004
2a00:1450:400d:80a::200a
2a00:1450:400d:80d::2003
2a00:1450:400d:80e::2008
2a02:b4a:1:7::9165:1
95.216.206.230
04323c877b1fbf191724b2ec36468bc1a11a35d70b68cd69fd055b2379709d8b
224967df78dcc2f41c17715d325d7fa840e77cde2cd5c25d1d8adf71dd2ad731
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2c1559da16a1c17633887a66ea3e2ea6d8ebf00ad759c87a60d95fb44295a099
2d054b502d829accd15ff9cb78d1431df1c3ec2c67ca18d4008d2cbc973c6384
2d842985f379923391f0f6a0d8f01c684195ba25db083a11f1d2b0e5a380a227
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708
7546ef4360ab31ac459deea64da0be2c8ca938a2b271886e081161cbbeb705e8
7b23e3a7155161323573e58616ff1bfdaffd0560483db31315d181f6b394ddd5
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d
848dcace6bbb6244369140d0efb6abef41bbfdeef7efd5fe4cd4b1e8eb475247
88bb3be0111402f5ca81aaa36cbf7c4a2755099c5d0446831331e1d1d8e7a1ef
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a87915cdd25eaa3eb27ba29856a4da3463870c4132bc083d99de68e5808156e5
ad3995ed8857c7c6c71609fb70c4c77bc564d9279424bc5b9945134720730d24
ae844d3885c03d6eadb60abe338e74032b832f059d9808b4037e35a2b5dc7707
c639475111ae9c7a6c89e022ab7a77eb6e9d82145e845dfba037b53650297288
c8a0fb0320831047a2276f2759bd6650de39079719e9f0486329532239236d3a
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d6a8845ccb6a33b7d2d0fa661311aabdc317dfe36f98f8205f80a90492618b0e
dbcf2d2489fe991f2567d769d6cbb194799facf40660cc3eac7e1624f3cf746c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f42283e0ca17a52688c5250e714ecd1b6a53af8b0f6e54ac64546499b0ec1b19
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881