URL: http://gestyy.com/wNTge7
Submission: On November 27 via manual from LU — Scanned from DE

Summary

This website contacted 29 IPs in 5 countries across 28 domains to perform 71 HTTP transactions. The main IP is 2606:4700:20::681a:89b, located in United States and belongs to CLOUDFLARENET, US. The main domain is gestyy.com.
This is the only time gestyy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700:20:... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
4 2600:9000:218... 16509 (AMAZON-02)
10 139.45.197.250 9002 (RETN-AS)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
4 18.66.139.109 16509 (AMAZON-02)
5 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a03:2880:f11... 32934 (FACEBOOK)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a02:b4a:1:7:... 39572 (ADVANCEDH...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
3 139.45.195.8 9002 (RETN-AS)
2 213.174.135.32 39572 (ADVANCEDH...)
1 151.101.66.137 54113 (FASTLY)
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 139.45.197.238 9002 (RETN-AS)
1 162.247.243.147 13335 (CLOUDFLAR...)
5 139.45.197.158 9002 (RETN-AS)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
3 139.45.197.240 9002 (RETN-AS)
1 4 2a02:6b8::1:119 208722 (YNDX)
2 139.45.197.251 9002 (RETN-AS)
1 139.45.197.239 9002 (RETN-AS)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
71 29
Domain Requested by
10 ptauxofi.net gestyy.com
ptauxofi.net
5 totalnicefeed.com shorteh.com
totalnicefeed.com
5 uleqasfor.one gestyy.com
d301cxwfymy227.cloudfront.net
4 alukizeia.one d301cxwfymy227.cloudfront.net
4 d301cxwfymy227.cloudfront.net gestyy.com
alukizeia.one
4 gestyy.com gestyy.com
3 mc.yandex.com 1 redirects totalnicefeed.com
3 propeller-tracking.com totalnicefeed.com
propeller-tracking.com
3 my.rtmark.net gestyy.com
shorteh.com
incorphishor.com
3 static.sh.st gestyy.com
2 www.google.com 1 redirects incorphishor.com
2 yonhelioliskor.com totalnicefeed.com
yonhelioliskor.com
2 i.wmgtr.com gestyy.com
2 yfetyg.com yqmxfz.com
2 accounts.google.com gestyy.com
2 www.google-analytics.com gestyy.com
www.google-analytics.com
1 google.com 1 redirects
1 incorphishor.com totalnicefeed.com
1 mc.yandex.ru totalnicefeed.com
1 littlecdn.com totalnicefeed.com
1 bam-cell.nr-data.net js-agent.newrelic.com
1 shorteh.com static.sh.st
1 ads.shorte.st 1 redirects
1 js-agent.newrelic.com gestyy.com
1 freychang.fun d301cxwfymy227.cloudfront.net
1 www.facebook.com gestyy.com
1 analytics.shorte.st static.sh.st
1 fonts.gstatic.com fonts.googleapis.com
1 www.googletagmanager.com gestyy.com
1 yqmxfz.com gestyy.com
1 fonts.googleapis.com gestyy.com
71 31

This site contains links to these domains. Also see Links.

Domain
shorte.st
Subject Issuer Validity Valid
upload.video.google.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
ptauxofi.net
R3
2021-11-26 -
2022-02-24
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-06-03 -
2022-06-02
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
*.cloudfront.net
Amazon
2021-03-19 -
2022-03-17
a year crt.sh
alukizeia.one
Amazon
2021-11-18 -
2022-12-17
a year crt.sh
*.uleqasfor.one
R3
2021-11-24 -
2022-02-22
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2021-09-06 -
2021-12-05
3 months crt.sh
accounts.google.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
yfetyg.com
R3
2021-10-19 -
2022-01-17
3 months crt.sh
*.rtmark.net
Sectigo RSA Domain Validation Secure Server CA
2021-11-20 -
2022-11-26
a year crt.sh
i.wmgtr.com
R3
2021-10-29 -
2022-01-27
3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA H2 2021
2021-10-06 -
2022-11-07
a year crt.sh
shorteh.com
R3
2021-11-03 -
2022-02-01
3 months crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA
2020-02-05 -
2022-02-08
2 years crt.sh
totalnicefeed.com
R3
2021-11-07 -
2022-02-05
3 months crt.sh
propeller-tracking.com
Sectigo RSA Domain Validation Secure Server CA
2021-10-22 -
2022-11-06
a year crt.sh
mc.yandex.ru
Yandex CA
2021-07-28 -
2022-01-07
5 months crt.sh
yonhelioliskor.com
R3
2021-09-13 -
2021-12-12
3 months crt.sh
incorphishor.com
R3
2021-11-19 -
2022-02-17
3 months crt.sh
www.google.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh

This page contains 8 frames:

Primary Page: http://gestyy.com/wNTge7
Frame ID: 23E99F5BB508B498710E2CA7A10385AA
Requests: 40 HTTP requests in this frame

Frame: http://alukizeia.one/Q2NhdDUiAQIZCiJeA1JAMQ9cUQcFRlMyUXBTUBdNNAUYGUxxUVZaVi8MFBBTMQwPABstBhVRBwU1A0YAOjENPXgCMRYTVxEQKTJbNxE5IkEGBVMufwEiJARlAVo1PVIkNjkNBXorGSFUDDIjDXgQIiUicQoMIkV7ADolQHoCITdDUQIMIDFtNwkyJQ0UKSZNVxAiOEZlEjE1M08SVyklUiEqMi15ByUwDnhyKiU8YTRUIAN8FzpTNUUUUhlGUXJSBCNfBlQgJVonLjIyfhsmKBt/KBMCJVsnCjAiABsHMzZ+GyYoDHo0JTgmWA0LLSFBAgcIBG8UD0wAXxolWSR0KTpERncACwosfwcIJjNZJ1MnMkUnMTYcXRQ2FTVRLQwkNlIaETEfRSAuNjpSGxQoFnkXByoscAoLLwNCBSs2TQYbNVUmeSoiIDVNJwk4N1kbMSYcXBI1ETFWBDkjI14nCTgyDScmGDVPCzIFLFEBMQAsYBUMOCJZCiFSBxMpEA4aRX4zLzIFACw4M0AUEVUXei4
Frame ID: A0C1AB0533605B18BE0225CD993A836E
Requests: 2 HTTP requests in this frame

Frame: http://alukizeia.one/Q3NtWEEiEQ41fiJOD340MR9QfXMFVl8eJXBDXDs5NBUUNThxQVp2Ii8cGDwnMRwDLG8tFhl9cwU4Nw8bCik4CQYAIDQcJDs2PRQHK0o7NAt0JgMeBQc3HhMKKyUPHxB3ICYbC2ZBKxATAjQgMXUTKgUdIg81BWgQNBwdGzgNKjwbcQ85XDAZIRQ8PwNyB1UJOwIlLgsPGj8/OwwMFCAsACs6HhpzCiIvaxQKOBVgEQkyBjQQBSIiDQYzJTxrMRURLxERCRQoKgQrJRkOchI/KDVwGxcrChYZHzswFyohGQ5yEiApIRsXECgaFwAYL2oXEUZIagMWJFwZFwteCh0PASYmFBMKGy8vcSs2Oh4ZCjtcDyJzBzs+KgFBOw11KTc5GQgAHlwAA3MxOD0AKAcpPw83JV4JAgIKHhcKcwspPS0WHSkKEC0wLh4AFTJYOyIoBzoCLQUKOGkLLiY1HgAVOwoPCxI+JRcmOxs7IQN6JQMWDRUrWBwMFRRLMjIsHR1lECglIBx2OycODCcp
Frame ID: 156FE50704629B3CC6D0E4793106DE8A
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 476C059F5DFC04049F4F081BFECFB197
Requests: 1 HTTP requests in this frame

Frame: https://i.wmgtr.com/cim/o9ch-4FU-rFd2TqpX7TZRJc6ecubH9wI.png
Frame ID: 4FF236B3AC0A0EE2E64F68AD2B853B7E
Requests: 1 HTTP requests in this frame

Frame: https://i.wmgtr.com/cic/WmLhyMWmEVIvVDt5bOaF9Y12PT4zj7WY.png
Frame ID: 99C7362EDB0FA320FFEB1D3936E7B302
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/?gws_rd=ssl
Frame ID: EFF0DD42E7C4F51CEA46DF331B5406EF
Requests: 18 HTTP requests in this frame

Frame: https://totalnicefeed.com/templates/_assets/push-skin/skin.html
Frame ID: 26240585237C46A563454D5499F033A9
Requests: 3 HTTP requests in this frame

Screenshot

Page Title

Earn money on short links. Make short links and earn the biggest money - shorte.stsawssad-ninja-vector-full-export-v2

Page Statistics

71
Requests

70 %
HTTPS

63 %
IPv6

28
Domains

31
Subdomains

29
IPs

5
Countries

710 kB
Transfer

1560 kB
Size

20
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • http://www.google-analytics.com/analytics.js HTTP 307
  • https://www.google-analytics.com/analytics.js
Request Chain 45
  • http://ads.shorte.st/ads.php?key=2ea5b261f06ca771033a5fa9e22493f1&width=1024&height=768&ch=1519037&cp.dest_domain=sex-cam.live&cp.oid=1519037&cp.referrer=&cp.locked=0&cp.proxy=0&cp.quarantine_status=1&cp.vno=1&cp.enc_url=Z6zO1cYk6ZAlmX4zFSi9Yp+PG37JWgJ3z0YDWvJcdysQZkZFu6xWbJiRTWIAEhHneerzTLO7ZjVuAk/9X2kGBQ==&cp.asid=e7b0f106bc8deab4a3a686a36ca0300b94640569&title=&description=&keywords=&captcha_verified=0 HTTP 302
  • https://shorteh.com/afu.php?zoneid=1241630
Request Chain 65
  • https://mc.yandex.com/watch/67238875?wmode=7&page-url=https%3A%2F%2Ftotalnicefeed.com%2F%3Fs%3D488516470045954908%26ssk%3Da39af0eed154fc77e4a886b2e6fd31fe%26svar%3D1638034921%26z%3D1241630%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg3ayomqwinwev%3Afp%3A172%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A700%3Acn%3A1%3Adp%3A0%3Als%3A276818377396%3Ahid%3A991194624%3Az%3A0%3Ai%3A20211127174202%3Aet%3A1638034922%3Ac%3A1%3Arn%3A654141870%3Arqn%3A1%3Au%3A1638034922779076199%3Aw%3A1600x1107%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Acpf%3A1%3Ans%3A1638034921674%3Ads%3A6%2C37%2C101%2C1%2C0%2C0%2C%2C21%2C0%2C%2C%2C%2C169%3Adsn%3A6%2C38%2C101%2C1%2C0%2C0%2C%2C22%2C1%2C%2C%2C%2C169%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1638034922%3At%3AZulassen%20dr%C3%BCcken&t=gdpr(14)ti(2) HTTP 302
  • https://mc.yandex.com/watch/67238875/1?wmode=7&page-url=https%3A%2F%2Ftotalnicefeed.com%2F%3Fs%3D488516470045954908%26ssk%3Da39af0eed154fc77e4a886b2e6fd31fe%26svar%3D1638034921%26z%3D1241630%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg3ayomqwinwev%3Afp%3A172%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A700%3Acn%3A1%3Adp%3A0%3Als%3A276818377396%3Ahid%3A991194624%3Az%3A0%3Ai%3A20211127174202%3Aet%3A1638034922%3Ac%3A1%3Arn%3A654141870%3Arqn%3A1%3Au%3A1638034922779076199%3Aw%3A1600x1107%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Acpf%3A1%3Ans%3A1638034921674%3Ads%3A6%2C37%2C101%2C1%2C0%2C0%2C%2C21%2C0%2C%2C%2C%2C169%3Adsn%3A6%2C38%2C101%2C1%2C0%2C0%2C%2C22%2C1%2C%2C%2C%2C169%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1638034922%3At%3AZulassen%20dr%C3%BCcken&t=gdpr%2814%29ti%282%29
Request Chain 70
  • http://google.com/ HTTP 301
  • http://www.google.com/ HTTP 302
  • https://www.google.com/?gws_rd=ssl

71 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request wNTge7
gestyy.com/
120 KB
52 KB
Document
General
Full URL
http://gestyy.com/wNTge7
Protocol
HTTP/1.1
Server
2606:4700:20::681a:89b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.6.40-0+deb8u13
Resource Hash
0d934fe53438ff6cd64166ef9c285381dbcda527eccfa1fdbd391d1ceffdd91e
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Sat, 27 Nov 2021 17:42:00 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Powered-By
PHP/5.6.40-0+deb8u13
Cache-Control
no-cache
X-Frame-Options
DENY
X-Server-ID
shn13
X-UA-Compatible
IE=Edge
Access-Control-Allow-Origin
*
CF-Cache-Status
DYNAMIC
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A%2Bw8T%2BEvjDINIlC681xxwGvQybJNC6PPQVEIuMimX6b3igSb9XNnxMc4el9vh6GgglBOE2fgsipFatnO7pHs4MgxB6R%2FBbqO%2FcXFg9%2FZxOvY8C3FA1Mg9g50341gGoNMwkaKLtji%2FNw%3D"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
6b4d268d7e5a42cf-FRA
Content-Encoding
gzip
css
fonts.googleapis.com/
3 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Raleway:400,700
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
87eb4c9fa2bd3a95f29b584d8c1154e5d2c137ccbbc8572dedc6218beefa656f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 27 Nov 2021 16:34:01 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 27 Nov 2021 17:42:00 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 27 Nov 2021 17:42:00 GMT
tracking.gif
gestyy.com/bundles/advertisement/img/
0
753 B
Image
General
Full URL
http://gestyy.com/bundles/advertisement/img/tracking.gif?test=e7b0f106bc8deab4a3a686a36ca0300b94640569
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
HTTP/1.1
Server
2606:4700:20::681a:89b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/wNTge7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 17:42:00 GMT
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
Content-Length
0
X-UA-Compatible
IE=Edge
Last-Modified
Tue, 02 Nov 2021 10:46:11 GMT
Server
cloudflare
ETag
"618116f3-0"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PWarBacEymBizsRPjElE2UXfYVP3R8r3e1Jp%2FuvfhX6r7T01IkBP4yNH3lUi6Gw7g1NLk7Okka%2FK8vGTSSn2gYclWInJWSgTdcmf2TazuYVaGxdHz7AL4Yp%2BIwxzrgEE%2F%2FrSX2bE2pQ%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/gif
Access-Control-Allow-Origin
*
X-Server-ID
shn06
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
6b4d268e898942cf-FRA
advertisement-tracking-1519037.gif
gestyy.com/bundles/smeweb/img/
43 B
771 B
Image
General
Full URL
http://gestyy.com/bundles/smeweb/img/advertisement-tracking-1519037.gif?t=1638034920
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
HTTP/1.1
Server
2606:4700:20::681a:89b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/wNTge7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 17:42:00 GMT
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
Content-Length
43
X-UA-Compatible
IE=Edge
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R8i4jWCTDmOgyxxx1O4PjGug9RYmY%2Fb89nEEdm6MYtlNGPoOZ9PtuFMARLjKE3HFM1VTZ%2F3zrrGcALAQDKPR2pymPi4v0ZthKlbtmhWzE1cjCkH9eocEyigrToIynZc6JoT3OFJaOzQ%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/gif
Access-Control-Allow-Origin
*
X-Server-ID
shn11
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
6b4d268f5bce42cf-FRA
tracking-1519037.gif
gestyy.com/bundles/smeweb/img/
43 B
777 B
Image
General
Full URL
http://gestyy.com/bundles/smeweb/img/tracking-1519037.gif?t=1638034920
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
HTTP/1.1
Server
2606:4700:20::681a:89b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/wNTge7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 17:42:00 GMT
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
Content-Length
43
X-UA-Compatible
IE=Edge
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b0N%2Bv1%2FaUpuE%2BzFmAUPMLgUIHDLLOZgcinnUa2A%2BhXsMzob5JWtI33lTf0509m1r7DasmhChpv8vv1D%2FPSbDq7WMLTjvBUlbDKAeOmcCNskCP66kz8BzbLgMO6ySNcgbrOpLKGwRMeQ%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/gif
Access-Control-Allow-Origin
*
X-Server-ID
shn13
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
6b4d268f68a3433f-FRA
logo1707.png
static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/
6 KB
7 KB
Image
General
Full URL
http://static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2021-11-02.0
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
HTTP/1.1
Server
2606:4700:20::681a:6da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 17:42:00 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
23387
Connection
keep-alive
Content-Length
6226
X-UA-Compatible
IE=Edge
Last-Modified
Fri, 17 Jul 2015 13:29:04 GMT
Server
cloudflare
ETag
"55a90320-1852"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eYI2sPZoLW5Yx8907xCm3gqWy%2B7lXMRNeqFwd9%2BtvUAUfXewbEOpa99ABRyLcHQyk2lLg3wymQ5n%2FX0QEi7AXDwRuh4JDkBryfL8f6QsTzsdajSTDvHEzCbOlQLzoMnNlAPDECvdXnNdnw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
X-Server-ID
shn11
Cache-Control
max-age=86400
Accept-Ranges
bytes
CF-RAY
6b4d268f6fb64e8c-FRA
Expires
Sun, 28 Nov 2021 11:12:13 GMT
analytics.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
2453
date
Sat, 27 Nov 2021 17:01:07 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sat, 27 Nov 2021 19:01:07 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
interstitial-page.js
static.sh.st/js/packed/
79 KB
25 KB
Script
General
Full URL
http://static.sh.st/js/packed/interstitial-page.js?2021-11-02.0
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
HTTP/1.1
Server
2606:4700:20::681a:6da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39c54f0919d2baea1c89172b3f0bbe2706744643826f319e933b9eb0223e78ac

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 17:42:00 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
23389
Cf-Polished
origSize=101982
Transfer-Encoding
chunked
Connection
keep-alive
X-UA-Compatible
IE=Edge
Expires
Sun, 28 Nov 2021 11:12:11 GMT
Last-Modified
Tue, 02 Nov 2021 10:47:13 GMT
Server
cloudflare
ETag
W/"61811731-18e5e"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yUk6P7Wtl6oEkfmUWWmHveqUkHeE%2Bvv5gZ0nCFr5XFDRneP6PfIC1g3gv3opTPOobWnGfpN6MbnvoiaRdqQ2Gw6kNxPqDbSZ2L8b4nj7r5Rh0pw9btmMzNJVCNSfGE%2FrPNq2nAfg9s1nEg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
X-Server-ID
shn05
Cache-Control
max-age=86400
CF-RAY
6b4d268eff134e8c-FRA
Cf-Bgj
minify
/
d301cxwfymy227.cloudfront.net/
304 KB
97 KB
Script
General
Full URL
http://d301cxwfymy227.cloudfront.net/?fwxcd=925694
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
HTTP/1.1
Server
2600:9000:2182:6a00:12:fc33:3bc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
afbea7ba272a69f065b1e9737aaea43b6733e96396ed33dd05851dd80481e833

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 17:28:14 GMT
Content-Encoding
gzip
Connection
keep-alive
Age
826
X-Cache
Hit from cloudfront
access-control-allow-origin
*
Cache-Control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
X-Amz-Cf-Pop
DUS51-C1
Content-Length
99025
Via
1.1 f12c01365a7e1bcbb4b6d5b856516527.cloudfront.net (CloudFront)
X-Amz-Cf-Id
ihSBBP-k_ckaAf6mS7eAuncVS69VwXmLszxqrpX-ASLC2MlAjKE0ew==
tag.min.js
ptauxofi.net/pfe/current/
15 KB
6 KB
Script
General
Full URL
https://ptauxofi.net/pfe/current/tag.min.js?z=4157053
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
57a9c6cd97e6b79a42cbcf962f90500d2a0e1ea9c1a56845ee402964b2af5e6d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 17:42:00 GMT
content-encoding
gzip
last-modified
Fri, 19 Nov 2021 12:53:28 GMT
server
nginx
etag
W/"61979e48-3c1d"
content-type
application/javascript
cache-control
no-cache
access-control-allow-credentials
true
waWQiOjExMDIzNjAsInNpZCI6MTExODczMCwid2lkIjoyNzg5ODIsInNyYyI6Mn0=eyJ.js
yqmxfz.com/pw/
119 KB
46 KB
Script
General
Full URL
https://yqmxfz.com/pw/waWQiOjExMDIzNjAsInNpZCI6MTExODczMCwid2lkIjoyNzg5ODIsInNyYyI6Mn0=eyJ.js
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:155b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d510a99d491a4676c7500b5ef1a149e3eb6a60b40e4c1eb8401675cd6daa5fe0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 17:42:00 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
e-tag
67d21c93d0a2a6f2db648e1875ff6be2
age
5104
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Sat, 27 Nov 2021 16:16:56 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ji93%2FNHujBRe1zSIiFkClJZHdbhpnYaP4jom2zqAAxa9u4a4f7nwNyJNTl3IZqaNsKXK0mZa%2Bm09a7VU209jtmkMMXbmYNiq84CZEKqtuebrBhWpk3nQWu3oj%2F4qeTTDUvXvRvpoDRaN"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://gestyy.com
cache-control
max-age=14400
cf-ray
6b4d268fae7f4315-FRA
gtm.js
www.googletagmanager.com/
74 KB
30 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e2ccbcb29247da3e0437c1d336dfeb167d9548b28a76b7a53f19f61ca80540bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 17:42:00 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29866
x-xss-protection
0
last-modified
Sat, 27 Nov 2021 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 27 Nov 2021 17:42:00 GMT
widget-sprite.png
static.sh.st/bundles/smeweb/img/
83 KB
83 KB
Image
General
Full URL
http://static.sh.st/bundles/smeweb/img/widget-sprite.png?2021-11-02.0
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
HTTP/1.1
Server
2606:4700:20::681a:6da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 17:42:00 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
23370
Connection
keep-alive
Content-Length
84545
X-UA-Compatible
IE=Edge
Last-Modified
Tue, 02 Nov 2021 10:46:11 GMT
Server
cloudflare
ETag
"618116f3-14a41"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D5hCNJQ8w9LzjI41nYYdmO3zo0m5Whu8gp6NxJXTIAqBMTGrFknpd8tAQkxDyJXjm2m272HS875TJmP%2BCGcYk3RuEoWGp9Ti0nwclOX1WfOO0scjnI9dwQ8ei7HRt5nVZkzdCF3%2BVT9%2BOg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
X-Server-ID
shn13
Cache-Control
max-age=86400
Accept-Ranges
bytes
CF-RAY
6b4d268f78d25364-FRA
Expires
Sun, 28 Nov 2021 11:12:30 GMT
1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v22/
46 KB
47 KB
Font
General
Full URL
https://fonts.gstatic.com/s/raleway/v22/1Ptug8zYS_SKggPNyC0ITw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2101735d43a8d486dbc5139500a78420766cc673a3610363ce9525526c3f5149
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://gestyy.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 17:19:18 GMT
x-content-type-options
nosniff
age
346962
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47312
x-xss-protection
0
last-modified
Tue, 29 Jun 2021 19:40:30 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 23 Nov 2022 17:19:18 GMT
displayed
analytics.shorte.st/ Frame
0
0
Preflight
General
Full URL
http://analytics.shorte.st/displayed
Protocol
HTTP/1.1
Server
2606:4700:20::681a:56b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-requested-with
Origin
http://gestyy.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Date
Sat, 27 Nov 2021 17:42:00 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Frame-Options
SAMEORIGIN
Referrer-Policy
same-origin
Cache-Control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FJy7v7IXkU8P8Pfxit2189OUlUTWC9Qn%2BX5hqEE3vop6OVzmd7C6xMwmtAS6osOwgEzdNNkRxMD%2FnusFZzkGFYsVVHwH%2F%2F1eInL6L6eOhXfYjy1cHiTVrrarmsAZMmgrd0WS%2FrIe47HWUPeQBo3pU18%3D"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
6b4d268f9ea10746-FRA
Content-Encoding
gzip
displayed
analytics.shorte.st/
0
0

/
d301cxwfymy227.cloudfront.net/
47 B
452 B
Fetch
General
Full URL
https://d301cxwfymy227.cloudfront.net/
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:6a00:12:fc33:3bc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
0f13250dac3eba96683a13d9c0c14c812448cc2f499a6ad6637a17adf094884d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 17:28:14 GMT
content-encoding
gzip
age
826
x-cache
Hit from cloudfront
access-control-allow-origin
http://gestyy.com
cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
access-control-allow-credentials
true
x-amz-cf-pop
DUS51-C1
content-length
73
via
1.1 3b811cf25a4fdc818f7cfcb16b38d622.cloudfront.net (CloudFront)
x-amz-cf-id
uDampTWiomwU1eeEXB8Wi--SuoolGRy5h4koSY6IwmYXpeBIPyImAA==
utx
alukizeia.one/
0
410 B
XHR
General
Full URL
https://alukizeia.one/utx?cb=ONvJmONahZvl&top=gestyy.com&tid=925694
Requested by
Host: d301cxwfymy227.cloudfront.net
URL: http://d301cxwfymy227.cloudfront.net/?fwxcd=925694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 17:42:00 GMT
via
1.1 a3c1615d6bdfc01a05a0b3a742d10d39.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
http://gestyy.com
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
x-amz-cf-id
GsG3AzfYL9R4E3w-_YQaoSMaKT8drC3CFbRo_kKaLGj2IFDLhg6sYQ==
KBMCJVsnCjAiABsHMzZ+GyYoDHo0JTgmWA0LLSFBAgcIBG8UD0wAXxolWSR0KTpERncACwosfwcIJjNZJ1MnMkUnMTYcXRQ2FTVRLQwkNlIaETEfRSAuNjpSGxQoFnkXByoscAoLLwNCBSs2TQYbNVUmeSoiIDVNJwk4N1kbMSYcXBI1ETFWBDkjI14nCTgyDScmG...
alukizeia.one/Q2NhdDUiAQIZCiJeA1JAMQ9cUQcFRlMyUXBTUBdNNAUYGUxxUVZaVi8MFBBTMQwPABstBhVRBwU1A0YAOjENPXgCMRYTVxEQKTJbNxE5IkEGBVMufwEiJARlAVo1PVIkNjkNBXorGSFUDDIjDXgQIiUicQoMIkV7ADolQHoCITdDUQIMIDFtNwk... Frame A0C1
3 KB
2 KB
Document
General
Full URL
http://alukizeia.one/Q2NhdDUiAQIZCiJeA1JAMQ9cUQcFRlMyUXBTUBdNNAUYGUxxUVZaVi8MFBBTMQwPABstBhVRBwU1A0YAOjENPXgCMRYTVxEQKTJbNxE5IkEGBVMufwEiJARlAVo1PVIkNjkNBXorGSFUDDIjDXgQIiUicQoMIkV7ADolQHoCITdDUQIMIDFtNwkyJQ0UKSZNVxAiOEZlEjE1M08SVyklUiEqMi15ByUwDnhyKiU8YTRUIAN8FzpTNUUUUhlGUXJSBCNfBlQgJVonLjIyfhsmKBt/KBMCJVsnCjAiABsHMzZ+GyYoDHo0JTgmWA0LLSFBAgcIBG8UD0wAXxolWSR0KTpERncACwosfwcIJjNZJ1MnMkUnMTYcXRQ2FTVRLQwkNlIaETEfRSAuNjpSGxQoFnkXByoscAoLLwNCBSs2TQYbNVUmeSoiIDVNJwk4N1kbMSYcXBI1ETFWBDkjI14nCTgyDScmGDVPCzIFLFEBMQAsYBUMOCJZCiFSBxMpEA4aRX4zLzIFACw4M0AUEVUXei4
Requested by
Host: d301cxwfymy227.cloudfront.net
URL: http://d301cxwfymy227.cloudfront.net/?fwxcd=925694
Protocol
HTTP/1.1
Server
18.66.139.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.17.8.2 /
Resource Hash
4f817a67ff0f7cfc44f8cb779fd96df66cd7374404f25c1ec3d63aacd9ed4751

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/

Response headers

Content-Type
text/html
Content-Length
1238
Connection
keep-alive
Date
Sat, 27 Nov 2021 17:42:00 GMT
Server
openresty/1.17.8.2
cache-control
no-store, no-cache, must-revalidate, no-transform
Pragma
no-cache
P3P
CP="NID DSP ALL COR"
content-encoding
gzip
X-Cache
Miss from cloudfront
Via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Cf-Id
4YqWa8fe7nyx9Ykq7xi0Gp3uvIi_spBgncP8HgAPwLsZ2SOIemnqTA==
utx
alukizeia.one/
0
411 B
XHR
General
Full URL
https://alukizeia.one/utx?cb=vfDICtJv3VFj&top=gestyy.com&tid=934375
Requested by
Host: d301cxwfymy227.cloudfront.net
URL: http://d301cxwfymy227.cloudfront.net/?fwxcd=925694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 17:42:00 GMT
via
1.1 a3c1615d6bdfc01a05a0b3a742d10d39.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
http://gestyy.com
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
x-amz-cf-id
OmRMVMVDXNqlisipzZsGZYP-UqCLFMnIxi6FFm9BGugfBTbcpN3A4A==
KDVwGxcrChYZHzswFyohGQ5yEiApIRsXECgaFwAYL2oXEUZIagMWJFwZFwteCh0PASYmFBMKGy8vcSs2Oh4ZCjtcDyJzBzs+KgFBOw11KTc5GQgAHlwAA3MxOD0AKAcpPw83JV4JAgIKHhcKcwspPS0WHSkKEC0wLh4AFTJYOyIoBzoCLQUKOGkLLiY1HgAVOwoPC...
alukizeia.one/Q3NtWEEiEQ41fiJOD340MR9QfXMFVl8eJXBDXDs5NBUUNThxQVp2Ii8cGDwnMRwDLG8tFhl9cwU4Nw8bCik4CQYAIDQcJDs2PRQHK0o7NAt0JgMeBQc3HhMKKyUPHxB3ICYbC2ZBKxATAjQgMXUTKgUdIg81BWgQNBwdGzgNKjwbcQ85XDAZIRQ... Frame 156F
3 KB
2 KB
Document
General
Full URL
http://alukizeia.one/Q3NtWEEiEQ41fiJOD340MR9QfXMFVl8eJXBDXDs5NBUUNThxQVp2Ii8cGDwnMRwDLG8tFhl9cwU4Nw8bCik4CQYAIDQcJDs2PRQHK0o7NAt0JgMeBQc3HhMKKyUPHxB3ICYbC2ZBKxATAjQgMXUTKgUdIg81BWgQNBwdGzgNKjwbcQ85XDAZIRQ8PwNyB1UJOwIlLgsPGj8/OwwMFCAsACs6HhpzCiIvaxQKOBVgEQkyBjQQBSIiDQYzJTxrMRURLxERCRQoKgQrJRkOchI/KDVwGxcrChYZHzswFyohGQ5yEiApIRsXECgaFwAYL2oXEUZIagMWJFwZFwteCh0PASYmFBMKGy8vcSs2Oh4ZCjtcDyJzBzs+KgFBOw11KTc5GQgAHlwAA3MxOD0AKAcpPw83JV4JAgIKHhcKcwspPS0WHSkKEC0wLh4AFTJYOyIoBzoCLQUKOGkLLiY1HgAVOwoPCxI+JRcmOxs7IQN6JQMWDRUrWBwMFRRLMjIsHR1lECglIBx2OycODCcp
Requested by
Host: d301cxwfymy227.cloudfront.net
URL: http://d301cxwfymy227.cloudfront.net/?fwxcd=925694
Protocol
HTTP/1.1
Server
18.66.139.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.17.8.2 /
Resource Hash
05d374848141c827756851cc0fe007ed865f0df2cccc904d5c9decea68c96093

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/

Response headers

Content-Type
text/html
Content-Length
1232
Connection
keep-alive
Date
Sat, 27 Nov 2021 17:42:01 GMT
Server
openresty/1.17.8.2
cache-control
no-store, no-cache, must-revalidate, no-transform
Pragma
no-cache
P3P
CP="NID DSP ALL COR"
content-encoding
gzip
X-Cache
Miss from cloudfront
Via
1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Cf-Id
t-xmjobNQTGQ3zxF0HOPi91gQz6t3G7_zCaPnCnrVVUcvfe2VVofaA==
EDR+V3lMZnpabQk5J1N6XyM3Dz8MI35fbRA+JQF2XyZ+X2VKZG1ceFdmZRo7GDd+X20JJDcCdkhmcFZ7SmR6XHtAYXQ
uleqasfor.one/UENuS3l/fA04RANyHiMjYxVaKT88FToDNyYWAgE0NXEgEyFgIEg/
0
253 B
Image
General
Full URL
https://uleqasfor.one/UENuS3l/fA04RANyHiMjYxVaKT88FToDNyYWAgE0NXEgEyFgIEg/EDR+V3lMZnpabQk5J1N6XyM3Dz8MI35fbRA+JQF2XyZ+X2VKZG1ceFdmZRo7GDd+X20JJDcCdkhmcFZ7SmR6XHtAYXQ
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:8a0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 17:42:01 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uBiEltwJNwfUeHkIk5A40omiVu0F5FM22zCB%2BTOzAfHmMDEicDyEvq%2FaxcKBMbSX2M0dI80LYrR2oK%2Ftw51pAgM7ZfsY7maWJGGLlZxfbj82lhPDBbbg86eqoyWDwH9kutLigUGYIfPwCa2v"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
6b4d26902eae2b95-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
login.php
www.facebook.com/
0
0
Image
General
Full URL
https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

ServiceLogin
accounts.google.com/
0
0
Image
General
Full URL
https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

ServiceLogin
accounts.google.com/
0
0
Image
General
Full URL
https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Y3R6RmJhfDwFLTBneVM8Iy4kSH1haXBFf2NjekV1Y2s
uleqasfor.one/V1pIdUx4ZSsGcTI0AkcdAAwHJHwdIB0wNBAOJiMZBB8COi8BLW4BJTNncUZ4ZG19Uzw+PnVEaiQuKQE5JGd5UyU5PCdIaiFneVt/
0
530 B
Image
General
Full URL
https://uleqasfor.one/V1pIdUx4ZSsGcTI0AkcdAAwHJHwdIB0wNBAOJiMZBB8COi8BLW4BJTNncUZ4ZG19Uzw+PnVEaiQuKQE5JGd5UyU5PCdIaiFneVt/Y3R6RmJhfDwFLTBneVM8Iy4kSH1haXBFf2NjekV1Y2s
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:8a0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 17:42:01 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x3SJOAD4KMKWCysfqwPuUMlUGXdpB3LEYiMF9qRrefBbIshzpPbgGYTz%2FNIL9NMT61%2F6R5a8zoQ8TteQqE%2F%2BK4oGPCK45RWBtkpmtcjrObWq1Zuz58EL%2BgW1xDaeNxTKHrZIb5uPGd3vbd0W"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
6b4d26902eb02b95-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
zone
ptauxofi.net/
736 B
1019 B
Fetch
General
Full URL
https://ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=gestyy.com&var=&ymid=&var_3=
Requested by
Host: ptauxofi.net
URL: https://ptauxofi.net/pfe/current/tag.min.js?z=4157053
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
5b99556d85f437d39e8e22a97cfe1078a50d3cc3c5df345b2cf5cc61cc68bc37
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-trace-id
f634e58c98886d75a9b3cba99e1dd00b
date
Sat, 27 Nov 2021 17:42:00 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
content-type
application/json; charset=utf-8
access-control-allow-origin
http://gestyy.com
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
736
universal.min.js
ptauxofi.net/pfe/current/
105 KB
38 KB
Fetch
General
Full URL
https://ptauxofi.net/pfe/current/universal.min.js?v=3.1.343
Requested by
Host: ptauxofi.net
URL: https://ptauxofi.net/pfe/current/tag.min.js?z=4157053
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ce751c1a36f19a34d9116b17e472f75bd51357e4f835a5c8a1b36689f56c9099

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 17:42:01 GMT
content-encoding
gzip
last-modified
Fri, 19 Nov 2021 12:53:28 GMT
server
nginx
etag
W/"61979e48-1a3b9"
content-type
application/javascript
access-control-allow-origin
http://gestyy.com
cache-control
no-cache
access-control-allow-credentials
true
wnload
yfetyg.com/
653 B
554 B
Fetch
General
Full URL
https://yfetyg.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTExODczMCwid2lkIjoyNzg5ODIsImQiOiJnZXN0eXkuY29tIiwibGkiOjJ9&tz=0&if=0
Requested by
Host: yqmxfz.com
URL: https://yqmxfz.com/pw/waWQiOjExMDIzNjAsInNpZCI6MTExODczMCwid2lkIjoyNzg5ODIsInNyYyI6Mn0=eyJ.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2a02:b4a:1:7::9166:1 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
491d7455c0984d0627f530fa29fed28ba3cf77a672716472adbdb089e8030b23

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sat, 27 Nov 2021 17:42:01 GMT
content-encoding
gzip
access-control-allow-credentials
true
server
nginx/1.18.0
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
f2e3b335-7063-4b3c-9095-9fabd8631d5e
http://gestyy.com/
91 B
0
Other
General
Full URL
blob:http://gestyy.com/f2e3b335-7063-4b3c-9095-9fabd8631d5e
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2d054b502d829accd15ff9cb78d1431df1c3ec2c67ca18d4008d2cbc973c6384

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/wNTge7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Length
91
Content-Type
application/javascript
collect
www.google-analytics.com/j/
2 B
203 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=132234322&t=pageview&_s=1&dl=http%3A%2F%2Fgestyy.com%2FwNTge7&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAABAAAAAC~&jid=542037677&gjid=1505493499&cid=1473816969.1638034921&uid=1519037&tid=UA-42296749-1&_gid=2033920834.1638034921&_r=1&_slc=1&cd2=2021-11-02.0&cd7=1519037&cd5=0&z=1883511104
Requested by
Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://gestyy.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 17:42:01 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://gestyy.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
MTA1ZFceD1YXamtncxICS2piMmZVWHFVZmRocj0HZ2ZdPjZGYRMQPlUNDFZiBwkBQidYVAhVcUJEVBAiQg0GVGcAFlwKMV4NBVRnABZDWWYfAwFKZQIeA0IjQVFSWWYXQEEQOwwBA1dvAQMBXWUAAgJQ
uleqasfor.one/
0
254 B
Image
General
Full URL
https://uleqasfor.one/MTA1ZFceD1YXamtncxICS2piMmZVWHFVZmRocj0HZ2ZdPjZGYRMQPlUNDFZiBwkBQidYVAhVcUJEVBAiQg0GVGcAFlwKMV4NBVRnABZDWWYfAwFKZQIeA0IjQVFSWWYXQEEQOwwBA1dvAQMBXWUAAgJQ
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:8a0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 17:42:01 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mb9t38oaoUS%2BdntVeGGrxzUee0%2FiVqjamf14lbt54ivUv2OCJ7gJmSYGcZjPCa1hNNdMOdKCHAuoJUP8KPuNtfpAGx1RGx%2Br2XUDsMmBdzLcklQYD0V6IbHa9p0HYVI%2Fir5BV9XzWgsFnhZv"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
6b4d26920aa72b95-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
/
freychang.fun/
15 B
721 B
Fetch
General
Full URL
https://freychang.fun/?f=d56b345256d487a765c8e19bc3389dc2
Requested by
Host: d301cxwfymy227.cloudfront.net
URL: http://d301cxwfymy227.cloudfront.net/?fwxcd=925694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:dadd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2124bb2465e0150113a442027bac9c866dc94e1fc325932d3c0bb8b3e6d53012

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 17:42:01 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET
content-type
text/plain
access-control-allow-origin
http://gestyy.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=el0w16p0mRhVNKvfjlbuiJSue%2F4fFr%2B9CT2ywezFB6jJrrBXIsyKgnMWipTY1rsWk8CHbC1G8ItkjQTyIe869Ab6NzRvvabGT%2Bg39in%2ForVDCRwy5lmglQdWJYHZPz48ljZWHbgaDg3doLvr"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
6b4d269258432b65-FRA
access-control-allow-headers
X-Requested-With, content-type
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Vb25yRlIMARwgbRsHFntrXVtEf2ZJBAEpPB9TIggUXy09HxUaOQByMSADVDIoC1NCYD4OABV7dAoAEXtjSQ8WJG9bSAY2PQRTGzQ4HQgbISYLDFQzM1IDHTw7AwITY2ApW1x2d11eWjE7AQodMSFKXEIoJkpcQndiQV5XdRBKXEIxOwFYRmNhLUtAdipZWl-tjYF8...
d301cxwfymy227.cloudfront.net/ Frame A0C1
683 B
884 B
Script
General
Full URL
http://d301cxwfymy227.cloudfront.net/Vb25yRlIMARwgbRsHFntrXVtEf2ZJBAEpPB9TIggUXy09HxUaOQByMSADVDIoC1NCYD4OABV7dAoAEXtjSQ8WJG9bSAY2PQRTGzQ4HQgbISYLDFQzM1IDHTw7AwITY2ApW1x2d11eWjE7AQodMSFKXEIoJkpcQndiQV5XdRBKXEIxOwFYRmNhLUtAdipZWl-tjYF8PAjY+ChkXJDkGGld0FFpdRWhhWUtAdnoEBgYrPkpcMWNgXwIbLTdKXEIhNwwFHW93XV4RLiAAAxdjYClXRGhiQVpEcGZBWkdjYF8dEyAzHQdXdBRaXUVoYVlIB3s
Requested by
Host: alukizeia.one
URL: http://alukizeia.one/Q2NhdDUiAQIZCiJeA1JAMQ9cUQcFRlMyUXBTUBdNNAUYGUxxUVZaVi8MFBBTMQwPABstBhVRBwU1A0YAOjENPXgCMRYTVxEQKTJbNxE5IkEGBVMufwEiJARlAVo1PVIkNjkNBXorGSFUDDIjDXgQIiUicQoMIkV7ADolQHoCITdDUQIMIDFtNwkyJQ0UKSZNVxAiOEZlEjE1M08SVyklUiEqMi15ByUwDnhyKiU8YTRUIAN8FzpTNUUUUhlGUXJSBCNfBlQgJVonLjIyfhsmKBt/KBMCJVsnCjAiABsHMzZ+GyYoDHo0JTgmWA0LLSFBAgcIBG8UD0wAXxolWSR0KTpERncACwosfwcIJjNZJ1MnMkUnMTYcXRQ2FTVRLQwkNlIaETEfRSAuNjpSGxQoFnkXByoscAoLLwNCBSs2TQYbNVUmeSoiIDVNJwk4N1kbMSYcXBI1ETFWBDkjI14nCTgyDScmGDVPCzIFLFEBMQAsYBUMOCJZCiFSBxMpEA4aRX4zLzIFACw4M0AUEVUXei4
Protocol
HTTP/1.1
Server
2600:9000:2182:6a00:12:fc33:3bc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
ff0f807772fc6ac9f38d1db9db109eed67640ea38911cfd301c0ebf03a8f1c71

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://alukizeia.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 17:42:01 GMT
Content-Encoding
gzip
X-Amz-Cf-Pop
DUS51-C1
X-Cache
Miss from cloudfront
access-control-allow-origin
*
Cache-Control
max-age=31556926
Connection
keep-alive
Content-Length
497
Via
1.1 f12c01365a7e1bcbb4b6d5b856516527.cloudfront.net (CloudFront)
X-Amz-Cf-Id
eV21o1b5-tNVsMHVbAFi5SOT67oFmTwb6FLe1tpxMhMZQrsd0uqHWQ==
HRAGMi4PYhEcLFh0QwopCyNYQC0LJ1hXbgQgB1t8QzAVCSNYLRcMOgMtAhIsB2IQB3UIKx8PJAklQFQOUGpVQ3pVbBIPJgErEhVtV3QLEm1XdFRWZlVhViRtV3QSDyZTcEBVCkB2VR5+UW1AVH-gENBUKLRIhBw0hEWFXIH1Wc0tVfkB2VU4jDTAICm1XB0BUeAkt...
d301cxwfymy227.cloudfront.net/KZWZIZUQGCSYDexEPLFh9VlJ7UnFDDDsKKhVbGQ4SKCJ/ Frame 156F
640 B
838 B
Script
General
Full URL
http://d301cxwfymy227.cloudfront.net/KZWZIZUQGCSYDexEPLFh9VlJ7UnFDDDsKKhVbGQ4SKCJ/HRAGMi4PYhEcLFh0QwopCyNYQC0LJ1hXbgQgB1t8QzAVCSNYLRcMOgMtAhIsB2IQB3UIKx8PJAklQFQOUGpVQ3pVbBIPJgErEhVtV3QLEm1XdFRWZlVhViRtV3QSDyZTcEBVCkB2VR5+UW1AVH-gENBUKLRIhBw0hEWFXIH1Wc0tVfkB2VU4jDTAICm1XB0BUeAktDgNtV3QCAysOK0xDelUnDRQnCCFAVA5ccktWZlFyU1JmUXFAVHgWJQMHOgxhVyB9VnNLVX5DMVg
Requested by
Host: alukizeia.one
URL: http://alukizeia.one/Q3NtWEEiEQ41fiJOD340MR9QfXMFVl8eJXBDXDs5NBUUNThxQVp2Ii8cGDwnMRwDLG8tFhl9cwU4Nw8bCik4CQYAIDQcJDs2PRQHK0o7NAt0JgMeBQc3HhMKKyUPHxB3ICYbC2ZBKxATAjQgMXUTKgUdIg81BWgQNBwdGzgNKjwbcQ85XDAZIRQ8PwNyB1UJOwIlLgsPGj8/OwwMFCAsACs6HhpzCiIvaxQKOBVgEQkyBjQQBSIiDQYzJTxrMRURLxERCRQoKgQrJRkOchI/KDVwGxcrChYZHzswFyohGQ5yEiApIRsXECgaFwAYL2oXEUZIagMWJFwZFwteCh0PASYmFBMKGy8vcSs2Oh4ZCjtcDyJzBzs+KgFBOw11KTc5GQgAHlwAA3MxOD0AKAcpPw83JV4JAgIKHhcKcwspPS0WHSkKEC0wLh4AFTJYOyIoBzoCLQUKOGkLLiY1HgAVOwoPCxI+JRcmOxs7IQN6JQMWDRUrWBwMFRRLMjIsHR1lECglIBx2OycODCcp
Protocol
HTTP/1.1
Server
2600:9000:2182:6a00:12:fc33:3bc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
07899b40af7572242be09b1255b7dfb7888ebc9b691844eeec604d31a1476a79

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://alukizeia.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 17:42:01 GMT
Content-Encoding
gzip
X-Amz-Cf-Pop
DUS51-C1
X-Cache
Miss from cloudfront
access-control-allow-origin
*
Cache-Control
max-age=31556926
Connection
keep-alive
Content-Length
451
Via
1.1 3c2fca5c3988bc152e874a83fac74f4a.cloudfront.net (CloudFront)
X-Amz-Cf-Id
XfxDteYwBUCXil9H-Zjg0oJz6ghgnTwM5Sw3k1SZyP5IBilD4QJL1Q==
custom
ptauxofi.net/ Frame
0
0
Preflight
General
Full URL
https://ptauxofi.net/custom
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
http://gestyy.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
nginx
date
Sat, 27 Nov 2021 17:42:01 GMT
content-type
text/plain; charset=utf-8
content-length
0
access-control-allow-origin
http://gestyy.com
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age
86400
custom
ptauxofi.net/
39 B
321 B
Fetch
General
Full URL
https://ptauxofi.net/custom
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
http://gestyy.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json

Response headers

x-trace-id
008e501bf72e65e7936891a728a584f0
date
Sat, 27 Nov 2021 17:42:01 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
content-type
application/json; charset=utf-8
access-control-allow-origin
http://gestyy.com
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
39
gid.js
my.rtmark.net/
65 B
540 B
Fetch
General
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=42f83f39611740f08f81ac422f2b514a&zoneId=4157053&checkDuplicate=true&ymid=&var=
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
fa930ebb013ee05e9dd0874d8ba3ed82c9aaa27d1976f516f82789840826b592
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 17:42:01 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
http://gestyy.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
defaultSkin.min.js
ptauxofi.net/pfe/current/
56 KB
19 KB
Fetch
General
Full URL
https://ptauxofi.net/pfe/current/defaultSkin.min.js
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
7b23e3a7155161323573e58616ff1bfdaffd0560483db31315d181f6b394ddd5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 17:42:01 GMT
content-encoding
gzip
last-modified
Fri, 19 Nov 2021 12:53:28 GMT
server
nginx
etag
W/"61979e48-df63"
content-type
application/javascript
access-control-allow-origin
http://gestyy.com
cache-control
no-cache
access-control-allow-credentials
true
truncated
/ Frame 476C
255 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ad3995ed8857c7c6c71609fb70c4c77bc564d9279424bc5b9945134720730d24

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
custom
ptauxofi.net/ Frame
0
0
Preflight
General
Full URL
https://ptauxofi.net/custom
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
http://gestyy.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
nginx
date
Sat, 27 Nov 2021 17:42:01 GMT
content-type
text/plain; charset=utf-8
content-length
0
access-control-allow-origin
http://gestyy.com
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age
86400
custom
ptauxofi.net/
39 B
321 B
Fetch
General
Full URL
https://ptauxofi.net/custom
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
http://gestyy.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json

Response headers

x-trace-id
39a793e55f8a6eeae72df8e3c96294e3
date
Sat, 27 Nov 2021 17:42:01 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
content-type
application/json; charset=utf-8
access-control-allow-origin
http://gestyy.com
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
39
wnrw
yfetyg.com/
0
0
Fetch
General
Full URL
https://yfetyg.com/wnrw?aid=8266097262485655191&a=1
Requested by
Host: yqmxfz.com
URL: https://yqmxfz.com/pw/waWQiOjExMDIzNjAsInNpZCI6MTExODczMCwid2lkIjoyNzg5ODIsInNyYyI6Mn0=eyJ.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2a02:b4a:1:7::9166:1 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin
http://gestyy.com
date
Sat, 27 Nov 2021 17:42:01 GMT
server
nginx/1.18.0
content-length
0
o9ch-4FU-rFd2TqpX7TZRJc6ecubH9wI.png
i.wmgtr.com/cim/ Frame 4FF2
51 KB
51 KB
Image
General
Full URL
https://i.wmgtr.com/cim/o9ch-4FU-rFd2TqpX7TZRJc6ecubH9wI.png
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.32 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
af24185cd26106f1b103412f3e3b7888fcacd4bc4f18c31419ecbbc381b09916
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 17:42:01 GMT
content-encoding
gzip
server
nginx/1.20.2
content-type
image/png
access-control-allow-origin
*
expires
Sun, 28 Nov 2021 05:42:01 GMT
cache-control
max-age=43200
x-content-type-option
nosniff
x-xss-protection
1; mode=block
x-proxy-cache
HIT
WmLhyMWmEVIvVDt5bOaF9Y12PT4zj7WY.png
i.wmgtr.com/cic/ Frame 99C7
19 KB
19 KB
Image
General
Full URL
https://i.wmgtr.com/cic/WmLhyMWmEVIvVDt5bOaF9Y12PT4zj7WY.png
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.32 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
fd73803b80255e1ea0484cc9b02bf27bcd8ed024b11881effa7491bd05719d3c
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 17:42:01 GMT
content-encoding
gzip
server
nginx/1.20.2
content-type
image/png
access-control-allow-origin
*
expires
Sun, 28 Nov 2021 05:42:01 GMT
cache-control
max-age=43200
x-content-type-option
nosniff
x-xss-protection
1; mode=block
x-proxy-cache
HIT
nr-1212.min.js
js-agent.newrelic.com/
34 KB
13 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-1212.min.js
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
S6r4yaeB6jo_ZylmZ_5cM21n7ZH1t6gc
content-encoding
gzip
etag
"9dfe540eb31e6fc0e0dddd91e3511f68"
x-amz-request-id
4D8AQJC9VY2BJ6SC
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
12828
x-amz-id-2
2zU/m4ipcLnwAzgK66gM+c3M9MgsnZuv0e1Z9Z0e2/grnwun00VKLoxTIndc+jWu58DNxwidji8=
x-served-by
cache-hhn4032-HHN
last-modified
Thu, 04 Nov 2021 21:16:16 GMT
server
AmazonS3
x-timer
S1638034922.509295,VS0,VE0
date
Sat, 27 Nov 2021 17:42:01 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
7580
afu.php
shorteh.com/ Frame EFF0
Redirect Chain
  • http://ads.shorte.st/ads.php?key=2ea5b261f06ca771033a5fa9e22493f1&width=1024&height=768&ch=1519037&cp.dest_domain=sex-cam.live&cp.oid=1519037&cp.referrer=&cp.locked=0&cp.proxy=0&cp.quarantine_statu...
  • https://shorteh.com/afu.php?zoneid=1241630
1 KB
2 KB
Document
General
Full URL
https://shorteh.com/afu.php?zoneid=1241630
Requested by
Host: static.sh.st
URL: http://static.sh.st/js/packed/interstitial-page.js?2021-11-02.0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
266be8fbcf49142084239c098393b1530647b2f8a7f8d2fa07352618d32119af
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/

Response headers

server
nginx
date
Sat, 27 Nov 2021 17:42:01 GMT
content-type
text/html; charset=utf8
x-trace-id
57756cc2ad038224c65328148122c066
link
<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://totalnicefeed.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age
86400
pragma
no-cache
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
expires
Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin
* *
strict-transport-security
max-age=1
x-content-type-options
nosniff
content-encoding
gzip

Redirect headers

Date
Sat, 27 Nov 2021 17:42:01 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/5.6.40-0+deb8u13
Cache-Control
max-age=0, must-revalidate, no-store, private, s-maxage=0
Location
https://shorteh.com/afu.php?zoneid=1241630
X-Server-ID
shn03
X-UA-Compatible
IE=Edge
CF-Cache-Status
DYNAMIC
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OmXu4Ii9NUf8UyLC6GD91IqLKXfHjIJ8PqehjhTKTAuzwPbLfCmYTi%2BHVA4q8CsHMY9dMZN1LpIQdcFsXK34vMMMup9NObefAq1G63n67KWP204Lamg%2B3N9ZNNfSZ0MYKgSMsb0GHHBD9Ls%3D"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
6b4d26936a86dfef-FRA
custom
ptauxofi.net/
39 B
321 B
Fetch
General
Full URL
https://ptauxofi.net/custom
Requested by
Host: gestyy.com
URL: http://gestyy.com/wNTge7
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
http://gestyy.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json

Response headers

x-trace-id
0e65d35e04b68ccb3db03ad5622c2a23
date
Sat, 27 Nov 2021 17:42:01 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
content-type
application/json; charset=utf-8
access-control-allow-origin
http://gestyy.com
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
39
custom
ptauxofi.net/ Frame
0
0
Preflight
General
Full URL
https://ptauxofi.net/custom
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
http://gestyy.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
nginx
date
Sat, 27 Nov 2021 17:42:01 GMT
content-type
text/plain; charset=utf-8
content-length
0
access-control-allow-origin
http://gestyy.com
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age
86400
28e0508023
bam-cell.nr-data.net/1/
49 B
720 B
Script
General
Full URL
https://bam-cell.nr-data.net/1/28e0508023?a=9451001&v=1212.e95d35c&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=986&ck=1&ref=http://gestyy.com/wNTge7&ap=111&be=195&fe=956&dc=420&perf=%7B%22timing%22:%7B%22of%22:1638034920534,%22n%22:0,%22f%22:1,%22dn%22:1,%22dne%22:11,%22c%22:11,%22ce%22:17,%22rq%22:17,%22rp%22:173,%22rpe%22:186,%22dl%22:176,%22di%22:420,%22ds%22:420,%22de%22:420,%22dc%22:956,%22l%22:956,%22le%22:961%7D,%22navigation%22:%7B%7D%7D&fp=344&fcp=344&at=GBNTEw1LGR8%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1212.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 17:42:01 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
access-control-allow-credentials
true
CF-Ray
6b4d2693ad4b6963-FRA
popunder.gif
uleqasfor.one/
35 B
923 B
Image
General
Full URL
http://uleqasfor.one/popunder.gif
Protocol
HTTP/1.1
Server
2606:4700:3030::ac43:8a0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 17:42:01 GMT
content-encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
73022
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Content-Length
58
pragma
public
Last-Modified
Fri, 26 Nov 2021 21:24:59 GMT
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=57jiT7CI8oVwLjqEza69gLy5WFHIlYUA6zN4hWHMZWDPj5Q9ASqlGXO9ucUZ4rd5n8L8ofWYJVtIMiivd%2FYAFbHFPcOl8FJW9%2Bqwm6MZXUYuXFVAg%2Fd6NNdBZ%2FBgGd8gYIfbfrHwl23%2F%2FmS6"}],"group":"cf-nel","max_age":604800}
Content-Type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800, immutable
Accept-Ranges
bytes
CF-RAY
6b4d2693fd0916f2-FRA
popunder.gif
uleqasfor.one/
35 B
923 B
Image
General
Full URL
http://uleqasfor.one/popunder.gif
Requested by
Host: d301cxwfymy227.cloudfront.net
URL: http://d301cxwfymy227.cloudfront.net/?fwxcd=925694
Protocol
HTTP/1.1
Server
2606:4700:3030::ac43:8a0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://gestyy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 17:42:01 GMT
content-encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
73022
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Content-Length
58
pragma
public
Last-Modified
Fri, 26 Nov 2021 21:24:59 GMT
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vxHEwq5jXUfc1fqrEYgt1RueTuLirsMZgfwU7nE9%2BGEh9wa7vIAzfdSE%2FIhx4VpAkihZsdOYg8g9In%2BHZ5MDOr4tKk%2Bcib%2BQ3%2Ftwp0CxQHxFfyOaAtky0HQ0eoyNMsccWU53g7CoTp1wVC2J"}],"group":"cf-nel","max_age":604800}
Content-Type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800, immutable
Accept-Ranges
bytes
CF-RAY
6b4d26944d6c16f2-FRA
img.gif
my.rtmark.net/ Frame EFF0
43 B
503 B
Ping
General
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=a69851ec14764af4a936f5497fe1b46d
Requested by
Host: shorteh.com
URL: https://shorteh.com/afu.php?zoneid=1241630
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 27 Nov 2021 17:42:01 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
image/gif
access-control-allow-origin
https://shorteh.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
43
/
totalnicefeed.com/ Frame EFF0
34 KB
10 KB
Document
General
Full URL
https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Requested by
Host: shorteh.com
URL: https://shorteh.com/afu.php?zoneid=1241630
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
139.45.197.158 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx / PHP/7.4.24
Resource Hash
d2368cb0ce11ce2c5fcc06fac9747978bd3622976b113cc499f64194edd94e90

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
nginx
Date
Sat, 27 Nov 2021 17:42:01 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Powered-By
PHP/7.4.24
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, OPTIONS, HEAD
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Access-Control-Expose-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Encoding
gzip
inapp.min.js
littlecdn.com/apps/templates/_assets/scripts/ Frame EFF0
21 KB
7 KB
Script
General
Full URL
https://littlecdn.com/apps/templates/_assets/scripts/inapp.min.js
Requested by
Host: totalnicefeed.com
URL: https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a62 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53ba3541ae765b293259fff16bf4599fb18295116b19d6b928e74d55f67b57a8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://totalnicefeed.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 17:42:01 GMT
content-encoding
br
cf-cache-status
HIT
age
4215
last-modified
Fri, 26 Nov 2021 12:51:19 GMT
server
cloudflare
etag
W/"61a0d847-54ed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control
max-age=14400
cf-ray
6b4d26959a814e61-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
fv.js
propeller-tracking.com/ Frame EFF0
5 KB
3 KB
Script
General
Full URL
https://propeller-tracking.com/fv.js?t=71022&cb=1050005804
Requested by
Host: totalnicefeed.com
URL: https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
bcef0af5a6953da87ed9353729f60db60540b4bc5c9081b98bfae84f97e9128f
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://totalnicefeed.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 17:42:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-trace-id
c028c020a6ef57952fa20f266ce1988f
pragma
no-cache
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
text/javascript; charset=utf8
access-control-allow-origin
access-control-expose-headers
Authorization
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires
Tue, 11 Jan 1994 10:00:00 GMT
tag.js
mc.yandex.ru/metrika/ Frame EFF0
189 KB
65 KB
Script
General
Full URL
https://mc.yandex.ru/metrika/tag.js
Requested by
Host: totalnicefeed.com
URL: https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
5568d248345d825506f88f50e3fb1cd7c05b8b1d2c8a43de15ea3b9314fa0341
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://totalnicefeed.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 17:42:01 GMT
content-encoding
br
last-modified
Fri, 26 Nov 2021 15:51:55 GMT
etag
"61a0d86b-101bc"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
content-length
65980
expires
Sat, 27 Nov 2021 18:42:01 GMT
micro.tag.min.js
yonhelioliskor.com/pfe/current/ Frame EFF0
83 KB
30 KB
Script
General
Full URL
https://yonhelioliskor.com/pfe/current/micro.tag.min.js?z=4662709&ymid=488516470045954908&var=1241630&sw=/sw-check-permissions/4662709
Requested by
Host: totalnicefeed.com
URL: https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
0e068718b52a629da7626aa4f6f674bd197376475f04844178e276b88695c50c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://totalnicefeed.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 17:42:01 GMT
content-encoding
gzip
last-modified
Fri, 19 Nov 2021 12:53:28 GMT
server
nginx
etag
W/"61979e48-14bc2"
content-type
application/javascript
cache-control
no-cache
access-control-allow-credentials
true
truncated
/ Frame EFF0
327 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
skin.html
totalnicefeed.com/templates/_assets/push-skin/ Frame 2624
3 KB
1 KB
Document
General
Full URL
https://totalnicefeed.com/templates/_assets/push-skin/skin.html
Requested by
Host: totalnicefeed.com
URL: https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
139.45.197.158 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
87ff48a9cd88a4c7f8611fbbf68b4da09401553cad4f8f23ae71cf4aef0a4a08
Security Headers
Name Value
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

Response headers

Server
nginx
Date
Sat, 27 Nov 2021 17:42:01 GMT
Content-Type
text/html
Last-Modified
Fri, 26 Nov 2021 12:51:19 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
ETag
W/"61a0d847-a84"
Strict-Transport-Security
max-age=60
X-Content-Type-Options
nosniff
Content-Encoding
gzip
/
totalnicefeed.com/ Frame EFF0
2 B
485 B
XHR
General
Full URL
https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&mprtr=1
Requested by
Host: totalnicefeed.com
URL: https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
139.45.197.158 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx / PHP/7.4.24
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 17:42:01 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
X-Powered-By
PHP/7.4.24
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
application/json
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
skin.css
totalnicefeed.com/templates/_assets/push-skin/ Frame 2624
23 KB
10 KB
Stylesheet
General
Full URL
https://totalnicefeed.com/templates/_assets/push-skin/skin.css
Requested by
Host: totalnicefeed.com
URL: https://totalnicefeed.com/templates/_assets/push-skin/skin.html
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
139.45.197.158 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
078f8d637ba3c9b35da7e4392c083232c392aa968c6c4c3af030e7fb9d5d6d17

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://totalnicefeed.com/templates/_assets/push-skin/skin.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 17:42:01 GMT
Content-Encoding
gzip
Last-Modified
Fri, 26 Nov 2021 12:51:19 GMT
Server
nginx
ETag
W/"61a0d847-5cf1"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET, POST, OPTIONS, HEAD
Content-Type
text/css
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
skin.min.js
totalnicefeed.com/templates/_assets/push-skin/ Frame 2624
27 KB
7 KB
Script
General
Full URL
https://totalnicefeed.com/templates/_assets/push-skin/skin.min.js
Requested by
Host: totalnicefeed.com
URL: https://totalnicefeed.com/templates/_assets/push-skin/skin.html
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
139.45.197.158 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
2850867d45189af6747c0e88fcf55922006b36e447035be87adf4df1046a064d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://totalnicefeed.com/templates/_assets/push-skin/skin.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 17:42:01 GMT
Content-Encoding
gzip
Last-Modified
Fri, 26 Nov 2021 12:51:19 GMT
Server
nginx
ETag
W/"61a0d847-6d48"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET, POST, OPTIONS, HEAD
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
vctx
propeller-tracking.com/ Frame EFF0
0
493 B
XHR
General
Full URL
https://propeller-tracking.com/vctx?t=71022
Requested by
Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=71022&cb=1050005804
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://totalnicefeed.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-trace-id
6840ef15f1fac815a805f05d8c1095d2
pragma
no-cache
date
Sat, 27 Nov 2021 17:42:01 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
https://totalnicefeed.com
access-control-expose-headers
Authorization
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires
Tue, 11 Jan 1994 10:00:00 GMT
zone
yonhelioliskor.com/ Frame EFF0
0
253 B
Ping
General
Full URL
https://yonhelioliskor.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=totalnicefeed.com&var=1241630&ymid=488516470045954908&var_3=&dsig=&action=prerequest
Requested by
Host: yonhelioliskor.com
URL: https://yonhelioliskor.com/pfe/current/micro.tag.min.js?z=4662709&ymid=488516470045954908&var=1241630&sw=/sw-check-permissions/4662709
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://totalnicefeed.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-trace-id
2dbacb861cdf8d8648e45cb797effd31
date
Sat, 27 Nov 2021 17:42:01 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
access-control-allow-origin
https://totalnicefeed.com
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
0
vbl
propeller-tracking.com/ Frame EFF0
0
493 B
Ping
General
Full URL
https://propeller-tracking.com/vbl?t=71022&bid=undefined&aid=undefined
Requested by
Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=71022&cb=1050005804
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://totalnicefeed.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-trace-id
8babf77ce608d6ae6068258d19114ef7
pragma
no-cache
date
Sat, 27 Nov 2021 17:42:01 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
https://totalnicefeed.com
access-control-expose-headers
Authorization
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires
Tue, 11 Jan 1994 10:00:00 GMT
1
mc.yandex.com/watch/67238875/ Frame EFF0
Redirect Chain
  • https://mc.yandex.com/watch/67238875?wmode=7&page-url=https%3A%2F%2Ftotalnicefeed.com%2F%3Fs%3D488516470045954908%26ssk%3Da39af0eed154fc77e4a886b2e6fd31fe%26svar%3D1638034921%26z%3D1241630%26pz%3D4...
  • https://mc.yandex.com/watch/67238875/1?wmode=7&page-url=https%3A%2F%2Ftotalnicefeed.com%2F%3Fs%3D488516470045954908%26ssk%3Da39af0eed154fc77e4a886b2e6fd31fe%26svar%3D1638034921%26z%3D1241630%26pz%3...
331 B
413 B
XHR
General
Full URL
https://mc.yandex.com/watch/67238875/1?wmode=7&page-url=https%3A%2F%2Ftotalnicefeed.com%2F%3Fs%3D488516470045954908%26ssk%3Da39af0eed154fc77e4a886b2e6fd31fe%26svar%3D1638034921%26z%3D1241630%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg3ayomqwinwev%3Afp%3A172%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A700%3Acn%3A1%3Adp%3A0%3Als%3A276818377396%3Ahid%3A991194624%3Az%3A0%3Ai%3A20211127174202%3Aet%3A1638034922%3Ac%3A1%3Arn%3A654141870%3Arqn%3A1%3Au%3A1638034922779076199%3Aw%3A1600x1107%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Acpf%3A1%3Ans%3A1638034921674%3Ads%3A6%2C37%2C101%2C1%2C0%2C0%2C%2C21%2C0%2C%2C%2C%2C169%3Adsn%3A6%2C38%2C101%2C1%2C0%2C0%2C%2C22%2C1%2C%2C%2C%2C169%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1638034922%3At%3AZulassen%20dr%C3%BCcken&t=gdpr%2814%29ti%282%29
Requested by
Host: totalnicefeed.com
URL: https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
H2
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
f9e3ec3a22c1607d0f036744c68fbd2265da02a2efeeaadd0927afe52695f242
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://totalnicefeed.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 17:42:02 GMT
x-content-type-options
nosniff
last-modified
Sat, 27-Nov-2021 17:42:02 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://totalnicefeed.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
331
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 17:42:02 GMT

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 17:42:02 GMT
last-modified
Sat, 27-Nov-2021 17:42:02 GMT
location
/watch/67238875/1?wmode=7&page-url=https%3A%2F%2Ftotalnicefeed.com%2F%3Fs%3D488516470045954908%26ssk%3Da39af0eed154fc77e4a886b2e6fd31fe%26svar%3D1638034921%26z%3D1241630%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg3ayomqwinwev%3Afp%3A172%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A700%3Acn%3A1%3Adp%3A0%3Als%3A276818377396%3Ahid%3A991194624%3Az%3A0%3Ai%3A20211127174202%3Aet%3A1638034922%3Ac%3A1%3Arn%3A654141870%3Arqn%3A1%3Au%3A1638034922779076199%3Aw%3A1600x1107%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Acpf%3A1%3Ans%3A1638034921674%3Ads%3A6%2C37%2C101%2C1%2C0%2C0%2C%2C21%2C0%2C%2C%2C%2C169%3Adsn%3A6%2C38%2C101%2C1%2C0%2C0%2C%2C22%2C1%2C%2C%2C%2C169%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1638034922%3At%3AZulassen%20dr%C3%BCcken&t=gdpr%2814%29ti%282%29
strict-transport-security
max-age=31536000
access-control-allow-origin
https://totalnicefeed.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 17:42:02 GMT
advert.gif
mc.yandex.com/metrika/ Frame EFF0
43 B
136 B
Image
General
Full URL
https://mc.yandex.com/metrika/advert.gif?t=ti(4)
Requested by
Host: totalnicefeed.com
URL: https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://totalnicefeed.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 17:42:02 GMT
last-modified
Fri, 26 Nov 2021 15:51:55 GMT
etag
"61a0d86b-2b"
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 18:42:02 GMT
/
incorphishor.com/4/4662728/ Frame EFF0
995 B
2 KB
Document
General
Full URL
https://incorphishor.com/4/4662728/?var=1241630
Requested by
Host: totalnicefeed.com
URL: https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
dee92114410b08c74b7474c09cb435dabcd21b6a7261394b129f978ce7cf2f3a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://totalnicefeed.com/

Response headers

server
nginx
date
Sat, 27 Nov 2021 17:42:02 GMT
content-type
text/html; charset=utf8
content-length
995
x-trace-id
94cbfc4530ec33bce7e9754f8648de94
link
<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <http://google.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin
* *
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age
86400
pragma
no-cache no-cache
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0 no-store, no-cache, must-revalidate, max-age=0
expires
Tue, 11 Jan 1994 10:00:00 GMT Mon, 26 Jul 1997 05:00:00 GMT
timing-allow-origin
*
vb
propeller-tracking.com/ Frame EFF0
0
0

img.gif
my.rtmark.net/ Frame EFF0
43 B
506 B
Ping
General
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=b0a8c4b3eea3415baf7832f75232f75a
Requested by
Host: incorphishor.com
URL: https://incorphishor.com/4/4662728/?var=1241630
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 27 Nov 2021 17:42:02 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
image/gif
access-control-allow-origin
https://incorphishor.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
43
/
www.google.com/ Frame EFF0
Redirect Chain
  • http://google.com/
  • http://www.google.com/
  • https://www.google.com/?gws_rd=ssl
0
0
Document
General
Full URL
https://www.google.com/?gws_rd=ssl
Requested by
Host: incorphishor.com
URL: https://incorphishor.com/4/4662728/?var=1241630
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://incorphishor.com/4/3735488/?var=4662728&ab2r=0&prfrev=false

Response headers

date
Sat, 27 Nov 2021 17:42:02 GMT
expires
-1
cache-control
private, max-age=0
content-type
text/html; charset=UTF-8
strict-transport-security
max-age=31536000
bfcache-opt-in
unload
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding
br
server
gws
content-length
51427
x-xss-protection
0
x-frame-options
SAMEORIGIN
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

Location
https://www.google.com/?gws_rd=ssl
Cache-Control
private
Content-Type
text/html; charset=UTF-8
BFCache-Opt-In
unload
Date
Sat, 27 Nov 2021 17:42:02 GMT
Server
gws
Content-Length
231
X-XSS-Protection
0
X-Frame-Options
SAMEORIGIN

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
analytics.shorte.st
URL
http://analytics.shorte.st/displayed
Domain
propeller-tracking.com
URL
https://propeller-tracking.com/vb?t=71022&bid=undefined&aid=undefined&tp=816.6000003814697

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| NREUM object| newrelic function| __nr_require string| GoogleAnalyticsObject function| ga object| dataLayer function| gtag object| app function| bindInfoButtons function| showClickedInfo object| bean function| domready function| reqwest function| Fingerprint2 object| fuckAdBlock function| t8b function| e6QQ boolean| DEBUG_MODE boolean| ENABLE_LOGS boolean| ENABLE_ONLINE_DEBUGGER boolean| SUPPORT_IE8 boolean| MOBILE_VERSION boolean| EXTERNAL_POLYFILL boolean| SEND_PIXELS boolean| IS_POP_COIN boolean| PIXEL_LOG_LEVEL_INFO boolean| PIXEL_LOG_LEVEL_DEBUG boolean| PIXEL_LOG_LEVEL_WARNING boolean| PIXEL_LOG_LEVEL_ERROR boolean| PIXEL_LOG_LEVEL_METRICS function| f8MM number| LAST_CORRECT_EVENT_TIME number| _3320949029 number| _2942449667 boolean| fanfilnfjkdsabfhjdsbfkljsvmjhdfb object| zfgformats object| google_tag_manager object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| sdk number| iinf boolean| installOnFly boolean| zfgloadedpush boolean| zfgloadedpushopt boolean| zfgloadedpushcode object| onClickExcludes

20 Cookies

Domain/Path Name / Value
gestyy.com/ Name: hl
Value: en
gestyy.com/ Name: cookies-enable
Value: 1
.gestyy.com/ Name: _ga
Value: GA1.2.1473816969.1638034921
.gestyy.com/ Name: _gid
Value: GA1.2.2033920834.1638034921
.gestyy.com/ Name: _gat
Value: 1
my.rtmark.net/ Name: ID
Value: 42f83f39611740f08f81ac422f2b514a
shorteh.com/ Name: OAID
Value: a69851ec14764af4a936f5497fe1b46d
shorteh.com/ Name: oaidts
Value: 1638034921
.nr-data.net/ Name: JSESSIONID
Value: 6b4915ab6d03add0
.totalnicefeed.com/ Name: _ym_uid
Value: 1638034922779076199
.totalnicefeed.com/ Name: _ym_d
Value: 1638034922
.yandex.com/ Name: yandexuid
Value: 533519471638034922
.yandex.com/ Name: yuidss
Value: 533519471638034922
mc.yandex.com/ Name: yabs-sid
Value: 1638414401638034922
.yandex.com/ Name: i
Value: kDun9OkYGUhir4p7QTmzWUA7XV1SeYrMmnYxhIVK//Otvn4jpURQTwm2PrOIUHVPgIhaNfzG8wwBgk9CA8mIxD5xmAk=
.yandex.com/ Name: ymex
Value: 1669570922.yrts.1638034922#1669570922.yrtsi.1638034922
.totalnicefeed.com/ Name: _ym_isad
Value: 2
.totalnicefeed.com/ Name: _ym_visorc
Value: b
incorphishor.com/ Name: OAID
Value: b0a8c4b3eea3415baf7832f75232f75a
incorphishor.com/ Name: oaidts
Value: 1638034922

5 Console Messages

Source Level URL
Text
javascript error URL: http://gestyy.com/wNTge7
Message:
Access to XMLHttpRequest at 'http://analytics.shorte.st/displayed' from origin 'http://gestyy.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: http://analytics.shorte.st/displayed
Message:
Failed to load resource: net::ERR_FAILED
deprecation warning URL: https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb(Line 47)
Message:
Permission for the Notification API may no longer be requested from a cross-origin iframe. You should consider requesting permission from a top-level frame or opening a new window instead. See https://www.chromestatus.com/feature/6451284559265792 for more details.
deprecation warning URL: https://totalnicefeed.com/?s=488516470045954908&ssk=a39af0eed154fc77e4a886b2e6fd31fe&svar=1638034921&z=1241630&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb(Line 47)
Message:
The Notification API may no longer be used from insecure origins. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.google.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
ads.shorte.st
alukizeia.one
analytics.shorte.st
bam-cell.nr-data.net
d301cxwfymy227.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
freychang.fun
gestyy.com
google.com
i.wmgtr.com
incorphishor.com
js-agent.newrelic.com
littlecdn.com
mc.yandex.com
mc.yandex.ru
my.rtmark.net
propeller-tracking.com
ptauxofi.net
shorteh.com
static.sh.st
totalnicefeed.com
uleqasfor.one
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
yfetyg.com
yonhelioliskor.com
yqmxfz.com
analytics.shorte.st
propeller-tracking.com
139.45.195.8
139.45.197.158
139.45.197.238
139.45.197.239
139.45.197.240
139.45.197.250
139.45.197.251
151.101.66.137
162.247.243.147
18.66.139.109
213.174.135.32
2600:9000:2182:6a00:12:fc33:3bc0:21
2606:4700:10::ac43:a62
2606:4700:20::681a:56b
2606:4700:20::681a:6da
2606:4700:20::681a:89b
2606:4700:20::ac43:4a21
2606:4700:3030::ac43:8a0d
2606:4700:3030::ac43:dadd
2606:4700:3033::6815:155b
2a00:1450:4001:80e::2004
2a00:1450:4001:810::200a
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2008
2a00:1450:4001:82a::200d
2a00:1450:4001:82b::2003
2a00:1450:4001:831::200e
2a02:6b8::1:119
2a02:b4a:1:7::9166:1
2a03:2880:f11c:8183:face:b00c:0:25de
05d374848141c827756851cc0fe007ed865f0df2cccc904d5c9decea68c96093
07899b40af7572242be09b1255b7dfb7888ebc9b691844eeec604d31a1476a79
078f8d637ba3c9b35da7e4392c083232c392aa968c6c4c3af030e7fb9d5d6d17
0d934fe53438ff6cd64166ef9c285381dbcda527eccfa1fdbd391d1ceffdd91e
0e068718b52a629da7626aa4f6f674bd197376475f04844178e276b88695c50c
0f13250dac3eba96683a13d9c0c14c812448cc2f499a6ad6637a17adf094884d
2101735d43a8d486dbc5139500a78420766cc673a3610363ce9525526c3f5149
2124bb2465e0150113a442027bac9c866dc94e1fc325932d3c0bb8b3e6d53012
266be8fbcf49142084239c098393b1530647b2f8a7f8d2fa07352618d32119af
2850867d45189af6747c0e88fcf55922006b36e447035be87adf4df1046a064d
2d054b502d829accd15ff9cb78d1431df1c3ec2c67ca18d4008d2cbc973c6384
39c54f0919d2baea1c89172b3f0bbe2706744643826f319e933b9eb0223e78ac
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
491d7455c0984d0627f530fa29fed28ba3cf77a672716472adbdb089e8030b23
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f817a67ff0f7cfc44f8cb779fd96df66cd7374404f25c1ec3d63aacd9ed4751
53ba3541ae765b293259fff16bf4599fb18295116b19d6b928e74d55f67b57a8
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5568d248345d825506f88f50e3fb1cd7c05b8b1d2c8a43de15ea3b9314fa0341
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc
57a9c6cd97e6b79a42cbcf962f90500d2a0e1ea9c1a56845ee402964b2af5e6d
5b99556d85f437d39e8e22a97cfe1078a50d3cc3c5df345b2cf5cc61cc68bc37
7b23e3a7155161323573e58616ff1bfdaffd0560483db31315d181f6b394ddd5
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87eb4c9fa2bd3a95f29b584d8c1154e5d2c137ccbbc8572dedc6218beefa656f
87ff48a9cd88a4c7f8611fbbf68b4da09401553cad4f8f23ae71cf4aef0a4a08
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
ad3995ed8857c7c6c71609fb70c4c77bc564d9279424bc5b9945134720730d24
af24185cd26106f1b103412f3e3b7888fcacd4bc4f18c31419ecbbc381b09916
afbea7ba272a69f065b1e9737aaea43b6733e96396ed33dd05851dd80481e833
bcef0af5a6953da87ed9353729f60db60540b4bc5c9081b98bfae84f97e9128f
ce751c1a36f19a34d9116b17e472f75bd51357e4f835a5c8a1b36689f56c9099
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d2368cb0ce11ce2c5fcc06fac9747978bd3622976b113cc499f64194edd94e90
d510a99d491a4676c7500b5ef1a149e3eb6a60b40e4c1eb8401675cd6daa5fe0
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dee92114410b08c74b7474c09cb435dabcd21b6a7261394b129f978ce7cf2f3a
e2ccbcb29247da3e0437c1d336dfeb167d9548b28a76b7a53f19f61ca80540bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e
f9e3ec3a22c1607d0f036744c68fbd2265da02a2efeeaadd0927afe52695f242
fa930ebb013ee05e9dd0874d8ba3ed82c9aaa27d1976f516f82789840826b592
fd73803b80255e1ea0484cc9b02bf27bcd8ed024b11881effa7491bd05719d3c
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001
ff0f807772fc6ac9f38d1db9db109eed67640ea38911cfd301c0ebf03a8f1c71
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881