urlscan.io logo urlscan.io
SecurityTrails logo

u.to Open in urlscan Pro
195.216.243.155  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://v.ht/lZK9
Effective URL: https://u.to/YBRDGA
Submission: On September 13 via manual from BR — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 2 countries across 13 domains to perform 29 HTTP transactions. The main IP is 195.216.243.155, located in Moscow, Russian Federation and belongs to DDOS-GUARD, RU. The main domain is u.to.
TLS certificate: Issued by GoGetSSL RSA DV CA on October 9th 2020. Valid for: a year.
This is the only time u.to was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 69.61.26.123 141518 (SUBHOST-A...)
1 142.250.74.130 15169 (GOOGLE)
1 142.250.74.72 15169 (GOOGLE)
3 142.250.74.34 15169 (GOOGLE)
2 142.250.74.46 15169 (GOOGLE)
1 142.250.74.66 15169 (GOOGLE)
5 142.250.74.98 15169 (GOOGLE)
1 142.250.74.129 15169 (GOOGLE)
2 2 64.73.217.76 7393 (CYBERCON)
6 195.216.243.155 57724 (DDOS-GUARD)
2 216.58.207.193 15169 (GOOGLE)
1 216.58.207.228 15169 (GOOGLE)
1 2 88.212.201.198 39134 (UNITEDNET)
3 7 87.250.251.119 208722 (YNDX)
29 13
1    69.61.26.123 (United States)

ASN141518 (SUBHOST-AS-IN Subhosting Innovations Pvt Ltd, IN)
v.ht
1    142.250.74.130 (United States)

ASN15169 (GOOGLE, US)
PTR: arn11s11-in-f2.1e100.net
www.googletagservices.com
1    142.250.74.72 (United States)

ASN15169 (GOOGLE, US)
PTR: arn09s23-in-f8.1e100.net
www.googletagmanager.com
3    142.250.74.34 (United States)

ASN15169 (GOOGLE, US)
PTR: arn09s22-in-f2.1e100.net
securepubads.g.doubleclick.net
2    142.250.74.46 (United States)

ASN15169 (GOOGLE, US)
PTR: arn09s22-in-f14.1e100.net
www.google-analytics.com
1    142.250.74.66 (United States)

ASN15169 (GOOGLE, US)
PTR: arn09s23-in-f2.1e100.net
adservice.google.de
5    142.250.74.98 (United States)

ASN15169 (GOOGLE, US)
PTR: arn11s10-in-f2.1e100.net
adservice.google.com
pagead2.googlesyndication.com
1    142.250.74.129 (United States)

ASN15169 (GOOGLE, US)
PTR: arn11s11-in-f1.1e100.net
1ebeada0630a6e536e14c13e9335322c.safeframe.googlesyndication.com
2    64.73.217.76 (United States)

ASN7393 (CYBERCON, US)
PTR: server.biz-stay.com
stuttgart.biz-stay.com
6    195.216.243.155 (Moscow, Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: s5.unet.com
u.to
2    216.58.207.193 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: arn11s04-in-f1.1e100.net
tpc.googlesyndication.com
1    216.58.207.228 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: arn09s19-in-f4.1e100.net
www.google.com
2    88.212.201.198 (Russian Federation)

ASN39134 (UNITEDNET, RU)
counter.yadro.ru
7    87.250.251.119 (Russian Federation)

ASN208722 (YNDX, FI)
PTR: mc.yandex.ru
mc.yandex.ru
mc.yandex.com
Domain Requested by
6 u.to v.ht
u.to
5 mc.yandex.com 2 redirects u.to
4 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
3 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
2 mc.yandex.ru 1 redirects u.to
2 counter.yadro.ru 1 redirects u.to
2 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
2 stuttgart.biz-stay.com 2 redirects
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 www.google.com tpc.googlesyndication.com
1 1ebeada0630a6e536e14c13e9335322c.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.de securepubads.g.doubleclick.net
1 www.googletagmanager.com v.ht
1 www.googletagservices.com v.ht
1 v.ht
29 16
Subject Issuer Validity Valid
www.v.ht
R3		 2021-07-02 -
2021-09-30		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-08-23 -
2021-11-15		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-08-23 -
2021-11-15		 3 months crt.sh
*.google.de
GTS CA 1C3		 2021-08-23 -
2021-11-15		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-08-23 -
2021-11-15		 3 months crt.sh
u.to
GoGetSSL RSA DV CA		 2020-10-09 -
2021-10-09		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-08-23 -
2021-11-15		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-08-23 -
2021-11-15		 3 months crt.sh
counter.yadro.ru
GoGetSSL ECC DV CA		 2020-02-02 -
2022-05-02		 2 years crt.sh
mc.yandex.ru
Yandex CA		 2021-07-28 -
2022-01-07		 5 months crt.sh

This page contains 4 frames:

Primary Page: https://u.to/YBRDGA
Frame ID: 26C850F9943E247F56E87D59FC9F446A
Requests: 24 HTTP requests in this frame

Frame: https://1ebeada0630a6e536e14c13e9335322c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9BC47ECE6F3955AA4562A774E6E9F497
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: AA006FE1851E0205C05FD3B5C495DA53
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 99BD4EE3608E0F0E6FECA95BD88DF564
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HTTP 404 Не найдено

Page URL History Show full URLs

  1. https://v.ht/lZK9 Page URL
  2. http://stuttgart.biz-stay.com/?action=directory_city.hst&url=https://u.to/YBRDGA&cid=762&cspid=102&rgid=5&... HTTP 301
    https://stuttgart.biz-stay.com/?action=directory_city.hst&url=https://u.to/YBRDGA&cid=762&cspid=102&rgid=5&... HTTP 302
    https://u.to/YBRDGA Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • <script[^<>]*>[^]{0,128}?src\s*=\s*['"]//counter\.yadro\.ru/hit(?:;\S+)?\?(?:t\d+\.\d+;)?r
Overall confidence: 100%
Detected patterns
  • mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

29
Requests

100 %
HTTPS

0 %
IPv6

13
Domains

16
Subdomains

13
IPs

2
Countries

307 kB
Transfer

790 kB
Size

21
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://v.ht/lZK9 Page URL
  2. http://stuttgart.biz-stay.com/?action=directory_city.hst&url=https://u.to/YBRDGA&cid=762&cspid=102&rgid=5&hid=1374360&p=1&ai=118130 HTTP 301
    https://stuttgart.biz-stay.com/?action=directory_city.hst&url=https://u.to/YBRDGA&cid=762&cspid=102&rgid=5&hid=1374360&p=1&ai=118130 HTTP 302
    https://u.to/YBRDGA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18
  • https://counter.yadro.ru/hit;uto_404?r;s1600*1200*24;uhttps%3A//u.to/YBRDGA%23ymuqghhfwpky;1631536617081 HTTP 302
  • https://counter.yadro.ru/hit;uto_404?q;r;s1600*1200*24;uhttps%3A//u.to/YBRDGA%23ymuqghhfwpky;1631536617081
Request Chain 25
  • https://mc.yandex.com/sync_cookie_image_check HTTP 302
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9395.WGMQyDFN0Yv64XD0QYLzXGLU-8yCAqs0Rk4hV3dsumhLCipZ9pswrkaxO8sCfIkv.GFtDv8COD6TGX6E03mKZnzbXRrA%2C HTTP 302
  • https://mc.yandex.com/sync_cookie_image_decide?token=9395.9JS01zqS3aUY12T3PjNGux12hE251GRUkieD2eGZk0Uj-i2Bv-554Akce18USg2ZF1gRvFha02xt4X3PhNxDOQ%2C%2C.0bM2wRR7suT4pMTiIeLIGL2CRUA%2C
Request Chain 27
  • https://mc.yandex.com/watch/27365672?wmode=7&page-url=https%3A%2F%2Fu.to%2FYBRDGA%23ymuqghhfwpky&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4phzp3o2dbm15p1mc%3Afp%3A1443%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A631%3Acn%3A1%3Adp%3A0%3Als%3A272632784721%3Ahid%3A11300903%3Az%3A0%3Ai%3A20210913123657%3Aet%3A1631536617%3Ac%3A1%3Arn%3A1051704809%3Arqn%3A1%3Au%3A1631536617160419055%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1631536615660%3Ads%3A0%2C157%2C48%2C1%2C951%2C0%2C%2C10%2C0%2C%2C%2C%2C1422%3Adsn%3A0%2C157%2C49%2C0%2C951%2C0%2C%2C13%2C0%2C%2C%2C%2C1422%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1631536617%3At%3AHTTP%20404%20%D0%9D%D0%B5%20%D0%BD%D0%B0%D0%B9%D0%B4%D0%B5%D0%BD%D0%BE HTTP 302
  • https://mc.yandex.com/watch/27365672/1?wmode=7&page-url=https%3A%2F%2Fu.to%2FYBRDGA%23ymuqghhfwpky&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4phzp3o2dbm15p1mc%3Afp%3A1443%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A631%3Acn%3A1%3Adp%3A0%3Als%3A272632784721%3Ahid%3A11300903%3Az%3A0%3Ai%3A20210913123657%3Aet%3A1631536617%3Ac%3A1%3Arn%3A1051704809%3Arqn%3A1%3Au%3A1631536617160419055%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1631536615660%3Ads%3A0%2C157%2C48%2C1%2C951%2C0%2C%2C10%2C0%2C%2C%2C%2C1422%3Adsn%3A0%2C157%2C49%2C0%2C951%2C0%2C%2C13%2C0%2C%2C%2C%2C1422%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1631536617%3At%3AHTTP%20404%20%D0%9D%D0%B5%20%D0%BD%D0%B0%D0%B9%D0%B4%D0%B5%D0%BD%D0%BE

29 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
lZK9
v.ht/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://v.ht/lZK9
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.61.26.123 , United States, ASN141518 (SUBHOST-AS-IN Subhosting Innovations Pvt Ltd, IN),
Reverse DNS
Software
Hotcores.com /
Resource Hash
dc54a1065eabdd49ee99355319c4f50b62d998bdf01e6f4123d9f82df7836900
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Host
v.ht
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
Hotcores.com
Date
Mon, 13 Sep 2021 12:36:54 GMT
Content-Type
text/html; Charset=UTF-8;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Cache-Control
no-cache, must-revalidate, max-age=0
Pragma
no-cache
X-Robots-Tag
noindex, nofollow
I-AM
Gamma
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Encoding
gzip
gpt.js
www.googletagservices.com/tag/js/ 		71 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: v.ht
URL: https://v.ht/lZK9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn11s11-in-f2.1e100.net
Software
sffe /
Resource Hash
75c0751985ed015ce3b46daa4660050a82b9a584a43ebd8aeeb2b28840244e03
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 13 Sep 2021 12:36:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"985 / 161 of 1000 / last-modified: 1631531382"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25105
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Mon, 13 Sep 2021 12:36:54 GMT
js
www.googletagmanager.com/gtag/ 		101 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-31510493-3
Requested by
Host: v.ht
URL: https://v.ht/lZK9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn09s23-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
2ea17072077f0be673deede28719e272e1a413e07c1bd5dc2eed5bbbfa16d50c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 13 Sep 2021 12:36:54 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41176
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 13 Sep 2021 12:36:54 GMT
pubads_impl_2021090701.js
securepubads.g.doubleclick.net/gpt/ 		333 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn09s22-in-f2.1e100.net
Software
sffe /
Resource Hash
ac8d2f2be577b89fdbd26a497ece0c0bc127dd2ed5676119e0055b62e4daf48e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 13 Sep 2021 12:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 07 Sep 2021 08:38:19 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
119497
x-xss-protection
0
expires
Mon, 13 Sep 2021 12:36:55 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		23 B
696 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=v.ht
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn09s22-in-f2.1e100.net
Software
cafe /
Resource Hash
dfe15bfae0625b08260e81acf8b8a6d710a2ebc6baf7f7c54880d3861e941397
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 13 Sep 2021 12:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39
x-xss-protection
0
expires
Mon, 13 Sep 2021 12:36:55 GMT
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-31510493-3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn09s22-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
5140
date
Mon, 13 Sep 2021 11:11:15 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Mon, 13 Sep 2021 13:11:15 GMT
collect
www.google-analytics.com/j/ 		1 B
198 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=2066561437&t=pageview&_s=1&dl=https%3A%2F%2Fv.ht%2FlZK9&ul=en-us&de=UTF-8&dt=lZK9&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=857235085&gjid=1852173388&cid=860891781.1631536615&tid=UA-31510493-3&_gid=110850331.1631536615&_r=1&gtm=2ou910&z=1154447524
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn09s22-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://v.ht/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 13 Sep 2021 12:36:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://v.ht
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
853 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=v.ht
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn09s23-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 13 Sep 2021 12:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
570 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=v.ht
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn11s10-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 13 Sep 2021 12:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		433 B
250 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1338619337362859&correlator=4391494176394699&output=ldjh&impl=fif&eid=31060979%2C21068030%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210913&iu_parts=5837603%2CVht_360&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x360&cookie_enabled=1&bc=31&abxe=1&lmt=1631536615&dt=1631536615417&dlt=1631536614775&idt=623&frm=20&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=495576698&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fv.ht%2FlZK9&vis=1&dmc=8&scr_x=0&scr_y=0&psz=320x63&msz=0x0&ga_vid=860891781.1631536615&ga_sid=1631536615&ga_hid=2066561437&ga_fc=false&fws=128&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn09s22-in-f2.1e100.net
Software
cafe /
Resource Hash
1091c18a41498be45dcec15703428ba3238ac702cfb59cf62a5c636c20e609a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 13 Sep 2021 12:36:55 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
220
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://v.ht
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
1ebeada0630a6e536e14c13e9335322c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9BC4 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1ebeada0630a6e536e14c13e9335322c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn11s11-in-f1.1e100.net
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
1ebeada0630a6e536e14c13e9335322c.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-38/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v.ht/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
3108
date
Mon, 13 Sep 2021 12:36:55 GMT
expires
Tue, 13 Sep 2022 12:36:55 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Primary Request Cookie set YBRDGA
u.to/
Redirect Chain
  • http://stuttgart.biz-stay.com/?action=directory_city.hst&url=https://u.to/YBRDGA&cid=762&cspid=102&rgid=5&hid=1374360&p=1&ai=118130
  • https://stuttgart.biz-stay.com/?action=directory_city.hst&url=https://u.to/YBRDGA&cid=762&cspid=102&rgid=5&hid=1374360&p=1&ai=118130
  • https://u.to/YBRDGA
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://u.to/YBRDGA
Requested by
Host: v.ht
URL: https://v.ht/lZK9
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.216.243.155 Moscow, Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
s5.unet.com
Software
nginx/1.8.0 /
Resource Hash
6b630bf407891744cc4604c9fda50323c07c7ee24e92d299b8ad2c0254fa53e1

Request headers

Host
u.to
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/lZK9

Response headers

Server
nginx/1.8.0
Date
Mon, 13 Sep 2021 12:36:57 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=15
Set-Cookie
lng=de; path=/; expires=Tue, 13-Sep-2022 12:36:57 GMT; domain=.u.to;
ETag
W/"5ce7c62b-1a75"
Content-Encoding
gzip

Redirect headers

Cache-Control
no-cache
Pragma
no-cache
Transfer-Encoding
chunked
Content-Type
text/html;charset=UTF-8
Location
https://u.to/YBRDGA
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Date
Mon, 13 Sep 2021 12:36:55 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021090701&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn11s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 13 Sep 2021 12:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8466
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.193 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn11s04-in-f1.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 13 Sep 2021 12:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
expires
Mon, 13 Sep 2021 12:36:55 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame AA00 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.207.193 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn11s04-in-f1.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v.ht/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
5029
date
Sat, 11 Sep 2021 09:03:37 GMT
expires
Sun, 11 Sep 2022 09:03:37 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
185599
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 99BD 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.228 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn09s19-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-XQpZJeSyVxcEtMzmIBGmBQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v.ht/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/

Response headers

expires
Mon, 13 Sep 2021 12:36:56 GMT
date
Mon, 13 Sep 2021 12:36:56 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-XQpZJeSyVxcEtMzmIBGmBQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
SRvJn55X6RWbfV9KOXYL310U_n7bQjLBtP3JEbFBTGg.js
pagead2.googlesyndication.com/bg/ Frame AA00 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/SRvJn55X6RWbfV9KOXYL310U_n7bQjLBtP3JEbFBTGg.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn11s10-in-f2.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 19:21:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
494128
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13367
x-xss-protection
0
last-modified
Mon, 06 Sep 2021 10:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 07 Sep 2022 19:21:28 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 99BD 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021090701&jk=1338619337362859&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn11s10-in-f2.1e100.net
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021090701&jk=1338619337362859&bg=!YmGlYSXNAAYT0U73E9E7ACkAdvg8Wgv7TLXKSSqz-O5X7ZJXxVyNCDk2NRMzJD7DHFYiglEunXXB0gIAAABSUgAAAAtoAQeZAn3JSTn21zDXmi_Vn6qKW7Eco3bbrhjVR4bFpexLGmy560-FHyNWMeo0OuJnyHj14m4eG1siDiWmY7pywMZVtawLzpPfn0h0nE06eZd437K7gFMES1Cy9989vyJ9nTRhzRuenz9La_j6vX2Joh9CZzOyBIPhNPjqHzS5Ar_-h-8ZwYjDKSS7ZviyQYjd2Rieh3laO3-Q_IYisxZ5lmd9LSkyZrhRy_pNOsRPGQJ07rZ_nBaVmzu1MwhfDxn2Xna8STl10k84QXKNicoyzYh4G5XSZD7EPhnGzoldP6Any-oZ_F8xaUl1eD9BvYTWd-s2ZAuDZEpqr6hKJoNFd_tDGMJYD91rva4icuPN-4h3y5Gxbotv9RPZSTIhzLRqgkFAnuSFCjBEgcdAgIZjKlAE8Lw1t2apSuylRIwqMkq6NWkgdZ5ncaKG55VPfwnelzq10vUmXqSeEfWL4npS40LgG-nOky2cxgHtSgPZoN39TK2ApS7LHryGpaoGWJcgEmBSNGr9R0MmRpU3B5A-bf8bhW_N6ny3GLwU207fXj3ky9EzyFoJftQfDW5Rj4NNEbjntbzklNmmgdHS36_le3VXqpZw1Wm_sF6vmnoajyRlvyQLD93Mb0S0ZtzfFqdFMeTtT0vwW519cVlM76KnknMVB64Xot8Ec0Ge5icNORJZsWlOv9LotO5nl7j4zFb14E7g26vmHw0aQ71bXWNTl_z8ESyUXinuA5wXW943-bxEoAwcFAdqyOk6LKcMSbnfxbUSeSD3e3iuloU89vFwiGaQJlLZQxZx-N-KBoGlJIiehrtjxgD7wxusvDc0_XA_1puSAAw7_u6z0iqwtoM96Su1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
arn11s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 13 Sep 2021 12:36:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
hit;uto_404
counter.yadro.ru/
Redirect Chain
  • https://counter.yadro.ru/hit;uto_404?r;s1600*1200*24;uhttps%3A//u.to/YBRDGA%23ymuqghhfwpky;1631536617081
  • https://counter.yadro.ru/hit;uto_404?q;r;s1600*1200*24;uhttps%3A//u.to/YBRDGA%23ymuqghhfwpky;1631536617081
43 B
528 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://counter.yadro.ru/hit;uto_404?q;r;s1600*1200*24;uhttps%3A//u.to/YBRDGA%23ymuqghhfwpky;1631536617081
Requested by
Host: u.to
URL: https://u.to/YBRDGA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 13 Sep 2021 12:37:02 GMT
Server
nginx/1.17.9
Strict-Transport-Security
max-age=86400
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin
*
Cache-control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 12 Sep 2020 21:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 13 Sep 2021 12:37:02 GMT
Server
nginx/1.17.9
Strict-Transport-Security
max-age=86400
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Location
https://counter.yadro.ru/hit;uto_404?q;r;s1600*1200*24;uhttps%3A//u.to/YBRDGA%23ymuqghhfwpky;1631536617081
Cache-control
no-cache
Connection
keep-alive
Content-Type
text/html
Content-Length
32
Expires
Sat, 12 Sep 2020 21:00:00 GMT
watch.js
mc.yandex.ru/metrika/ 		132 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/watch.js
Requested by
Host: u.to
URL: https://u.to/YBRDGA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.250.251.119 , Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
363c6169ce360671468754beb2357045645c39844b4a6d250860687a7f98cba8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 13 Sep 2021 12:36:57 GMT
content-encoding
br
last-modified
Fri, 10 Sep 2021 15:33:58 GMT
etag
"61372b26-bab0"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
content-length
47792
expires
Mon, 13 Sep 2021 13:36:57 GMT
404-header-line.gif
u.to/.s/img/err/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u.to/.s/img/err/404-header-line.gif
Requested by
Host: u.to
URL: https://u.to/YBRDGA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.216.243.155 Moscow, Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
s5.unet.com
Software
nginx/1.8.0 /
Resource Hash
ac9c14376fac0cd59069aeef8d7667e6a85dad3ba0379dc2a6026a20db18df1a

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
u.to
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://u.to/YBRDGA
Cookie
lng=de
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://u.to/YBRDGA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Mon, 13 Sep 2021 12:36:57 GMT
Last-Modified
Thu, 04 Dec 2014 10:09:00 GMT
Server
nginx/1.8.0
ETag
"548032bc-489"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
1161
404-arrow.png
u.to/.s/img/err/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u.to/.s/img/err/404-arrow.png
Requested by
Host: u.to
URL: https://u.to/YBRDGA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.216.243.155 Moscow, Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
s5.unet.com
Software
nginx/1.8.0 /
Resource Hash
ba146ce6fb6e788b50e02b45b72835450b513ec744b2f8de1dd85589b42f8f05

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
u.to
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://u.to/YBRDGA
Cookie
lng=de
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://u.to/YBRDGA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Mon, 13 Sep 2021 12:36:57 GMT
Last-Modified
Thu, 04 Dec 2014 10:09:00 GMT
Server
nginx/1.8.0
ETag
"548032bc-491"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
1169
404-logo.png
u.to/.s/img/err/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u.to/.s/img/err/404-logo.png
Requested by
Host: u.to
URL: https://u.to/YBRDGA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.216.243.155 Moscow, Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
s5.unet.com
Software
nginx/1.8.0 /
Resource Hash
0945354cad56584eb978afc9800bc9bd8d24df25fbfe063573a0511af5138e8b

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
u.to
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://u.to/YBRDGA
Cookie
lng=de
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://u.to/YBRDGA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Mon, 13 Sep 2021 12:36:57 GMT
Last-Modified
Thu, 04 Dec 2014 10:08:00 GMT
Server
nginx/1.8.0
ETag
"54803280-868"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
2152
404.png
u.to/.s/img/err/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u.to/.s/img/err/404.png
Requested by
Host: u.to
URL: https://u.to/YBRDGA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.216.243.155 Moscow, Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
s5.unet.com
Software
nginx/1.8.0 /
Resource Hash
389267599e2b30cda3f0091bcdaa856c39e38543038a52955eba5b048e915742

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
u.to
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://u.to/YBRDGA
Cookie
lng=de
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://u.to/YBRDGA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Mon, 13 Sep 2021 12:36:57 GMT
Last-Modified
Thu, 04 Dec 2014 10:10:00 GMT
Server
nginx/1.8.0
ETag
"548032f8-1163"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
4451
button.png
u.to/.s/img/err/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u.to/.s/img/err/button.png
Requested by
Host: u.to
URL: https://u.to/YBRDGA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.216.243.155 Moscow, Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
s5.unet.com
Software
nginx/1.8.0 /
Resource Hash
db06224375a1362de84da041db7bd476c60267d1e7d24a8569f967ce0c07ef05

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
u.to
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://u.to/YBRDGA
Cookie
lng=de
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://u.to/YBRDGA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Mon, 13 Sep 2021 12:36:57 GMT
Last-Modified
Thu, 04 Dec 2014 10:10:00 GMT
Server
nginx/1.8.0
ETag
"548032f8-40c"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
1036
sync_cookie_image_decide
mc.yandex.com/
Redirect Chain
  • https://mc.yandex.com/sync_cookie_image_check
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9395.WGMQyDFN0Yv64XD0QYLzXGLU-8yCAqs0Rk4hV3dsumhLCipZ9pswrkaxO8sCfIkv.GFtDv8COD6TGX6E03mKZnzbXRrA%2C
  • https://mc.yandex.com/sync_cookie_image_decide?token=9395.9JS01zqS3aUY12T3PjNGux12hE251GRUkieD2eGZk0Uj-i2Bv-554Akce18USg2ZF1gRvFha02xt4X3PhNxDOQ%2C%2C.0bM2wRR7suT4pMTiIeLIGL2CRUA%2C
75 B
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.com/sync_cookie_image_decide?token=9395.9JS01zqS3aUY12T3PjNGux12hE251GRUkieD2eGZk0Uj-i2Bv-554Akce18USg2ZF1gRvFha02xt4X3PhNxDOQ%2C%2C.0bM2wRR7suT4pMTiIeLIGL2CRUA%2C
Requested by
Host: u.to
URL: https://u.to/YBRDGA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.250.251.119 , Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 13 Sep 2021 12:36:57 GMT
strict-transport-security
max-age=31536000
content-length
75
x-xss-protection
1; mode=block
content-type
text/html; charset=utf-8

Redirect headers

location
https://mc.yandex.com/sync_cookie_image_decide?token=9395.9JS01zqS3aUY12T3PjNGux12hE251GRUkieD2eGZk0Uj-i2Bv-554Akce18USg2ZF1gRvFha02xt4X3PhNxDOQ%2C%2C.0bM2wRR7suT4pMTiIeLIGL2CRUA%2C
date
Mon, 13 Sep 2021 12:36:57 GMT
strict-transport-security
max-age=31536000
x-xss-protection
1; mode=block
advert.gif
mc.yandex.com/metrika/ 		43 B
112 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.com/metrika/advert.gif
Requested by
Host: u.to
URL: https://u.to/YBRDGA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.250.251.119 , Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 13 Sep 2021 12:36:57 GMT
last-modified
Fri, 10 Sep 2021 15:33:58 GMT
etag
"61372b26-2b"
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
content-length
43
expires
Mon, 13 Sep 2021 13:36:57 GMT
1
mc.yandex.com/watch/27365672/
Redirect Chain
  • https://mc.yandex.com/watch/27365672?wmode=7&page-url=https%3A%2F%2Fu.to%2FYBRDGA%23ymuqghhfwpky&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4phzp3o2dbm15p1mc%3Afp%3A1443%3Afu%3A0%3Aen%3Au...
  • https://mc.yandex.com/watch/27365672/1?wmode=7&page-url=https%3A%2F%2Fu.to%2FYBRDGA%23ymuqghhfwpky&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4phzp3o2dbm15p1mc%3Afp%3A1443%3Afu%3A0%3Aen%3...
331 B
413 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/watch/27365672/1?wmode=7&page-url=https%3A%2F%2Fu.to%2FYBRDGA%23ymuqghhfwpky&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4phzp3o2dbm15p1mc%3Afp%3A1443%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A631%3Acn%3A1%3Adp%3A0%3Als%3A272632784721%3Ahid%3A11300903%3Az%3A0%3Ai%3A20210913123657%3Aet%3A1631536617%3Ac%3A1%3Arn%3A1051704809%3Arqn%3A1%3Au%3A1631536617160419055%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1631536615660%3Ads%3A0%2C157%2C48%2C1%2C951%2C0%2C%2C10%2C0%2C%2C%2C%2C1422%3Adsn%3A0%2C157%2C49%2C0%2C951%2C0%2C%2C13%2C0%2C%2C%2C%2C1422%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1631536617%3At%3AHTTP%20404%20%D0%9D%D0%B5%20%D0%BD%D0%B0%D0%B9%D0%B4%D0%B5%D0%BD%D0%BE
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.250.251.119 , Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
cd1cd75120bb4988f091890069850b96cf8fcc83f7d3fbe786dfb8718d5d6fb1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 13 Sep 2021 12:36:57 GMT
x-content-type-options
nosniff
last-modified
Mon, 13-Sep-2021 12:36:57 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://u.to
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
331
x-xss-protection
1; mode=block
expires
Mon, 13-Sep-2021 12:36:57 GMT

Redirect headers

pragma
no-cache
date
Mon, 13 Sep 2021 12:36:57 GMT
last-modified
Mon, 13-Sep-2021 12:36:57 GMT
location
/watch/27365672/1?wmode=7&page-url=https%3A%2F%2Fu.to%2FYBRDGA%23ymuqghhfwpky&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4phzp3o2dbm15p1mc%3Afp%3A1443%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A631%3Acn%3A1%3Adp%3A0%3Als%3A272632784721%3Ahid%3A11300903%3Az%3A0%3Ai%3A20210913123657%3Aet%3A1631536617%3Ac%3A1%3Arn%3A1051704809%3Arqn%3A1%3Au%3A1631536617160419055%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1631536615660%3Ads%3A0%2C157%2C48%2C1%2C951%2C0%2C%2C10%2C0%2C%2C%2C%2C1422%3Adsn%3A0%2C157%2C49%2C0%2C951%2C0%2C%2C13%2C0%2C%2C%2C%2C1422%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1631536617%3At%3AHTTP%20404%20%D0%9D%D0%B5%20%D0%BD%D0%B0%D0%B9%D0%B4%D0%B5%D0%BD%D0%BE
strict-transport-security
max-age=31536000
access-control-allow-origin
https://u.to
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Mon, 13-Sep-2021 12:36:57 GMT

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster object| Ya object| yaCounter27365672

21 Cookies

Domain/Path Name / Value
.v.ht/ Name: _ga
Value: GA1.2.860891781.1631536615
.v.ht/ Name: _gid
Value: GA1.2.110850331.1631536615
.v.ht/ Name: _gat_gtag_UA_31510493_3
Value: 1
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.v.ht/ Name: __gads
Value: ID=26117da75111da19-22b8afd91cc90058:T=1631536615:S=ALNI_MbV0h7TGE07gF5_idTez8udT-y1rg
stuttgart.biz-stay.com/ Name: CFID
Value: 64194918
stuttgart.biz-stay.com/ Name: CFTOKEN
Value: 91f337683b4479da-B7718B55-F07A-7269-8CD2A8D4C50C1FE7
.u.to/ Name: lng
Value: de
.yadro.ru/ Name: FTID
Value: 1XFqNk30H6u91XFqNk001JSn
.u.to/ Name: _ym_uid
Value: 1631536617160419055
.u.to/ Name: _ym_d
Value: 1631536617
.yadro.ru/ Name: VID
Value: 1ugfsn1pFa891XFqNk001JVo
.mc.yandex.com/ Name: sync_cookie_csrf
Value: 2216885409fake
.u.to/ Name: _ym_isad
Value: 2
.mc.yandex.ru/ Name: sync_cookie_csrf
Value: 2813755750fake
.yandex.com/ Name: yandexuid
Value: 1811261971631536617
.yandex.com/ Name: yuidss
Value: 1811261971631536617
mc.yandex.com/ Name: yabs-sid
Value: 1266068491631536617
.yandex.com/ Name: i
Value: OZyfl09Ta5pxQaj99xFkAsYNDwsspspN418RHbufnX8y8AJf0UcN0rdS5eyG30KZLbPbdNWAP++bVA+yAuT0SEyXrOo=
.yandex.com/ Name: ymex
Value: 1663072617.yrts.1631536617#1663072617.yrtsi.1631536617
.u.to/ Name: _ym_visorc
Value: w

3 Console Messages

Source Level URL
Text
network error URL: https://u.to/YBRDGA#ymuqghhfwpky
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
security warning URL: https://u.to/YBRDGA#ymuqghhfwpky(Line 90)
Message:
Mixed Content: The page at 'https://u.to/YBRDGA#ymuqghhfwpky' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://yandex.ru/yandsearch'. This endpoint should be made available over a secure connection.
network error URL: https://mc.yandex.com/sync_cookie_image_decide?token=9395.9JS01zqS3aUY12T3PjNGux12hE251GRUkieD2eGZk0Uj-i2Bv-554Akce18USg2ZF1gRvFha02xt4X3PhNxDOQ%2C%2C.0bM2wRR7suT4pMTiIeLIGL2CRUA%2C
Message:
Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1ebeada0630a6e536e14c13e9335322c.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
counter.yadro.ru
mc.yandex.com
mc.yandex.ru
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
stuttgart.biz-stay.com
tpc.googlesyndication.com
u.to
v.ht
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
142.250.74.129
142.250.74.130
142.250.74.34
142.250.74.46
142.250.74.66
142.250.74.72
142.250.74.98
195.216.243.155
216.58.207.193
216.58.207.228
64.73.217.76
69.61.26.123
87.250.251.119
88.212.201.198
0945354cad56584eb978afc9800bc9bd8d24df25fbfe063573a0511af5138e8b
1091c18a41498be45dcec15703428ba3238ac702cfb59cf62a5c636c20e609a9
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ea17072077f0be673deede28719e272e1a413e07c1bd5dc2eed5bbbfa16d50c
363c6169ce360671468754beb2357045645c39844b4a6d250860687a7f98cba8
389267599e2b30cda3f0091bcdaa856c39e38543038a52955eba5b048e915742
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
6b630bf407891744cc4604c9fda50323c07c7ee24e92d299b8ad2c0254fa53e1
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
75c0751985ed015ce3b46daa4660050a82b9a584a43ebd8aeeb2b28840244e03
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ac8d2f2be577b89fdbd26a497ece0c0bc127dd2ed5676119e0055b62e4daf48e
ac9c14376fac0cd59069aeef8d7667e6a85dad3ba0379dc2a6026a20db18df1a
ba146ce6fb6e788b50e02b45b72835450b513ec744b2f8de1dd85589b42f8f05
cd1cd75120bb4988f091890069850b96cf8fcc83f7d3fbe786dfb8718d5d6fb1
db06224375a1362de84da041db7bd476c60267d1e7d24a8569f967ce0c07ef05
dc54a1065eabdd49ee99355319c4f50b62d998bdf01e6f4123d9f82df7836900
dfe15bfae0625b08260e81acf8b8a6d710a2ebc6baf7f7c54880d3861e941397
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62