sh.st/st/154b601caf3ac93e7f4737ba30389a0a/http:/caderbox.com/libreriabox/vigm/04_WWW.CADERBOX.COM_reach-helmet-eva-emile.zip
104.26.6.218302 Found 471 B URL HTTP/1.1 sh.st/st/154b601caf3ac93e7f4737ba30389a0a/http:/caderbox.com/libreriabox/vigm/04_WWW.CADERBOX.COM_reach-helmet-eva-emile.zip
IP 104.26.6.218:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 609f3778bb238459faff42da47c23a03
efd5e6f8438ff0796c733113f7c43cb4eb83de9a
e1b379fb4fdf2476e14c16fcb5db9cfb46eb9ea98ed482bea0b1bd3f047e4d10
GET /st/154b601caf3ac93e7f4737ba30389a0a/http:/caderbox.com/libreriabox/vigm/04_WWW.CADERBOX.COM_reach-helmet-eva-emile.zip HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Fri, 27 Jan 2023 04:43:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40-0+deb8u15
Cache-Control: no-cache
Location: http://gestyy.com/wHD99i?utm_source=&utm_medium=QL&utm_name=1
X-Server-ID: shn03
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: PHPSESSID=q69ctj60t7illl2nrpa3i3e4j4; expires=Fri, 27-Jan-2023 05:43:08 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
hl=en; expires=Sat, 27-Jan-2024 04:43:08 GMT; Max-Age=31536000; path=/
cookies-enable=1; path=/; httponly
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FUmCMFvBrJCerZrvwyPoxSFJoxk24P7UUel5q1PI%2FAF1KwAHxgVL%2FRrTz5R8lCSYQsDs2u9S34diBP%2BMmtCwPsbtlw%2BKg6pypAHQi7T8SyTl0yjavi1P"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fed362083eb51d-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15200
Expires: Fri, 27 Jan 2023 08:56:28 GMT
Date: Fri, 27 Jan 2023 04:43:08 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12144
Expires: Fri, 27 Jan 2023 08:05:32 GMT
Date: Fri, 27 Jan 2023 04:43:08 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 49049f3c92aad686cd7ff28ecd2a5a4f
9cc2bc9c055450dbc4fae93eabe4ef8509b3ff57
02cf421968192286bb174ff0e6c818a843c4eca61a02cd493e6f95bb58a37015
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02CF421968192286BB174FF0E6C818A843C4ECA61A02CD493E6F95BB58A37015"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3424
Expires: Fri, 27 Jan 2023 05:40:12 GMT
Date: Fri, 27 Jan 2023 04:43:08 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 04:42:58 GMT
content-type: application/json
age: 10
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: yApfgi+oIFjSMg+/bTkxDbOrOIk5Q1VG0U4mPuOVMHSOT/7mq5KBL+R0Q7+w5rfNrD24D55qo5Q=
x-amz-request-id: PR6AGXR7MRBNCA92
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 03:49:15 GMT
age: 3233
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 04:43:08 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
gestyy.com/wHD99i?utm_source=&utm_medium=QL&utm_name=1
172.67.68.51200 OK 36 kB URL HTTP/1.1 gestyy.com/wHD99i?utm_source=&utm_medium=QL&utm_name=1
IP 172.67.68.51:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32622), with CRLF, LF line terminators
Hash 0d05cd55e91fbea5d4bbdd27496ac4e8
5f1a12e7b68e909b434dd8d7e51e08c9986120f6
ef13a22f6194ba8ca0cb505ae3935448cb23ff6e161f87c84771b903250acde4
GET /wHD99i?utm_source=&utm_medium=QL&utm_name=1 HTTP/1.1
Host: gestyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 04:43:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40-0+deb8u15
Set-Cookie: PHPSESSID=ua3pe5adesasmgslvut64i5cj7; expires=Fri, 27-Jan-2023 05:43:08 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
hl=en; expires=Sat, 27-Jan-2024 04:43:08 GMT; Max-Age=31536000; path=/
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Frame-Options: DENY
X-Server-ID: shn06
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jj676X2ejJKkGasInTBjAGU3aISbHvKkSQICHNZjHc2KxvubJTCgEIY9bZBPUCcj%2FQqd6vcMaYqyfg9BWJ4poZfKCmMXj5WZfXLJeFDfn%2Ftm8s%2B%2BsQ7KyZMMQkI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78fed3639e77b50f-OSL
Content-Encoding: gzip
static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
104.26.7.218200 OK 25 kB URL HTTP/1.1 static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
IP 104.26.7.218:0
File type Unicode text, UTF-8 text, with very long lines (20454)
Hash f7baccd666678569795749f591a8a75a
f3d8c85e9290ec755535df4edd5a91de44f3dc2c
553836bd994a93741a17b68582f4f24d0882ebf4e8da8c9d9e7a74f1c57f7acc
GET /js/packed/interstitial-page.js?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 04:43:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: origSize=102880
ETag: W/"62bc140d-191e0"
Expires: Fri, 27 Jan 2023 17:09:08 GMT
Last-Modified: Wed, 29 Jun 2022 08:57:49 GMT
Vary: Accept-Encoding
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
CF-Cache-Status: HIT
Age: 41641
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ZZZevya3cWMa2oS34K7Fv%2BodwJj6b9cxoJUVtWD%2F4tGQIXksY66o3gLJJzwm3F986vBAfuS46cVVjAXRjdh3QnJG1xQDcHVRb6N991dJMAqA3eoS5QtmrKaMf8FVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78fed3659bb8b515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2ebcc7cd4c50e87a984668828c1e612e
f693d36335f333e3647f9fb2460e34dd73e17421
27f1d63422ccd02a6af514c2c0a36ac6f4e0d6f74ad6d9fc8c32e8ea487ffe15
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ja.rewashwudu.com/fmwhVStpL4dxap/46223
23.109.82.72200 OK 26 B URL HTTP/1.1 ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP 23.109.82.72:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 04:43:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://gestyy.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sat, 28-Jan-2023 04:43:09 GMT; Max-Age=86400; path=/
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Sat, 28-Jan-2023 04:43:09 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
104.26.7.218200 OK 6.2 kB URL HTTP/1.1 static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
IP 104.26.7.218:0
File type PNG image data, 249 x 62, 8-bit/color RGBA, non-interlaced\012- data
Hash 9ca44d211b1779ef13c1f7406a76c1ff
8b5ab1222409a144c8f1d3bd2a098985bd0bcba7
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001
GET /b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 04:43:09 GMT
Content-Type: image/png
Content-Length: 6226
Connection: keep-alive
Last-Modified: Fri, 17 Jul 2015 13:29:04 GMT
ETag: "55a90320-1852"
X-Server-ID: shn01
X-UA-Compatible: IE=Edge
Expires: Fri, 27 Jan 2023 11:20:59 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 62530
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fB3%2BrRqCclZ0uFpgOfV7Q4D%2FnEd77O6HZl3hscHNPoou7%2F4KXjqOKpszpz9QaohhTwVPx18Bzbw6Tv3ff14h09qIHIJ%2Bf%2BvP%2FYog%2F2TgibMN0g%2FujHJJ5m2PXrKwRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fed3660bfdb515-OSL
alt-svc: h2=":443"; ma=60
static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
104.26.7.218200 OK 84 kB URL HTTP/1.1 static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
IP 104.26.7.218:0
File type PNG image data, 1000 x 2704, 8-bit colormap, non-interlaced\012- data
Hash 0eb6767d5ee6d6e7b3884a01b7730c80
4bc5d39918bcea70e852e0fb7b3d15caf0993434
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d
GET /bundles/smeweb/img/widget-sprite.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 04:43:09 GMT
Content-Type: image/png
Content-Length: 84545
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:53 GMT
ETag: "62bc13d5-14a41"
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Expires: Sat, 28 Jan 2023 00:02:54 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 16815
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IbvkKdR9r9YP8%2FVJBGuEVbsZyYxOSssl6nbGhREcHc5kdndDPti2htttUQ72%2F4fPcNzBNuBfpr25tBdf0LY5i3hjeybhiyYi7GLTGdQKA%2B4xXB20v2s80bRwBqryLw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fed3662c0fb515-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2ebcc7cd4c50e87a984668828c1e612e
f693d36335f333e3647f9fb2460e34dd73e17421
27f1d63422ccd02a6af514c2c0a36ac6f4e0d6f74ad6d9fc8c32e8ea487ffe15
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gestyy.com/bundles/smeweb/img/tracking-429854.gif?t=1674794588
172.67.68.51200 OK 43 B URL HTTP/1.1 gestyy.com/bundles/smeweb/img/tracking-429854.gif?t=1674794588
IP 172.67.68.51:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /bundles/smeweb/img/tracking-429854.gif?t=1674794588 HTTP/1.1
Host: gestyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/wHD99i?utm_source=&utm_medium=QL&utm_name=1
Cookie: hl=en; cookies-enable=1
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 04:43:09 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8CDoupIKjH5lJuF%2BLxmsAmX0LvecfGzbMihsgTrL%2FSFUAcND3hj4MVGjkahXfrxCNhu%2Bjbmrf9E8WDw%2FIkE9X3bQAXFWRG5FD4WDnfKIYLUnuVxW7pWTSW5%2F%2F80%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fed3660f6cb50f-OSL
gestyy.com/bundles/advertisement/img/tracking.gif?test=1fa84025b6491db53cf9a7a8a582c5903c8ec9f6
172.67.68.51200 OK 0 B URL HTTP/1.1 gestyy.com/bundles/advertisement/img/tracking.gif?test=1fa84025b6491db53cf9a7a8a582c5903c8ec9f6
IP 172.67.68.51:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bundles/advertisement/img/tracking.gif?test=1fa84025b6491db53cf9a7a8a582c5903c8ec9f6 HTTP/1.1
Host: gestyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/wHD99i?utm_source=&utm_medium=QL&utm_name=1
Cookie: hl=en; cookies-enable=1
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 04:43:09 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:54 GMT
ETag: "62bc13d6-0"
X-Server-ID: shn01
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NF5S5thwGpahdGF%2B0um6%2FZTfaa2gLqmhR7HdxYcYNRTZrK2OvEv%2Bv119Qp67dZjtW7R3rGS%2BZg7OBfqAIf%2Feg3Uvd5Og7LF80ZlT87epKyZ%2Boj5rW3Y5j2OLfX4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fed3660d401c0a-OSL
gestyy.com/bundles/smeweb/img/advertisement-tracking-429854.gif?t=1674794588
172.67.68.51200 OK 43 B URL HTTP/1.1 gestyy.com/bundles/smeweb/img/advertisement-tracking-429854.gif?t=1674794588
IP 172.67.68.51:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /bundles/smeweb/img/advertisement-tracking-429854.gif?t=1674794588 HTTP/1.1
Host: gestyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/wHD99i?utm_source=&utm_medium=QL&utm_name=1
Cookie: hl=en; cookies-enable=1
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 04:43:09 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn08
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h0GKfawDLOZz%2FCpuHP%2FJ0%2Bx39YWxJgZuqiJ2mhBMsKrqaRCflUNlaJXGDfCiNj8WaBRdv4GVmllmJtx1lgX8IDVmt2x65Fm70LiJyK%2BiBSvnjA7jXw%2BmR4krbZA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fed3660c98b4fd-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 82e3abc4a7b17efedca67cf215f4bb60
e20e55d87591af7db3a4bcfc429048f85e389b85
df8901d4d87686fb11e17986f5d53cf513f675b4dd71f0a2e35c7ffbefa7fb9e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9bf2793558044193d7e5d27708a9144
5a8f73462cfda6544cc3efe488854c3cd80bb0a7
e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9bf2793558044193d7e5d27708a9144
5a8f73462cfda6544cc3efe488854c3cd80bb0a7
e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f61869f3a906f8227d57b608e0671e0a
d7eeead9a0fc56f8c682239c7bf392bfaef49ae2
91fbe73c4cb66bf75185524dbb4a5d3835be5048998afd13a6f79b7d4f93cf4b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91FBE73C4CB66BF75185524DBB4A5D3835BE5048998AFD13A6F79B7D4F93CF4B"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17194
Expires: Fri, 27 Jan 2023 09:29:43 GMT
Date: Fri, 27 Jan 2023 04:43:09 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 30da38e7a6be382ba0ea182696b76161
f2df5ad9ddcd4f03904fdeef1898183cbcdc5b24
d4e916181e5ea35c558d59ad475327781396c3c5a43e2cdb2281fe4e0251a9b8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D4E916181E5EA35C558D59AD475327781396C3C5A43E2CDB2281FE4E0251A9B8"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4711
Expires: Fri, 27 Jan 2023 06:01:40 GMT
Date: Fri, 27 Jan 2023 04:43:09 GMT
Connection: keep-alive
www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
172.217.21.168200 OK 38 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
IP 172.217.21.168:0
File type ASCII text, with very long lines (1759)
Hash 592c2c3bd399ef54d3890bc4ee854d03
988586fc0f917973d0c9c6f86063d644fa5aca14
9b671e1c30d62549947d4c7c6e52761e83a49a8f39acd9273e0cc1050e2371de
GET /gtm.js?id=GTM-5SFMWPJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 27 Jan 2023 04:43:09 GMT
expires: Fri, 27 Jan 2023 04:43:09 GMT
cache-control: private, max-age=900
last-modified: Fri, 27 Jan 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 38421
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
216.58.207.227200 OK 46 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Hash c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://gestyy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 03:37:22 GMT
expires: Thu, 25 Jan 2024 03:37:22 GMT
cache-control: public, max-age=31536000
age: 176747
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 82e3abc4a7b17efedca67cf215f4bb60
e20e55d87591af7db3a4bcfc429048f85e389b85
df8901d4d87686fb11e17986f5d53cf513f675b4dd71f0a2e35c7ffbefa7fb9e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 03:49:03 GMT
age: 3246
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ubbfpm.com/ms/1102360/inpage.js
95.216.206.230200 OK 138 kB URL HTTP/1.1 ubbfpm.com/ms/1102360/inpage.js
IP 95.216.206.230:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65536), with no line terminators
Size 138 kB (137809 bytes)
Hash 97598ae395ddf74ba1c6e3148b566e00
7d856f6bb792ba28570cb43ea36387cb3e6c1666
f4734ddefa545b762dfe0b15817e8f0e04ec8704bc6df8df5d6ebb5b6f69736a
GET /ms/1102360/inpage.js HTTP/1.1
Host: ubbfpm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 04:43:09 GMT
Content-Type: application/javascript
Content-Length: 137809
Last-Modified: Thu, 26 Jan 2023 13:02:37 GMT
Connection: keep-alive
ETag: "63d279ed-21a51"
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Referrer-Policy: strict-origin
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9bf2793558044193d7e5d27708a9144
5a8f73462cfda6544cc3efe488854c3cd80bb0a7
e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d3t3z4teexdk2r.cloudfront.net/?etztd=962089
54.230.245.161200 OK 116 kB URL HTTP/1.1 d3t3z4teexdk2r.cloudfront.net/?etztd=962089
IP 54.230.245.161:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 116 kB (116068 bytes)
Hash d3ab15703b01db09734247e30484bab7
0be410ae34778c26a112493c3b51d3b35c9a4644
476a2061b6977dfbd24f24824617e2b6fd563b33e939f7b95cfccb6821716368
GET /?etztd=962089 HTTP/1.1
Host: d3t3z4teexdk2r.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/
HTTP/1.1 200 OK
Content-Length: 116068
Connection: keep-alive
Date: Fri, 27 Jan 2023 04:43:09 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BNS47aWROL0xD_ZX8x4KSZtJQE4OyPJNT5KACLs0O36aZK3pWaxcdA==
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c398b6b39d11d25b8ae9bc5cd94a1c98
640aa8c399ced71d0c2a9f5a90fbaf091b01d642
a6f07f7c6a4746acc25457c726701df33120628dfb578bc4982448d8efee5855
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6F07F7C6A4746ACC25457C726701DF33120628DFB578BC4982448D8EFEE5855"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14398
Expires: Fri, 27 Jan 2023 08:43:07 GMT
Date: Fri, 27 Jan 2023 04:43:09 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
IP 142.250.74.131:0
Hash bca72d3eae366aa16cd3164a43bb147a
5bb093d3735d429c57701080d8c45ece44d3234e
b515044cd948a21319a7c93a82d9e4e1057b1b5062ab6ca3944a02747cdcc171
POST /s/gts1p5/jrItU-VjrKU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
IP 142.250.74.131:0
Hash bca72d3eae366aa16cd3164a43bb147a
5bb093d3735d429c57701080d8c45ece44d3234e
b515044cd948a21319a7c93a82d9e4e1057b1b5062ab6ca3944a02747cdcc171
POST /s/gts1p5/jrItU-VjrKU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
foortowatch.xyz/dHFOelgVEy0XZxVMLFwtBh1zX2oyVHw8PEcFfQBsABQrAjwfQzxUOxgeOx4+Bh4gDnYaFDpfajJFHRcKGT4aMyg3BiYcHCBFADs/JT0oPAIjMB8OKzAZGC0AMAEUMmkcEg0+CRIgCA19RjcWLBoTIxkNCTw3fio9HzgFLR4DBRkvGhcpDRYCIgl3LhQTKyw+CiVUfDgeNR0dPiEhFA0RFiE4Dz8IIEAACR0lEgsiISEUCksOETp+PA0SBioRDjE8Ajs1PSUKSzwjOxw3DjwwDEwbHDgtOxAEJxgSOzcTfxkzPDAMTB0DSBY4EEEzGCIrLBQIKz0wBhQMDg1cHxkZPB4ZPxoDMw1LDiM1DAJuICQDNhkdQQw4Dj4VLEsBEzI5MG8iNxczGRoFDCwZGCQHAgEwKX9KISUnHF9qMjB9CgonMCUvCEUdFlwyBx4gCmUNECA4CA0IIA9hQig5
54.230.111.95200 OK 1.2 kB URL HTTP/1.1 foortowatch.xyz/dHFOelgVEy0XZxVMLFwtBh1zX2oyVHw8PEcFfQBsABQrAjwfQzxUOxgeOx4+Bh4gDnYaFDpfajJFHRcKGT4aMyg3BiYcHCBFADs/JT0oPAIjMB8OKzAZGC0AMAEUMmkcEg0+CRIgCA19RjcWLBoTIxkNCTw3fio9HzgFLR4DBRkvGhcpDRYCIgl3LhQTKyw+CiVUfDgeNR0dPiEhFA0RFiE4Dz8IIEAACR0lEgsiISEUCksOETp+PA0SBioRDjE8Ajs1PSUKSzwjOxw3DjwwDEwbHDgtOxAEJxgSOzcTfxkzPDAMTB0DSBY4EEEzGCIrLBQIKz0wBhQMDg1cHxkZPB4ZPxoDMw1LDiM1DAJuICQDNhkdQQw4Dj4VLEsBEzI5MG8iNxczGRoFDCwZGCQHAgEwKX9KISUnHF9qMjB9CgonMCUvCEUdFlwyBx4gCmUNECA4CA0IIA9hQig5
IP 54.230.111.95:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Hash ac696524bdc0d85612701b70cadab494
e1dbcedb1150bafe1307f55172ed43837c9013bf
4dedba06253f0125adb780c5aafcc8852462a0f06608d6f46d0d614ec2f677ef
GET /dHFOelgVEy0XZxVMLFwtBh1zX2oyVHw8PEcFfQBsABQrAjwfQzxUOxgeOx4+Bh4gDnYaFDpfajJFHRcKGT4aMyg3BiYcHCBFADs/JT0oPAIjMB8OKzAZGC0AMAEUMmkcEg0+CRIgCA19RjcWLBoTIxkNCTw3fio9HzgFLR4DBRkvGhcpDRYCIgl3LhQTKyw+CiVUfDgeNR0dPiEhFA0RFiE4Dz8IIEAACR0lEgsiISEUCksOETp+PA0SBioRDjE8Ajs1PSUKSzwjOxw3DjwwDEwbHDgtOxAEJxgSOzcTfxkzPDAMTB0DSBY4EEEzGCIrLBQIKz0wBhQMDg1cHxkZPB4ZPxoDMw1LDiM1DAJuICQDNhkdQQw4Dj4VLEsBEzI5MG8iNxczGRoFDCwZGCQHAgEwKX9KISUnHF9qMjB9CgonMCUvCEUdFlwyBx4gCmUNECA4CA0IIA9hQig5 HTTP/1.1
Host: foortowatch.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1192
Connection: keep-alive
Date: Fri, 27 Jan 2023 04:43:09 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: j9TF2wObjXJfz9ltGy26Z7_IRXFclsnGSInEosxcfhnrXxj-di701A==
foortowatch.xyz/TWRkMDEsBgddDixZBhZEPwhZFQMLQVZ2VX4QV0oFOQEBSFUmVhYeUiELEVRXPwsKRB8jARAVAwsiM117DwcKVwQJN1xlYzRQKHpkdCYGdnM1N1RACQ4gLVR3JBQCc2IiNTRYVjwjHQRHAiMHd3AnUQJTZxwxK0dGIDBVBBR/IiBzex03PEd1BzYmdlMmNVR1ARhXIGRCLyIgaXUXISUVAw8GVEhJG1QUQWInPQZ2W3kqKld3KQUieUcPCFVfZCMmJ2ZcPSwHWnMpBSJ5AwocPkNnIDYmf190NQdhQQIGD1RIACJVX2QnKSFoZiYOB3V7AwAiel4bVBRBcx5JNWJ0NzIsU0sfLwVcfzU1D1xAGFY2cWIJEyh9SS4BKmJBJjUgBUMYCjZTYgUTPFZ0AEIOQ14jFFl4aSUAHltYGxE+
54.230.111.95200 OK 1.2 kB URL HTTP/1.1 foortowatch.xyz/TWRkMDEsBgddDixZBhZEPwhZFQMLQVZ2VX4QV0oFOQEBSFUmVhYeUiELEVRXPwsKRB8jARAVAwsiM117DwcKVwQJN1xlYzRQKHpkdCYGdnM1N1RACQ4gLVR3JBQCc2IiNTRYVjwjHQRHAiMHd3AnUQJTZxwxK0dGIDBVBBR/IiBzex03PEd1BzYmdlMmNVR1ARhXIGRCLyIgaXUXISUVAw8GVEhJG1QUQWInPQZ2W3kqKld3KQUieUcPCFVfZCMmJ2ZcPSwHWnMpBSJ5AwocPkNnIDYmf190NQdhQQIGD1RIACJVX2QnKSFoZiYOB3V7AwAiel4bVBRBcx5JNWJ0NzIsU0sfLwVcfzU1D1xAGFY2cWIJEyh9SS4BKmJBJjUgBUMYCjZTYgUTPFZ0AEIOQ14jFFl4aSUAHltYGxE+
IP 54.230.111.95:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3016), with no line terminators
Hash 088e0cf66b8b538f643f90a667eb9cbe
7645131fd34cfab40bd6d2b04778b4e194698936
9dae8ec40b0d98ade9de6f99447c6ae82abe106b808664a07f767232c9c5fe13
GET /TWRkMDEsBgddDixZBhZEPwhZFQMLQVZ2VX4QV0oFOQEBSFUmVhYeUiELEVRXPwsKRB8jARAVAwsiM117DwcKVwQJN1xlYzRQKHpkdCYGdnM1N1RACQ4gLVR3JBQCc2IiNTRYVjwjHQRHAiMHd3AnUQJTZxwxK0dGIDBVBBR/IiBzex03PEd1BzYmdlMmNVR1ARhXIGRCLyIgaXUXISUVAw8GVEhJG1QUQWInPQZ2W3kqKld3KQUieUcPCFVfZCMmJ2ZcPSwHWnMpBSJ5AwocPkNnIDYmf190NQdhQQIGD1RIACJVX2QnKSFoZiYOB3V7AwAiel4bVBRBcx5JNWJ0NzIsU0sfLwVcfzU1D1xAGFY2cWIJEyh9SS4BKmJBJjUgBUMYCjZTYgUTPFZ0AEIOQ14jFFl4aSUAHltYGxE+ HTTP/1.1
Host: foortowatch.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1172
Connection: keep-alive
Date: Fri, 27 Jan 2023 04:43:09 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: DpzeJKw4mK9KQa7rTvX_J7TScgbLk8bGcQwZPtajPqbTc4lxJcdfpw==
ja.rewashwudu.com/fmwhVStpL4dxap/46223
23.109.82.72200 OK 26 B URL HTTP/1.1 ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP 23.109.82.72:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 04:43:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://gestyy.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sat, 28-Jan-2023 04:43:09 GMT; Max-Age=86400; path=/
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Sat, 28-Jan-2023 04:43:09 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
foortowatch.xyz/UHBwcEUxEhMdejFNElYwIhxNVXcWVUI2IWMEQwpxJBUVCCE7QgJeJjwfBRQjIh8eBGs+FQRVdxZDJTYDBhQeNT8AGgMhETkhRD0QJDkqJy07IkAcdx8JKSoNKTIDPAE8MjczKTs/ITE/FzEpEQYURDITMhk8Pjc9PCUyQD0ACjo8EyolVUIDHhsEMSE6MQg2ACgbFAkAFzgaBDYfFwcUDjoTVUIDFQgXHQgYPTQ1AmBIPxcyCSA0QHUFQD0nHxgENyYCGhgWIQAJIBolcxEhOkEcYiUpMh0GGiolIRIWHTYyAiQ+QRxiJTI3AWUeKSYLEzUeIisCFxwdHwhdMjYIYyYaKhQBOBQnDAUiQDYpNkImFhMXOhg9LR0jPwpwJyI0FCwJJyI3FAc2GCoDHjQpNCZoMjIhdwAZQSQUKCoXKhAeFik4JjcjQDFjOgMfHjVtCT9ADShBPwEmGSMcCSsA
54.230.111.95200 OK 1.2 kB URL HTTP/1.1 foortowatch.xyz/UHBwcEUxEhMdejFNElYwIhxNVXcWVUI2IWMEQwpxJBUVCCE7QgJeJjwfBRQjIh8eBGs+FQRVdxZDJTYDBhQeNT8AGgMhETkhRD0QJDkqJy07IkAcdx8JKSoNKTIDPAE8MjczKTs/ITE/FzEpEQYURDITMhk8Pjc9PCUyQD0ACjo8EyolVUIDHhsEMSE6MQg2ACgbFAkAFzgaBDYfFwcUDjoTVUIDFQgXHQgYPTQ1AmBIPxcyCSA0QHUFQD0nHxgENyYCGhgWIQAJIBolcxEhOkEcYiUpMh0GGiolIRIWHTYyAiQ+QRxiJTI3AWUeKSYLEzUeIisCFxwdHwhdMjYIYyYaKhQBOBQnDAUiQDYpNkImFhMXOhg9LR0jPwpwJyI0FCwJJyI3FAc2GCoDHjQpNCZoMjIhdwAZQSQUKCoXKhAeFik4JjcjQDFjOgMfHjVtCT9ADShBPwEmGSMcCSsA
IP 54.230.111.95:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Hash a90fb2f7c4c60c262c8a457dc792b855
b8ded9a531e001389e06af5cf8293f8e4723b79b
9390976aa918d4d8dc532acaaf2164c88f3d97787aad10cf84239741bb1dcb97
GET /UHBwcEUxEhMdejFNElYwIhxNVXcWVUI2IWMEQwpxJBUVCCE7QgJeJjwfBRQjIh8eBGs+FQRVdxZDJTYDBhQeNT8AGgMhETkhRD0QJDkqJy07IkAcdx8JKSoNKTIDPAE8MjczKTs/ITE/FzEpEQYURDITMhk8Pjc9PCUyQD0ACjo8EyolVUIDHhsEMSE6MQg2ACgbFAkAFzgaBDYfFwcUDjoTVUIDFQgXHQgYPTQ1AmBIPxcyCSA0QHUFQD0nHxgENyYCGhgWIQAJIBolcxEhOkEcYiUpMh0GGiolIRIWHTYyAiQ+QRxiJTI3AWUeKSYLEzUeIisCFxwdHwhdMjYIYyYaKhQBOBQnDAUiQDYpNkImFhMXOhg9LR0jPwpwJyI0FCwJJyI3FAc2GCoDHjQpNCZoMjIhdwAZQSQUKCoXKhAeFik4JjcjQDFjOgMfHjVtCT9ADShBPwEmGSMcCSsA HTTP/1.1
Host: foortowatch.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1197
Connection: keep-alive
Date: Fri, 27 Jan 2023 04:43:09 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 4XTeK_wXHzqaTsA5NxnXrTxgM-ZpQXiKQzXkuBzPLR9xx8Xzi0_yOw==
ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=gestyy.com&var=&ymid=&var_3=
139.45.197.250200 OK 733 B URL HTTP/2 ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=gestyy.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (732)
Hash c4f1633521cf2d35084cc0c84486dd07
dac3d4db94657da81b80038b058932b660db61c2
1d63d3463490862a359746c44d9a0de3a9248c6ad368fed721137aad56431937
GET /zone?pub=0&zone_id=4157053&is_mobile=false&domain=gestyy.com&var=&ymid=&var_3= HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gestyy.com/
Origin: http://gestyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 04:43:09 GMT
content-type: application/json; charset=utf-8
content-length: 733
x-trace-id: 9a46a56133b3a7b4ee2be9314d97d987
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
IP 142.250.74.131:0
Hash bca72d3eae366aa16cd3164a43bb147a
5bb093d3735d429c57701080d8c45ece44d3234e
b515044cd948a21319a7c93a82d9e4e1057b1b5062ab6ca3944a02747cdcc171
POST /s/gts1p5/jrItU-VjrKU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
selsattherean.xyz/aG9UQXJHUDcyTz1cDgYoPgslECo6Cw0WFicJOAccMioSOyQ/JnI1GwxSbXdAWFZmZwIBC2lwSk4cICAGHRxpcFQBATIuT04ZaXBcWEFmb0BOGmlwVBwfNSZPWUkkNQYEUmV3RVxYbXVHUFZndUI
104.21.47.245204 No Content 0 B URL HTTP/2 selsattherean.xyz/aG9UQXJHUDcyTz1cDgYoPgslECo6Cw0WFicJOAccMioSOyQ/JnI1GwxSbXdAWFZmZwIBC2lwSk4cICAGHRxpcFQBATIuT04ZaXBcWEFmb0BOGmlwVBwfNSZPWUkkNQYEUmV3RVxYbXVHUFZndUI
IP 104.21.47.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aG9UQXJHUDcyTz1cDgYoPgslECo6Cw0WFicJOAccMioSOyQ/JnI1GwxSbXdAWFZmZwIBC2lwSk4cICAGHRxpcFQBATIuT04ZaXBcWEFmb0BOGmlwVBwfNSZPWUkkNQYEUmV3RVxYbXVHUFZndUI HTTP/1.1
Host: selsattherean.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 27 Jan 2023 04:43:09 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jS1OZYr5rJuhqt%2F0c7Oc1DOj8LPStnganZO9OcMH%2F6En8PnWGvSf%2FhbLtVYeZvPk5JnkZpGEyB23N5KoJnwu%2BbGRmBWm0xqOu3k1GFvx2OjwH5BdxUFuT7F4eSnzGRxvssN8NQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78fed3691ad0fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
selsattherean.xyz/Y0tZS1ZMdDo4awATKSEEJDMfGjotMgEOGC0dAR0PMA5sGjUlGn8/Pwd2YH5vUnphbSYKL2R6cBA/OD8jEHZobT8NLTZ2cBV2aGVlV2VqenhRbSx2Z0U/KSoxXnp/OyIXJ2R6YFR/bnJiVnNgeGNW
104.21.47.245204 No Content 0 B URL HTTP/2 selsattherean.xyz/Y0tZS1ZMdDo4awATKSEEJDMfGjotMgEOGC0dAR0PMA5sGjUlGn8/Pwd2YH5vUnphbSYKL2R6cBA/OD8jEHZobT8NLTZ2cBV2aGVlV2VqenhRbSx2Z0U/KSoxXnp/OyIXJ2R6YFR/bnJiVnNgeGNW
IP 104.21.47.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Y0tZS1ZMdDo4awATKSEEJDMfGjotMgEOGC0dAR0PMA5sGjUlGn8/Pwd2YH5vUnphbSYKL2R6cBA/OD8jEHZobT8NLTZ2cBV2aGVlV2VqenhRbSx2Z0U/KSoxXnp/OyIXJ2R6YFR/bnJiVnNgeGNW HTTP/1.1
Host: selsattherean.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 27 Jan 2023 04:43:09 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rFHazy2sYIvM%2Fo7Ms87OI4kmJihy8arGPNhMkF6YxaODS6Bu2FIvwlRoMs7ls2ITee%2B0iyP%2FtuwNiAoMfTRulMPFDFCzUxaa%2BXkEcx7i4Y7KfQUTvd8H%2B4wvyg4Sd0wkAiynvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78fed3692ad4fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE4MzU2MCwid2lkIjo0MjAyNDcsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2dlc3R5eS5jb20vd0hEOTlp&inc=0
185.162.85.1200 OK 0 B URL HTTP/2 prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE4MzU2MCwid2lkIjo0MjAyNDcsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2dlc3R5eS5jb20vd0hEOTlp&inc=0
IP 185.162.85.1:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE4MzU2MCwid2lkIjo0MjAyNDcsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2dlc3R5eS5jb20vd0hEOTlp&inc=0 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gestyy.com/
Origin: http://gestyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 27 Jan 2023 04:43:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2
d3t3z4teexdk2r.cloudfront.net/4SmRmOTIpCwhfDT4NAgQLfFZWAQtsDhVWXDpZH1hcCDQfQFw/XVBgRWwQHF0PekIKWFwtWUBcXClZVx9TLgZbDRQ+FAlSDyUeCkNUIAEPT1NsEQcEXyUeD1VeK0FUfwdkVEMLAmITD1dWJRMVHAB6ChIcAHpVVhcCb1ckHAB6Ew9XBH5BVXsXeFQeDwZvVy-QcAHoWEBwBC1VWDBx6TUMLAi0BBVJdb1YgCwJ7VFYIAntBVAlUIxYDX10yQVR/A3pRSAkUP1lX
54.230.245.161200 OK 483 B URL HTTP/1.1 d3t3z4teexdk2r.cloudfront.net/4SmRmOTIpCwhfDT4NAgQLfFZWAQtsDhVWXDpZH1hcCDQfQFw/XVBgRWwQHF0PekIKWFwtWUBcXClZVx9TLgZbDRQ+FAlSDyUeCkNUIAEPT1NsEQcEXyUeD1VeK0FUfwdkVEMLAmITD1dWJRMVHAB6ChIcAHpVVhcCb1ckHAB6Ew9XBH5BVXsXeFQeDwZvVy-QcAHoWEBwBC1VWDBx6TUMLAi0BBVJdb1YgCwJ7VFYIAntBVAlUIxYDX10yQVR/A3pRSAkUP1lX
IP 54.230.245.161:0
File type ASCII text, with very long lines (657), with no line terminators
Hash 134607fa395b6b901eb33e976b5a5dc3
b113a873fa6558da5130573f6b820a90dee58331
c478bbe5a2b56af3d4d97649ec18c178cd6333bfd18e01abfd00ce83c1f9189d
GET /4SmRmOTIpCwhfDT4NAgQLfFZWAQtsDhVWXDpZH1hcCDQfQFw/XVBgRWwQHF0PekIKWFwtWUBcXClZVx9TLgZbDRQ+FAlSDyUeCkNUIAEPT1NsEQcEXyUeD1VeK0FUfwdkVEMLAmITD1dWJRMVHAB6ChIcAHpVVhcCb1ckHAB6Ew9XBH5BVXsXeFQeDwZvVy-QcAHoWEBwBC1VWDBx6TUMLAi0BBVJdb1YgCwJ7VFYIAntBVAlUIxYDX10yQVR/A3pRSAkUP1lX HTTP/1.1
Host: d3t3z4teexdk2r.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://foortowatch.xyz/
HTTP/1.1 200 OK
Content-Length: 483
Connection: keep-alive
Date: Fri, 27 Jan 2023 04:43:09 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: lZml2qtmwfPAC9wyUEiASGVwucL3rjOfeDcnSG9jCzSU2IfiAE09Wg==
push.services.mozilla.com/
54.200.117.177101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.200.117.177:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: V2r0o0gN1ZybwxObizuB4Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: AmahvnTZvIsmJN3zzPlV5UCtiIs=
d3t3z4teexdk2r.cloudfront.net/3UFFVdnEzPjsQTiQ4MUtIZWhkR0l2OyYZHyBsLDlBGClkOQAzGAYaCD4BcwILNGxlUB0xPzJLVzU/NktAdjAxFExkdyEGHjtsOgwdKjc/ExgmMHMDEG08OgwYPD00U0MWZHtGVGJhfQEYPjU6AQJ1Y2UYBXVjZUdBfmFwRTN1Y2UBGD5nYVNCEnRnRglmZX-BFM3VjZQQHdWIUR0Flf2VfVGJhMhMSOz5wRDdiYWRGQWFhZFNDYDc8BBQ2Pi1TQxZgZUNfYHcgS0A
54.230.245.161200 OK 476 B URL HTTP/1.1 d3t3z4teexdk2r.cloudfront.net/3UFFVdnEzPjsQTiQ4MUtIZWhkR0l2OyYZHyBsLDlBGClkOQAzGAYaCD4BcwILNGxlUB0xPzJLVzU/NktAdjAxFExkdyEGHjtsOgwdKjc/ExgmMHMDEG08OgwYPD00U0MWZHtGVGJhfQEYPjU6AQJ1Y2UYBXVjZUdBfmFwRTN1Y2UBGD5nYVNCEnRnRglmZX-BFM3VjZQQHdWIUR0Flf2VfVGJhMhMSOz5wRDdiYWRGQWFhZFNDYDc8BBQ2Pi1TQxZgZUNfYHcgS0A
IP 54.230.245.161:0
File type ASCII text, with very long lines (663), with no line terminators
Hash a41e99c8e303dca8691f5949844fab47
d8bd20081381540ee86bc1268d7635e9dfbbd4d4
ce6bddc74f22c83f114eb53b78221631a6531189ab22245f8c09803655ca4d08
GET /3UFFVdnEzPjsQTiQ4MUtIZWhkR0l2OyYZHyBsLDlBGClkOQAzGAYaCD4BcwILNGxlUB0xPzJLVzU/NktAdjAxFExkdyEGHjtsOgwdKjc/ExgmMHMDEG08OgwYPD00U0MWZHtGVGJhfQEYPjU6AQJ1Y2UYBXVjZUdBfmFwRTN1Y2UBGD5nYVNCEnRnRglmZX-BFM3VjZQQHdWIUR0Flf2VfVGJhMhMSOz5wRDdiYWRGQWFhZFNDYDc8BBQ2Pi1TQxZgZUNfYHcgS0A HTTP/1.1
Host: d3t3z4teexdk2r.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://foortowatch.xyz/
HTTP/1.1 200 OK
Content-Length: 476
Connection: keep-alive
Date: Fri, 27 Jan 2023 04:43:09 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: bQ2DD4NwbJRBMP2hyE8R-r8Vklqgj8R5mseTFT13OREAmOx0SJt6dQ==
d3t3z4teexdk2r.cloudfront.net/FWmJBcng5DS8URy4LJU9BbFBxS0p8CDIdFipfCSoQPhgqGy4vOGcGAj5fcVQUOwwmT14/DCJPSXwDJRBFbkQ0E0U3DTsbFDYDZEA+b0xxV0pqSjYbFj4NNgFdaFIvBl1oUnBCVmpHcjBdaFI2GxZsVmRBOn9QcQpObkdyMF1oUjMEXWkjcEJNdFJoV0pqBS-QREzVHczRKalNxQklqU2RASDwLMxceNRpkQD5rUnRcSHwXfEM
54.230.245.161200 OK 184 B URL HTTP/1.1 d3t3z4teexdk2r.cloudfront.net/FWmJBcng5DS8URy4LJU9BbFBxS0p8CDIdFipfCSoQPhgqGy4vOGcGAj5fcVQUOwwmT14/DCJPSXwDJRBFbkQ0E0U3DTsbFDYDZEA+b0xxV0pqSjYbFj4NNgFdaFIvBl1oUnBCVmpHcjBdaFI2GxZsVmRBOn9QcQpObkdyMF1oUjMEXWkjcEJNdFJoV0pqBS-QREzVHczRKalNxQklqU2RASDwLMxceNRpkQD5rUnRcSHwXfEM
IP 54.230.245.161:0
File type ASCII text, with no line terminators
Hash 58a9602207d833d1a09106e51037272a
575f144defabb7bde7a8f40910f6237c50a047bf
7ad077b1087c8bca67e8de0111a54c797a81d4180d4219d29a3f4c2d97bffce3
GET /FWmJBcng5DS8URy4LJU9BbFBxS0p8CDIdFipfCSoQPhgqGy4vOGcGAj5fcVQUOwwmT14/DCJPSXwDJRBFbkQ0E0U3DTsbFDYDZEA+b0xxV0pqSjYbFj4NNgFdaFIvBl1oUnBCVmpHcjBdaFI2GxZsVmRBOn9QcQpObkdyMF1oUjMEXWkjcEJNdFJoV0pqBS-QREzVHczRKalNxQklqU2RASDwLMxceNRpkQD5rUnRcSHwXfEM HTTP/1.1
Host: d3t3z4teexdk2r.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://foortowatch.xyz/
HTTP/1.1 200 OK
Content-Length: 184
Connection: keep-alive
Date: Fri, 27 Jan 2023 04:43:09 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Do3k2zcMmYSNadIpkha-hdeVpCbMEiSrZiKZghX47_DNxCQeNTKrlw==
selsattherean.xyz/b3NOaWJATC0aXzUeewg4Ox8oMQ9eIQ0vKDUSGCgsN0IiHzo+NmgdCwtOd19QX0t3TxIGF3NYRBwHLx0XHE5/TwsBFSFURBlOf0dRW119WExdVTtUU0kHPggFUkJoGRYbH3NYVFhHeVBWWkt3WlBZ
104.21.47.245204 No Content 0 B URL HTTP/2 selsattherean.xyz/b3NOaWJATC0aXzUeewg4Ox8oMQ9eIQ0vKDUSGCgsN0IiHzo+NmgdCwtOd19QX0t3TxIGF3NYRBwHLx0XHE5/TwsBFSFURBlOf0dRW119WExdVTtUU0kHPggFUkJoGRYbH3NYVFhHeVBWWkt3WlBZ
IP 104.21.47.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b3NOaWJATC0aXzUeewg4Ox8oMQ9eIQ0vKDUSGCgsN0IiHzo+NmgdCwtOd19QX0t3TxIGF3NYRBwHLx0XHE5/TwsBFSFURBlOf0dRW119WExdVTtUU0kHPggFUkJoGRYbH3NYVFhHeVBWWkt3WlBZ HTTP/1.1
Host: selsattherean.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 27 Jan 2023 04:43:09 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ooft03Y3PfNR98opAA0zIZPn%2B7OTQYl7DPIW%2B4XQgVL1XMPj14Q7Cwor1MrbvK%2FSRsH2tRcDRH8RpEaRSUkg2v1Ok5ChQE3%2Bmb0HlgJxdzQnc5%2B07RNeQazMQ5E%2BJ1TeJewxwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78fed369dae9fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/1.1 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20085
Date: Fri, 27 Jan 2023 04:18:07 GMT
Expires: Fri, 27 Jan 2023 06:18:07 GMT
Cache-Control: public, max-age=7200
Age: 1502
Last-Modified: Tue, 10 Jan 2023 21:29:14 GMT
Content-Type: text/javascript
ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
IP 142.250.74.131:0
Hash bca72d3eae366aa16cd3164a43bb147a
5bb093d3735d429c57701080d8c45ece44d3234e
b515044cd948a21319a7c93a82d9e4e1057b1b5062ab6ca3944a02747cdcc171
POST /s/gts1p5/jrItU-VjrKU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 37dce3efd55b962e0d26fdc3a1033e22
6453d72e70e36bd37ca1744d85ec9ca549629cf2
0b8f3eab1044d6159677c241e96e244f10d78fe339d37c94e65f8495b216f3bb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4317
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Last-Modified: Fri, 27 Jan 2023 03:31:12 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f9e92d8863b76845831b7b68514bcb42
b45e10117293e9b22389e1ddae773cac31883e2c
8b2bde7176878f3aa056c124c031a2aceb18473ecc53c06a73191dbda9ff9ab9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f9e92d8863b76845831b7b68514bcb42
b45e10117293e9b22389e1ddae773cac31883e2c
8b2bde7176878f3aa056c124c031a2aceb18473ecc53c06a73191dbda9ff9ab9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ptauxofi.net/pfe/current/universal.min.js?v=3.1.414
139.45.197.250200 OK 35 kB URL HTTP/2 ptauxofi.net/pfe/current/universal.min.js?v=3.1.414
IP 139.45.197.250:0
Hash 22e71dacb57a7a07b6175c677f70d8e6
292f0f8e4a2d9c54c7bed52efa295c9076fcf6ca
daa321f5bc94bbab16225e2bf50f9391ad52632ecb1ea61bc653e21dbe900b39
GET /pfe/current/universal.min.js?v=3.1.414 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gestyy.com/
Origin: http://gestyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 04:43:09 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 14:02:57 GMT
etag: W/"63d28811-18c6c"
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
static.shorte.st/bundles/smeweb/img/favicon.ico?2022-06-29.0
104.26.4.107200 OK 2.6 kB URL HTTP/2 static.shorte.st/bundles/smeweb/img/favicon.ico?2022-06-29.0
IP 104.26.4.107:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 5412ca7747a01be6da045bc6b8857810
d79c91dbe81ed26ee2692e967a23206d6b544b74
8b17622b4176f8f75555beb1dcdfaeafd9ad587e4345373a8b9b75380c780bc7
GET /bundles/smeweb/img/favicon.ico?2022-06-29.0 HTTP/1.1
Host: static.shorte.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 27 Jan 2023 04:43:09 GMT
content-type: image/x-icon
last-modified: Wed, 29 Jun 2022 08:56:53 GMT
etag: W/"62bc13d5-a07"
x-server-id: shn09
x-ua-compatible: IE=Edge
expires: Fri, 27 Jan 2023 16:28:18 GMT
cache-control: max-age=86400
cf-cache-status: HIT
age: 44091
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rn2X8sNPiG%2FmmSI2p0OjyR1otrvU0qeCau0xJ1bYxuOaC9sutILgSdIclVs2ZIv3JURzyL0Mkt09HsjUQNwQ%2BtM8Kdq6mDC47bQJkBtkghKzLB2A0V1gxes8vWD3UxeW9vU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78fed36b1caeb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.45302 Found 400 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.45:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash 13f2df79592e2e206d0b6a67095497f3
082fd381a06211ae14aadd57f6975b1f071565df
43eebc5b052f286a4b970a14f7958e784940d28ff41f7f0b5ce5ac2d4a629777
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 27 Jan 2023 04:43:09 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1643362265%3A1674794589977119&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf5u_LL0M94SzuJD8ozsXVG-QTBa57JKoArwV8G8XkMgr9PKC0RioS0WfKlCeifTST8-2MNOg
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-328HVh9anYZH_zeUpCzV-Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 400
server: GSE
set-cookie: __Host-GAPS=1:h-llUZlETaUB5cqOFCOs9Fm0dKT7ig:g1cA9cIQm47Z_7LN;Path=/;Expires=Sun, 26-Jan-2025 04:43:09 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ptauxofi.net/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://gestyy.com/
Origin: http://gestyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 04:43:09 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
foortowatch.xyz/utx?cb=R5mBTAIF5dtm&top=gestyy.com&tid=962089
54.230.111.95204 No Content 0 B URL HTTP/2 foortowatch.xyz/utx?cb=R5mBTAIF5dtm&top=gestyy.com&tid=962089
IP 54.230.111.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=R5mBTAIF5dtm&top=gestyy.com&tid=962089 HTTP/1.1
Host: foortowatch.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gestyy.com
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 27 Jan 2023 04:43:09 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://gestyy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 27 Jan 2023 04:44:09 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pS2iBPtF41_GEU70-ovGQ2xDSAIJN4w06YuiJ1Kf0QEZOoZ7vQ5o7Q==
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j99&a=416052687&t=pageview&_s=1&dl=http%3A%2F%2Fgestyy.com%2FwHD99i%3Futm_source%3D%26utm_medium%3DQL%26utm_name%3D1&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAAABAAAAAC~&jid=1524851090&gjid=1248767869&cid=1472459857.1674794590&uid=429854&tid=UA-42296749-1&_gid=1673930404.1674794590&_r=1&_slc=1&cd2=2022-06-29.0&cd7=429854&cd5=0&z=718081142
142.250.74.46200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=416052687&t=pageview&_s=1&dl=http%3A%2F%2Fgestyy.com%2FwHD99i%3Futm_source%3D%26utm_medium%3DQL%26utm_name%3D1&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAAABAAAAAC~&jid=1524851090&gjid=1248767869&cid=1472459857.1674794590&uid=429854&tid=UA-42296749-1&_gid=1673930404.1674794590&_r=1&_slc=1&cd2=2022-06-29.0&cd7=429854&cd5=0&z=718081142
IP 142.250.74.46:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j99&a=416052687&t=pageview&_s=1&dl=http%3A%2F%2Fgestyy.com%2FwHD99i%3Futm_source%3D%26utm_medium%3DQL%26utm_name%3D1&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAAABAAAAAC~&jid=1524851090&gjid=1248767869&cid=1472459857.1674794590&uid=429854&tid=UA-42296749-1&_gid=1673930404.1674794590&_r=1&_slc=1&cd2=2022-06-29.0&cd7=429854&cd5=0&z=718081142 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://gestyy.com
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://gestyy.com
date: Fri, 27 Jan 2023 04:43:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
foortowatch.xyz/utx?cb=xdgusyqmWHyC&top=gestyy.com&tid=959118
54.230.111.95204 No Content 0 B URL HTTP/2 foortowatch.xyz/utx?cb=xdgusyqmWHyC&top=gestyy.com&tid=959118
IP 54.230.111.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=xdgusyqmWHyC&top=gestyy.com&tid=959118 HTTP/1.1
Host: foortowatch.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gestyy.com
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 27 Jan 2023 04:43:09 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://gestyy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 27 Jan 2023 04:44:09 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kjqswzZlpRBkeJQQl8soaLBeOIg_CKge2mWFCynZDO0V_MYXa6wfFA==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3ebf9d7211aba4c70b84fb470a61b414
28fe29a24e47d6abda88eeeb5e22eddda03c7fca
a8276e099d9d8452b65b70d161a459fae25afb37cea7eff9cc5563b7de972acc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.45302 Found 389 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.45:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (378)
Hash a1294ceeeb45b2c26a6061b43a40a79d
edb0bf85c3e4fe63362246c2a58a724cb9249175
55dc19f23ba72bef0e7cf2ee4a556613c45c39895f59e41ed220dc1b1a9ea710
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 27 Jan 2023 04:43:10 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1628145134%3A1674794590013465&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcYpIEeHZ0GoIhuZMbs_qlrXriw-euhXTftrxEKjm_ZZO3GHNkJziHqBs_kwHBf4cw46SwO
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-GCxWgaC4BPWA6bBpzYV1HA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 389
server: GSE
set-cookie: __Host-GAPS=1:DMDr3WYfYmaOwjtJGKEiZ6fSHf0kbQ:nci5rDJblJ2H6qt-;Path=/;Expires=Sun, 26-Jan-2025 04:43:10 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c8a0d6bc80301700d6fb1d520beb8b49
f33a1a1e491fcd6ca31360b28b092457a2d48f23
ef0535b52ccb717c1200d5974ea8841b92f655234d67ace0e71c1ec7f5fbb3f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gestyy.com/
Content-Type: application/json
Origin: http://gestyy.com
Content-Length: 395
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 04:43:10 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b2f40c8e7a3fe35fae5346d69381d706
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/997869120/?random=1674794589294&cv=11&fst=1674792000000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fgestyy.com%2FwHD99i%3Futm_source%3D%26utm_medium%3DQL%26utm_name%3D1&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4142856870&rmt_tld=0&ipr=y
216.58.207.228200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/997869120/?random=1674794589294&cv=11&fst=1674792000000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fgestyy.com%2FwHD99i%3Futm_source%3D%26utm_medium%3DQL%26utm_name%3D1&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4142856870&rmt_tld=0&ipr=y
IP 216.58.207.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/997869120/?random=1674794589294&cv=11&fst=1674792000000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fgestyy.com%2FwHD99i%3Futm_source%3D%26utm_medium%3DQL%26utm_name%3D1&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4142856870&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 04:43:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 97ccaa279f6ade845b71b57615d40388
5186089108dca0136feab418da66a9e027c7e427
515128c713e98c9a0546c35d9a1e0719057136509b5b2312e4af56a9acc80ec2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/997869120/?random=1674794589294&cv=11&fst=1674792000000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fgestyy.com%2FwHD99i%3Futm_source%3D%26utm_medium%3DQL%26utm_name%3D1&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4142856870&rmt_tld=1&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/997869120/?random=1674794589294&cv=11&fst=1674792000000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fgestyy.com%2FwHD99i%3Futm_source%3D%26utm_medium%3DQL%26utm_name%3D1&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4142856870&rmt_tld=1&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/997869120/?random=1674794589294&cv=11&fst=1674792000000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fgestyy.com%2FwHD99i%3Futm_source%3D%26utm_medium%3DQL%26utm_name%3D1&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4142856870&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 04:43:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4adeea2262378239736beff115f7a5a4
3f5dec01a072e26e8f9f436a7d28860fab4e0feb
52959cfee451c390f39e92b6fd2cb07ae7550e5d1ed880ff4f131c2837c377bd
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "52959CFEE451C390F39E92B6FD2CB07AE7550E5D1ED880FF4F131C2837C377BD"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14431
Expires: Fri, 27 Jan 2023 08:43:41 GMT
Date: Fri, 27 Jan 2023 04:43:10 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ab744f1fbf03bf793085117f6691a062
f26ee7a876fee3e80c2521374a4c527d55b17e83
fc5b8cb6f5bd7396921cac6bf1bbd6cb41715cdcd19527ae5310e59eafd07928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC5B8CB6F5BD7396921CAC6BF1BBD6CB41715CDCD19527AE5310E59EAFD07928"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=438
Expires: Fri, 27 Jan 2023 04:50:28 GMT
Date: Fri, 27 Jan 2023 04:43:10 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 37dce3efd55b962e0d26fdc3a1033e22
6453d72e70e36bd37ca1744d85ec9ca549629cf2
0b8f3eab1044d6159677c241e96e244f10d78fe339d37c94e65f8495b216f3bb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4318
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:10 GMT
Last-Modified: Fri, 27 Jan 2023 03:31:12 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c8a0d6bc80301700d6fb1d520beb8b49
f33a1a1e491fcd6ca31360b28b092457a2d48f23
ef0535b52ccb717c1200d5974ea8841b92f655234d67ace0e71c1ec7f5fbb3f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
selsattherean.xyz/popunder.gif
104.21.47.245301 Moved Permanently 0 B URL HTTP/1.1 selsattherean.xyz/popunder.gif
IP 104.21.47.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: selsattherean.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/
HTTP/1.1 301 Moved Permanently
Date: Fri, 27 Jan 2023 04:43:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 27 Jan 2023 05:43:10 GMT
Location: https://selsattherean.xyz/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KEXO3ke3GgLtWFa%2FPZnYliHnc4iTbQfMuZ0Cu7V%2B2bwcYMkNtIIRmVnlRbKXNSuxlzZMrCBnvAJryNb5fcHblf2%2BpzvdpX39weVvFwdet4Z%2BCxrp1XOSsT1UBqVftguxp4audw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fed36c5f2bb52d-OSL
alt-svc: h2=":443"; ma=60
my.rtmark.net/gid.js?pub=0&userId=d6585328b89244618d484be7d742a601&zoneId=4157053&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=d6585328b89244618d484be7d742a601&zoneId=4157053&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 52eaf4a7d1f5864ee313c336c5314976
5bc4754576900635a28312c7302f91492c0fe3a1
c4f16cfd5a6e7d4bfa29f683af4357a83f2fd1110ca69076dbe53e0028b12b8b
GET /gid.js?pub=0&userId=d6585328b89244618d484be7d742a601&zoneId=4157053&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gestyy.com/
Origin: http://gestyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 04:43:10 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://gestyy.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=d6585328b89244618d484be7d742a601; expires=Sat, 27 Jan 2024 04:43:10 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
js-agent.newrelic.com/552.2d6a2503-1220.js
151.101.66.137200 OK 6.7 kB URL HTTP/2 js-agent.newrelic.com/552.2d6a2503-1220.js
IP 151.101.66.137:0
Hash 74c6992f5ce17eeaa66038b5b5b3bb4d
c4c755685ac98ec43286dcb41755d655a439b7c0
06d75a91f8e1bff8753d3b491e54f3972d3bb90f136dc4d2f8bb80dc718e467e
GET /552.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: S+3dyd9zsXUOUMxQTizig8xOYSepKpKW2+8x2q1T4G42hdfO95rVGWHcuaBV1ReUm4ZmR2FQQhw=
x-amz-request-id: JKBCE94EKY03PFF9
last-modified: Wed, 05 Oct 2022 14:53:43 GMT
etag: "777ac0df4dba632ad1b2955c88dd51ac"
x-amz-version-id: 7EjqUQ3uiXAFqO0VnIOp2ymSTJq3JZwD
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 27 Jan 2023 04:43:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1643-BMA
x-cache: HIT
x-cache-hits: 99
x-timer: S1674794590.276559,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 5890
X-Firefox-Spdy: h2
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gestyy.com/
Content-Type: application/json
Origin: http://gestyy.com
Content-Length: 711
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 04:43:10 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: feb2e55e6b6ad44a295939f0c6f8eda7
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
js-agent.newrelic.com/290.2d6a2503-1220.js
151.101.66.137200 OK 3.4 kB URL HTTP/2 js-agent.newrelic.com/290.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (8544)
Hash b9baa2cb6a3b1a3d0fda03cd7db51631
42d37467e05182e3cab2fcb54577dc462adcf50b
31a8b4d47298cae24c66e37256a51474ae88a745fdfec79f99b2d43608e6d822
GET /290.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: hKdDHgHyERBg1nUGQlyZVgUR+RqUX7PryywrU9G+mKoJKN1D85k7Mhb42+NXxhAJFG3KEoBf8sE=
x-amz-request-id: 33WFY1GSQ3JZBFGM
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "13898fbb4d7a1f83fc6722c4c12faf40"
x-amz-version-id: C4hj6k9j4I7xXuTBZvcbX78Bf.Ep8KMk
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 27 Jan 2023 04:43:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1643-BMA
x-cache: HIT
x-cache-hits: 100
x-timer: S1674794590.313476,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3424
X-Firefox-Spdy: h2
js-agent.newrelic.com/368.2d6a2503-1220.js
151.101.66.137200 OK 1.4 kB URL HTTP/2 js-agent.newrelic.com/368.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (3382)
Hash fa50a55750d1d0978fca32be5dbc3988
a7f447621d48b3ecf7fc0192b515d506d3d1ad18
c621038fb07e536af8a1ec6d260853dfe69055dc2fb526700919c53b3b7e5f20
GET /368.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: qKUQ20x7cUwDiXkyGzEE0QLCztJ3rIOyPqEkhC3qVlFk+l2zvs9Vd1Ibg0oo2VVGiZ60lT07inw=
x-amz-request-id: 33W2D99RXMHR1XW9
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "16b4f3676c3859e1378a2ccdebbad675"
x-amz-version-id: zC.KoTaM7bjdFj.W4KQMilxtjXXSNPks
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 27 Jan 2023 04:43:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1643-BMA
x-cache: HIT
x-cache-hits: 101
x-timer: S1674794590.313649,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1443
X-Firefox-Spdy: h2
js-agent.newrelic.com/768.2d6a2503-1220.js
151.101.66.137200 OK 2.2 kB URL HTTP/2 js-agent.newrelic.com/768.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (5523)
Hash 98a96a3306b7723c0b8c4bff074cdd9f
e9070da7daa34fa2d8ac2e4ec00e3c499ea37516
a6079d50fa4c72b521fd865e67be080b5b21c336a71dbf7a1800a12ad42384f7
GET /768.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: LKNOIS6KmUy5huHEMF/CcFDhdHu/sYHjfkVSDv/Qd6ObG2fqz1GfTEdKLjkviCgj2G0S+/ErDcY=
x-amz-request-id: 33W599GS0X3J6D98
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "d6cc8b42eda6fd7734014b03b87b5787"
x-amz-version-id: 0CJw6LdyBdZcjhOiVrtC0pLcOFtA3d5G
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 27 Jan 2023 04:43:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1643-BMA
x-cache: HIT
x-cache-hits: 99
x-timer: S1674794590.313629,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2225
X-Firefox-Spdy: h2
js-agent.newrelic.com/775.2d6a2503-1220.js
151.101.66.137200 OK 632 B URL HTTP/2 js-agent.newrelic.com/775.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (1169)
Hash 661520fd0dfebb919d68a69b60ca426f
b85ef80a0e0d95bf4904f9ce4fad56c49ae035be
ecd489671c6255fee8370fc1f8f4e99519ef8d4c4c0ab06640b0c021642e1db7
GET /775.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: I1vsI/pE/c3hEsq91esc6lPX2zw/LBwa6Rk8BDDvsaxpa1r+yHM2bEzBqRAknYtryW1lHxmEih0=
x-amz-request-id: 33WD7C1PEQBHPBA5
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "1dfdb74c0491489bf04c6deadb56add2"
x-amz-version-id: y1AQ2bnjUbwuFOuSS5MP1vew1dGw.1iz
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 27 Jan 2023 04:43:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1643-BMA
x-cache: HIT
x-cache-hits: 101
x-timer: S1674794590.313753,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 632
X-Firefox-Spdy: h2
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gestyy.com/
Content-Type: application/json
Origin: http://gestyy.com
Content-Length: 396
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 04:43:10 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a9f2892b519c9316c41fe3d17e4f47a8
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7b72e532b49cad695eb0f3ce02e7c8eb
0cab73ccaca3c3d107577a824c8f45ddbd6882d1
82ec65861808196cd2252c59bc040b01208469409c7a6f66b1c2efaa6d8272eb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4462
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 04:43:10 GMT
Last-Modified: Fri, 27 Jan 2023 03:28:49 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
bam.nr-data.net/1/28e0508023?a=9451001&v=1220.PROD&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=1930&ck=0&s=9d8510236ba4dbac&ref=http://gestyy.com/wHD99i&ap=94&be=503&fe=1303&dc=701&perf=%7B%22timing%22:%7B%22of%22:1674794588272,%22n%22:0,%22f%22:274,%22dn%22:280,%22dne%22:309,%22c%22:309,%22ce%22:310,%22rq%22:310,%22rp%22:476,%22rpe%22:476,%22dl%22:488,%22di%22:1192,%22ds%22:1204,%22de%22:1206,%22dc%22:1806,%22l%22:1806,%22le%22:1814%7D,%22navigation%22:%7B%7D%7D&fcp=728&at=GBNTEw1LGR8%3D&jsonp=NREUM.setToken
162.247.241.14402 Payment Required 2 B URL HTTP/1.1 bam.nr-data.net/1/28e0508023?a=9451001&v=1220.PROD&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=1930&ck=0&s=9d8510236ba4dbac&ref=http://gestyy.com/wHD99i&ap=94&be=503&fe=1303&dc=701&perf=%7B%22timing%22:%7B%22of%22:1674794588272,%22n%22:0,%22f%22:274,%22dn%22:280,%22dne%22:309,%22c%22:309,%22ce%22:310,%22rq%22:310,%22rp%22:476,%22rpe%22:476,%22dl%22:488,%22di%22:1192,%22ds%22:1204,%22de%22:1206,%22dc%22:1806,%22l%22:1806,%22le%22:1814%7D,%22navigation%22:%7B%7D%7D&fcp=728&at=GBNTEw1LGR8%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /1/28e0508023?a=9451001&v=1220.PROD&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=1930&ck=0&s=9d8510236ba4dbac&ref=http://gestyy.com/wHD99i&ap=94&be=503&fe=1303&dc=701&perf=%7B%22timing%22:%7B%22of%22:1674794588272,%22n%22:0,%22f%22:274,%22dn%22:280,%22dne%22:309,%22c%22:309,%22ce%22:310,%22rq%22:310,%22rp%22:476,%22rpe%22:476,%22dl%22:488,%22di%22:1192,%22ds%22:1204,%22de%22:1206,%22dc%22:1806,%22l%22:1806,%22le%22:1814%7D,%22navigation%22:%7B%7D%7D&fcp=728&at=GBNTEw1LGR8%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 402 Payment Required
Date: Fri, 27 Jan 2023 04:43:10 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 2
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fed36e5b47b506-OSL
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5841
Expires: Fri, 27 Jan 2023 06:20:32 GMT
Date: Fri, 27 Jan 2023 04:43:11 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5841
Expires: Fri, 27 Jan 2023 06:20:32 GMT
Date: Fri, 27 Jan 2023 04:43:11 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5841
Expires: Fri, 27 Jan 2023 06:20:32 GMT
Date: Fri, 27 Jan 2023 04:43:11 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5841
Expires: Fri, 27 Jan 2023 06:20:32 GMT
Date: Fri, 27 Jan 2023 04:43:11 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e7158416f60576804ccff03307319fe
a342f94625e913fa6b8d862a59979f1e3ad80dd1
5c525df7d169cc7e033d920c11f4a0163a781c025a22b70530882b56964a9a52
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5737
x-amzn-requestid: cc977ea9-c418-4a5a-a13b-c86e16bbe6ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRGPFGL5oAMFiSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d050c6-2d540cac5ca7d4e64cfdb8bc;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 21:42:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uZnA5gkRlZyqamh_n3992G9PlMJa4gJ-mjSOQEysII73dDKLXmeXsg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:26:22 GMT
age: 58609
etag: "a342f94625e913fa6b8d862a59979f1e3ad80dd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dc869235086902c4acc379733b6bfdb8
0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae
e614e29b14e69209fd4b82a688290f7a3f541909833a6558cf480aca899bab6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9056
x-amzn-requestid: 81cf473d-8dc6-49e7-b012-d0b7dfaec7f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fB4COHTlIAMFtRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca3a0e-0848461c054db5c66fde9107;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 06:51:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fdefZSZfSJi1-C7ZTSahawckLN-To4P91H-n1cyPqw34f18VzTeHRg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:54:06 GMT
age: 56945
etag: "0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91a77b6d-ccc1-422b-8493-221c615accaf.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91a77b6d-ccc1-422b-8493-221c615accaf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e0fe44d9606e6a149a253423f312dfc5
78e442e8a9142311c25dafd01823a240f4acb0d6
9aad8938c1fda9641f95a4369f57ea57303a28e05f56e3bb1961e17cfbb123f4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91a77b6d-ccc1-422b-8493-221c615accaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13175
x-amzn-requestid: 14ccf28a-a84a-4903-9edc-7659096cb3ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRxOCFrkIAMFt8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0958c-6a67f1aa65038439793808fd;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 02:35:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6Af7rqnIDAKAw6O0CYUv1epQ8VxFyXBjtAtpovQZJ72aKEymQu_O8Q==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:43:29 GMT
age: 75582
etag: "78e442e8a9142311c25dafd01823a240f4acb0d6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61f2aec8-2d63-4f9f-9980-04c179cc5720.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61f2aec8-2d63-4f9f-9980-04c179cc5720.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 464592dade1d7207d58b22d5d09d9254
3caa2537edfe4c738540884b3eda51e437d26f4d
c0cdec94ff460c4b875657bb53ed90ef2ef786a2b8095d1ebf09365556536375
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61f2aec8-2d63-4f9f-9980-04c179cc5720.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4627
x-amzn-requestid: 38f2ed09-3a2e-4b5d-bde9-24fd7467d1a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fR1ZJE-BIAMFvdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d09c3a-4ad90b1c2883444f547b6f84;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 03:04:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ErJ6DOjDOIMHxXIoZ2ds8Fts1RbThjP5X2qRvr6vNt6iNVeOVpQcUw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 04:25:36 GMT
age: 1055
etag: "3caa2537edfe4c738540884b3eda51e437d26f4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:59:56 GMT
age: 24195
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73f08a17-fd76-4130-b0e4-891c4a522ac4.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73f08a17-fd76-4130-b0e4-891c4a522ac4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 540b084166fb1ad476a2b816848004ac
d10694af4ff8fbdf58896085611b4614a7353eda
b5ce9c01e4ac5a634ab858787c69fe4bf1f297df92b1258f0de6e1461329154b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73f08a17-fd76-4130-b0e4-891c4a522ac4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5567
x-amzn-requestid: 07346e30-a195-4e30-80ed-09bc2844c64d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fORCGGMGIAMFmWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf2eda-266bd30056d9d09c009ac086;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 01:05:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1S1gNaWbByU2Ufc46x0shFDogteGouCIQZ9xX2n2QAFa4AjsFozrRA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 23:04:49 GMT
age: 20302
etag: "d10694af4ff8fbdf58896085611b4614a7353eda"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gestyy.com/shortest-url/end-adsession?adSessionId=1fa84025b6491db53cf9a7a8a582c5903c8ec9f6&adbd=0&callback=reqwest_1674794588979
172.67.68.51200 OK 167 B URL HTTP/1.1 gestyy.com/shortest-url/end-adsession?adSessionId=1fa84025b6491db53cf9a7a8a582c5903c8ec9f6&adbd=0&callback=reqwest_1674794588979
IP 172.67.68.51:0
File type ASCII text, with no line terminators
Hash faa93aa8eb0b24a9adb2c9ec6a3b1d16
ba462106b41c3509a251e4580c61ac3aab21bf42
133b2b3a32dd6bbc234a2560c712c54cce69b5f8f2c008ec3818475170afccfe
GET /shortest-url/end-adsession?adSessionId=1fa84025b6491db53cf9a7a8a582c5903c8ec9f6&adbd=0&callback=reqwest_1674794588979 HTTP/1.1
Host: gestyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/wHD99i?utm_source=&utm_medium=QL&utm_name=1
Cookie: hl=en; cookies-enable=1; _gcl_au=1.1.1895901429.1674794589; _ga=GA1.2.1472459857.1674794590; _gid=GA1.2.1673930404.1674794590; _gat=1
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 04:43:16 GMT
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40-0+deb8u15
Set-Cookie: PHPSESSID=q4vliur41pgjahsb2q304103p6; expires=Fri, 27-Jan-2023 05:43:16 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
referrer_url=http%3A%2F%2Fgestyy.com%2FwHD99i%3Futm_source%3D%26utm_medium%3DQL%26utm_name%3D1; expires=Sat, 28-Jan-2023 04:43:16 GMT; Max-Age=86400; path=/; httponly
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Server-ID: shn05
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6wFsfRQ3ws03W141N2K9fd73SIUJeMMKxQZggO0Gwk81Wpqadssorzl65aXjL8gGxcxWpTEQs%2Fv%2FVvi4ekrKW2vU%2BpHJhl%2Fd4qzAH62lWdfVJNJrow6rZu0FwYQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78fed39298abb4fd-OSL
Content-Encoding: gzip
www.google-analytics.com/collect?v=1&_v=j99&a=416052687&t=event&_s=2&dl=http%3A%2F%2Fgestyy.com%2FwHD99i%3Futm_source%3D%26utm_medium%3DQL%26utm_name%3D1&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ec=interstitial&ea=callback&el=success&_u=aEBAAAABAAAAAC~&jid=&gjid=&cid=1472459857.1674794590&uid=429854&tid=UA-42296749-1&_gid=1673930404.1674794590&cd2=2022-06-29.0&cd7=429854&cd5=0&z=1551058665
142.250.74.46200 OK 35 B URL HTTP/1.1 www.google-analytics.com/collect?v=1&_v=j99&a=416052687&t=event&_s=2&dl=http%3A%2F%2Fgestyy.com%2FwHD99i%3Futm_source%3D%26utm_medium%3DQL%26utm_name%3D1&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ec=interstitial&ea=callback&el=success&_u=aEBAAAABAAAAAC~&jid=&gjid=&cid=1472459857.1674794590&uid=429854&tid=UA-42296749-1&_gid=1673930404.1674794590&cd2=2022-06-29.0&cd7=429854&cd5=0&z=1551058665
IP 142.250.74.46:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j99&a=416052687&t=event&_s=2&dl=http%3A%2F%2Fgestyy.com%2FwHD99i%3Futm_source%3D%26utm_medium%3DQL%26utm_name%3D1&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ec=interstitial&ea=callback&el=success&_u=aEBAAAABAAAAAC~&jid=&gjid=&cid=1472459857.1674794590&uid=429854&tid=UA-42296749-1&_gid=1673930404.1674794590&cd2=2022-06-29.0&cd7=429854&cd5=0&z=1551058665 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gestyy.com/
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Fri, 27 Jan 2023 02:06:24 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
Age: 9412
pogothere.xyz/asd100.bin
172.64.107.19200 OK 0 B IP 172.64.107.19:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gestyy.com/
Origin: http://gestyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 27 Jan 2023 04:43:09 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5838
last-modified: Fri, 27 Jan 2023 03:05:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OPyvG4z9rhWhu0tHb9mmUEdEm14J3zEmWXVuCituWHPZh4EbHI%2FkYpIA3KlfXunPJitdwolB8CMq4RaJwVrnOD4606U9yWucpOCJ0BrW8R9rj5cF%2BkmcYeDOAc8PCWsu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78fed36b6f2d23e7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.107.19200 OK 0 B IP 172.64.107.19:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gestyy.com/
Origin: http://gestyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 27 Jan 2023 04:43:09 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5838
last-modified: Fri, 27 Jan 2023 03:05:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2BF8X6x3hr6%2ByveuIP%2BfVkKOEUGn12%2BBh7H0a3PlBOjV13J2bOjpLgZsd0G60QXWPB1NGNHAbpC0%2BOoTnPwMqFVir6nzR3tP%2F8B7Y%2B0aW%2By1Da3FnBgl9B08ixt2yzIY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78fed36b6f3623e7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 09vFZQbeR6QfJI+HZvhdHLK3jd6aZ3y9xFAInbFpwoe1NBYQswwraW2MjqIiXx9vxz0VdbGG/Q+9PZXbf0UdfQ==
date: Fri, 27 Jan 2023 04:43:10 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.107.19200 OK 0 B IP 172.64.107.19:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gestyy.com/
Origin: http://gestyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 27 Jan 2023 04:43:10 GMT
content-type: text/plain
set-cookie: csu=1545755839340613@1@1674794590; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tPiVPBpeFO1kcbj52nMAhWVkbXLuMJGw1VqKQsUBbMYoAq434a6YKcPxuCgljddeC7afn8tqXK1qLYOIjfKtogAVbukUWkzcVuDjBLdxCmxkPw8ZAnVWJFFlgs%2B9qyq8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78fed36b5f2a23e7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/defaultSkin.min.js
139.45.197.250200 OK 0 B URL HTTP/2 ptauxofi.net/pfe/current/defaultSkin.min.js
IP 139.45.197.250:0
Analyzer Verdict Alert fortinet Phishing
GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gestyy.com/
Origin: http://gestyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 04:43:10 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 14:02:57 GMT
etag: W/"63d28811-df63"
access-control-allow-origin: http://gestyy.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Raleway:400,700
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Raleway:400,700
IP 142.250.74.74:0
GET /css?family=Raleway:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 27 Jan 2023 04:43:09 GMT
date: Fri, 27 Jan 2023 04:43:09 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/tag.min.js?z=4157053
139.45.197.250200 OK 0 B URL HTTP/2 ptauxofi.net/pfe/current/tag.min.js?z=4157053
IP 139.45.197.250:0
GET /pfe/current/tag.min.js?z=4157053 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gestyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 04:43:09 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 14:02:57 GMT
etag: W/"63d28811-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2