gestyy.com Open in urlscan Pro
104.26.8.155 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://gestyy.com/ehhfTS
Submission: On October 18 via manual (October 18th 2023, 6:57:12 am UTC) from ES — Scanned from CH

Summary HTTP 86 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 33 IPs in 6 countries across 36 domains to perform 86 HTTP transactions. The main IP is 104.26.8.155, located in and belongs to CLOUDFLARENET, US. The main domain is gestyy.com.

This is the only time gestyy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	104.26.8.155 104.26.8.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.185.110 142.250.185.110	15169 (GOOGLE) (GOOGLE)
2	172.217.16.202 172.217.16.202	15169 (GOOGLE) (GOOGLE)
3	172.67.68.250 172.67.68.250	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	52.222.232.155 52.222.232.155	16509 (AMAZON-02) (AMAZON-02)
10	139.45.197.250 139.45.197.250	9002 (RETN-AS) (RETN-AS)
1	95.216.206.230 95.216.206.230	24940 (HETZNER-AS) (HETZNER-AS)
3	172.255.6.34 172.255.6.34	7979 (SERVERS-COM) (SERVERS-COM)
3	142.250.184.232 142.250.184.232	15169 (GOOGLE) (GOOGLE)
2	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
1	172.67.74.33 172.67.74.33	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	143.204.98.113 143.204.98.113	16509 (AMAZON-02) (AMAZON-02)
3	143.204.98.81 143.204.98.81	16509 (AMAZON-02) (AMAZON-02)
1 5	104.21.9.104 104.21.9.104	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	157.240.0.35 157.240.0.35	32934 (FACEBOOK) (FACEBOOK)
4 6	172.217.23.109 172.217.23.109	15169 (GOOGLE) (GOOGLE)
1	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
5	185.162.85.1 185.162.85.1	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2	172.255.6.136 172.255.6.136	7979 (SERVERS-COM) (SERVERS-COM)
1	142.250.181.228 142.250.181.228	15169 (GOOGLE) (GOOGLE)
1	142.250.186.99 142.250.186.99	15169 (GOOGLE) (GOOGLE)
4	142.91.159.200 142.91.159.200	7979 (SERVERS-COM) (SERVERS-COM)
1	216.239.32.36 216.239.32.36	15169 (GOOGLE) (GOOGLE)
1 1	23.109.150.91 23.109.150.91	7979 (SERVERS-COM) (SERVERS-COM)
1	51.89.192.129 51.89.192.129	16276 (OVH) (OVH)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
1 1	104.26.5.107 104.26.5.107	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	139.45.197.238 139.45.197.238	9002 (RETN-AS) (RETN-AS)
1 1	23.109.150.155 23.109.150.155	7979 (SERVERS-COM) (SERVERS-COM)
1 2	198.134.116.29 198.134.116.29	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
2	45.133.44.32 45.133.44.32	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	162.19.19.15 162.19.19.15	() ()
86	33

6 104.26.8.155 (None, )

ASN13335 (CLOUDFLARENET, US)

gestyy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.110 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.67.68.250 (United States)

ASN13335 (CLOUDFLARENET, US)

static.sh.st	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.222.232.155 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-232-155.fra56.r.cloudfront.net

d3t3z4teexdk2r.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 139.45.197.250 (United Kingdom)

ASN9002 (RETN-AS, GB)

ptauxofi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.216.206.230 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.230.206.216.95.clients.your-server.de

ubbfpm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.255.6.34 (Netherlands)

ASN7979 (SERVERS-COM, US)

ja.rewashwudu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.184.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.74.33 (United States)

ASN13335 (CLOUDFLARENET, US)

analytics.shorte.st	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

pogothere.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
xdiwbc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.98.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-113.fra50.r.cloudfront.net

aculturerpa.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.98.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-81.fra50.r.cloudfront.net

aculturerpa.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.21.9.104 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

manifefashiona.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.0.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.23.109 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f13.1e100.net

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.162.85.1 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

xngqoc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
prhzxq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.255.6.136 (Netherlands)

ASN7979 (SERVERS-COM, US)

jurorstalar.uno	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net

www.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.91.159.200 (Netherlands)

ASN7979 (SERVERS-COM, US)

cytulakiblah.guru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.32.36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.109.150.91 (Netherlands) 1 redirects

ASN7979 (SERVERS-COM, US)

vickykilled.cfd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.192.129 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: eu3.static1.gglx.me

intendrebend.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.5.107 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ads.shorte.st	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)

shorteh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.109.150.155 (Netherlands) 1 redirects

ASN7979 (SERVERS-COM, US)

viewyentreat.guru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.134.116.29 (United States) 1 redirects

ASN27257 (WEBAIR-INTERNET, US)

xml.yellow-resultsbidder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

static.servingserved.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.133.44.32 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

i.wmgtr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.19.15 (None, )

ASN- ()

scarpeweevily.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	ptauxofi.net ptauxofi.net — Cisco Umbrella Rank: 252474	60 KB
7	google.com 4 redirects accounts.google.com — Cisco Umbrella Rank: 32 www.google.com — Cisco Umbrella Rank: 2	3 KB
6	gestyy.com gestyy.com	40 KB
5	manifefashiona.info 1 redirects manifefashiona.info	2 KB
5	aculturerpa.info aculturerpa.info	7 KB
4	cytulakiblah.guru cytulakiblah.guru — Cisco Umbrella Rank: 72249	5 KB
4	cloudfront.net d3t3z4teexdk2r.cloudfront.net	117 KB
3	xngqoc.com xngqoc.com — Cisco Umbrella Rank: 136793	97 B
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 56	211 KB
3	rewashwudu.com ja.rewashwudu.com — Cisco Umbrella Rank: 749836	149 KB
3	sh.st static.sh.st — Cisco Umbrella Rank: 803128	115 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42 region1.google-analytics.com — Cisco Umbrella Rank: 2250	21 KB
2	wmgtr.com i.wmgtr.com — Cisco Umbrella Rank: 18905	957 KB
2	yellow-resultsbidder.com 1 redirects xml.yellow-resultsbidder.com — Cisco Umbrella Rank: 51074	201 B
2	xdiwbc.com xdiwbc.com — Cisco Umbrella Rank: 185883	4 KB
2	jurorstalar.uno jurorstalar.uno — Cisco Umbrella Rank: 22558	4 KB
2	prhzxq.com prhzxq.com — Cisco Umbrella Rank: 164266	569 B
2	pogothere.xyz pogothere.xyz — Cisco Umbrella Rank: 25650	201 KB
2	shorte.st 1 redirects analytics.shorte.st — Cisco Umbrella Rank: 905677 ads.shorte.st	760 B
2	gstatic.com fonts.gstatic.com	95 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 49	2 KB
1	scarpeweevily.top scarpeweevily.top	10 KB
1	servingserved.com static.servingserved.com — Cisco Umbrella Rank: 65035	6 KB
1	viewyentreat.guru 1 redirects viewyentreat.guru — Cisco Umbrella Rank: 25558	1 KB
1	shorteh.com shorteh.com	514 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 456	16 KB
1	intendrebend.top intendrebend.top — Cisco Umbrella Rank: 31449	6 KB
1	vickykilled.cfd 1 redirects vickykilled.cfd — Cisco Umbrella Rank: 47806	1 KB
1	google.ch www.google.ch — Cisco Umbrella Rank: 24974	455 B
1	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 9763	540 B
1	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 45	2 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 116
1	ubbfpm.com ubbfpm.com — Cisco Umbrella Rank: 295574	197 KB
0	adskeeper.com Failed s-img.adskeeper.com Failed
0	nr-data.net Failed bam.nr-data.net Failed
0	Failed function sub() { [native code] }. Failed
86	36

	Domain	Requested by
10	ptauxofi.net	gestyy.com ptauxofi.net
6	accounts.google.com	4 redirects gestyy.com
6	gestyy.com	gestyy.com static.sh.st
5	manifefashiona.info	1 redirects gestyy.com
5	aculturerpa.info	d3t3z4teexdk2r.cloudfront.net
4	cytulakiblah.guru	ja.rewashwudu.com
4	d3t3z4teexdk2r.cloudfront.net	gestyy.com aculturerpa.info
3	xngqoc.com	ubbfpm.com
3	www.googletagmanager.com	gestyy.com www.googletagmanager.com www.google-analytics.com
3	ja.rewashwudu.com	gestyy.com ja.rewashwudu.com
3	static.sh.st	gestyy.com
2	i.wmgtr.com
2	xml.yellow-resultsbidder.com	1 redirects ja.rewashwudu.com
2	xdiwbc.com	ubbfpm.com
2	jurorstalar.uno	ja.rewashwudu.com
2	prhzxq.com	ubbfpm.com
2	pogothere.xyz	d3t3z4teexdk2r.cloudfront.net
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	client ja.rewashwudu.com
2	www.google-analytics.com	gestyy.com www.google-analytics.com
1	scarpeweevily.top	gestyy.com
1	static.servingserved.com
1	viewyentreat.guru	1 redirects
1	shorteh.com	static.sh.st
1	ads.shorte.st	1 redirects
1	js-agent.newrelic.com	gestyy.com
1	intendrebend.top
1	vickykilled.cfd	1 redirects
1	region1.google-analytics.com	www.googletagmanager.com
1	www.google.ch	gestyy.com
1	www.google.com	gestyy.com
1	my.rtmark.net	gestyy.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	www.facebook.com	gestyy.com
1	analytics.shorte.st	static.sh.st
1	ubbfpm.com	gestyy.com
0	s-img.adskeeper.com Failed	gestyy.com
0	bam.nr-data.net Failed	js-agent.newrelic.com
0	cuid Failed	ja.rewashwudu.com
86	39

This site contains links to these domains. Also see Links.

Domain
shorte.st

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
ptauxofi.net R3	`2023-08-28` - `2023-11-26`	3 months	crt.sh
ubbfpm.com R3	`2023-09-26` - `2023-12-25`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-28` - `2024-02-27`	a year	crt.sh
aculturerpa.info Amazon RSA 2048 M02	`2023-10-12` - `2024-11-09`	a year	crt.sh
manifefashiona.info GTS CA 1P5	`2023-10-12` - `2024-01-10`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-07-27` - `2023-10-25`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
rtmark.net R3	`2023-07-25` - `2023-10-23`	3 months	crt.sh
xngqoc.com R3	`2023-08-29` - `2023-11-27`	3 months	crt.sh
prhzxq.com R3	`2023-09-15` - `2023-12-14`	3 months	crt.sh
jurorstalar.uno R3	`2023-09-16` - `2023-12-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.google.ch GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
xdiwbc.com GTS CA 1P5	`2023-10-02` - `2023-12-31`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
shorteh.com R3	`2023-09-08` - `2023-12-07`	3 months	crt.sh
i.wmgtr.com R3	`2023-08-23` - `2023-11-21`	3 months	crt.sh

This page contains 11 frames:

Primary Page: http://gestyy.com/ehhfTS
Frame ID: 1C5BCE836EE8773034C6D3EC29F5EB30
Requests: 62 HTTP requests in this frame

Frame: http://aculturerpa.info/TktHbWcvKSQAWC92JUsSPCd6SFUIbnUrA30/dBdTOi4iFQMleTVDBCIkMgkBPCQpGUkgLjNIVQg6FCo1CS8CJBUNMiA+ARo8CSQMInwhAT18Hw8ZEgohEg8rCiMdIx8qMg8vKh0CMAYqGCw0LD0KPCIkDCI8JQoAIAwuO1YfIgoMLhYdETQlGyYMAQs3Hi00Uw0ydicsGgoRICYDOBcKVyUNKjxeDBM0NysaAgkmDykhJTs+DxoQFVMfExUoBiRzCSYlDz8XFQMkGSkkCgsMCSoEICcSDCIcJSIUPSQZKSRCfA0DPg8NLypcPwwNARoCDDMwPCA6PxEDShcdCgcABwIwIAkFLH8bJgkvcSQJAAMjOj0WKAErECsOMBkvChIrLiAADAY6VhkvLwoVBzwBBzUgAjEsNBstCzohDC8CPA8HCR4dIB0vMzsADAYiXz0bKgIvHy0NdgI2fQkzOwkXAw4UUwgFBVwJKyINFzV9HSo7VAwYCV4xGG0tHgggO3ocBH4fMDkwBQ91IBM
Frame ID: 95068447156ECA16A63A8E44972EAB9C
Requests: 2 HTTP requests in this frame

Frame: http://aculturerpa.info/cGxhdGkRDgIZVhFRA1IcAgBcUVs2SVMyDUMYUg5dBAkEDA0bXhNaChwDFBAPAgMPAEceCRVRWzYVAjFcNzkLHz05PwZEKxc9Dz0ESC0zGhFCDRYAPjooNE0/By4bMAFFIyglWR4rUiYqFTQgITgIIg45ABgINSwRFzwNEww7NBVEMTJYFRFbPQokJwYbDhZFPj8VBQI/MlRROBNFOiQjHUAqIAwMFgEvEyomC1Q4EwgIKQ4CQQgWACg5KCtHKkAuREYvFAIWPj8oXCQQHgQtLidRSChRJhsUPiAXOB5YREYrKi1QLghDPggjKDFJUzYiGgguMjoHGC5EWCYKIFkrHi8KEA4UOzAXOB5ZFDs/NSkoDRlDLxs6GxQrKyIuIzkLEB4ELSonJAg5CU0HKV4gPiwJNVEkPyE6AEc4JS00GA4UAhY6OEM2REYvFi1UNwhDPggnATUDKw0rITo5AygqGxE8MDg6CjweJhYFA08aHw4aGU0kLQM4Mw0oOVtHWicOCg
Frame ID: ED69A1D4D64E23EBAD4A5536CB309831
Requests: 2 HTTP requests in this frame

Frame: http://aculturerpa.info/ek0yVjUbL1E7ChtwUHBACCEPcwc8aAAQUUk5ASwBDihXLlERf0B4VhYiRzJTCCJcIhsUKEZzBzwBfGRBPwNfBGA4DkIHYkoAcR90DilzOn9LDwMhZzsZVgx2ESllG30dN1AHDUoccWMFLhlwG3Q7PWgPWRULZQdNTwhzEG85BVkeZBYUYhxSDhx3BA1KGmNufjsJSh5wEQx0G1lCCmQDBQIbAzpUOAkHMHY8PnkPZCskcz1jSggDD30rN3wwdhYAdxsFLA9wAEYLHFkTcy1+ZxFmHSl9MgYoD3AARgAVRTl3In93EH8SB2gycE8ec2Z/Eg90BGI9Nx8EVDsYcxl/Fn18BwVPf1EQcD8VdTlzLyV4DFE4eWIOTUI9ZT1wPAZ1E3AsC0EVeUsDcBRjCSdnIVEZD3VmYSwqUR95Pxx+AVJPJXAVfCoYXzlyKSp8D1M7dHkXcxYlcBBnPw5bHG08IQcZURQPYBRzAjxwAHwoBVw9fVwnQTlbCnBGGGIgKUIgfzk
Frame ID: A365CB9CA6B8EAC5394EFBC744332B23
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: C661272FD94C1CB160C073AE6AC0DE3E
Requests: 1 HTTP requests in this frame

Frame: https://intendrebend.top/g/7c/71/7c7157d2cc3b2ab0459792419f85c177080b7b84.png
Frame ID: 189F91F3D078CFE06BA043ED6C32A97F
Requests: 1 HTTP requests in this frame

Frame: https://shorteh.com/afu.php?zoneid=1241630
Frame ID: 06BFC278AEA91AD9B0BB1EDEFCA707D2
Requests: 1 HTTP requests in this frame

Frame: http://static.servingserved.com/n337/ad/192x192_h1daqjql3qfUiIlyPBBS.jpeg
Frame ID: 2C3FCFF0EE31BD3538C53287651C64DE
Requests: 1 HTTP requests in this frame

Frame: https://i.wmgtr.com/cic/ZUXT3u8vEwsWeRN5qTQvjVDCHbljzdrq.png
Frame ID: CD2719A2E431AC32B6DAE4839C27A4FE
Requests: 1 HTTP requests in this frame

Frame: https://i.wmgtr.com/cim/wfG8af1niSejWpDaA1QaXYvOJLZfW_So.png
Frame ID: FE481E1AD0BC2FAB22FB807A8FBB352A
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800
Frame ID: B8435B274ECB7718B532042A7389628B
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Earn money on short links. Make short links and earn the biggest money - shorte.stsawssad-ninja-vector-full-export-v2

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

86
Requests

52 %
HTTPS

0 %
IPv6

36
Domains

39
Subdomains

33
IPs

6
Countries

2229 kB
Transfer

3451 kB
Size

16
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://shorte.st/?utm_source=shst&utm_medium=intermediate&utm_campaign=logo

Search URL Search Domain Scan URL

URL: https://shorte.st/
Title: Shorten urls and earn money

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 28

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyy5ZQfwu3kd4EDVQ-bIq_7T3N1Vozv1ySP-Mrv0dZ399MGkJmOmg8OFY3cn9kYENbP-7VxbhA HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyyL8oiBRh_Sgk_10szxbNwbFJBu57zK0Sl5rIH_JDj6EY__NuaDq2XMXIjPh3i4Rf3c0opAEA&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-770779716%3A1697612225394243&theme=glif

Request Chain 29

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeywyt6aYd0jTiFNBIH_APA6c0Em57yX0ySdovTpIAeAvFmJZUIVCUPiSx0eFLxgPHjDAr6Suog HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyygDH6VGisara0Wes1MCCUR6O6aHO3Q13MrUQmVYYv4ORvkvYJrY5OuUMkDbB5aSAdOnzrsAQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1812838769%3A1697612225437394&theme=glif

Request Chain 41

http://manifefashiona.info/popunder.gif HTTP 301
https://manifefashiona.info/popunder.gif

Request Chain 65

https://vickykilled.cfd/tsk/pDHGGoK8gcBDOGiyDw_5qxRKFV4tAoIbK53bsz7Yca0iUYxO3UvllhVuittAce4p2wirjiiwzleq_zlybapuQZqs9kmpHYacwVFeEMnIAIM HTTP 302
https://intendrebend.top/g/7c/71/7c7157d2cc3b2ab0459792419f85c177080b7b84.png

Request Chain 70

http://ads.shorte.st/ads.php?key=2ea5b261f06ca771033a5fa9e22493f1&width=1024&height=768&ch=1&cp.dest_domain=talk.plesk.com&cp.oid=1&cp.referrer=&cp.locked=0&cp.proxy=0&cp.quarantine_status=1&cp.vno=1&cp.enc_url=zBLux/6NHfDTaPzO9owZd32h4gIi80LD6rchN9YWDxG3UHUkzdpAuesg6qb4XDSN&cp.asid=0be47e24f472cacbbb827b09c488d983df2364ed&title=&description=&keywords=&captcha_verified=0 HTTP 302
https://shorteh.com/afu.php?zoneid=1241630

Request Chain 74

https://viewyentreat.guru/tsk/VkjHzDfkqN8cL73rZlMUksS2M6WfTHpM87Cb2yzeQoQeu22kdV9T8Anzqa6z2IXxddmrPBG*OD6dfnpLZilXxmzOD_3UadFNwqkJ*eu8STc HTTP 302
http://xml.yellow-resultsbidder.com/thumbnail?i=6vafreQ4IEA_0&imgt=icon HTTP 302
http://static.servingserved.com/n337/ad/192x192_h1daqjql3qfUiIlyPBBS.jpeg

Request Chain 83

https://icdns.net/b2/c/i/icon?cid=1&did=Tl11X2M&eid=622&nid=1&sid=3302344570okVFTpWc&ts=1697612230&ttl=43200&v=v5.8.2 HTTP 302
https://s-img.adskeeper.com/g/15023478/492x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3XzEwMjAseF80NDEseV8yODYvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjItMTIvMTAxOTI0L2MxMmUwMDhjYTgzOGE3NmUzZDYwMjg2N2ZlNjA2OWZiLmpwZWc.webp?v=1697612230-J0sRNiUGNYExjcYeFGDoX49fp_n-pExNBYp7BFd60vU

86 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request ehhfTS Show response
gestyy.com/ 91 KB
36 KB 591ms
274ms Document
text/html 104.26.8.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://gestyy.com/ehhfTS

Protocol

HTTP/1.1

Server

104.26.8.155 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/5.6.40-0+deb8u16

Resource Hash

507c7c453e932b9ee7ec0d1367af1e8fd51cfd26eb0dd0b408ce112e2ebe2829

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
CF-RAY: 817ee28b3ddc0f82-MXP
Cache-Control: no-cache
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 18 Oct 2023 06:57:03 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EhbtRePqVhIvG1fWcOZ4ZCsua61pR96JZNwUYpt3lPHXn%2B%2FecT9xoGnnMEBWeMeqeh5C5W2gZETCfcC9FBzN3nrCMW7073%2B%2Bl%2Bb4209bZILTi26h%2BF51HEPt8EE%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: DENY
X-Powered-By: PHP/5.6.40-0+deb8u16
X-Server-ID: shn08
X-UA-Compatible: IE=Edge

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

52 KB
21 KB

502ms
94ms

Script
text/javascript

142.250.185.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: gestyy.com
URL: http://gestyy.com/ehhfTS

Protocol

Server

142.250.185.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 18 Oct 2023 05:51:33 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3930
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 18 Oct 2023 07:51:33 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2 200 css
fonts.googleapis.com/ 3 KB
983 B 504ms
97ms Stylesheet
text/css 172.217.16.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway:400,700

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f10.1e100.net

Software

ESF /

Resource Hash

c3c736b80c318c7323b9f2b6a3b2ddd6e78e5aeeed7e9d648c6b1d7e97691024

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 18 Oct 2023 06:57:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 06:17:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 18 Oct 2023 06:57:03 GMT

GET
H/1.1 200
OK tracking.gif
gestyy.com/bundles/advertisement/img/ 0
727 B 414ms
414ms Image
image/gif 104.26.8.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://gestyy.com/bundles/advertisement/img/tracking.gif?test=0be47e24f472cacbbb827b09c488d983df2364ed
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: HTTP/1.1
Server: 104.26.8.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/ehhfTS
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 06:57:03 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 0
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 29 Jun 2022 08:56:54 GMT
Server: cloudflare
ETag: "62bc13d6-0"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VgtAT27yUx7ArUaCkwZjrPhjoy8ZfTRZz2AFzs8jd1XyTsCya5guOPTrAoxe4sW3WHGkv5kVPaoPMEp9638SJcL3MKQhxxzFQMehoZLDfDy9lsZv3DnUBdespIo%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Access-Control-Allow-Origin: *
X-Server-ID: shn08
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 817ee28eafd70f82-MXP

GET
H/1.1 200
OK advertisement-tracking-1.gif
gestyy.com/bundles/smeweb/img/ 43 B
759 B 427ms
427ms Image
image/gif 104.26.8.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://gestyy.com/bundles/smeweb/img/advertisement-tracking-1.gif?t=1697612223
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: HTTP/1.1
Server: 104.26.8.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/ehhfTS
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 06:57:03 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 43
X-UA-Compatible: IE=Edge
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0EHZPvPSDFu%2BrKQPma1fuTYOdn1L7QTfmqCZom97XuHUS1%2BcWJpOIyMYt%2BopVu%2BCUxV957DgpcYDlPk9oR42G6W78C7ZehNGZMKL2xC2aOZmvusygQKc24ZqHGY%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Access-Control-Allow-Origin: *
X-Server-ID: shn01
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 817ee28eaa1b0e71-MXP

GET
H/1.1 200
OK tracking-1.gif
gestyy.com/bundles/smeweb/img/ 43 B
763 B 185ms
185ms Image
image/gif 104.26.8.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://gestyy.com/bundles/smeweb/img/tracking-1.gif?t=1697612223
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: HTTP/1.1
Server: 104.26.8.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/ehhfTS
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 06:57:03 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 43
X-UA-Compatible: IE=Edge
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2B%2FML43%2Bg7%2BgZMdmEpgOSCXR6Kx%2FtnJrtVGRktD7Ha0xWQ2EpTyIl15jbovQZGF8XASIemMAPL1WE%2BGy7XMTNcrQWHSaE8glbuQqkZL93mrsomdEahoSvZokTQ4%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Access-Control-Allow-Origin: *
X-Server-ID: shn09
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 817ee28f48270f82-MXP

GET
H/1.1 200
OK logo1707.png
static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/ 6 KB
7 KB 483ms
151ms Image
image/png 172.67.68.250
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: HTTP/1.1
Server: 172.67.68.250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 06:57:04 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 58285
Connection: keep-alive
Content-Length: 6226
X-UA-Compatible: IE=Edge
Last-Modified: Fri, 17 Jul 2015 13:29:04 GMT
Server: cloudflare
ETag: "55a90320-1852"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2FjtGNFu5DEBiDlURfel1ik8mSWcVDJA8u4QYB19h%2BfiunfeerWUiNEigouabcWVgOgNwELVslIAH6Bq5%2BJQn3QyCWFLnhWUzKjGxzFnNvOd857hYYb4lo73P5Yupw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
X-Server-ID: shn07
Cache-Control: max-age=86400
Accept-Ranges: bytes
CF-RAY: 817ee291bf614c76-MXP
Expires: Wed, 18 Oct 2023 14:45:39 GMT

GET
H/1.1 200
OK interstitial-page.js Show response
static.sh.st/js/packed/ 79 KB
25 KB 490ms
174ms Script
application/javascript 172.67.68.250
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: HTTP/1.1
Server: 172.67.68.250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88bb3be0111402f5ca81aaa36cbf7c4a2755099c5d0446831331e1d1d8e7a1ef

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 06:57:04 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 58327
Cf-Polished: origSize=102880
Transfer-Encoding: chunked
Connection: keep-alive
X-UA-Compatible: IE=Edge
Cf-Bgj: minify
Last-Modified: Wed, 29 Jun 2022 08:57:49 GMT
Server: cloudflare
ETag: W/"62bc140d-191e0"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1AnKICW4gwAi86Icf%2Bs2bCsisPxFCFwrXAm9A%2BK10R4Trque6wV8JdQEeMva1BgskrVIRpsSDK1f1a1MrH59woUjha%2F%2F%2F9hSSBo4Laiz4pVwz%2FMIx8kmGjc0YaOwFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
X-Server-ID: shn06
Cache-Control: max-age=86400
CF-RAY: 817ee29278024c39-MXP
Expires: Wed, 18 Oct 2023 14:44:57 GMT

GET
H/1.1 200
OK / Show response
d3t3z4teexdk2r.cloudfront.net/ 354 KB
115 KB 747ms
407ms Script
text/plain 52.222.232.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: HTTP/1.1
Server: 52.222.232.155 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-232-155.fra56.r.cloudfront.net
Software: /
Resource Hash: 5182b64b1fc47cf6cd1c0674b2c392400ed84cadc71425a7dea77f5c117a9bb3

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 Oct 2023 06:57:04 GMT
Content-Encoding: gzip
Via: 1.1 8a6f67a9421de326f43e9107751b580e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P4
X-Cache: Miss from cloudfront
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Connection: keep-alive
Content-Length: 117481
X-Amz-Cf-Id: ZqZrxanrNN7vEtPhXMpQEUH1XIqyndVuHcuqRkqA29q4xgk_mfSMKw==

GET
H2 200 tag.min.js Show response
ptauxofi.net/pfe/current/ 13 KB
6 KB 282ms
53ms Script
application/javascript 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ptauxofi.net/pfe/current/tag.min.js?z=4157053
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 7ff740926f42fb48bec26638cae37723c5bb658e67465ba90b7f486a5adb6dce

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Oct 2023 06:57:04 GMT
content-encoding: gzip
last-modified: Tue, 17 Oct 2023 12:19:39 GMT
server: nginx
etag: W/"652e7bdb-33d2"
content-type: application/javascript
cache-control: no-cache
access-control-allow-credentials: true

GET
H/1.1 200
OK inpage.js Show response
ubbfpm.com/ms/1102360/ 196 KB
197 KB 1155ms
527ms Script
application/javascript 95.216.206.230
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ubbfpm.com/ms/1102360/inpage.js

Requested by

Host: gestyy.com
URL: http://gestyy.com/ehhfTS

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

95.216.206.230 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.230.206.216.95.clients.your-server.de

Software

nginx /

Resource Hash

37800f9f2bb9d6543c17667dca9695da535d5b01fcf095db9d20d9782f1d22d0

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 06:57:04 GMT
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin
Last-Modified: Fri, 21 Apr 2023 15:45:14 GMT
Server: nginx
X-Permitted-Cross-Domain-Policies: none
ETag: "6442af8a-31022"
X-Download-Options: noopen
X-Frame-Options: sameorigin
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 200738
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 46223 Show response
ja.rewashwudu.com/fmwhVStpL4dxap/ 479 KB
147 KB 285ms
190ms Script
application/javascript 172.255.6.34
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

http://ja.rewashwudu.com/fmwhVStpL4dxap/46223

Requested by

Host: gestyy.com
URL: http://gestyy.com/ehhfTS

Protocol

HTTP/1.1

Server

172.255.6.34 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

2999f5874877de3a7f9f8e5cce8221338d277ba4cf08e798b2302bb853539550

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 06:57:04 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: http://gestyy.com
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Credentials: true
Vary: Accept-Encoding
Keep-Alive: timeout=20
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 156 KB
57 KB 626ms
140ms Script
application/javascript 142.250.184.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ

Requested by

Host: gestyy.com
URL: http://gestyy.com/ehhfTS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

cbcd47d3130ee0af9b24cea1743f3289656f0ceda476d6eef7865d0b01e42a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 06:57:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58199
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Oct 2023 06:57:04 GMT

GET
H/1.1 200
OK widget-sprite.png
static.sh.st/bundles/smeweb/img/ 83 KB
83 KB 479ms
161ms Image
image/png 172.67.68.250
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: HTTP/1.1
Server: 172.67.68.250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 06:57:04 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 58057
Connection: keep-alive
Content-Length: 84545
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 29 Jun 2022 08:56:53 GMT
Server: cloudflare
ETag: "62bc13d5-14a41"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=va7iSX%2BhQsBFPJzOab74A68NevWfonVbu6LRiSRLlunL5KrXXrk8ZFGbyHxV1Ey9k6lVBDhC2l38VmMspx4w7I2Fo9SgZfAyN8NqAqBIp7Z77zlRaGptLUqJUhsJfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
X-Server-ID: shn05
Cache-Control: max-age=86400
Accept-Ranges: bytes
CF-RAY: 817ee2927dc983a3-MXP
Expires: Wed, 18 Oct 2023 14:49:27 GMT

GET
H2 200 1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v29/ 47 KB
48 KB 659ms
123ms Font
font/woff2 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v29/1Ptug8zYS_SKggPNyC0ITw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

8cbc049ddbd7ca67068451ce754401833499959c4c6ed7b98f664d42e0597808

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://gestyy.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 18:18:14 GMT
x-content-type-options: nosniff
age: 477530
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48208
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Oct 2024 18:18:14 GMT

OPTIONS
H/1.1 403
Forbidden displayed
analytics.shorte.st/ Frame 0
0 517ms
185ms Preflight
text/html 172.67.74.33
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://analytics.shorte.st/displayed

Protocol

HTTP/1.1

Server

172.67.74.33 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Access-Control-Request-Headers: x-requested-with
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

CF-RAY: 817ee2962a185a3d-MXP
Cache-Control: max-age=15
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 18 Oct 2023 06:57:04 GMT
Expires: Wed, 18 Oct 2023 06:57:19 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Referrer-Policy: same-origin
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ow%2BrsIqpVzj2yZrOPC5rz3HHZmBUDY5Yj48ZoeX0rplKWgsDKI8xlLjbzTxMMVj%2Fd9OOBAP449nBpsF%2BotNxrZOkWxsSpDKzaOO42P%2FmEwGLPougMjp1tKK2X8nZHClwMA8pwGI%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

POST displayed
analytics.shorte.st/ 0
0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 192 KB
70 KB 251ms
251ms Script
application/javascript 142.250.184.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

d8d32816d1bb305802ea9cd47e6b7357ce57ff240fcb8fc7a569b7d16a4bb9f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 06:57:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71522
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Oct 2023 06:57:04 GMT

GET
H2 200 asd100.bin Show response
pogothere.xyz/ 100 KB
100 KB 446ms
244ms Fetch
binary/octet-stream 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/asd100.bin
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 06:57:05 GMT
cf-cache-status: STALE
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10362
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 18 Oct 2023 04:04:23 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: http://gestyy.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vze8NaL6RF77rnD6BO8E%2F1sCXQ7vzrcQ%2B1SkXti9xbSercPodMwcSBOSZTjo5WB%2F4vLk20BatWs1gisLvEXWcXt4numSueL3AsjhQKY9vba5%2FERVOy5azApV0xWrnBpR"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 817ee2966c1abb25-MXP
access-control-allow-headers: X-Requested-With, content-type

GET /
pogothere.xyz/ 0
0

GET
H2 204 utx Show response
aculturerpa.info/ 0
535 B 371ms
152ms XHR
text/plain 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aculturerpa.info/utx?cb=rBwBYtLvveCH&top=gestyy.com&tid=962089
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Oct 2023 06:57:05 GMT
via: 1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: http://gestyy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: fTM3mFW48P8FrLf0K2f0oJePpwZKyYewlGunZRT9Br5Mn6VD9wxoyg==

GET
H/1.1 200
OK dBdTOi4iFQMleTVDBCIkMgkBPCQpGUkgLjNIVQg6FCo1CS8CJBUNMiA+ARo8CSQMInwhAT18Hw8ZEgohEg8rCiMdIx8qMg8vKh0CMAYqGCw0LD0KPCIkDCI8JQoAIAwuO1YfIgoMLhYdETQlGyYMAQs3Hi00Uw0ydicsGgoRICYDOBcKVyUNKjxeDBM0NysaAgkmD... Show response
aculturerpa.info/TktHbWcvKSQAWC92JUsSPCd6SFUIbnUrA30/ Frame 9506 3 KB
2 KB 276ms
252ms Document
text/html 143.204.98.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://aculturerpa.info/TktHbWcvKSQAWC92JUsSPCd6SFUIbnUrA30/dBdTOi4iFQMleTVDBCIkMgkBPCQpGUkgLjNIVQg6FCo1CS8CJBUNMiA+ARo8CSQMInwhAT18Hw8ZEgohEg8rCiMdIx8qMg8vKh0CMAYqGCw0LD0KPCIkDCI8JQoAIAwuO1YfIgoMLhYdETQlGyYMAQs3Hi00Uw0ydicsGgoRICYDOBcKVyUNKjxeDBM0NysaAgkmDykhJTs+DxoQFVMfExUoBiRzCSYlDz8XFQMkGSkkCgsMCSoEICcSDCIcJSIUPSQZKSRCfA0DPg8NLypcPwwNARoCDDMwPCA6PxEDShcdCgcABwIwIAkFLH8bJgkvcSQJAAMjOj0WKAErECsOMBkvChIrLiAADAY6VhkvLwoVBzwBBzUgAjEsNBstCzohDC8CPA8HCR4dIB0vMzsADAYiXz0bKgIvHy0NdgI2fQkzOwkXAw4UUwgFBVwJKyINFzV9HSo7VAwYCV4xGG0tHgggO3ocBH4fMDkwBQ91IBM
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: HTTP/1.1
Server: 143.204.98.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-81.fra50.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 306e17f35263e332313e39de1b5e9292fdbd30563cedbc36c8ba75de93d6c98e

Request headers

Referer: http://gestyy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
Connection: keep-alive
Content-Length: 1233
Content-Type: text/html
Date: Wed, 18 Oct 2023 06:57:05 GMT
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Server: openresty/1.17.8.2
Via: 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 8WlLnpZVvF_gT64tBNvVSRWbJ-pCdCKf7Trg4-JxH-ojcAfZ_Gmzbg==
X-Amz-Cf-Pop: FRA50-C1
X-Cache: Miss from cloudfront
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip

GET
H/1.1 200
OK NSkoDRlDLxs6GxQrKyIuIzkLEB4ELSonJAg5CU0HKV4gPiwJNVEkPyE6AEc4JS00GA4UAhY6OEM2REYvFi1UNwhDPggnATUDKw0rITo5AygqGxE8MDg6CjweJhYFA08aHw4aGU0kLQM4Mw0oOVtHWicOCg Show response
aculturerpa.info/cGxhdGkRDgIZVhFRA1IcAgBcUVs2SVMyDUMYUg5dBAkEDA0bXhNaChwDFBAPAgMPAEceCRVRWzYVAjFcNzkLHz05PwZEKxc9Dz0ESC0zGhFCDRYAPjooNE0/By4bMAFFIyglWR4rUiYqFTQgITgIIg45ABgINSwRFzwNEww7NBVEMTJYFRFb... Frame ED69 3 KB
2 KB 262ms
230ms Document
text/html 143.204.98.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://aculturerpa.info/cGxhdGkRDgIZVhFRA1IcAgBcUVs2SVMyDUMYUg5dBAkEDA0bXhNaChwDFBAPAgMPAEceCRVRWzYVAjFcNzkLHz05PwZEKxc9Dz0ESC0zGhFCDRYAPjooNE0/By4bMAFFIyglWR4rUiYqFTQgITgIIg45ABgINSwRFzwNEww7NBVEMTJYFRFbPQokJwYbDhZFPj8VBQI/MlRROBNFOiQjHUAqIAwMFgEvEyomC1Q4EwgIKQ4CQQgWACg5KCtHKkAuREYvFAIWPj8oXCQQHgQtLidRSChRJhsUPiAXOB5YREYrKi1QLghDPggjKDFJUzYiGgguMjoHGC5EWCYKIFkrHi8KEA4UOzAXOB5ZFDs/NSkoDRlDLxs6GxQrKyIuIzkLEB4ELSonJAg5CU0HKV4gPiwJNVEkPyE6AEc4JS00GA4UAhY6OEM2REYvFi1UNwhDPggnATUDKw0rITo5AygqGxE8MDg6CjweJhYFA08aHw4aGU0kLQM4Mw0oOVtHWicOCg
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: HTTP/1.1
Server: 143.204.98.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-81.fra50.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: d07564478a41491fa886da41f1a83d3145c3c4a0272ccc8811b833c950a64b16

Request headers

Referer: http://gestyy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
Connection: keep-alive
Content-Length: 1221
Content-Type: text/html
Date: Wed, 18 Oct 2023 06:57:05 GMT
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Server: openresty/1.17.8.2
Via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
X-Amz-Cf-Id: XLTfhiM3qjnZTejf7I4H85aea_p6aQPaomMfszIrv_oMp7Acj71qUw==
X-Amz-Cf-Pop: FRA50-C1
X-Cache: Miss from cloudfront
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip

GET
H2 200 asd100.bin Show response
pogothere.xyz/ 100 KB
101 KB 351ms
215ms Fetch
binary/octet-stream 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/asd100.bin
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 06:57:05 GMT
cf-cache-status: STALE
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10362
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 18 Oct 2023 04:04:23 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: http://gestyy.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Lx%2B9%2B0YsQNibpLgaW1H0hRkb28lnJBRTXIQHI%2FQr6wH6Zqk58PmZ%2F5bjbDBDcJQD4QElWngoJxDd6KvT1%2FK4clFXtakJlvBbnXUW5MFMpbXW2%2BcbdRWJWhgjl8hwAse"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 817ee2966c1cbb25-MXP
access-control-allow-headers: X-Requested-With, content-type

GET /
pogothere.xyz/ 0
0

GET
H2 204 utx Show response
aculturerpa.info/ 0
534 B 317ms
165ms XHR
text/plain 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aculturerpa.info/utx?cb=9w5BtD5cJ21f&top=gestyy.com&tid=959118
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Oct 2023 06:57:05 GMT
via: 1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: http://gestyy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: 5AarTz-w9YQ9Yf6JZ29Iu9jDciaKyvl_FVYtBx8k4oUj1ryN2R3xjw==

GET
H/1.1 200
OK Fn18BwVPf1EQcD8VdTlzLyV4DFE4eWIOTUI9ZT1wPAZ1E3AsC0EVeUsDcBRjCSdnIVEZD3VmYSwqUR95Pxx+AVJPJXAVfCoYXzlyKSp8D1M7dHkXcxYlcBBnPw5bHG08IQcZURQPYBRzAjxwAHwoBVw9fVwnQTlbCnBGGGIgKUIgfzk Show response
aculturerpa.info/ek0yVjUbL1E7ChtwUHBACCEPcwc8aAAQUUk5ASwBDihXLlERf0B4VhYiRzJTCCJcIhsUKEZzBzwBfGRBPwNfBGA4DkIHYkoAcR90DilzOn9LDwMhZzsZVgx2ESllG30dN1AHDUoccWMFLhlwG3Q7PWgPWRULZQdNTwhzEG85BVkeZBYUYhxS... Frame A365 3 KB
2 KB 247ms
231ms Document
text/html 143.204.98.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://aculturerpa.info/ek0yVjUbL1E7ChtwUHBACCEPcwc8aAAQUUk5ASwBDihXLlERf0B4VhYiRzJTCCJcIhsUKEZzBzwBfGRBPwNfBGA4DkIHYkoAcR90DilzOn9LDwMhZzsZVgx2ESllG30dN1AHDUoccWMFLhlwG3Q7PWgPWRULZQdNTwhzEG85BVkeZBYUYhxSDhx3BA1KGmNufjsJSh5wEQx0G1lCCmQDBQIbAzpUOAkHMHY8PnkPZCskcz1jSggDD30rN3wwdhYAdxsFLA9wAEYLHFkTcy1+ZxFmHSl9MgYoD3AARgAVRTl3In93EH8SB2gycE8ec2Z/Eg90BGI9Nx8EVDsYcxl/Fn18BwVPf1EQcD8VdTlzLyV4DFE4eWIOTUI9ZT1wPAZ1E3AsC0EVeUsDcBRjCSdnIVEZD3VmYSwqUR95Pxx+AVJPJXAVfCoYXzlyKSp8D1M7dHkXcxYlcBBnPw5bHG08IQcZURQPYBRzAjxwAHwoBVw9fVwnQTlbCnBGGGIgKUIgfzk
Requested by: Host: d3t3z4teexdk2r.cloudfront.net
URL: http://d3t3z4teexdk2r.cloudfront.net/?etztd=962089
Protocol: HTTP/1.1
Server: 143.204.98.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-81.fra50.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 94f088facd48b161b74a049ceaa9f69b370b8d58e126dadd4313ffeef7af0317

Request headers

Referer: http://gestyy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
Connection: keep-alive
Content-Length: 1227
Content-Type: text/html
Date: Wed, 18 Oct 2023 06:57:05 GMT
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Server: openresty/1.17.8.2
Via: 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: E7LBiMbL0bL2JxH159qQUdAvsITlgyjqgaj7RLBt2IzN33Pw2zrY1A==
X-Amz-Cf-Pop: FRA50-C1
X-Cache: Miss from cloudfront
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip

GET
H2 204 aGFnNlpHXgRFZwk5IVkAEjsGZ2scNSZaIiA0IXsKPTQxbw85MEFCMwxcXgBoWFleECoBBVoHfBsVBkIvG1xWEDMGBwgLfB5cVhhpXE9UAnRYRxILa04VF1c9VVBBRi4cDVoHbFFWUQdoWlNTDmpZ
manifefashiona.info/ 0
248 B 288ms
159ms Image
text/plain 104.21.9.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://manifefashiona.info/aGFnNlpHXgRFZwk5IVkAEjsGZ2scNSZaIiA0IXsKPTQxbw85MEFCMwxcXgBoWFleECoBBVoHfBsVBkIvG1xWEDMGBwgLfB5cVhhpXE9UAnRYRxILa04VF1c9VVBBRi4cDVoHbFFWUQdoWlNTDmpZ
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 06:57:05 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eXVJcNgdlQoXfF5cnYYMfcbGrUDe%2FJ0jX8m2c78xA8mdOJ1AzM8brNmDvEwnB1D2XtucBH8nhEXbcXznyhiePvV8n4dxtSvqtTO%2BbREiBrGxlFK0gGQoO6RmIodakIY7%2B%2BML6vCQ"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 817ee29679280e17-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 login.php
www.facebook.com/ 0
0 519ms
118ms Image
text/html 157.240.0.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS: edge-star-mini-shv-02-fra3.facebook.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyy5ZQfwu3kd4EDVQ-bIq_7T3N1Vozv1ySP-Mrv0dZ399MGkJmOmg8OFY3c...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyyL8oiBRh_Sgk_10szxbNwbFJBu57zK0Sl5rIH_JDj6EY__NuaDq2XMXIjPh3i4Rf3c0opAEA&passiv...

0
0

77ms
77ms

Image
text/html

172.217.23.109
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyyL8oiBRh_Sgk_10szxbNwbFJBu57zK0Sl5rIH_JDj6EY__NuaDq2XMXIjPh3i4Rf3c0opAEA&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-770779716%3A1697612225394243&theme=glif
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: H2
Server: 172.217.23.109 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s45-in-f13.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Wed, 18 Oct 2023 06:57:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-aefqeABDt9uD9SJxrB5xGw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 406
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyyL8oiBRh_Sgk_10szxbNwbFJBu57zK0Sl5rIH_JDj6EY__NuaDq2XMXIjPh3i4Rf3c0opAEA&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-770779716%3A1697612225394243&theme=glif
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeywyt6aYd0jTiFNBIH_APA6c0Em57yX0ySdovTpIAeAvFmJZUIVCUPi...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyygDH6VGisara0Wes1MCCUR6O6aHO3Q13MrUQmVYYv4ORvkvYJrY5OuUMkDbB5aSAdOnzrsAQ&passi...

0
0

187ms
187ms

Image
text/html

172.217.23.109
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyygDH6VGisara0Wes1MCCUR6O6aHO3Q13MrUQmVYYv4ORvkvYJrY5OuUMkDbB5aSAdOnzrsAQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1812838769%3A1697612225437394&theme=glif
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: H2
Server: 172.217.23.109 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s45-in-f13.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Wed, 18 Oct 2023 06:57:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-SEYk6MhCycFxq_2V_IwKRA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 403
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyygDH6VGisara0Wes1MCCUR6O6aHO3Q13MrUQmVYYv4ORvkvYJrY5OuUMkDbB5aSAdOnzrsAQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1812838769%3A1697612225437394&theme=glif
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 N2lXVWMYVjQmXmA+M2Y2TQUiDVMCDhQ4C2A4EDYqVVgZFzpQBnEhClNUbmNRB1BlcxNeDWpkWxEaIzQXQhpqZEVeBzE6XhEfamRNB0dle1cRHGpkRUMZNjJeBk8nIRdbVGZjWgBfZmdRBV1vYVs
manifefashiona.info/ 0
397 B 274ms
146ms Image
text/plain 104.21.9.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://manifefashiona.info/N2lXVWMYVjQmXmA+M2Y2TQUiDVMCDhQ4C2A4EDYqVVgZFzpQBnEhClNUbmNRB1BlcxNeDWpkWxEaIzQXQhpqZEVeBzE6XhEfamRNB0dle1cRHGpkRUMZNjJeBk8nIRdbVGZjWgBfZmdRBV1vYVs
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 06:57:05 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XE2MwPNl1WGY%2BbfmaR9rrQHkADsJyKbLleXkzNVxBlFs1U71Hr0Sxp%2FX5Wd6GBZIyxtUMmqBu4B0%2FHW%2FLwP5MtR7qbIZNPBR6mWbV5YJjgYkSZwclYNWOJVOvYa%2FLAnPnn%2BufA96"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 817ee296792c0e17-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 204 YTE0OGZODldLWzV5UEgxJkURCiAwAAFMPlIIcG8xGWhSCFMHUFhxQBVYUAVfVAgFCV5HQV1cW1AXR0wHFURHBVdHWFpeCVwXQgVXTwIAFlVVHwQeE1wAEkwWAFYJCUARRUBUW1AHDQ9QUAMGClJZBww
manifefashiona.info/ 0
252 B 274ms
146ms Image
text/plain 104.21.9.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://manifefashiona.info/YTE0OGZODldLWzV5UEgxJkURCiAwAAFMPlIIcG8xGWhSCFMHUFhxQBVYUAVfVAgFCV5HQV1cW1AXR0wHFURHBVdHWFpeCVwXQgVXTwIAFlVVHwQeE1wAEkwWAFYJCUARRUBUW1AHDQ9QUAMGClJZBww
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.9.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 06:57:05 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZDVf1NAIJ7Nhi5rwf6Ym5VCpThRVpVI1YlOfo9yZoGTGqa0Cxm3RKZZHSJ1B8F%2B%2F4FYKMT2fzYA95%2FLPsBOPxXqbC8Ju9%2F9qQUVKQ49z6LuVAaTudqGklWV0LK%2BiOWB4gdkzrz23"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 817ee296792e0e17-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 zone Show response
ptauxofi.net/ 909 B
1 KB 78ms
77ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=gestyy.com&var=&ymid=&var_3=&tg=0

Requested by

Host: ptauxofi.net
URL: https://ptauxofi.net/pfe/current/tag.min.js?z=4157053

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4f4a1ac4e05671bc2f792686d9c18d0e7895a7a8e67c6781d6f227c6c36599a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-trace-id: 56d0624bfd04dc01656b1d11d65d1b07
date: Wed, 18 Oct 2023 06:57:04 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 909

GET
H2 200 universal.min.js Show response
ptauxofi.net/pfe/current/ 85 KB
33 KB 197ms
77ms Fetch
application/javascript 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ptauxofi.net/pfe/current/universal.min.js?v=3.1.463
Requested by: Host: ptauxofi.net
URL: https://ptauxofi.net/pfe/current/tag.min.js?z=4157053
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 34a0f6eaadbfed520a5df4a1182befb6aa744b0c01137f2a01faad98622f025a

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Oct 2023 06:57:05 GMT
content-encoding: gzip
last-modified: Tue, 17 Oct 2023 12:19:39 GMT
server: nginx
etag: W/"652e7bdb-155a7"
content-type: application/javascript
access-control-allow-origin: http://gestyy.com
cache-control: no-cache
access-control-allow-credentials: true

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/ 3 KB
2 KB 437ms
52ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/?random=1697612225017&cv=11&fst=1697612225017&bg=ffffff&guid=ON&async=1&gtm=45be3ag0&u_w=1600&u_h=1200&url=http%3A%2F%2Fgestyy.com%2FehhfTS&hn=www.googleadservices.com&frm=0&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=778948831.1697612225&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

551a74ad1439a2c517dc64dea8470dfbaa6a9479ade2389f0861a8245343e2ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Oct 2023 06:57:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1361
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK DShCdm1XBFFweBxwQGttVn-YVMjgIIwMnKg8vAGd6InNHdWZXcFFweEwtHDYlCGNGAW1WdhgrIwFjRnIvASUfLWFBdEQhIBYpGSdtVgBMe2ZUaEBxcF1oQ3BtVnYHIy4FNB1neiJzR3VmV3BSN3VV Show response
d3t3z4teexdk2r.cloudfront.net/qSGRGdEIrCygSfTwNIkl7flZ2THtuDjUbLDhZNxdyHBMSIwkMVgsAZDweIklwbggnGiV1QiMaIXVVYBUmKllyUjY4Cy1JKTAVMAMsPg0kFmQ9BXsZLTINKhgjbVYAQWx4QXREaj8NKBAtPxdjRnImEGNGcnlUaERneyZjRnI/ Frame 9506 672 B
875 B 178ms
178ms Script
text/plain 52.222.232.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://d3t3z4teexdk2r.cloudfront.net/qSGRGdEIrCygSfTwNIkl7flZ2THtuDjUbLDhZNxdyHBMSIwkMVgsAZDweIklwbggnGiV1QiMaIXVVYBUmKllyUjY4Cy1JKTAVMAMsPg0kFmQ9BXsZLTINKhgjbVYAQWx4QXREaj8NKBAtPxdjRnImEGNGcnlUaERneyZjRnI/DShCdm1XBFFweBxwQGttVn-YVMjgIIwMnKg8vAGd6InNHdWZXcFFweEwtHDYlCGNGAW1WdhgrIwFjRnIvASUfLWFBdEQhIBYpGSdtVgBMe2ZUaEBxcF1oQ3BtVnYHIy4FNB1neiJzR3VmV3BSN3VV
Requested by: Host: aculturerpa.info
URL: http://aculturerpa.info/TktHbWcvKSQAWC92JUsSPCd6SFUIbnUrA30/dBdTOi4iFQMleTVDBCIkMgkBPCQpGUkgLjNIVQg6FCo1CS8CJBUNMiA+ARo8CSQMInwhAT18Hw8ZEgohEg8rCiMdIx8qMg8vKh0CMAYqGCw0LD0KPCIkDCI8JQoAIAwuO1YfIgoMLhYdETQlGyYMAQs3Hi00Uw0ydicsGgoRICYDOBcKVyUNKjxeDBM0NysaAgkmDykhJTs+DxoQFVMfExUoBiRzCSYlDz8XFQMkGSkkCgsMCSoEICcSDCIcJSIUPSQZKSRCfA0DPg8NLypcPwwNARoCDDMwPCA6PxEDShcdCgcABwIwIAkFLH8bJgkvcSQJAAMjOj0WKAErECsOMBkvChIrLiAADAY6VhkvLwoVBzwBBzUgAjEsNBstCzohDC8CPA8HCR4dIB0vMzsADAYiXz0bKgIvHy0NdgI2fQkzOwkXAw4UUwgFBVwJKyINFzV9HSo7VAwYCV4xGG0tHgggO3ocBH4fMDkwBQ91IBM
Protocol: HTTP/1.1
Server: 52.222.232.155 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-232-155.fra56.r.cloudfront.net
Software: /
Resource Hash: e0d92139521b180f60ee14b9356a5b58f9c3373b20798aa63b76a71a1c13cb61

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://aculturerpa.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 06:57:05 GMT
Content-Encoding: gzip
Via: 1.1 8a6f67a9421de326f43e9107751b580e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P4
X-Cache: Miss from cloudfront
access-control-allow-origin: *
Cache-Control: max-age=31556926
Connection: keep-alive
Content-Length: 488
X-Amz-Cf-Id: EJJQoZd9BzDTnpXOdhH7j7WHa6frIMZrcu4bIT1X6FyeFMGQZZk6Qw==

GET
H/1.1 200
OK fA5Ca3RiShEoJyBQVXwAZwpHYHVkHwVzdw Show response
d3t3z4teexdk2r.cloudfront.net/ycE5GUjkTISg0BgQnIm8ARnx2awtWJDU9VwBzDh5OIQ0nG3RCeXAUQxNoMihdTXxgPlgeKXt0XB4te2MfESokbw1WOydvVB80Lz5VEWt0FAxefmNgCVg5LzxdHzk1dwtAIDJ3C0B/dnwJVX0EdwtAOS88D0RrdRAcQn4+ZA... Frame ED69 198 B
577 B 183ms
182ms Script
text/plain 52.222.232.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://d3t3z4teexdk2r.cloudfront.net/ycE5GUjkTISg0BgQnIm8ARnx2awtWJDU9VwBzDh5OIQ0nG3RCeXAUQxNoMihdTXxgPlgeKXt0XB4te2MfESokbw1WOydvVB80Lz5VEWt0FAxefmNgCVg5LzxdHzk1dwtAIDJ3C0B/dnwJVX0EdwtAOS88D0RrdRAcQn4+ZA1Za3RiWAA+KjdOFSwtO01VfA-BnCkdgdWQcQn5uOVEEIyp3CzNrdGJVGSUjdwtAKSMxUh9nY2AJEyY0PVQVa3QUAUlgdnwNQ3Z/fA5Ca3RiShEoJyBQVXwAZwpHYHVkHwVzdw
Requested by: Host: aculturerpa.info
URL: http://aculturerpa.info/cGxhdGkRDgIZVhFRA1IcAgBcUVs2SVMyDUMYUg5dBAkEDA0bXhNaChwDFBAPAgMPAEceCRVRWzYVAjFcNzkLHz05PwZEKxc9Dz0ESC0zGhFCDRYAPjooNE0/By4bMAFFIyglWR4rUiYqFTQgITgIIg45ABgINSwRFzwNEww7NBVEMTJYFRFbPQokJwYbDhZFPj8VBQI/MlRROBNFOiQjHUAqIAwMFgEvEyomC1Q4EwgIKQ4CQQgWACg5KCtHKkAuREYvFAIWPj8oXCQQHgQtLidRSChRJhsUPiAXOB5YREYrKi1QLghDPggjKDFJUzYiGgguMjoHGC5EWCYKIFkrHi8KEA4UOzAXOB5ZFDs/NSkoDRlDLxs6GxQrKyIuIzkLEB4ELSonJAg5CU0HKV4gPiwJNVEkPyE6AEc4JS00GA4UAhY6OEM2REYvFi1UNwhDPggnATUDKw0rITo5AygqGxE8MDg6CjweJhYFA08aHw4aGU0kLQM4Mw0oOVtHWicOCg
Protocol: HTTP/1.1
Server: 52.222.232.155 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-232-155.fra56.r.cloudfront.net
Software: /
Resource Hash: 4cc49f367ee0a3f0789707f1d1cf8bb3ceda8930e01af39110d104b23c95cfe9

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://aculturerpa.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 06:57:05 GMT
Content-Encoding: gzip
Via: 1.1 9987fa8ab620895e83d1d8f10c40f6d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P4
X-Cache: Miss from cloudfront
access-control-allow-origin: *
Cache-Control: max-age=31556926
Connection: keep-alive
Content-Length: 190
X-Amz-Cf-Id: zFbZL-Whi9vkFmei5MspJhhzXyTTlEr-Mh0Z8yWIOGCyCkquxEWRNA==

GET
H/1.1 200
OK LN2tENmRUBCpQW0MCIAtdAlJ1B1wRATdZCkdWMHgzbQ80QC50TTBMAApZYloFWQx5EAFZCHkHQlYPJgtQER80WQ8KADxHEkAFMl8GVU0xV1laBD5fCFsKYQQiAkV0E1YHQzNfClMEM0VBBVsqQkEFW3UGSgdOd3RBBVszXwoBX2EFJhJZdE5SA0JhBFRWGz-RaAUA... Show response
d3t3z4teexdk2r.cloudfront.net/ Frame A365 669 B
859 B 321ms
183ms Script
text/plain 52.222.232.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://d3t3z4teexdk2r.cloudfront.net/LN2tENmRUBCpQW0MCIAtdAlJ1B1wRATdZCkdWMHgzbQ80QC50TTBMAApZYloFWQx5EAFZCHkHQlYPJgtQER80WQ8KADxHEkAFMl8GVU0xV1laBD5fCFsKYQQiAkV0E1YHQzNfClMEM0VBBVsqQkEFW3UGSgdOd3RBBVszXwoBX2EFJhJZdE5SA0JhBFRWGz-RaAUAOJl0NQ052cFEEXGoFUhJZdB4PXx8pWkEFKGEEVFsCL1NBBVsjUwdcBG0TVgcILEQLWg5hBCIPUmoGSgNYfA9KAFlhBFRECiJXFl5OdnBRBFxqBVIRHnkH
Requested by: Host: aculturerpa.info
URL: http://aculturerpa.info/ek0yVjUbL1E7ChtwUHBACCEPcwc8aAAQUUk5ASwBDihXLlERf0B4VhYiRzJTCCJcIhsUKEZzBzwBfGRBPwNfBGA4DkIHYkoAcR90DilzOn9LDwMhZzsZVgx2ESllG30dN1AHDUoccWMFLhlwG3Q7PWgPWRULZQdNTwhzEG85BVkeZBYUYhxSDhx3BA1KGmNufjsJSh5wEQx0G1lCCmQDBQIbAzpUOAkHMHY8PnkPZCskcz1jSggDD30rN3wwdhYAdxsFLA9wAEYLHFkTcy1+ZxFmHSl9MgYoD3AARgAVRTl3In93EH8SB2gycE8ec2Z/Eg90BGI9Nx8EVDsYcxl/Fn18BwVPf1EQcD8VdTlzLyV4DFE4eWIOTUI9ZT1wPAZ1E3AsC0EVeUsDcBRjCSdnIVEZD3VmYSwqUR95Pxx+AVJPJXAVfCoYXzlyKSp8D1M7dHkXcxYlcBBnPw5bHG08IQcZURQPYBRzAjxwAHwoBVw9fVwnQTlbCnBGGGIgKUIgfzk
Protocol: HTTP/1.1
Server: 52.222.232.155 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-232-155.fra56.r.cloudfront.net
Software: /
Resource Hash: 7cf0dd27c3b2223183084368c7d78754313dc5a068303f8c3a7a6712e68f36bd

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://aculturerpa.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 06:57:05 GMT
Content-Encoding: gzip
Via: 1.1 8a6f67a9421de326f43e9107751b580e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P4
X-Cache: Miss from cloudfront
access-control-allow-origin: *
Cache-Control: max-age=31556926
Connection: keep-alive
Content-Length: 472
X-Amz-Cf-Id: i7SiCgGnlHZAzfQRKPaF0dQ1dWp75ab6sSrMRfB4KM4bx9zQeVUDDA==

OPTIONS
H2 200 custom
ptauxofi.net/ Frame 0
0 49ms
48ms Preflight
text/plain 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ptauxofi.net/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: http://gestyy.com
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 18 Oct 2023 06:57:05 GMT
server: nginx

POST
H2 200 custom Show response
ptauxofi.net/ 39 B
327 B 58ms
57ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ptauxofi.net/custom

Requested by

Host: gestyy.com
URL: http://gestyy.com/ehhfTS

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 77da4e2e6b61f1eb8dd6a0df7e77f973
date: Wed, 18 Oct 2023 06:57:05 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 39

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
540 B 161ms
42ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=e35ca9dbc59f45be80ccc9697300d22d&zoneId=4157053&checkDuplicate=true&ymid=&var=

Requested by

Host: gestyy.com
URL: http://gestyy.com/ehhfTS

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

36e53598f791ce1b2b0e22637773d46e2ec557f7e18790044287a81893f0fa60

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 06:57:05 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: http://gestyy.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2

200

popunder.gif
manifefashiona.info/
Redirect Chain

http://manifefashiona.info/popunder.gif
https://manifefashiona.info/popunder.gif

35 B
404 B

39ms
38ms

Image
image/gif

104.21.9.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://manifefashiona.info/popunder.gif
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: H2
Server: 104.21.9.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Wed, 18 Oct 2023 06:57:05 GMT
cf-cache-status: HIT
last-modified: Sun, 15 Oct 2023 13:03:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 237240
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j3xgclZxLjrG6Cj2T3l6o5Qh7SLILzkD%2F51rLQYjHJyxSLzTnKJiyx6VedHu%2BdcYKhmSKOZfelF6%2BORjbRLRZWorpqayP9L%2BEqUiOTeh49miD1sWFg0%2FThQTdO%2Fkw9Y6aG%2FSFGsq"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800, immutable
cf-ray: 817ee2988b480e17-MXP
alt-svc: h3=":443"; ma=86400

Redirect headers

Date: Wed, 18 Oct 2023 06:57:05 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ov%2FlYkZAXFNlv7D3hiBaY1Hy%2Bv9OX57ffz5IrQT%2BHkvgkB24MgonGdJdWm4lNVDvEqD3QMiwPeFslB5nA3oP0H%2F4RVfHkDKN%2F8didr4nH%2BH49Ttp10zMrw%2FLEfxu6n6JlLrT7D1k"}],"group":"cf-nel","max_age":604800}
Location: https://manifefashiona.info/popunder.gif
Cache-Control: max-age=3600
Vary: Accept-Encoding
Connection: keep-alive
CF-RAY: 817ee29848260dff-MXP
alt-svc: h3=":443"; ma=86400
Expires: Wed, 18 Oct 2023 07:57:05 GMT

GET
H2 200 defaultSkin.min.js Show response
ptauxofi.net/pfe/current/ 56 KB
19 KB 41ms
40ms Fetch
application/javascript 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ptauxofi.net/pfe/current/defaultSkin.min.js
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 7b23e3a7155161323573e58616ff1bfdaffd0560483db31315d181f6b394ddd5

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Oct 2023 06:57:05 GMT
content-encoding: gzip
last-modified: Tue, 17 Oct 2023 12:19:39 GMT
server: nginx
etag: W/"652e7bdb-df63"
content-type: application/javascript
access-control-allow-origin: http://gestyy.com
cache-control: no-cache
access-control-allow-credentials: true

GET
H2 200 er
xngqoc.com/ 0
0 559ms
97ms Fetch 185.162.85.1
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://xngqoc.com/er?a=1
Requested by: Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 185.162.85.1 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 18 Oct 2023 06:57:06 GMT
access-control-allow-credentials: true
server: nginx/1.18.0
content-length: 0

GET
H2 204 cuload Show response
xngqoc.com/ 0
97 B 554ms
98ms Fetch 185.162.85.1
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://xngqoc.com/cuload?a=1&e=aeyJwaWQiOjExNDQ2NDYsInNpZCI6MTE5MDM3NSwid2lkIjo0MzMzNDAsImQiOiIiLCJsaSI6MX0=&tz=2&if=0&u=aHR0cDovL2dlc3R5eS5jb20vZWhoZlRT
Requested by: Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 185.162.85.1 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 18 Oct 2023 06:57:06 GMT
accept-ch: Sec-CH-UA-Platform-Version
server: nginx/1.18.0

GET
BLOB 200
OK 3a68d22e-6167-4658-852c-1277ff94d5eb
http://gestyy.com/ 91 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://gestyy.com/3a68d22e-6167-4658-852c-1277ff94d5eb
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2d054b502d829accd15ff9cb78d1431df1c3ec2c67ca18d4008d2cbc973c6384

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/ehhfTS
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 91
Content-Type: application/javascript

GET
H2 200 wnload Show response
prhzxq.com/ 663 B
569 B 643ms
176ms Fetch
application/javascript 185.162.85.1
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE5NDYyMywid2lkIjo0Mzk2MzQsImQiOiIiLCJsaSI6Mn0=&tz=2&if=0&u=aHR0cDovL2dlc3R5eS5jb20vZWhoZlRT&inc=1
Requested by: Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 185.162.85.1 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 2d86e1846936b62858b61377779e1ecbef3c3e0f0eb2bf6f72d399a5533363a5

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 06:57:06 GMT
content-encoding: gzip
server: nginx/1.18.0
accept-ch: Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true

GET
BLOB 200
OK 7c93a4ab-340f-41e4-87d0-e9088ea40753
http://gestyy.com/ 91 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://gestyy.com/7c93a4ab-340f-41e4-87d0-e9088ea40753
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2d054b502d829accd15ff9cb78d1431df1c3ec2c67ca18d4008d2cbc973c6384

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/ehhfTS
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 91
Content-Type: application/javascript

OPTIONS /
cuid/ Frame 0
0

POST /
cuid/ 0
0

POST
H/1.1 200
OK ykUJiT4WNHua5e0uQvliozMXQlVZOL5Jcr3OBWSDnRpi_mCDnow9bqnnNmc3t7Jj_yKcQwgGrODphuwqgU5QbgVXAWYBXZC Show response
jurorstalar.uno/ 4 KB
4 KB 1139ms
920ms Fetch
application/json 172.255.6.136
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://jurorstalar.uno/ykUJiT4WNHua5e0uQvliozMXQlVZOL5Jcr3OBWSDnRpi_mCDnow9bqnnNmc3t7Jj_yKcQwgGrODphuwqgU5QbgVXAWYBXZC?ck9=7JSYiozN3ADNsIyciojIxYDMwgXMyADMiwiIiJiOiEjNwADexIDMwICLiInI6IiIsISciojIoRHdwpzLvcWZzRXe55yYv12LlhGamR1UiwiIoJiOzEDNxwiIsJiOiUmbtU1UiwiI0JiOtEjMwwiI6JiO5kjNwwiIrJiOwwiI1JiOiICLiYmI6YWYsNXZsISZiojIygmevNHb5VTb2FDOwMDNiwiIvJiO0JXdlxiItJiOxYTO3YTMyIjM2EzMxwiI3JiOiUyNCViMyQXa0xWZlIjMlMTQlIjMFFmcuViMw02buVWelIDMv5WJyAzco9mc0ViMwwWaut2cuUiMw0UYrVWJyAzco9mc0ViMwwWaut2clIDMh5GZlIDMlFWJyITJyMUJyIzall3dvJHZzViMyUyMBVSNCVSNEViMDViMyQ3bwd3byR2clIjMlMTQlUjQlUDRlcDRiwiIwJnI6EDLig2YioDNsIiYsJiOtEDLiI2YiozMsIid2JiOikkb0VGbgkkbj5iIsIidyJiOikkb0VGbgkkcpNHIPBXZudETgUkbnlmblJCLiE2YioDMsIyY0JiOiUnbr52b35mIsIyYlRnI6ICNnJCLiMGZs1mI60SMsIyYkxmI6EDMsIyYyRHdioDMsICdtNnI6ETf

Requested by

Host: ja.rewashwudu.com
URL: http://ja.rewashwudu.com/fmwhVStpL4dxap/46223

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

172.255.6.136 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

7970e3286d749838512860e9ddb1569f4b6a44135c1664df17992c62b07a8f31

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Wed, 18 Oct 2023 06:57:07 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: http://gestyy.com
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=20
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires

OPTIONS
H/1.1 200
OK ykUJiT4WNHua5e0uQvliozMXQlVZOL5Jcr3OBWSDnRpi_mCDnow9bqnnNmc3t7Jj_yKcQwgGrODphuwqgU5QbgVXAWYBXZC
jurorstalar.uno/ Frame 0
0 214ms
45ms Preflight
text/html 172.255.6.136
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

172.255.6.136 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: http://gestyy.com
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 18 Oct 2023 06:57:06 GMT
Keep-Alive: timeout=20
Server: nginx
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
217 B 62ms
62ms XHR
text/plain 142.250.185.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1804011366&t=pageview&_s=1&dl=http%3A%2F%2Fgestyy.com%2FehhfTS&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAAABAAAAAC~&jid=228540086&gjid=1815810365&cid=1971673754.1697612224&uid=1&tid=UA-42296749-1&_gid=758536539.1697612224&_r=1&_slc=1&cd2=2022-06-29.0&cd7=1&cd5=0&z=2144920315

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

6acd8bce6481db9a9462ccbd6702dba686bb978e07d836648512a4c5563a1b49

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 18 Oct 2023 06:57:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://gestyy.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame C661 255 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad3995ed8857c7c6c71609fb70c4c77bc564d9279424bc5b9945134720730d24

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

OPTIONS
H2 200 custom
ptauxofi.net/ Frame 0
0 48ms
48ms Preflight
text/plain 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ptauxofi.net/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: http://gestyy.com
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 18 Oct 2023 06:57:06 GMT
server: nginx

POST
H2 200 custom Show response
ptauxofi.net/ 39 B
327 B 38ms
37ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ptauxofi.net/custom

Requested by

Host: gestyy.com
URL: http://gestyy.com/ehhfTS

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 0b88e485189de5204f6fe7bb386d8cfe
date: Wed, 18 Oct 2023 06:57:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 39

GET
H2 200 /
www.google.com/pagead/1p-user-list/997869120/ 42 B
455 B 488ms
53ms Image
image/gif 142.250.181.228
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/997869120/?random=1697612225017&cv=11&fst=1697608800000&bg=ffffff&guid=ON&async=1&gtm=45be3ag0&u_w=1600&u_h=1200&url=http%3A%2F%2Fgestyy.com%2FehhfTS&frm=0&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=795519427&rmt_tld=0&ipr=y

Requested by

Host: gestyy.com
URL: http://gestyy.com/ehhfTS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.228 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Oct 2023 06:57:06 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ch/pagead/1p-user-list/997869120/ 42 B
455 B 500ms
54ms Image
image/gif 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ch/pagead/1p-user-list/997869120/?random=1697612225017&cv=11&fst=1697608800000&bg=ffffff&guid=ON&async=1&gtm=45be3ag0&u_w=1600&u_h=1200&url=http%3A%2F%2Fgestyy.com%2FehhfTS&frm=0&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=795519427&rmt_tld=1&ipr=y

Requested by

Host: gestyy.com
URL: http://gestyy.com/ehhfTS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Oct 2023 06:57:06 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 244 KB
84 KB 54ms
53ms Script
application/javascript 142.250.184.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7C6F2JT500&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

11fdced52ec77b5f87dd49ef96a297bd227c840b5fbd2a5e67851b481442cb5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 06:57:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 85411
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 18 Oct 2023 06:57:06 GMT

OPTIONS
H/1.1 200
OK 46223
ja.rewashwudu.com/opf/ Frame 0
0 124ms
118ms Preflight
text/html 172.255.6.34
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

http://ja.rewashwudu.com/opf/46223?md=7JCdoJiOiQHal1WZfFzX3ICLiM2biojIkFmcrJCLiEmI6YDN2UDLiMnI6ISM2ADM4FjMwAjIsIiYiojIxYDMwgXMyADMiwiIyJiOiICLiEnI6ICa0RHc68yLnV2c0lXeuM2bt9SZohmZUNlIsICaiozNzgjNsICbiojIl5WLVNlIsICdioTLxIDMsIieioTOyADMsIyaioDMsISdiojIiwiImJiOmFGbzVGLiUmI6ISZr1GcwMTc14md4kWYqdmIsIybioDdyVXZsISbioTM2kzN2EjMyIjNyIjMsIydiojIlcjQlIjM0lGdsVWJyITJzEUJyITRhJnblIDMt9mbllXJyAzbuViMwMHavJHdlIDMslmbrNnLlIDMNF2alViMwMHavJHdlIDMslmbrNXJyATYuRWJyATZhViMyUiMDViMysWZ5d3byR2clIjMlMTQlUjQlIjMzh2byRXZuMHdlIjMlIzQlIjMzh2byRXZzRXJyITJyMUJyIzco9mc0ViMwwWaut2clIjMlIzQlIjMslmbrViMwMHavJHdl5WZyViMyUiMDViMyIWa0xWelIjMlUDRlIzQlIjM09Gc39mckNXJyITJzEUJ1IUJyITaj9mblMTQ3UiMyUiMDViMyIXZmJXZzhWJzE0NlIjMlIzQlIjM0hWazVyMBZTJyITJyMUJyIzYsl2YrVyMBZTJyITJyMUJyIjYy92dzVmclMTQ2UiMyUiMDViMyMHavVHbkVyMBVTJyITJyMUJyITZhJnblMTQ0UiMyUiMDViMyEGZix2bjtWJzEENlIjMlIzQlIjMwF2ZlVyMBRTJyITJyMUJyITbv5WZ5VyMBNTJyITJyMUJyIDcsVWYzVWJzE0MlIjMlIzQlIjM59WdyVyMBNTJyITJyMUJyIDahZXZlMTQzUiMyUiMDViMyQXdy5WZkVyMBNTJyITJyMUJyIzZyVWelMTQzUiMyUiMDViMyQWak52J0VyMBNTJyITJyMUJyITY1R3btFGdpNWYsxWelMTQzUiMyUiMDViMyQHah52azFSJzE0MlIjMlUDRlcDRiwiIwJnI6EDLig2YioDNsIiYsJiOtEDLiI2YiozMsIid2JiOikkb0VGbgkkbj5iIsIidyJiOikkb0VGbgkkcpNHIPBXZudETgUkbnlmblJCLiE2YioDMsIyY0JiOiUnbr52b35mIsIyYlRnI6ICNnJCLiMGZs1mI60SMsIyYkxmI6EDMsIyYyRHdioDMsICdtNnI6ETf

Protocol

HTTP/1.1

Server

172.255.6.34 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: http://gestyy.com
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 18 Oct 2023 06:57:06 GMT
Keep-Alive: timeout=20
Server: nginx
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

POST
H/1.1 200
OK 46223 Show response
ja.rewashwudu.com/opf/ 1 KB
2 KB 511ms
510ms Fetch
application/javascript 172.255.6.34
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: ja.rewashwudu.com
URL: http://ja.rewashwudu.com/fmwhVStpL4dxap/46223

Protocol

HTTP/1.1

Server

172.255.6.34 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

78129950678ec1406666e752c1e22078232118faab17a40a09c25b8477d7f0e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Wed, 18 Oct 2023 06:57:06 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: http://gestyy.com
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=20
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires

OPTIONS
H/1.1 200
OK rZv_sZC5Q44v4w5XigHstQxFHfpDOg1SukKHpRUr1uWbMxPZ9DhEbZQ2o5nfD7a23PQ7KhMyXAbTb*HiZBz_JQiYkWrGuJpV_DNtq7d2Oh4ptUquVrvW
cytulakiblah.guru/ Frame 0
0 201ms
138ms Preflight
text/html 142.91.159.200
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

http://cytulakiblah.guru/rZv_sZC5Q44v4w5XigHstQxFHfpDOg1SukKHpRUr1uWbMxPZ9DhEbZQ2o5nfD7a23PQ7KhMyXAbTb*HiZBz_JQiYkWrGuJpV_DNtq7d2Oh4ptUquVrvW?ck9=7JCd2NmI6ADLiEmI6kTOzQDLiMnI6ISM2ADM4FjMwAjIsIiYiojIxYDMwgXMyADMiwiIyJiOiICLiEnI6ICa0RHc68yLnV2c0lXeuM2bt9SZohmZUNlIsICaioDO1ATOsICbiojIl5WLVNlIsICdioTLxIDMsIieiozNwkjMsIyaioDMsISdiojIiwiImJiOmFGbzVGLiUmI6IieqZjb10GaxBXd2NHMiRjIsIybioDdyVXZsISbioTM2kzN2EjMyIjNyIzNsIydiojIlcjQlIjM0lGdsVWJyITJzEUJyITRhJnblIDMt9mbllXJyAzbuViMwMHavJHdlIDMslmbrNnLlIDMNF2alViMwMHavJHdlIDMslmbrNXJyATYuRWJyATZhViMyUiMDViMysWZ5d3byR2clIjMlMTQlUjQlIjMzh2byRXZuMHdlIjMlIzQlIjMzh2byRXZzRXJyITJyMUJyIzco9mc0ViMwwWaut2clIjMlIzQlIjMslmbrViMwMHavJHdl5WZyViMyUiMDViMyIWa0xWelIjMlUDRlIzQlIjM09Gc39mckNXJyITJzEUJ1IUJyITaj9mblMTQ3UiMyUiMDViMyIXZmJXZzhWJzE0NlIjMlIzQlIjM0hWazVyMBZTJyITJyMUJyIzYsl2YrVyMBZTJyITJyMUJyIjYy92dzVmclMTQ2UiMyUiMDViMyMHavVHbkVyMBVTJyITJyMUJyITZhJnblMTQ0UiMyUiMDViMyEGZix2bjtWJzEENlIjMlIzQlIjMwF2ZlVyMBRTJyITJyMUJyITbv5WZ5VyMBNTJyITJyMUJyIDcsVWYzVWJzE0MlIjMlIzQlIjM59WdyVyMBNTJyITJyMUJyIDahZXZlMTQzUiMyUiMDViMyQXdy5WZkVyMBNTJyITJyMUJyIzZyVWelMTQzUiMyUiMDViMyQWak52J0VyMBNTJyITJyMUJyITY1R3btFGdpNWYsxWelMTQzUiMyUiMDViMyQHah52azFSJzE0MlIjMlUDRlcDRiwiIwJnI6EDLig2YioDNsIiYsJiOtEDLiI2YiozMsIid2JiOikkb0VGbgkkbj5iIsIidyJiOikkb0VGbgkkcpNHIPBXZudETgUkbnlmblJCLiE2YioDMsIyY0JiOiUnbr52b35mIsIyYlRnI6ICNnJCLiMGZs1mI60SMsIyYkxmI6EDMsIyYyRHdioDMsICdtNnI6ETf

Protocol

HTTP/1.1

Server

142.91.159.200 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: http://gestyy.com
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 18 Oct 2023 06:57:06 GMT
Keep-Alive: timeout=20
Server: nginx
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

POST
H/1.1 200
OK rZv_sZC5Q44v4w5XigHstQxFHfpDOg1SukKHpRUr1uWbMxPZ9DhEbZQ2o5nfD7a23PQ7KhMyXAbTb*HiZBz_JQiYkWrGuJpV_DNtq7d2Oh4ptUquVrvW Show response
cytulakiblah.guru/ 643 B
2 KB 136ms
130ms Fetch
application/javascript 142.91.159.200
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: ja.rewashwudu.com
URL: http://ja.rewashwudu.com/fmwhVStpL4dxap/46223

Protocol

HTTP/1.1

Server

142.91.159.200 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

f87c92accf73fec2fe5436d54d8b61abb82214b2af6a32fe42ce1854d7b6c73e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Wed, 18 Oct 2023 06:57:06 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: http://gestyy.com
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=20
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires

POST
H2 204 collect
region1.google-analytics.com/g/ 0
250 B 476ms
76ms Ping
text/plain 216.239.32.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-7C6F2JT500&gtm=45je3ag0&_p=1804011366&ul=en-us&sr=1600x1200&cid=1971673754.1697612224&_eu=ABAI&ngs=1&_s=1&dl=http%3A%2F%2Fgestyy.com%2FehhfTS&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&uid=1&sid=1697612226&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&ep.ua_dimension_2=2022-06-29.0&ep.ua_dimension_7=1&ep.ua_dimension_5=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7C6F2JT500&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Oct 2023 06:57:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://gestyy.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 trt
xngqoc.com/ 0
0 111ms
110ms Fetch 185.162.85.1
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://xngqoc.com/trt?a=1&t=561
Requested by: Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 185.162.85.1 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 18 Oct 2023 06:57:06 GMT
access-control-allow-credentials: true
server: nginx/1.18.0
content-length: 0

GET
H/1.1

200
OK

7c7157d2cc3b2ab0459792419f85c177080b7b84.png
intendrebend.top/g/7c/71/ Frame 189F
Redirect Chain

https://vickykilled.cfd/tsk/pDHGGoK8gcBDOGiyDw_5qxRKFV4tAoIbK53bsz7Yca0iUYxO3UvllhVuittAce4p2wirjiiwzleq_zlybapuQZqs9kmpHYacwVFeEMnIAIM
https://intendrebend.top/g/7c/71/7c7157d2cc3b2ab0459792419f85c177080b7b84.png

6 KB
6 KB

233ms
48ms

Image
image/png

51.89.192.129
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://intendrebend.top/g/7c/71/7c7157d2cc3b2ab0459792419f85c177080b7b84.png
Protocol: HTTP/1.1
Server: 51.89.192.129 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: eu3.static1.gglx.me
Software: nginx /
Resource Hash: 1cc1496df0e158cb70929cd29191a4ed7210452c24695213c50750b514baef7a

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 06:57:06 GMT
Last-Modified: Thu, 17 Sep 2020 14:56:19 GMT
Server: nginx
ETag: "5f637913-180e"
Content-Type: image/png
Cache-Control: max-age=864000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=20
Content-Length: 6158
Expires: Sat, 28 Oct 2023 06:57:06 GMT

Redirect headers

Date: Wed, 18 Oct 2023 06:57:06 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Connection: keep-alive
Referrer-Policy: no-referrer
Server: nginx
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Location: https://intendrebend.top/g/7c/71/7c7157d2cc3b2ab0459792419f85c177080b7b84.png
Vary: Accept-Encoding
Keep-Alive: timeout=20
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires

POST
H/1.1 200
OK update-ads-events Show response
gestyy.com/shortener/ 16 B
1 KB 118ms
118ms XHR
application/json 104.26.8.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://gestyy.com/shortener/update-ads-events
Requested by: Host: static.sh.st
URL: http://static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
Protocol: HTTP/1.1
Server: 104.26.8.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40-0+deb8u16
Resource Hash: c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Request headers

Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://gestyy.com/ehhfTS
X-Requested-With: XMLHttpRequest
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Wed, 18 Oct 2023 06:57:06 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
X-Powered-By: PHP/5.6.40-0+deb8u16
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FwPi%2BxxwpGGS7NHzKr3KxhFNt0xd4%2Fc%2FgWsX%2F5%2FLQMHNugNDrjDQP39aQ3REGS2ppuhZwgSBcTFGaKGo%2Fr%2Fkusjvrs%2FC8F8gwBbeAY0eoTA5qGGOvwlEOVjK5O4%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/json
Access-Control-Allow-Origin: *
X-Server-ID: shn03
Cache-Control: no-cache
Connection: keep-alive
CF-RAY: 817ee2a049160f82-MXP
X-UA-Compatible: IE=Edge

GET
H2 200 livechat1.html Show response
xdiwbc.com/template/ 6 KB
2 KB 433ms
50ms Fetch
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xdiwbc.com/template/livechat1.html
Requested by: Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79c07fd74a6195368c8dd1a9ef19cf0949bbc819909b6c09d335745e7503a2f2

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 06:57:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 18 Oct 2023 06:05:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3083
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UQG7YtUKErAo7jU7%2FL5CaY3ajG3CeeCSjOzqxelvkAJEQM6Ph9HL9S00R9pfnFpnHV%2FOS9IPID4dXUBhcrnvsRQr5FxQWyfZenJ%2BcR%2Ba7MDqeC95uHo2onQU1i0p"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: http://gestyy.com
cache-control: max-age=14400
cf-ray: 817ee2a338b259c5-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 social.html Show response
xdiwbc.com/template/ 4 KB
2 KB 434ms
51ms Fetch
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xdiwbc.com/template/social.html
Requested by: Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4aaa8b864033f10089ecbbc1023817b1968fe72fb17398564429c7f07796c80

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 06:57:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 18 Oct 2023 05:20:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5776
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OqgGYXkmXmmZ7%2Bo%2BA2%2FHj6mISuwrQlgjVejr54XixVcPQL7Jht%2FprHXMEZyPxLDIhZwl9%2BmIPTZM8TlK%2Bh28QvyGyY0nK1ebF%2BsHbwqpoMoKAJ7lHcKlEXh3DIgC"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: http://gestyy.com
cache-control: max-age=14400
cf-ray: 817ee2a338b359c5-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 nr-rum-1.242.0.min.js Show response
js-agent.newrelic.com/ 44 KB
16 KB 151ms
39ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-rum-1.242.0.min.js

Requested by

Host: gestyy.com
URL: http://gestyy.com/ehhfTS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

467942d7490565f9eeffb703101620ee5a56c38f57312919d5a74cab073779eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: ZbbGSpfDbusF6mSs7Sl2uV56L034ouIe
content-encoding: br
via: 1.1 varnish
date: Wed, 18 Oct 2023 06:57:06 GMT
strict-transport-security: max-age=300
x-amz-request-id: WZZTE5YMWC5D2K82
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 15733
x-amz-id-2: jJzhd2T1nTmkBkfCoamJiYB2YGUXn1R2PBAC8IEHPTzqaJq8jQ0e2fAJTuivuWPWfErHP6HxpeE=
x-served-by: cache-fra-eddf8230071-FRA
last-modified: Tue, 26 Sep 2023 03:02:38 GMT
server: AmazonS3
x-timer: S1697612227.802586,VS0,VE0
etag: "7443b88e37d38843fd5e2ddf0fdc5d9e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 27

GET
H2

403

afu.php Show response
shorteh.com/ Frame 06BF
Redirect Chain

http://ads.shorte.st/ads.php?key=2ea5b261f06ca771033a5fa9e22493f1&width=1024&height=768&ch=1&cp.dest_domain=talk.plesk.com&cp.oid=1&cp.referrer=&cp.locked=0&cp.proxy=0&cp.quarantine_status=1&cp.vno...
https://shorteh.com/afu.php?zoneid=1241630

7 B
514 B

364ms
221ms

Document
text/plain

139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://shorteh.com/afu.php?zoneid=1241630
Requested by: Host: static.sh.st
URL: http://static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 00e3fbbf542561da72fdc5ea89cfd1405c17739dd49210252e611c3122018efe

Request headers

Referer: http://gestyy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
content-length: 7
content-type: text/plain; charset=utf-8
date: Wed, 18 Oct 2023 06:57:07 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 817ee2a31cbc5273-MXP
Cache-Control: max-age=0, must-revalidate, no-store, private, s-maxage=0
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 18 Oct 2023 06:57:07 GMT
Location: https://shorteh.com/afu.php?zoneid=1241630
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=46xoSuw3wfli%2FLG2fm%2BcW0MOane9iFXOtggpr1JMeFYGM26jciiuscT4IOcOQFrcA1G4wDLmMEDA2sU5BtI3dW%2F02QygjRg2c49uRdOlgh4KTgBt3vbSmoDN9bvbg%2BU%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
X-Powered-By: PHP/5.6.40-0+deb8u16
X-Server-ID: shn05
X-UA-Compatible: IE=Edge

POST
H2 200 custom Show response
ptauxofi.net/ 39 B
327 B 39ms
38ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ptauxofi.net/custom

Requested by

Host: gestyy.com
URL: http://gestyy.com/ehhfTS

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 33931332c73a6fb9ed29950a34bc47e2
date: Wed, 18 Oct 2023 06:57:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 39

OPTIONS
H2 200 custom
ptauxofi.net/ Frame 0
0 62ms
61ms Preflight
text/plain 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ptauxofi.net/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: http://gestyy.com
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 18 Oct 2023 06:57:06 GMT
server: nginx

POST 28e0508023
bam.nr-data.net/1/ 0
0

GET
H/1.1

200
OK

192x192_h1daqjql3qfUiIlyPBBS.jpeg
static.servingserved.com/n337/ad/ Frame 2C3F
Redirect Chain

https://viewyentreat.guru/tsk/VkjHzDfkqN8cL73rZlMUksS2M6WfTHpM87Cb2yzeQoQeu22kdV9T8Anzqa6z2IXxddmrPBG*OD6dfnpLZilXxmzOD_3UadFNwqkJ*eu8STc
http://xml.yellow-resultsbidder.com/thumbnail?i=6vafreQ4IEA_0&imgt=icon
http://static.servingserved.com/n337/ad/192x192_h1daqjql3qfUiIlyPBBS.jpeg

6 KB
6 KB

132ms
101ms

Image
image/jpeg

151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://static.servingserved.com/n337/ad/192x192_h1daqjql3qfUiIlyPBBS.jpeg
Protocol: HTTP/1.1
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: fbs /
Resource Hash: 8396eac2dea5db817c502e4f960bd364bee3415318383b29f9b123b811fffa71

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 06:57:08 GMT
Last-Modified: Fri, 07 Apr 2023 11:43:00 GMT
Server: fbs
ETag: "643001c4-172a"
X-HW: 1697612228.cds231.fr8.h2,1697612228.cds132.fr8.c
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5930

Redirect headers

Location: http://static.servingserved.com/n337/ad/192x192_h1daqjql3qfUiIlyPBBS.jpeg
Pragma: no-cache
Cache-Control: no-store
Connection: keep-alive
Age: 0
Content-Length: 0

GET
H/1.1 200
OK pixel
xml.yellow-resultsbidder.com/ 42 B
0 1057ms
1030ms Fetch
image/gif 198.134.116.29
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: http://xml.yellow-resultsbidder.com/pixel?i=6vafreQ4IEA_0
Requested by: Host: ja.rewashwudu.com
URL: http://ja.rewashwudu.com/fmwhVStpL4dxap/46223
Protocol: HTTP/1.1
Server: 198.134.116.29 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-store
Connection: keep-alive
Age: 0
Content-Length: 42
Content-Type: image/gif

POST
H/1.1 200
OK update-ads-events Show response
gestyy.com/shortener/ 17 B
1 KB 117ms
116ms XHR
application/json 104.26.8.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://gestyy.com/shortener/update-ads-events
Requested by: Host: static.sh.st
URL: http://static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
Protocol: HTTP/1.1
Server: 104.26.8.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40-0+deb8u16
Resource Hash: 06e5f7e2d702e0110271dd33c198e1f312a785bcf41ca4fbed2fa6d67722dc03

Request headers

Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://gestyy.com/ehhfTS
X-Requested-With: XMLHttpRequest
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Wed, 18 Oct 2023 06:57:06 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
X-Powered-By: PHP/5.6.40-0+deb8u16
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fyyd055AH9gMLE1A4SZkLFhDbgJ3zXBcUbchUdOvgAduzamwWSvo97WAtRYTWecc7r2CwpQb%2FQ3zYXXCwi0jsXfn72PjbpjrlpRbSYIHT%2FbDV%2FSOZML%2BdnZAtBo%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/json
Access-Control-Allow-Origin: *
X-Server-ID: shn09
Cache-Control: no-cache
Connection: keep-alive
CF-RAY: 817ee2a219f90f82-MXP
X-UA-Compatible: IE=Edge

GET
H2 200 wnrw
prhzxq.com/ 0
0 348ms
348ms Fetch 185.162.85.1
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://prhzxq.com/wnrw?aid=16158416161798834475&a=1
Requested by: Host: ubbfpm.com
URL: https://ubbfpm.com/ms/1102360/inpage.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 185.162.85.1 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: http://gestyy.com
date: Wed, 18 Oct 2023 06:57:07 GMT
server: nginx/1.18.0
content-length: 0

GET
H2 200 ZUXT3u8vEwsWeRN5qTQvjVDCHbljzdrq.png
i.wmgtr.com/cic/ Frame CD27 20 KB
21 KB 422ms
41ms Image
image/gif 45.133.44.32
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.wmgtr.com/cic/ZUXT3u8vEwsWeRN5qTQvjVDCHbljzdrq.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

45.133.44.32 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

f0ff7bd798cc16469c59fbcd59d614cb7c0c9791cc458f4a969d1a7a2ae61093

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Thu, 19 Oct 2023 05:57:07 GMT
date: Wed, 18 Oct 2023 06:57:07 GMT
server: nginx/1.19.0
x-frame-options: SAMEORIGIN
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=82800
x-content-type-option: nosniff
x-xss-protection: 1; mode=block
x-proxy-cache: HIT

GET
H2 200 wfG8af1niSejWpDaA1QaXYvOJLZfW_So.png
i.wmgtr.com/cim/ Frame FE48 935 KB
937 KB 427ms
62ms Image
image/gif 45.133.44.32
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.wmgtr.com/cim/wfG8af1niSejWpDaA1QaXYvOJLZfW_So.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

45.133.44.32 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

6ba59bfec64405c3002861d83d120dc78b0887d96800ac63ad9609c22216c36f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Thu, 19 Oct 2023 05:57:07 GMT
date: Wed, 18 Oct 2023 06:57:07 GMT
server: nginx/1.19.0
x-frame-options: SAMEORIGIN
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=82800
x-content-type-option: nosniff
x-xss-protection: 1; mode=block
x-proxy-cache: HIT

OPTIONS
H/1.1 200
OK 7062C2wDm6nL6c9*cujymL9yWrYi2UXqE_pv5d_144wvssQ*xqfWod2lWHftxZOrynarTQGHlzbmtbS8kQaT3AKq2Lr3Ms4
cytulakiblah.guru/ Frame 0
0 369ms
368ms Preflight
text/html 142.91.159.200
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

http://cytulakiblah.guru/7062C2wDm6nL6c9*cujymL9yWrYi2UXqE_pv5d_144wvssQ*xqfWod2lWHftxZOrynarTQGHlzbmtbS8kQaT3AKq2Lr3Ms4?ck9=weiEmI6cDO1gDLiMnI6ISM2ADM4FjMwAjIsIiYiojIxYDMwgXMyADMiwiIyJiOiICLiEnI6ICa0RHc68yLnV2c0lXeuM2bt9SZohmZUNlIsICaioTN0gzMsICbiojIl5WLVNlIsICdioTLxIDMsIieioTO5EDNsIyaioDNsISdiojIiwiImJiOmFGbzVGLiUmI6ICcwknN1wmckN3blhWb35mIsIybioDdyVXZsISbioTM2kzN2EjMyMDMxkzMsIydiojIlcjQlIjM0lGdsVWJyITJzEUJyITRhJnblIDMt9mbllXJyAzbuViMwMHavJHdlIDMslmbrNnLlIDMNF2alViMwMHavJHdlIDMslmbrNXJyATYuRWJyATZhViMyUiMDViMysWZ5d3byR2clIjMlMTQlUjQlIjMzh2byRXZuMHdlIjMlIzQlIjMzh2byRXZzRXJyITJyMUJyIzco9mc0ViMwwWaut2clIjMlIzQlIjMslmbrViMwMHavJHdl5WZyViMyUiMDViMyIWa0xWelIjMlUDRlIzQlIjM09Gc39mckNXJyITJzEUJ1IUJyITaj9mblMTQ3UiMyUiMDViMyIXZmJXZzhWJzE0NlIjMlIzQlIjM0hWazVyMBZTJyITJyMUJyIzYsl2YrVyMBZTJyITJyMUJyIjYy92dzVmclMTQ2UiMyUiMDViMyMHavVHbkVyMBVTJyITJyMUJyITZhJnblMTQ0UiMyUiMDViMyEGZix2bjtWJzEENlIjMlIzQlIjMwF2ZlVyMBRTJyITJyMUJyITbv5WZ5VyMBNTJyITJyMUJyIDcsVWYzVWJzE0MlIjMlIzQlIjM59WdyVyMBNTJyITJyMUJyIDahZXZlMTQzUiMyUiMDViMyQXdy5WZkVyMBNTJyITJyMUJyIzZyVWelMTQzUiMyUiMDViMyQWak52J0VyMBNTJyITJyMUJyITY1R3btFGdpNWYsxWelMTQzUiMyUiMDViMyQHah52azFSJzE0MlIjMlUDRlcDRiwiIwJnI6EDLig2YioDNsIiYsJiOtEDLiI2YiozMsIid2JiOikkb0VGbgkkbj5iIsIidyJiOikkb0VGbgkkcpNHIPBXZudETgUkbnlmblJCLiE2YioDMsIyY0JiOiUnbr52b35mIsIyYlRnI6ICNnJCLiMGZs1mI60SMsIyYkxmI6EDMsIyYyRHdioDMsICdtNnI6ETf

Protocol

HTTP/1.1

Server

142.91.159.200 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://gestyy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: http://gestyy.com
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 18 Oct 2023 06:57:10 GMT
Keep-Alive: timeout=20
Server: nginx
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

POST
H/1.1 200
OK 7062C2wDm6nL6c9*cujymL9yWrYi2UXqE_pv5d_144wvssQ*xqfWod2lWHftxZOrynarTQGHlzbmtbS8kQaT3AKq2Lr3Ms4 Show response
cytulakiblah.guru/ 4 KB
3 KB 624ms
624ms Fetch
application/json 142.91.159.200
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: ja.rewashwudu.com
URL: http://ja.rewashwudu.com/fmwhVStpL4dxap/46223

Protocol

HTTP/1.1

Server

142.91.159.200 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

516739076c617170156487fea89ea843c2be71ce571ba5fe4c370181a63959a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: http://gestyy.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Wed, 18 Oct 2023 06:57:10 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: http://gestyy.com
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=20
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires

GET
H2 200 css
fonts.googleapis.com/ Frame B843 11 KB
883 B 72ms
71ms Stylesheet
text/css 172.217.16.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800

Requested by

Host: ja.rewashwudu.com
URL: http://ja.rewashwudu.com/fmwhVStpL4dxap/46223

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f10.1e100.net

Software

ESF /

Resource Hash

0f7d13dd5f5050995a5c0fc2f19a0be93dcfac0da0ab80f5173857052089ce37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 18 Oct 2023 06:57:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 06:29:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 18 Oct 2023 06:57:11 GMT

GET

aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3XzEwMjAseF80NDEseV8yODYvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjItMTIvM...
s-img.adskeeper.com/g/15023478/492x328/-/ Frame B843
Redirect Chain

https://icdns.net/b2/c/i/icon?cid=1&did=Tl11X2M&eid=622&nid=1&sid=3302344570okVFTpWc&ts=1697612230&ttl=43200&v=v5.8.2
https://s-img.adskeeper.com/g/15023478/492x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3XzEwMjAseF80NDEs...

0
0

GET
H/1.1 200
OK 6b0c955046cc3909ef347f7c95ec7cd9a3672503.png
scarpeweevily.top/g/6b/0c/ Frame B843 10 KB
10 KB 106ms
80ms Image
image/png 162.19.19.15

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://scarpeweevily.top/g/6b/0c/6b0c955046cc3909ef347f7c95ec7cd9a3672503.png
Requested by: Host: gestyy.com
URL: http://gestyy.com/ehhfTS
Protocol: HTTP/1.1
Server: 162.19.19.15 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: cff0daa9ac0fe904d11b8bd23445e06094586cabb4327b323ba57f2a8fa135ac

Request headers

accept-language: de-CH,de;q=0.9
Referer: http://gestyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 06:57:11 GMT
Last-Modified: Tue, 13 Jul 2021 07:32:39 GMT
Server: nginx
ETag: "60ed4197-28af"
Content-Type: image/png
Cache-Control: max-age=864000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=20
Content-Length: 10415
Expires: Sat, 28 Oct 2023 06:57:11 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v36/ Frame B843 47 KB
47 KB 42ms
41ms Font
font/woff2 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://gestyy.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 18:16:19 GMT
x-content-type-options: nosniff
age: 477652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48432
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Oct 2024 18:16:19 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: analytics.shorte.st
URL: http://analytics.shorte.st/displayed

Domain: pogothere.xyz
URL: https://pogothere.xyz/

Domain: pogothere.xyz
URL: https://pogothere.xyz/

Domain: cuid
URL: https://cuid/?f=http%3A%2F%2Fgestyy.com

Domain: cuid
URL: https://cuid/?f=http%3A%2F%2Fgestyy.com

Domain: bam.nr-data.net
URL: https://bam.nr-data.net/1/28e0508023?a=9451001&v=1.242.0&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=4035&ck=0&s=6165e5e681fcc75c&ref=http://gestyy.com/ehhfTS&ap=97&be=591&fe=3274&dc=2756&at=GBNTEw1LGR8%3D&perf=%7B%22timing%22:%7B%22of%22:1697612222818,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:10,%22c%22:10,%22ce%22:318,%22rq%22:318,%22rp%22:592,%22rpe%22:611,%22di%22:3314,%22ds%22:3325,%22de%22:3347,%22dc%22:3855,%22l%22:3858,%22le%22:3865%7D,%22navigation%22:%7B%7D%7D&fp=1158&fcp=1158

Domain: s-img.adskeeper.com
URL: https://s-img.adskeeper.com/g/15023478/492x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3XzEwMjAseF80NDEseV8yODYvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjItMTIvMTAxOTI0L2MxMmUwMDhjYTgzOGE3NmUzZDYwMjg2N2ZlNjA2OWZiLmpwZWc.webp?v=1697612230-J0sRNiUGNYExjcYeFGDoX49fp_n-pExNBYp7BFd60vU

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
gestyy.com/	1970-01-21 00:19:08	Name: hl Value: en
gestyy.com/	1969-12-31 23:59:59	Name: cookies-enable Value: 1
.gestyy.com/	1970-01-21 01:09:32	Name: _ga Value: GA1.2.1971673754.1697612224
.gestyy.com/	1970-01-20 15:34:58	Name: _gid Value: GA1.2.758536539.1697612224
.gestyy.com/	1970-01-20 17:43:08	Name: _gcl_au Value: 1.1.778948831.1697612225
my.rtmark.net/	1970-01-21 00:19:08	Name: ID Value: e35ca9dbc59f45be80ccc9697300d22d
.doubleclick.net/	1970-01-20 15:33:33	Name: test_cookie Value: CheckForPermission
.gestyy.com/	1970-01-20 15:33:32	Name: _gat Value: 1
.gestyy.com/	1970-01-21 01:09:32	Name: _ga_7C6F2JT500 Value: GS1.2.1697612226.1.0.1697612226.0.0.0
gestyy.com/	1970-01-20 15:34:58	Name: referrer_url Value: http%3A%2F%2Fgestyy.com%2FehhfTS
vickykilled.cfd/	1970-01-20 15:34:58	Name: GL_UI4 Value: eJw9jd1OhDAYRPln1QWdhAfwEUDELJfGh9hLUtqvbF1oN6VCfHsbE72ak8mZTBAEUfWIcMsSxF%2Bsw7NsX6l%2F6%2FtOCNlK2dHYjFJQ0564pJee406tg2PjTC7BYV2YdYPbEhwn0mQVH7gRVODJW3%2FNVZtdJ0hHy7QokC7emAvkozX7SraKkWi2ELKPizU%2B04V9Govo1HtU2mNYIzJrFZf3yM9KC78rj4iauiyzAA%2B3mTlp7DIokYVIJ8sEIXzHgTNHk7HfyAWtV2dugJnF8O%2F%2F3sZ7UyMTtCnuv427kP0B83FPOw%3D%3D
vickykilled.cfd/	1970-01-20 15:34:58	Name: GL_GI10 Value: eJwNxrEKwjAUBdC8NySIOlzpd0SsYnWug0PAIfgBbRpKoMSSNAp%2BvZ7pCCG42oDDjO3lpOu60c1ZH45X0Ahu72AXsbafsHx9mro4gBLYPMEpQpnifIoe5KAe%2Fb9dAQUoW2IK2YNjxqrt%2Bsnvb9aAZinAy0syOA%2BVAL3l7gdM7x13
viewyentreat.guru/	1970-01-20 15:34:58	Name: GL_UI4 Value: eJw9jd1OhDAYRPln1QWdhAfwEUDELJfGh9hLUtqvbF1oN6VCfHsbE72ak8mZTBAEUfWIcMsSxF%2Bsw7NsX6l%2F6%2FtOCNlK2dHYjFJQ0564pJee406tg2PjTC7BYV2YdYPbEhwn0mQVH7gRVODJW3%2FNVZtdJ0hHy7QokC7emAvkozX7SraKkWi2ELKPizU%2B04V9Govo1HtU2mNYIzJrFZf3yM9KC78rj4iauiyzAA%2B3mTlp7DIokYVIJ8sEIXzHgTNHk7HfyAWtV2dugJnF8O%2F%2F3sZ7UyMTtCnuv427kP0B83FPOw%3D%3D
viewyentreat.guru/	1970-01-20 15:34:58	Name: GL_GI10 Value: eJwNxrEKwjAUBdC8NySIOlzpd0SsYnWug0PAIfgBbRpKoMSSNAp%2BvZ7pCCG42oDDjO3lpOu60c1ZH45X0Ahu72AXsbafsHx9mro4gBLYPMEpQpnifIoe5KAe%2Fb9dAQUoW2IK2YNjxqrt%2Bsnvb9aAZinAy0syOA%2BVAL3l7gdM7x13
jurorstalar.uno/	1970-01-20 15:34:58	Name: GL_UI4 Value: eJw9jd1OhDAYRPln1QWdhAfwEUDELJfGh9hLUtqvbF1oN6VCfHsbE72ak8mZTBAEUfWIcMsSxF%2Bsw7NsX6l%2F6%2FtOCNlK2dHYjFJQ0564pJee406tg2PjTC7BYV2YdYPbEhwn0mQVH7gRVODJW3%2FNVZtdJ0hHy7QokC7emAvkozX7SraKkWi2ELKPizU%2B04V9Govo1HtU2mNYIzJrFZf3yM9KC78rj4iauiyzAA%2B3mTlp7DIokYVIJ8sEIXzHgTNHk7HfyAWtV2dugJnF8O%2F%2F3sZ7UyMTtCnuv427kP0B83FPOw%3D%3D
jurorstalar.uno/	1970-01-20 15:34:58	Name: GL_GI10 Value: eJwNxrEKwjAUBdC8NySIOlzpd0SsYnWug0PAIfgBbRpKoMSSNAp%2BvZ7pCCG42oDDjO3lpOu60c1ZH45X0Ahu72AXsbafsHx9mro4gBLYPMEpQpnifIoe5KAe%2Fb9dAQUoW2IK2YNjxqrt%2Bsnvb9aAZinAy0syOA%2BVAL3l7gdM7x13

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://gestyy.com/ehhfTS Message: Access to XMLHttpRequest at 'http://analytics.shorte.st/displayed' from origin 'http://gestyy.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: http://analytics.shorte.st/displayed Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://gestyy.com/ehhfTS Message: Access to fetch at 'https://pogothere.xyz/' from origin 'http://gestyy.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://pogothere.xyz/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://gestyy.com/ehhfTS Message: Access to fetch at 'https://pogothere.xyz/' from origin 'http://gestyy.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://pogothere.xyz/ Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyyL8oiBRh_Sgk_10szxbNwbFJBu57zK0Sl5rIH_JDj6EY__NuaDq2XMXIjPh3i4Rf3c0opAEA&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-770779716%3A1697612225394243&theme=glif Message: Failed to load resource: the server responded with a status of 403 ()
security	warning	Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network	error	URL: https://cuid/?f=http%3A%2F%2Fgestyy.com Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyygDH6VGisara0Wes1MCCUR6O6aHO3Q13MrUQmVYYv4ORvkvYJrY5OuUMkDbB5aSAdOnzrsAQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1812838769%3A1697612225437394&theme=glif Message: Failed to load resource: the server responded with a status of 403 ()
javascript	error	URL: http://gestyy.com/ehhfTS Message: Access to XMLHttpRequest at 'https://bam.nr-data.net/1/28e0508023?a=9451001&v=1.242.0&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=4035&ck=0&s=6165e5e681fcc75c&ref=http://gestyy.com/ehhfTS&ap=97&be=591&fe=3274&dc=2756&at=GBNTEw1LGR8%3D&perf=%7B%22timing%22:%7B%22of%22:1697612222818,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:10,%22c%22:10,%22ce%22:318,%22rq%22:318,%22rp%22:592,%22rpe%22:611,%22di%22:3314,%22ds%22:3325,%22de%22:3347,%22dc%22:3855,%22l%22:3858,%22le%22:3865%7D,%22navigation%22:%7B%7D%7D&fp=1158&fcp=1158' from origin 'http://gestyy.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bam.nr-data.net/1/28e0508023?a=9451001&v=1.242.0&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=4035&ck=0&s=6165e5e681fcc75c&ref=http://gestyy.com/ehhfTS&ap=97&be=591&fe=3274&dc=2756&at=GBNTEw1LGR8%3D&perf=%7B%22timing%22:%7B%22of%22:1697612222818,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:10,%22c%22:10,%22ce%22:318,%22rq%22:318,%22rp%22:592,%22rpe%22:611,%22di%22:3314,%22ds%22:3325,%22de%22:3347,%22dc%22:3855,%22l%22:3858,%22le%22:3865%7D,%22navigation%22:%7B%7D%7D&fp=1158&fcp=1158 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://shorteh.com/afu.php?zoneid=1241630 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
aculturerpa.info
ads.shorte.st
analytics.shorte.st
bam.nr-data.net
cuid
cytulakiblah.guru
d3t3z4teexdk2r.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
gestyy.com
googleads.g.doubleclick.net
i.wmgtr.com
intendrebend.top
ja.rewashwudu.com
js-agent.newrelic.com
jurorstalar.uno
manifefashiona.info
my.rtmark.net
pogothere.xyz
prhzxq.com
ptauxofi.net
region1.google-analytics.com
s-img.adskeeper.com
scarpeweevily.top
shorteh.com
static.servingserved.com
static.sh.st
ubbfpm.com
vickykilled.cfd
viewyentreat.guru
www.facebook.com
www.google-analytics.com
www.google.ch
www.google.com
www.googletagmanager.com
xdiwbc.com
xml.yellow-resultsbidder.com
xngqoc.com
analytics.shorte.st
bam.nr-data.net
cuid
pogothere.xyz
s-img.adskeeper.com
104.21.9.104
104.26.5.107
104.26.8.155
139.45.195.8
139.45.197.238
139.45.197.250
142.250.181.226
142.250.181.228
142.250.184.232
142.250.185.110
142.250.186.35
142.250.186.99
142.91.159.200
143.204.98.113
143.204.98.81
151.101.130.137
151.139.128.10
157.240.0.35
162.19.19.15
172.217.16.202
172.217.23.109
172.255.6.136
172.255.6.34
172.67.68.250
172.67.74.33
185.162.85.1
188.114.96.3
198.134.116.29
216.239.32.36
23.109.150.155
23.109.150.91
45.133.44.32
51.89.192.129
52.222.232.155
95.216.206.230
00e3fbbf542561da72fdc5ea89cfd1405c17739dd49210252e611c3122018efe
06e5f7e2d702e0110271dd33c198e1f312a785bcf41ca4fbed2fa6d67722dc03
0f7d13dd5f5050995a5c0fc2f19a0be93dcfac0da0ab80f5173857052089ce37
11fdced52ec77b5f87dd49ef96a297bd227c840b5fbd2a5e67851b481442cb5f
1cc1496df0e158cb70929cd29191a4ed7210452c24695213c50750b514baef7a
2999f5874877de3a7f9f8e5cce8221338d277ba4cf08e798b2302bb853539550
2d054b502d829accd15ff9cb78d1431df1c3ec2c67ca18d4008d2cbc973c6384
2d86e1846936b62858b61377779e1ecbef3c3e0f0eb2bf6f72d399a5533363a5
306e17f35263e332313e39de1b5e9292fdbd30563cedbc36c8ba75de93d6c98e
34a0f6eaadbfed520a5df4a1182befb6aa744b0c01137f2a01faad98622f025a
36e53598f791ce1b2b0e22637773d46e2ec557f7e18790044287a81893f0fa60
37800f9f2bb9d6543c17667dca9695da535d5b01fcf095db9d20d9782f1d22d0
467942d7490565f9eeffb703101620ee5a56c38f57312919d5a74cab073779eb
4cc49f367ee0a3f0789707f1d1cf8bb3ceda8930e01af39110d104b23c95cfe9
4f4a1ac4e05671bc2f792686d9c18d0e7895a7a8e67c6781d6f227c6c36599a1
507c7c453e932b9ee7ec0d1367af1e8fd51cfd26eb0dd0b408ce112e2ebe2829
516739076c617170156487fea89ea843c2be71ce571ba5fe4c370181a63959a1
5182b64b1fc47cf6cd1c0674b2c392400ed84cadc71425a7dea77f5c117a9bb3
551a74ad1439a2c517dc64dea8470dfbaa6a9479ade2389f0861a8245343e2ff
6acd8bce6481db9a9462ccbd6702dba686bb978e07d836648512a4c5563a1b49
6ba59bfec64405c3002861d83d120dc78b0887d96800ac63ad9609c22216c36f
78129950678ec1406666e752c1e22078232118faab17a40a09c25b8477d7f0e5
7970e3286d749838512860e9ddb1569f4b6a44135c1664df17992c62b07a8f31
79c07fd74a6195368c8dd1a9ef19cf0949bbc819909b6c09d335745e7503a2f2
7b23e3a7155161323573e58616ff1bfdaffd0560483db31315d181f6b394ddd5
7cf0dd27c3b2223183084368c7d78754313dc5a068303f8c3a7a6712e68f36bd
7ff740926f42fb48bec26638cae37723c5bb658e67465ba90b7f486a5adb6dce
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8396eac2dea5db817c502e4f960bd364bee3415318383b29f9b123b811fffa71
88bb3be0111402f5ca81aaa36cbf7c4a2755099c5d0446831331e1d1d8e7a1ef
8cbc049ddbd7ca67068451ce754401833499959c4c6ed7b98f664d42e0597808
94f088facd48b161b74a049ceaa9f69b370b8d58e126dadd4313ffeef7af0317
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
ad3995ed8857c7c6c71609fb70c4c77bc564d9279424bc5b9945134720730d24
c3c736b80c318c7323b9f2b6a3b2ddd6e78e5aeeed7e9d648c6b1d7e97691024
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cbcd47d3130ee0af9b24cea1743f3289656f0ceda476d6eef7865d0b01e42a43
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cff0daa9ac0fe904d11b8bd23445e06094586cabb4327b323ba57f2a8fa135ac
d07564478a41491fa886da41f1a83d3145c3c4a0272ccc8811b833c950a64b16
d8d32816d1bb305802ea9cd47e6b7357ce57ff240fcb8fc7a569b7d16a4bb9f4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0d92139521b180f60ee14b9356a5b58f9c3373b20798aa63b76a71a1c13cb61
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4aaa8b864033f10089ecbbc1023817b1968fe72fb17398564429c7f07796c80
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0ff7bd798cc16469c59fbcd59d614cb7c0c9791cc458f4a969d1a7a2ae61093
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
f87c92accf73fec2fe5436d54d8b61abb82214b2af6a32fe42ce1854d7b6c73e
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

gestyy.com Open in urlscan Pro 104.26.8.155 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

86 Requests

52 %HTTPS

0 %IPv6

36 Domains

39 Subdomains

33 IPs

6 Countries

2229 kBTransfer

3451 kBSize

16 Cookies

2 Outgoing links

Redirected requests

86 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

gestyy.com Open in urlscan Pro
104.26.8.155 Public Scan

Screenshot
Live screenshot

Full Image

86
Requests

52 %
HTTPS

0 %
IPv6

36
Domains

39
Subdomains

33
IPs

6
Countries

2229 kB
Transfer

3451 kB
Size

16
Cookies

86 HTTP transactions
1 data transactions