googleweblight.com/i?u=https://rb.gy/h14za
142.250.74.97301 Moved Permanently 0 B URL User Request GET HTTP/2 googleweblight.com/i?u=https://rb.gy/h14za
IP 142.250.74.97:443
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintD6:E1:72:BF:8B:94:81:F5:A1:9B:A7:B6:5B:FD:B8:A5:CA:2B:E5:FD
ValidityTue, 28 Mar 2023 16:54:33 GMT - Tue, 20 Jun 2023 16:54:32 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?u=https://rb.gy/h14za HTTP/1.1
Host: googleweblight.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 20 Apr 2023 17:25:28 GMT
Location: https://googleweblight.com/i?u=https://rb.gy/h14za
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Set-Cookie: NID=511=BZLnDJdPPJOkB9hqv3_jIYcRhGAv88XiYgUoH_cUvr9-CkO4fIn4k3fXB7h3IBBcWtm1jr2kRzY7hQSSkzYk06YSK4NzFpgQCDJUtR-HkYyiVRqMa_lsrk_AcpmyBnDrcUbzzb444eFnYEK2VMwrU1QsnTg9aWX1jGxnnX_2Smk; expires=Fri, 20-Oct-2023 17:25:28 GMT; path=/; domain=.googleweblight.com; HttpOnly
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash dc21314d06a1224d3e760fbe62ed1437
3d1608c4912cc6f221a65c89111c26c6cb6fc5df
5c49d376a9b05c94ab8ee21558bec5c6efb66e2700004d8efb1c5c0a58ed312d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Apr 2023 17:25:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleweblight.com/i?u=https://rb.gy/h14za
142.250.74.97301 Moved Permanently 0 B URL User Request GET HTTP/2 googleweblight.com/i?u=https://rb.gy/h14za
IP 142.250.74.97:443
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintD6:E1:72:BF:8B:94:81:F5:A1:9B:A7:B6:5B:FD:B8:A5:CA:2B:E5:FD
ValidityTue, 28 Mar 2023 16:54:33 GMT - Tue, 20 Jun 2023 16:54:32 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?u=https://rb.gy/h14za HTTP/1.1
Host: googleweblight.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NID=511=BZLnDJdPPJOkB9hqv3_jIYcRhGAv88XiYgUoH_cUvr9-CkO4fIn4k3fXB7h3IBBcWtm1jr2kRzY7hQSSkzYk06YSK4NzFpgQCDJUtR-HkYyiVRqMa_lsrk_AcpmyBnDrcUbzzb444eFnYEK2VMwrU1QsnTg9aWX1jGxnnX_2Smk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
content-type: application/binary
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 20 Apr 2023 17:25:29 GMT
location: https://rb.gy/h14za
content-security-policy: script-src 'nonce-ys5OeSCIyl4GZ63igBpD8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/WebLightSmartphoneHttp/cspreport;worker-src 'self', script-src 'nonce-ys5OeSCIyl4GZ63igBpD8A' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://adservice.google.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://fundingchoicesmessages.google.com;report-uri /_/WebLightSmartphoneHttp/cspreport, require-trusted-types-for 'script';report-uri /_/WebLightSmartphoneHttp/cspreport
content-security-policy-report-only: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://adservice.google.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://fundingchoicesmessages.google.com;report-uri /_/WebLightSmartphoneHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"WebLightSmartphoneHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/WebLightSmartphoneHttp/external"}]}
cross-origin-resource-policy: same-site
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: same-origin-allow-popups; report-to="WebLightSmartphoneHttp"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash dc21314d06a1224d3e760fbe62ed1437
3d1608c4912cc6f221a65c89111c26c6cb6fc5df
5c49d376a9b05c94ab8ee21558bec5c6efb66e2700004d8efb1c5c0a58ed312d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Apr 2023 17:25:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.r2m02.amazontrust.com/
143.204.48.16 471 B URL ocsp.r2m02.amazontrust.com/
IP 143.204.48.16:0
Hash eca711ca40d4bb65fca3a95776a44c4f
9d9e173f5f3f33390bb212840cc41b370f67db4a
9ec4a413071becb700f9fe9934ddd1be394aed3f4b1f97e347eb97930273532c
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=106458
Date: Thu, 20 Apr 2023 17:25:29 GMT
Etag: "64406a53-1d7"
Expires: Fri, 21 Apr 2023 22:59:47 GMT
Last-Modified: Wed, 19 Apr 2023 22:25:23 GMT
Server: ECAcc (bsa/EB26)
X-Cache: Miss from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wE1uj6CCqR3-k4ZDLQcSvEGenakQi1LjZLDgh0vPwV9Z00ejWlXNhg==
Age: 2064
76.223.2.19302 Found 0 B URL User Request GET HTTP/2 IP 76.223.2.19:443
Certificate IssuerAmazon
Subjectrb.gy
Fingerprint10:56:51:A3:A9:55:15:9A:79:9F:02:1F:B2:62:CD:5C:1A:2A:90:DD
ValidityThu, 23 Feb 2023 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /h14za HTTP/1.1
Host: rb.gy
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 20 Apr 2023 17:25:30 GMT
content-length: 0
location: http://rb.gy/h14za?rb.routing.mode=proxy&rb.routing.signature=937172
engine: Rebrandly.redirect, version 2.1
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2
rb.gy/h14za?rb.routing.mode=proxy&rb.routing.signature=937172
76.223.2.19404 Not Found 2.6 kB URL User Request GET HTTP/2 rb.gy/h14za?rb.routing.mode=proxy&rb.routing.signature=937172
IP 76.223.2.19:443
Certificate IssuerAmazon
Subjectrb.gy
Fingerprint10:56:51:A3:A9:55:15:9A:79:9F:02:1F:B2:62:CD:5C:1A:2A:90:DD
ValidityThu, 23 Feb 2023 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (2623), with no line terminators
Hash 403355a474fb4486cfd7297b6fe374f3
b03228cdda53f19f4ec05f2a391c42d7eebb4688
74d48df2ca3d871809ab8ffe35dc49ccdb979e54a8b1c01841910e30d41eed68
GET /h14za?rb.routing.mode=proxy&rb.routing.signature=937172 HTTP/1.1
Host: rb.gy
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
date: Thu, 20 Apr 2023 17:25:30 GMT
content-type: text/html
content-length: 2623
server: AmazonS3
via: 1.1 b940a336a13496ed7f3754168211e15a.cloudfront.net (CloudFront)
last-modified: Thu, 17 Feb 2022 13:49:52 GMT
accept-ranges: bytes
age: 21789
etag: "403355a474fb4486cfd7297b6fe374f3"
engine: Rebrandly.redirect, version 2.1
strict-transport-security: max-age=15552000
x-amz-server-side-encryption: AES256
x-amz-version-id: 0Ou37jKCUePL5aO7kLp5FP9Ly.sMxBw9
x-cache: Error from cloudfront
x-amz-cf-pop: IAD66-C1
x-amz-cf-id: eWJlhBS1-PDmDyZuJciWf0WkapfA4eFR5AsT4dAxgJa-yY2xD8kQ2Q==
X-Firefox-Spdy: h2
rb.gy/favicon.ico
76.223.2.19 0 B IP 76.223.2.19:0
Requested by https://rb.gy/h14za?rb.routing.mode=proxy&rb.routing.signature=937172
Certificate IssuerAmazon
Subjectrb.gy
Fingerprint10:56:51:A3:A9:55:15:9A:79:9F:02:1F:B2:62:CD:5C:1A:2A:90:DD
ValidityThu, 23 Feb 2023 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: rb.gy
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rb.gy/h14za?rb.routing.mode=proxy&rb.routing.signature=937172
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Thu, 20 Apr 2023 17:25:30 GMT
content-length: 0
location: https://free-url-shortener.rb.gy/
engine: Rebrandly.redirect, version 2.1
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2
free-url-shortener.rb.gy/
0.0.0.0 0 B URL GET free-url-shortener.rb.gy/
IP 0.0.0.0:0
Requested by https://rb.gy/h14za?rb.routing.mode=proxy&rb.routing.signature=937172
Certificate IssuerAmazon
Subjectrb.gy
Fingerprint10:56:51:A3:A9:55:15:9A:79:9F:02:1F:B2:62:CD:5C:1A:2A:90:DD
ValidityThu, 23 Feb 2023 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: free-url-shortener.rb.gy
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rb.gy/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 28 Mar 2023 14:48:04 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: LVNGL6gAWx3K0BjNjwPLOUFD1YD4D3.v
server: AmazonS3
content-encoding: gzip
date: Thu, 20 Apr 2023 17:25:32 GMT
cache-control: no-cache
etag: W/"40d7eafc2441faf44b817c8f9ac1a029"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fqiQpV_GJsB3nB6ZcHi_EISWvXIAr9RZ7B_H1zBLCUjYDFoixz2qHw==
X-Firefox-Spdy: h2
googleweblight.com/i?u=https://rb.gy/h14za
142.250.74.97301 Moved Permanently 2.6 kB URL User Request GET HTTP/1.1 googleweblight.com/i?u=https://rb.gy/h14za
IP 142.250.74.97:80
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?u=https://rb.gy/h14za HTTP/1.1
Host: googleweblight.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 20 Apr 2023 17:25:28 GMT
Location: https://googleweblight.com/i?u=https://rb.gy/h14za
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Set-Cookie: NID=511=BZLnDJdPPJOkB9hqv3_jIYcRhGAv88XiYgUoH_cUvr9-CkO4fIn4k3fXB7h3IBBcWtm1jr2kRzY7hQSSkzYk06YSK4NzFpgQCDJUtR-HkYyiVRqMa_lsrk_AcpmyBnDrcUbzzb444eFnYEK2VMwrU1QsnTg9aWX1jGxnnX_2Smk; expires=Fri, 20-Oct-2023 17:25:28 GMT; path=/; domain=.googleweblight.com; HttpOnly