img-yts.uproxy.red Open in urlscan Pro
2606:4700:3035::ac43:ba76 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://img-yts.uproxy.red/
Submission: On August 07 via api (August 7th 2022, 2:23:43 pm UTC) from US — Scanned from DE

Summary HTTP 58 Redirects Behaviour Indicators

Summary

This website contacted 18 IPs in 5 countries across 19 domains to perform 58 HTTP transactions. The main IP is 2606:4700:3035::ac43:ba76, located in United States and belongs to CLOUDFLARENET, US. The main domain is img-yts.uproxy.red.

This is the only time img-yts.uproxy.red was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	2606:4700:303... 2606:4700:3035::ac43:ba76	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 7	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	139.45.197.251 139.45.197.251	9002 (RETN-AS) (RETN-AS)
1	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
2	199.232.16.193 199.232.16.193	54113 (FASTLY) (FASTLY)
8	139.45.197.239 139.45.197.239	9002 (RETN-AS) (RETN-AS)
1	2606:4700:303... 2606:4700:3033::6815:21ee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	139.45.197.237 139.45.197.237	9002 (RETN-AS) (RETN-AS)
1	192.243.59.20 192.243.59.20	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
3 7	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
1	2606:4700:303... 2606:4700:3037::6815:1061	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1	139.45.197.238 139.45.197.238	9002 (RETN-AS) (RETN-AS)
2	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
5	139.45.197.151 139.45.197.151	9002 (RETN-AS) (RETN-AS)
3	139.45.197.236 139.45.197.236	9002 (RETN-AS) (RETN-AS)
4	2606:4700:10:... 2606:4700:10::6816:1974	13335 (CLOUDFLAR...) (CLOUDFLARENET)
58	18

7 2606:4700:3035::ac43:ba76 (United States)

ASN13335 (CLOUDFLARENET, US)

img-yts.uproxy.red	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a06:98c1:3121::3 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

metrica-yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
matomo.hellohi.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 139.45.197.251 (United Kingdom)

ASN9002 (RETN-AS, GB)

glimtors.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.16.193 (Vienna, Austria)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 139.45.197.239 (United Kingdom)

ASN9002 (RETN-AS, GB)

lowlatiasan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::6815:21ee (United States)

ASN13335 (CLOUDFLARENET, US)

walkinglive.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.237 (United Kingdom)

ASN9002 (RETN-AS, GB)

inpagepush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.243.59.20 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

variablesconevening.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:6b8::1:119 (Moscow, Russian Federation) 3 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::6815:1061 (United States)

ASN13335 (CLOUDFLARENET, US)

ecma.sidebyz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)

rndskittytor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 139.45.197.151 (United Kingdom)

ASN9002 (RETN-AS, GB)

interstitial-08.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.197.236 (United Kingdom)

ASN9002 (RETN-AS, GB)

unphionetor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::6816:1974 (United States)

ASN13335 (CLOUDFLARENET, US)

littlecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	glimtors.net glimtors.net — Cisco Umbrella Rank: 226985	132 KB
8	lowlatiasan.com lowlatiasan.com — Cisco Umbrella Rank: 801169	138 KB
7	uproxy.red img-yts.uproxy.red	102 KB
6	hellohi.me 3 redirects matomo.hellohi.me — Cisco Umbrella Rank: 403324	24 KB
5	interstitial-08.com interstitial-08.com — Cisco Umbrella Rank: 90062	158 KB
5	yandex.com 2 redirects mc.yandex.com — Cisco Umbrella Rank: 10493	2 KB
4	littlecdn.com littlecdn.com — Cisco Umbrella Rank: 13822	35 KB
3	unphionetor.com unphionetor.com — Cisco Umbrella Rank: 34816	4 KB
2	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 11875	1 KB
2	yandex.ru 1 redirects mc.yandex.ru — Cisco Umbrella Rank: 3617	71 KB
2	imgur.com i.imgur.com — Cisco Umbrella Rank: 5708	258 B
1	rndskittytor.com rndskittytor.com — Cisco Umbrella Rank: 49145	535 B
1	gstatic.com fonts.gstatic.com	16 KB
1	sidebyz.com ecma.sidebyz.com	848 B
1	variablesconevening.com variablesconevening.com
1	inpagepush.com inpagepush.com — Cisco Umbrella Rank: 77197	535 B
1	walkinglive.org walkinglive.org	17 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67	1 KB
1	metrica-yandex.com metrica-yandex.com	19 KB
58	19

	Domain	Requested by
12	glimtors.net	img-yts.uproxy.red glimtors.net
8	lowlatiasan.com	img-yts.uproxy.red lowlatiasan.com
7	img-yts.uproxy.red	img-yts.uproxy.red
6	matomo.hellohi.me	3 redirects img-yts.uproxy.red
5	interstitial-08.com	lowlatiasan.com interstitial-08.com
5	mc.yandex.com	2 redirects img-yts.uproxy.red
4	littlecdn.com	interstitial-08.com
3	unphionetor.com	interstitial-08.com unphionetor.com
2	my.rtmark.net	lowlatiasan.com img-yts.uproxy.red
2	mc.yandex.ru	1 redirects img-yts.uproxy.red
2	i.imgur.com	img-yts.uproxy.red
1	rndskittytor.com	img-yts.uproxy.red
1	fonts.gstatic.com	fonts.googleapis.com
1	ecma.sidebyz.com	walkinglive.org
1	variablesconevening.com	img-yts.uproxy.red
1	inpagepush.com	img-yts.uproxy.red
1	walkinglive.org	img-yts.uproxy.red
1	fonts.googleapis.com	img-yts.uproxy.red
1	metrica-yandex.com	img-yts.uproxy.red
58	19

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-19` - `2022-09-18`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.imgur.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-03-16`	a year	crt.sh
lowlatiasan.com R3	`2022-07-14` - `2022-10-12`	3 months	crt.sh
*.walkinglive.org E1	`2022-08-06` - `2022-11-04`	3 months	crt.sh
glimtors.net R3	`2022-07-29` - `2022-10-27`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2022-05-21` - `2022-10-31`	5 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2021-11-20` - `2022-11-26`	a year	crt.sh
interstitial-08.com R3	`2022-06-20` - `2022-09-18`	3 months	crt.sh
unphionetor.com R3	`2022-08-02` - `2022-10-31`	3 months	crt.sh

This page contains 3 frames:

Primary Page: http://img-yts.uproxy.red/
Frame ID: 5EE5D0ADA1B6586CB73B700AB70D78DC
Requests: 42 HTTP requests in this frame

Frame: data://truncated
Frame ID: BCF8D146B34A008D06D3875607C717B6
Requests: 1 HTTP requests in this frame

Frame: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Frame ID: 6944621E02C15D54F86676D90151C00F
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Detected technologies

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

58
Requests

69 %
HTTPS

47 %
IPv6

19
Domains

19
Subdomains

18
IPs

5
Countries

718 kB
Transfer

1711 kB
Size

18
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

http://matomo.hellohi.me/matomo.js HTTP 301
https://matomo.hellohi.me/matomo.js

Request Chain 28

http://matomo.hellohi.me/matomo.php?action_name=403%20Forbidden&idsite=1&rec=1&r=442055&h=14&m=23&s=39&url=http%3A%2F%2Fimg-yts.uproxy.red%2F&_id=17dde14daf904dec&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=9Lgb0a&pf_net=53&pf_srv=126&pf_tfr=16&pf_dm1=462 HTTP 301
https://matomo.hellohi.me/matomo.php?action_name=403%20Forbidden&idsite=1&rec=1&r=442055&h=14&m=23&s=39&url=http%3A%2F%2Fimg-yts.uproxy.red%2F&_id=17dde14daf904dec&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=9Lgb0a&pf_net=53&pf_srv=126&pf_tfr=16&pf_dm1=462

Request Chain 32

http://lowlatiasan.com/5/2632704 HTTP 307
https://lowlatiasan.com/5/2632704

Request Chain 36

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9723.FHGw9sH4c6hRgbEdXafrkFx-qq3moYNKinfP1ztyAXZY3NtOmgiuV_UasKEud86T.LLfn8eWBB6BZePvLyd9nB9zYAbA%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9723.bw2UV0GZAxZGqs-sZGX-AAF9CMBaEZgCq92YOH8ku2LMkSHatxDkplYmBZ1SkK7aIDtBKCHqmsb-tdVZXJLLUw%2C%2C.PPgKJW-qRR3g-siO5l1nPyr7aM0%2C

Request Chain 43

https://mc.yandex.com/watch/55692553?wmode=7&page-url=http%3A%2F%2Fimg-yts.uproxy.red%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1hc9dnhfark502dexbw1k%3Afp%3A464%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A850%3Acn%3A1%3Adp%3A0%3Als%3A901333021687%3Ahid%3A943236879%3Az%3A0%3Ai%3A20220807142339%3Aet%3A1659882220%3Ac%3A1%3Arn%3A1054519624%3Arqn%3A1%3Au%3A1659882220284207788%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Antf%3A1%3Ans%3A1659882218758%3Ads%3A40%2C13%2C125%2C16%2C%2C0%2C%2C454%2C0%2C%2C%2C%2C649%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1659882220%3At%3A403%20Forbidden&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)rqnl(1)ti(2) HTTP 302
https://mc.yandex.com/watch/55692553/1?wmode=7&page-url=http%3A%2F%2Fimg-yts.uproxy.red%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1hc9dnhfark502dexbw1k%3Afp%3A464%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A850%3Acn%3A1%3Adp%3A0%3Als%3A901333021687%3Ahid%3A943236879%3Az%3A0%3Ai%3A20220807142339%3Aet%3A1659882220%3Ac%3A1%3Arn%3A1054519624%3Arqn%3A1%3Au%3A1659882220284207788%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Antf%3A1%3Ans%3A1659882218758%3Ads%3A40%2C13%2C125%2C16%2C%2C0%2C%2C454%2C0%2C%2C%2C%2C649%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1659882220%3At%3A403%20Forbidden&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29

Request Chain 57

http://matomo.hellohi.me/matomo.php?action_name=403%20Forbidden&idsite=1&rec=1&r=546718&h=14&m=23&s=39&url=http%3A%2F%2Fimg-yts.uproxy.red%2F&_id=17dde14daf904dec&_idn=0&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=ELFStx&pf_net=53&pf_srv=126&pf_tfr=16&pf_dm1=462 HTTP 301
https://matomo.hellohi.me/matomo.php?action_name=403%20Forbidden&idsite=1&rec=1&r=546718&h=14&m=23&s=39&url=http%3A%2F%2Fimg-yts.uproxy.red%2F&_id=17dde14daf904dec&_idn=0&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=ELFStx&pf_net=53&pf_srv=126&pf_tfr=16&pf_dm1=462

58 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
img-yts.uproxy.red/ 188 KB
57 KB 178ms
125ms Document
text/html 2606:4700:3035::ac43:ba76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://img-yts.uproxy.red/
Protocol: HTTP/1.1
Server: 2606:4700:3035::ac43:ba76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5beae9b0abd280e961ba451a7377c60fc7bb96aeb426090a26a44a67680bab9b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
CF-RAY: 7370abebfd449180-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Sun, 07 Aug 2022 14:23:41 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pDdPYDtsKzNn%2Bv1ZuMLXF%2BMTMfvB52Ss70RBBEuFG4B9plEf%2Fqk77SaPYeH8hR1KmCkaKAc2PBjm8dxh%2BPGxzFarBOdhUmqxsf%2Bm4mQW%2BPzGc%2BZ0jdFIoJDbwR2bH77ROHBQTR0G1TeQOPwZHcr717A%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 tag.js Show response
metrica-yandex.com/metrika/ 59 KB
19 KB 52ms
17ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://metrica-yandex.com/metrika/tag.js?1001
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e31460a6eacabdc5895ad2ad898a4a570ac88f2794c61ddce6b0beee304eb11

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:41 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 26839370
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 30 Sep 2021 23:00:22 GMT
server: cloudflare
etag: W/"61564186-eb6f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2BQN2yQ1THOt1h%2BpJNGEszUg9DeqhA7ODxxwpBPeS9gl3zMvwci0QPamxJ46mSi%2FmWTzh%2FLQDWw3qFCfcRjD3M%2FMybkHPx4Y59a%2FKrxg8YGeMLalvQU4Z15CzUqR4c6aTM71fwsiuCufixdcGoQ9JVY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=315360000
cf-ray: 7370abed18e69a03-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK ntfc.php Show response
glimtors.net/ 26 KB
10 KB 40ms
13ms Script
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://glimtors.net/ntfc.php?p=2651991
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: HTTP/1.1
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 8ad53ac7137ac51a91b6863f6fb84e66018f0781011a7826143c3b5880c98156

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 07 Aug 2022 14:23:41 GMT
Content-Encoding: gzip
Last-Modified: Thu, 21 Jul 2022 11:03:46 GMT
Server: nginx
ETag: W/"62d93292-69c0"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
1 KB 131ms
47ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap

Requested by

Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

df3ba57c1234e50c05735a0dedc033f43d5e638a97d5c51583cac8411d2ea34f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 07 Aug 2022 14:14:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 07 Aug 2022 14:23:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 07 Aug 2022 14:23:41 GMT

GET
H2 403 TH5z5DM.png
i.imgur.com/ 0
198 B 82ms
29ms Image
text/plain 199.232.16.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/TH5z5DM.png

Requested by

Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.16.193 Vienna, Austria, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:41 GMT
server: cat factory 1.0
x-timer: S1659882222.706689,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
x-cache-hits: 0
x-cache: MISS
accept-ranges: bytes
content-length: 0
retry-after: 0
x-served-by: cache-vie6325-VIE

GET
H/1.1 200
OK apx19.js Show response
img-yts.uproxy.red/app/ 9 KB
3 KB 58ms
58ms Script
application/javascript 2606:4700:3035::ac43:ba76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://img-yts.uproxy.red/app/apx19.js
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: HTTP/1.1
Server: 2606:4700:3035::ac43:ba76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a28fe59e4a2af96d8edeeb12d7040c574cf71fa88fccb5cf49e9c0a1d4e4c7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 07 Aug 2022 14:23:41 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Tue, 15 Sep 2020 18:46:55 GMT
Server: cloudflare
ETag: W/"5f610c1f-23df"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cdwM8H0h%2BkFIJ7jmj%2FR%2FgpHf9UUSVVEQO9mqiXWjdE1fGG4FUYfx4l8b4%2BBfyreMKIKh9UyELQJQBq%2Fuesww7Uv7GJkMbuP3P%2B40sM49SOTquejr%2BvpqfPcWmGq1ofhdSMQ6TC3NFCTgJbVKhIqJ4Kg%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 7370abed3f2f9180-FRA
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H2 200 1 Show response
lowlatiasan.com/ 8 KB
4 KB 50ms
14ms Script
text/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://lowlatiasan.com/1?z=3372123
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: c5db716794a2a7cdb3641b9662c62874fcab1061ff8545a6a8ded86a56fe9ec2

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: 71db6d54866785b8e0728cd02d3bc996
pragma: no-cache
date: Sun, 07 Aug 2022 14:23:41 GMT
content-encoding: gzip
x-sc: kYXBGIAgM0oGzHDAc5cLk1yRJjIRfQVGdMqMiCpx1BDW5Fd1vHC9xkDMPSoElwNmWzO-VcFFD-FbtLkOhoJUKeyMPKg=
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK hy.js Show response
img-yts.uproxy.red/ 55 KB
18 KB 85ms
79ms Script
application/javascript 2606:4700:3035::ac43:ba76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://img-yts.uproxy.red/hy.js?q22q2q2
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: HTTP/1.1
Server: 2606:4700:3035::ac43:ba76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f240ce7fa62cd81d92f29081815f2cd2376ea6867887d17d5625009ebdf355b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 07 Aug 2022 14:23:41 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Tue, 02 Mar 2021 05:53:27 GMT
Server: cloudflare
ETag: W/"603dd2d7-db43"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l2XJgg9NyUtq9rGWWyNRGim8f1aqOT8iamwZLVauB65P1nTv3DbosKVmi%2FPc6BjpddKJgZMHxGLqC9Cw1KfZ%2Bm0woaclCNQ94ay36Q3q%2BiXLKhpbcq5Oz3HfyRlPY9ygHob3Q2ninQ7zUBRhl8sJwQg%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 7370abed4fc88fe9-FRA
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK zpp4.js Show response
img-yts.uproxy.red/zpp/ 38 KB
15 KB 83ms
76ms Script
application/javascript 2606:4700:3035::ac43:ba76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://img-yts.uproxy.red/zpp/zpp4.js?q22q2q2
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: HTTP/1.1
Server: 2606:4700:3035::ac43:ba76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a18b1964d1d209c46d754459b9ef98d4a9a85065e245f8311be727ffee3f960

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 07 Aug 2022 14:23:41 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Tue, 02 Mar 2021 05:53:32 GMT
Server: cloudflare
ETag: W/"603dd2dc-9853"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8za27fm2FWYnHQqRJI4Kg8LRj01AI4XC5gN7venKIzXOQ7Qh5i96S4pFn6j9QZW%2Fur3XOqfRPQ9wJrL3q6kjU52OeIGhJOZLUpFvO7BN0ECi1lfUy0mDaokLPVPIA9lfSAWBSytjCIR83biLqNr2%2BDY%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 7370abed4ea2904c-FRA
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK apx14.js Show response
img-yts.uproxy.red/app/ 7 KB
3 KB 82ms
74ms Script
application/javascript 2606:4700:3035::ac43:ba76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://img-yts.uproxy.red/app/apx14.js
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: HTTP/1.1
Server: 2606:4700:3035::ac43:ba76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc03bc8b63938916a73dd976e186d05559ddc61da2725e1063b7936fa9f0fc33

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 07 Aug 2022 14:23:41 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Tue, 15 Sep 2020 18:26:26 GMT
Server: cloudflare
ETag: W/"5f610752-1def"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NZm1rqFTsbZQ8IBvwka7hKvKul2eWOFancIQsoFistm10L6dpHhsbwrg20SpgHOBh7eVqvE3g%2F0JoUGsKwI1qKfxhey9jVabhfBFS0yenZqi2jY2uLp2aCKFqyf8X5WMcLzRvL27CrhpbWyDYPrlKWg%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 7370abed48bc9b2d-FRA
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK x12.js Show response
img-yts.uproxy.red/app/ 11 KB
4 KB 86ms
74ms Script
application/javascript 2606:4700:3035::ac43:ba76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://img-yts.uproxy.red/app/x12.js
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: HTTP/1.1
Server: 2606:4700:3035::ac43:ba76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58c753f7ffcb584d2ed43470ec9bdd30a4cd4723f368d83de6163413d5555102

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 07 Aug 2022 14:23:41 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Tue, 15 Sep 2020 18:26:27 GMT
Server: cloudflare
ETag: W/"5f610753-2bac"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V4PLGyQvVkwcH4nzZtt5Toxcgx6gypEiYPIZxyL4MBgCMeyUVsLY3uv%2Btg1G0xyk2Csub3G3QrCT9lhaunDNGx0qeuXxuFL0HejhDikOA0sV9APDccUm%2FWAaP5bIUaCYnl74z9CPLTQN7H7q6BrxTWk%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 7370abed49f46933-FRA
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H2 200 qqqq.js Show response
walkinglive.org/j/m/ 47 KB
17 KB 68ms
22ms Script
application/javascript 2606:4700:3033::6815:21ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://walkinglive.org/j/m/qqqq.js?!A!
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:21ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff391f38fc73325f58d0626b9415ac121f1461407d74e86ebddefd8180050d76

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:41 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 81548
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 02 Mar 2021 03:16:06 GMT
server: cloudflare
etag: W/"603dadf6-bcdf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d%2FOr%2FXguG1a7T7H%2BRiuNyaHzX8MB%2FXDVEblvE2Xg2klCqSWzcJFpXjJpM%2BZAC82Y1PhjOd6gMcQvvwCSBcsLwBw7tHzciFzeN1XZuxPzoinOvkC3oacWkrKGx7%2F%2BhSMwY9%2Fdb49szrvr2Xl5tK4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=315360000
cf-ray: 7370abed8889bb55-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 204
No Content 2632704 Show response
lowlatiasan.com/5/ 0
705 B 38ms
18ms Script
application/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://lowlatiasan.com/5/2632704
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: HTTP/1.1
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

X-Trace-Id: 8278acc936456361c7885df061df7a70
Pragma: no-cache, no-cache
Date: Sun, 07 Aug 2022 14:23:41 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 204
No Content 3064505 Show response
inpagepush.com/400/ 0
535 B 63ms
13ms Script
text/plain 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://inpagepush.com/400/3064505

Requested by

Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/

Protocol

HTTP/1.1

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

X-Trace-Id: 3dbbc15c2ed8945085497c24bf7b1ded
Pragma: no-cache
Date: Sun, 07 Aug 2022 14:23:41 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *, *
Vary: Origin
Expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H/1.1 403
Forbidden a286902791a7f4c98bcb1e812322cd78.js
variablesconevening.com/a2/86/90/ 0
0 394ms
95ms Script
application/javascript 192.243.59.20
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://variablesconevening.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: HTTP/1.1
Server: 192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.17.9 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sun, 07 Aug 2022 14:23:41 GMT
Server: nginx/1.17.9
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Content-Type: application/javascript
Content-Length: 0

GET
H2 200 zone Show response
glimtors.net/ 708 B
998 B 43ms
15ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=img-yts.uproxy.red&var=&ymid=&var_3=

Requested by

Host: glimtors.net
URL: http://glimtors.net/ntfc.php?p=2651991

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

66ecc773be4f30365750a079867dcb9b6a904431f534bacac67213a755432a60

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: f9a13e3be1cdf3d1ed3f0abfac20469e
date: Sun, 07 Aug 2022 14:23:41 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: http://img-yts.uproxy.red
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 708

GET
H2 200 universal.min.js Show response
glimtors.net/pfe/current/ 146 KB
50 KB 40ms
12ms Fetch
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://glimtors.net/pfe/current/universal.min.js?v=3.1.389
Requested by: Host: glimtors.net
URL: http://glimtors.net/ntfc.php?p=2651991
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 2ab2d558d4346c9247e434f988e2765f2fab321557bb71b08e95c7fbe4fd631b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 07 Aug 2022 14:23:41 GMT
content-encoding: gzip
last-modified: Thu, 21 Jul 2022 11:03:46 GMT
server: nginx
etag: W/"62d93292-24704"
content-type: application/javascript
access-control-allow-origin: http://img-yts.uproxy.red
cache-control: no-cache
access-control-allow-credentials: true

GET
H2 403 TH5z5DM.png
i.imgur.com/ 0
60 B 17ms
17ms Image
text/plain 199.232.16.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/TH5z5DM.png

Requested by

Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.16.193 Vienna, Austria, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:41 GMT
server: cat factory 1.0
x-timer: S1659882222.738039,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
x-cache-hits: 0
x-cache: MISS
accept-ranges: bytes
content-length: 0
retry-after: 0
x-served-by: cache-vie6325-VIE

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 205 KB
71 KB 489ms
87ms Script
application/javascript 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

1b180241b262c5bd3dc07342b4bff2d11660801a558354699513cbc52cb79280

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
content-encoding: br
last-modified: Fri, 05 Aug 2022 13:12:24 GMT
etag: "62eced08-118ed"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 71917
expires: Sun, 07 Aug 2022 15:23:42 GMT

GET
H2

200

matomo.js Show response
matomo.hellohi.me/
Redirect Chain

http://matomo.hellohi.me/matomo.js
https://matomo.hellohi.me/matomo.js

63 KB
22 KB

74ms
27ms

Script
application/javascript

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://matomo.hellohi.me/matomo.js
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: H2
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5951438dd533bfc072aa250205ad3d618ac9add4b8f609a68d4608c7d3282434

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 989
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Sat, 18 Jun 2022 03:47:11 GMT
server: cloudflare
etag: W/"62ad4abf-faed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JAYXsOAjstw3A5odWx3MoOUxrYiacLXExnbx%2Bk9HIcSlF3o3UxC1SN4Ue2p77G6aBopg0Q1ayrh1Fo00tytQ12MLadJtOE97Zz5LnEfQz%2BhBfL6P5YS04svltW5Weo373QAGhKcUCmdeuY8qjve%2Big%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400
cf-ray: 7370abf0ad129183-FRA
expires: Sun, 07 Aug 2022 15:07:13 GMT

Redirect headers

Date: Sun, 07 Aug 2022 14:23:41 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 444
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Es2AN79k0HIb3ehibxsJzKZknzZalKAURJx7q74IXKEPwOK8vu8fU7Tcg%2FF%2BEcyy87tQ4lNTic58YCVnYK44WO47tcbHiKou7iRlpPtFvfG%2B8a%2BfMQd3yrdEzsa%2F%2BAFvK%2FiVksk1yhe0fLHfE%2Fyz6A%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html
Location: https://matomo.hellohi.me/matomo.js
Cache-Control: max-age=14400
CF-RAY: 7370abededab9268-FRA

GET
H2 200 a7e038ccb70ca5898f8cc1a9cca3827a Show response
lowlatiasan.com/27/ 398 KB
129 KB 28ms
28ms Script
application/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lowlatiasan.com/27/a7e038ccb70ca5898f8cc1a9cca3827a

Requested by

Host: lowlatiasan.com
URL: https://lowlatiasan.com/1?z=3372123

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

6d2847d8eeb8e7f8d608718b3714e86101ce51b1967f7e8587a00a26da62c70c

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Jul 2022 07:54:33 GMT
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin
cache-control: max-age:290304000, public
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Tue, 11 Aug 2082 07:54:33 GMT

GET
H2 200 38 Show response
lowlatiasan.com/42/ 0
528 B 40ms
40ms Script
text/plain 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://lowlatiasan.com/42/38?z=3372123
Requested by: Host: lowlatiasan.com
URL: https://lowlatiasan.com/1?z=3372123
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: 2f7f6fabb55bea9b7564b8168c8fa253
pragma: no-cache
date: Sun, 07 Aug 2022 14:23:41 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK / Show response
img-yts.uproxy.red/helper-js/ 3 KB
2 KB 71ms
71ms Script
application/javascript 2606:4700:3035::ac43:ba76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://img-yts.uproxy.red/helper-js/
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/app/apx14.js
Protocol: HTTP/1.1
Server: 2606:4700:3035::ac43:ba76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09daa2689f3dc24c067e51b87c31b5b97958a8208e148dbd291c3aa93e70e270

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 07 Aug 2022 14:23:41 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Seq%2FImaR0Wg2n0TlU5IqJanmHO6NZd%2FJWjLeM2bFHflsa76PiniXTpieVybLa0bdD1MjbFC37SeTAp8%2FIfQdm1%2BCrKs3BaafNfM%2BmCNoOETstlBqGR65RRwOtwtkQM13mv12TFBNQF5GnncdPfo0edE%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Cache-Control: s-maxage=0, max-age=0 no-cache, no-store, must-revalidate
Connection: keep-alive
CF-RAY: 7370abedfb066933-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Expires: 0

GET
H2 200 w2.js.php Show response
ecma.sidebyz.com/j/m/ 498 B
848 B 403ms
94ms Script
application/javascript 2606:4700:3037::6815:1061
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecma.sidebyz.com/j/m/w2.js.php
Requested by: Host: walkinglive.org
URL: https://walkinglive.org/j/m/qqqq.js?!A!
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:1061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac17f7ee4178a2a23982be1c26c326f4140e3a4cb642abc9b96d4138526adfcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 07 Aug 2022 14:23:42 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UUcObJwtU9ckujNsA8NK%2BumyWY0OZoI6CvN4qShtlLOm42QIuXAg%2Bdl3sw6dS2%2BcQs7HHNyhlLC48fWaIkQh%2BK89qfLhlpod0WARAjpBiYoPWywD2JzytcnelvcsTSfqnzd841BGamUiZd8qzOBw"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 7370abf0587f9bdd-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 343ms
37ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://img-yts.uproxy.red
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 08:01:51 GMT
x-content-type-options: nosniff
age: 282111
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Aug 2023 08:01:51 GMT

GET
H2 200 zone Show response
glimtors.net/ 708 B
997 B 18ms
18ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=img-yts.uproxy.red&var=&ymid=&var_3=

Requested by

Host: glimtors.net
URL: http://glimtors.net/ntfc.php?p=2651991

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

66ecc773be4f30365750a079867dcb9b6a904431f534bacac67213a755432a60

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: 39938b8cc46cb1fb2ba31c58f25b9437
date: Sun, 07 Aug 2022 14:23:41 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: http://img-yts.uproxy.red
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 708

GET
H2 200 universal.min.js Show response
glimtors.net/pfe/current/ 146 KB
50 KB 15ms
14ms Fetch
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://glimtors.net/pfe/current/universal.min.js?v=3.1.389
Requested by: Host: glimtors.net
URL: http://glimtors.net/ntfc.php?p=2651991
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 2ab2d558d4346c9247e434f988e2765f2fab321557bb71b08e95c7fbe4fd631b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 07 Aug 2022 14:23:41 GMT
content-encoding: gzip
last-modified: Thu, 21 Jul 2022 11:03:46 GMT
server: nginx
etag: W/"62d93292-24704"
content-type: application/javascript
access-control-allow-origin: http://img-yts.uproxy.red
cache-control: no-cache
access-control-allow-credentials: true

GET
H/1.1 204
No Content 4837723 Show response
rndskittytor.com/400/ 0
535 B 43ms
23ms Script
text/plain 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://rndskittytor.com/400/4837723

Requested by

Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/

Protocol

HTTP/1.1

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

X-Trace-Id: ab96891a78f0078292b26122fdfb6a5f
Pragma: no-cache
Date: Sun, 07 Aug 2022 14:23:42 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *, *
Vary: Origin
Expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
546 B 52ms
12ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: lowlatiasan.com
URL: https://lowlatiasan.com/27/a7e038ccb70ca5898f8cc1a9cca3827a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

934573c35cf0d632dc27990836f288feb61d1a33fa9e64037a10ef0f3c7663b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: http://img-yts.uproxy.red
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2

204

matomo.php
matomo.hellohi.me/
Redirect Chain

http://matomo.hellohi.me/matomo.php?action_name=403%20Forbidden&idsite=1&rec=1&r=442055&h=14&m=23&s=39&url=http%3A%2F%2Fimg-yts.uproxy.red%2F&_id=17dde14daf904dec&_idn=1&_refts=0&send_image=0&pdf=1...
https://matomo.hellohi.me/matomo.php?action_name=403%20Forbidden&idsite=1&rec=1&r=442055&h=14&m=23&s=39&url=http%3A%2F%2Fimg-yts.uproxy.red%2F&_id=17dde14daf904dec&_idn=1&_refts=0&send_image=0&pdf=...

0
0

193ms
193ms

Ping
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://matomo.hellohi.me/matomo.php?action_name=403%20Forbidden&idsite=1&rec=1&r=442055&h=14&m=23&s=39&url=http%3A%2F%2Fimg-yts.uproxy.red%2F&_id=17dde14daf904dec&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=9Lgb0a&pf_net=53&pf_srv=126&pf_tfr=16&pf_dm1=462
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: H2
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Redirect headers

Date: Sun, 07 Aug 2022 14:23:42 GMT
Referrer-Policy: origin
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2nqc4W2WGVU4Dntls8BhdwS10TjgW%2F0mlGKWx0VtrLiLm67iTmWUuLt0kVG8WK25GBtP3XHfFCVTGjzGMRAYGp20qNjrAJPnJgKYmYrqFBZ%2BMJFhobMJcwxaXY0eOL1Y4TITHcdFSmA5h7hAMRJrIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html
Location: https://matomo.hellohi.me/matomo.php?action_name=403%20Forbidden&idsite=1&rec=1&r=442055&h=14&m=23&s=39&url=http%3A%2F%2Fimg-yts.uproxy.red%2F&_id=17dde14daf904dec&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=9Lgb0a&pf_net=53&pf_srv=126&pf_tfr=16&pf_dm1=462
X-Content-Type-Options: nosniff
Connection: keep-alive
CF-RAY: 7370abf0e92c9268-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-XSS-Protection: 1; mode=block

OPTIONS
H2 200 custom
glimtors.net/ Frame 0
0 14ms
13ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://glimtors.net/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://img-yts.uproxy.red
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: http://img-yts.uproxy.red
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Sun, 07 Aug 2022 14:23:42 GMT
server: nginx

POST
H2 200 custom Show response
glimtors.net/ 39 B
327 B 13ms
13ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://glimtors.net/custom

Requested by

Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: http://img-yts.uproxy.red/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: a1018b86f38bbcb752aa150b77d57c61
date: Sun, 07 Aug 2022 14:23:42 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: http://img-yts.uproxy.red
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
546 B 28ms
13ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=54f3214014734f8dac74bec3d8fd7bb1&zoneId=2651991&checkDuplicate=true&ymid=&var=

Requested by

Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

b3e60586dfb02667d6579eff50dcfebc8116245b6d2b0d57c8fcc0e8eb0cf298

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: http://img-yts.uproxy.red
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2

204

2632704 Show response
lowlatiasan.com/5/
Redirect Chain

http://lowlatiasan.com/5/2632704
https://lowlatiasan.com/5/2632704

0
453 B

13ms
13ms

Script
text/plain

139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://lowlatiasan.com/5/2632704
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: H2
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: 62cded4fcdc37825319b2c44db785866
pragma: no-cache, no-cache
date: Sun, 07 Aug 2022 14:23:42 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://lowlatiasan.com/5/2632704
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

POST
H2 200 9 Show response
lowlatiasan.com/ 6 KB
3 KB 16ms
16ms XHR
application/json 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://lowlatiasan.com/9?z=3372123&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=http%3A%2F%2Fimg-yts.uproxy.red%2F&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=0&sah=1200&drf=&hil=1&ist=0&oaid=0717e5b8e7c345029dad44efaeaf6f35
Requested by: Host: lowlatiasan.com
URL: https://lowlatiasan.com/27/a7e038ccb70ca5898f8cc1a9cca3827a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: c399fd0f8ff98f04bab0098ab0edca61545a22d54c445a3d8577f74d4e0aaad3

Request headers

Referer: http://img-yts.uproxy.red/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 0abd287401c46d2d7fa12d56db248515
pragma: no-cache
date: Sun, 07 Aug 2022 14:23:42 GMT
content-encoding: gzip
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json
access-control-allow-origin: http://img-yts.uproxy.red
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Mon, 26 Jul 1997 05:00:00 GMT

OPTIONS
H2 204 9
lowlatiasan.com/ Frame 0
0 38ms
12ms Preflight 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://lowlatiasan.com/9?z=3372123&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=http%3A%2F%2Fimg-yts.uproxy.red%2F&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=0&sah=1200&drf=&hil=1&ist=0&oaid=0717e5b8e7c345029dad44efaeaf6f35
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://img-yts.uproxy.red
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: http://img-yts.uproxy.red
cache-control: no-store, no-cache, must-revalidate, max-age=0
date: Sun, 07 Aug 2022 14:23:42 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
server: nginx

GET
H2 200 defaultSkin.min.js Show response
glimtors.net/pfe/current/ 56 KB
19 KB 13ms
13ms Fetch
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://glimtors.net/pfe/current/defaultSkin.min.js
Requested by: Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 7b23e3a7155161323573e58616ff1bfdaffd0560483db31315d181f6b394ddd5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 07 Aug 2022 14:23:42 GMT
content-encoding: gzip
last-modified: Thu, 21 Jul 2022 11:03:46 GMT
server: nginx
etag: W/"62d93292-df63"
content-type: application/javascript
access-control-allow-origin: http://img-yts.uproxy.red
cache-control: no-cache
access-control-allow-credentials: true

GET
H2

400

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9723.FHGw9sH4c6hRgbEdXafrkFx-qq3moYNKinfP1ztyAXZY3NtOmgiuV_UasKEud86T.LLfn8eWBB6BZePvLyd9nB9zYAbA%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9723.bw2UV0GZAxZGqs-sZGX-AAF9CMBaEZgCq92YOH8ku2LMkSHatxDkplYmBZ1SkK7aIDtBKCHqmsb-tdVZXJLLUw%2C%2C.PPgKJW-qRR3g-siO5l1nPyr7aM0%2C

75 B
75 B

47ms
46ms

Image
text/html

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9723.bw2UV0GZAxZGqs-sZGX-AAF9CMBaEZgCq92YOH8ku2LMkSHatxDkplYmBZ1SkK7aIDtBKCHqmsb-tdVZXJLLUw%2C%2C.PPgKJW-qRR3g-siO5l1nPyr7aM0%2C

Requested by

Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
strict-transport-security: max-age=31536000
content-length: 75
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9723.bw2UV0GZAxZGqs-sZGX-AAF9CMBaEZgCq92YOH8ku2LMkSHatxDkplYmBZ1SkK7aIDtBKCHqmsb-tdVZXJLLUw%2C%2C.PPgKJW-qRR3g-siO5l1nPyr7aM0%2C
date: Sun, 07 Aug 2022 14:23:42 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
135 B 44ms
44ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
last-modified: Fri, 05 Aug 2022 13:14:52 GMT
etag: "62eced9c-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Sun, 07 Aug 2022 15:23:42 GMT

GET
DATA 200
OK truncated
/ Frame BCF8 255 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad3995ed8857c7c6c71609fb70c4c77bc564d9279424bc5b9945134720730d24

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

OPTIONS
H2 200 custom
glimtors.net/ Frame 0
0 12ms
12ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://glimtors.net/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://img-yts.uproxy.red
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: http://img-yts.uproxy.red
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Sun, 07 Aug 2022 14:23:42 GMT
server: nginx

POST
H2 200 custom Show response
glimtors.net/ 39 B
326 B 13ms
13ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://glimtors.net/custom

Requested by

Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: http://img-yts.uproxy.red/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 8ac2614831ce0108addd115c6f2b00bc
date: Sun, 07 Aug 2022 14:23:42 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: http://img-yts.uproxy.red
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

GET
H2 200 11 Show response
lowlatiasan.com/ 0
557 B 55ms
55ms XHR
image/jpeg 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://lowlatiasan.com/11?rnd=2894985835&z=3372123&b=5362695&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=atKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr&ruid=c8c349d1-0b14-4a17-a2b4-0109276d8bd3&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=http%3A%2F%2Fimg-yts.uproxy.red%2F&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=0&sah=1200&drf=&hil=1&ist=0&ot=90
Requested by: Host: lowlatiasan.com
URL: https://lowlatiasan.com/27/a7e038ccb70ca5898f8cc1a9cca3827a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: 960765d4b9e5caa8ab372d03ae3ab8ef
pragma: no-cache
date: Sun, 07 Aug 2022 14:23:42 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/jpeg
access-control-allow-origin: http://img-yts.uproxy.red
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 / Show response
interstitial-08.com/ Frame 6944 20 KB
6 KB 352ms
48ms Document
text/html 139.45.197.151
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Requested by: Host: lowlatiasan.com
URL: https://lowlatiasan.com/27/a7e038ccb70ca5898f8cc1a9cca3827a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.151 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx / PHP/7.4.27
Resource Hash: fe3f5fef5b7d66041199c6d6a8cdc5dd87884bc3aadd10b9c45a74e76aa3fb0a

Request headers

Referer: http://img-yts.uproxy.red/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 07 Aug 2022 14:23:42 GMT
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/7.4.27

GET
H2

200

1 Show response
mc.yandex.com/watch/55692553/
Redirect Chain

https://mc.yandex.com/watch/55692553?wmode=7&page-url=http%3A%2F%2Fimg-yts.uproxy.red%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1hc9dnhfark502dexbw1k%3Afp%3A464%3Afu%3A0%3Aen%3Autf-8%...
https://mc.yandex.com/watch/55692553/1?wmode=7&page-url=http%3A%2F%2Fimg-yts.uproxy.red%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1hc9dnhfark502dexbw1k%3Afp%3A464%3Afu%3A0%3Aen%3Autf-...

350 B
432 B

45ms
44ms

XHR
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/55692553/1?wmode=7&page-url=http%3A%2F%2Fimg-yts.uproxy.red%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1hc9dnhfark502dexbw1k%3Afp%3A464%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A850%3Acn%3A1%3Adp%3A0%3Als%3A901333021687%3Ahid%3A943236879%3Az%3A0%3Ai%3A20220807142339%3Aet%3A1659882220%3Ac%3A1%3Arn%3A1054519624%3Arqn%3A1%3Au%3A1659882220284207788%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Antf%3A1%3Ans%3A1659882218758%3Ads%3A40%2C13%2C125%2C16%2C%2C0%2C%2C454%2C0%2C%2C%2C%2C649%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1659882220%3At%3A403%20Forbidden&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29

Requested by

Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

95e030312604edc9dd87d0f948e1f648a85c9dc36777ecedd4a14e43e20cfb11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 07 Aug 2022 14:23:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 07-Aug-2022 14:23:42 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: http://img-yts.uproxy.red
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 350
x-xss-protection: 1; mode=block
expires: Sun, 07-Aug-2022 14:23:42 GMT

Redirect headers

pragma: no-cache
date: Sun, 07 Aug 2022 14:23:42 GMT
last-modified: Sun, 07-Aug-2022 14:23:42 GMT
location: /watch/55692553/1?wmode=7&page-url=http%3A%2F%2Fimg-yts.uproxy.red%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1hc9dnhfark502dexbw1k%3Afp%3A464%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A850%3Acn%3A1%3Adp%3A0%3Als%3A901333021687%3Ahid%3A943236879%3Az%3A0%3Ai%3A20220807142339%3Aet%3A1659882220%3Ac%3A1%3Arn%3A1054519624%3Arqn%3A1%3Au%3A1659882220284207788%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Antf%3A1%3Ans%3A1659882218758%3Ads%3A40%2C13%2C125%2C16%2C%2C0%2C%2C454%2C0%2C%2C%2C%2C649%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1659882220%3At%3A403%20Forbidden&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29
strict-transport-security: max-age=31536000
access-control-allow-origin: http://img-yts.uproxy.red
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Sun, 07-Aug-2022 14:23:42 GMT

GET
H2 200 fv.js Show response
unphionetor.com/ Frame 6944 5 KB
3 KB 79ms
14ms Script
text/javascript 139.45.197.236
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://unphionetor.com/fv.js?t=72747&cb=1580847372

Requested by

Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-trace-id: b413eb17e8064a6bb8271a57e4de6df4
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript; charset=utf8
access-control-allow-origin
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 style.css
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/css/ Frame 6944 12 KB
3 KB 66ms
22ms Stylesheet
text/css 2606:4700:10::6816:1974
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/css/style.css?v=1518177503492
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1974 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12ec824a66b6ad652e1cf0952853b6ba3053dd76a84bbcf4bdb3c055e411c78

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
content-encoding: br
cf-cache-status: HIT
age: 3325
last-modified: Fri, 15 Jul 2022 11:26:50 GMT
server: cloudflare
etag: W/"62d14efa-30c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-ray: 7370abf45ffd9188-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 audible.png
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/ Frame 6944 3 KB
3 KB 23ms
22ms Image
image/png 2606:4700:10::6816:1974
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/audible.png
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1974 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 871975b8040629c7b43de81b1a0878f40991ec2f49caddd6441b5d1f8322aeed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
cf-cache-status: HIT
age: 4930
content-length: 3429
last-modified: Fri, 15 Jul 2022 11:26:50 GMT
server: cloudflare
etag: "62d14efa-d65"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
accept-ranges: bytes
cf-ray: 7370abf4987b9188-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 0100657458245.jpeg
interstitial-08.com/contents/s/2d/3f/7f/35d1f144fa688a67ba834d0931/ Frame 6944 52 KB
53 KB 25ms
24ms Image
image/jpeg 139.45.197.151
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interstitial-08.com/contents/s/2d/3f/7f/35d1f144fa688a67ba834d0931/0100657458245.jpeg
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.151 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: be88718a0eb175ebc4385600fe4168853a2ba705d814d2f9887ca7aa8cbd9238

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
last-modified: Thu, 31 Jan 2019 11:14:34 GMT
server: nginx
etag: "5c52d89a-d0e0"
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 53472

GET
H2 200 0933414948049.jpeg
interstitial-08.com/contents/s/54/58/11/b0a815692a6ca16dd9a46924ab/ Frame 6944 14 KB
15 KB 37ms
36ms Image
image/jpeg 139.45.197.151
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interstitial-08.com/contents/s/54/58/11/b0a815692a6ca16dd9a46924ab/0933414948049.jpeg
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.151 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: f710c2b11df9cadcb3a6d25a9dc8306172c04ff1d2fa8d96d4019d70833f695d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
last-modified: Wed, 15 Aug 2018 10:56:50 GMT
server: nginx
etag: "5b7406f2-393b"
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 14651

GET
H2 200 0350025199145.jpeg
interstitial-08.com/contents/s/4e/61/84/4a7532ee6d30450abd6bb2a1da/ Frame 6944 35 KB
35 KB 37ms
36ms Image
image/jpeg 139.45.197.151
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interstitial-08.com/contents/s/4e/61/84/4a7532ee6d30450abd6bb2a1da/0350025199145.jpeg
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.151 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 01a91cef52f9849703fb84a945f9fb51b9debf7ac36730043d097c3865550e8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
last-modified: Tue, 17 Jul 2018 10:46:08 GMT
server: nginx
etag: "5b4dc8f0-8b17"
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 35607

GET
H2 200 01289039865190.jpeg
interstitial-08.com/contents/s/aa/5b/71/730bd1c1e09e51bf17160def9a/ Frame 6944 49 KB
50 KB 37ms
36ms Image
image/jpeg 139.45.197.151
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interstitial-08.com/contents/s/aa/5b/71/730bd1c1e09e51bf17160def9a/01289039865190.jpeg
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.151 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 89d93e12a15f6a5d57b5f8aca8bd1e6984dc4c8c5dec7840a8c8e8c8274c1568

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
last-modified: Thu, 31 Jan 2019 11:14:34 GMT
server: nginx
etag: "5c52d89a-c502"
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 50434

GET
H2 200 player.png
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/ Frame 6944 28 KB
28 KB 23ms
22ms Image
image/png 2606:4700:10::6816:1974
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/player.png
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1974 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1eb8cf889202f439bb6bd1a03049b2e71953c7c0a5aadddde498cbea9bcadac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
cf-cache-status: HIT
age: 1764
content-length: 28527
last-modified: Fri, 15 Jul 2022 11:26:50 GMT
server: cloudflare
etag: "62d14efa-6f6f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
accept-ranges: bytes
cf-ray: 7370abf4988a9188-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 script.js Show response
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/js/ Frame 6944 1 KB
562 B 21ms
21ms Script
application/javascript 2606:4700:10::6816:1974
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/js/script.js?v=1518177503494
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Flowlatiasan.com%2F12%3Frnd%3D3297255346%26z%3D3372123%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DatKNauo9nNaFiS28XRQpkvAUGLTcKtn2re-BYhMUZf7ZtgL5wYR9CsVx-6zLI52m7J87kPBlfJC5NTYFQQu2CQlaJoezBNVU0WuYqR9v4fkZqpuE0xuzoAsPF5yLfgsMxXx3R2cIvZPuMLK9ZfvsoVSSwkkyD1KURZfaStbNP3b-whq9c26xDb6nJKbmkoU-nmfc5pL03zMfOiNdhqG0woBeEqudLJc4x-Novk3j7iK0BFmSeHMMJNiq2ChtfY5aBLjv8HIPM3Idj1AnqJyUSbCnLXiKIPxr%26bag%3DydU9kaAfa6I%3D%26ruid%3Dc8c349d1-0b14-4a17-a2b4-0109276d8bd3%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttp%253A%252F%252Fimg-yts.uproxy.red%252F%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D0%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1974 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55c72f42fc6ee2c502a5f86fe215690719ce746f383ec8551af1f1fb66252b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 14:23:42 GMT
content-encoding: br
cf-cache-status: HIT
age: 4528
last-modified: Fri, 15 Jul 2022 11:26:50 GMT
server: cloudflare
etag: W/"62d14efa-58b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-ray: 7370abf4884e9188-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 204 vctx Show response
unphionetor.com/ Frame 6944 0
494 B 15ms
14ms XHR
text/plain 139.45.197.236
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://unphionetor.com/vctx?t=72747

Requested by

Host: unphionetor.com
URL: https://unphionetor.com/fv.js?t=72747&cb=1580847372

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: 448b0f20f61b9ba196a19c18692ac3dd
pragma: no-cache
date: Sun, 07 Aug 2022 14:23:42 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://interstitial-08.com
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H2 204 vbl
unphionetor.com/ Frame 6944 0
494 B 15ms
15ms Ping
text/plain 139.45.197.236
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

Requested by

Host: unphionetor.com
URL: https://unphionetor.com/fv.js?t=72747&cb=1580847372

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: 368ecbbea0cc545f935d19db64659667
pragma: no-cache
date: Sun, 07 Aug 2022 14:23:42 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://interstitial-08.com
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H2 200 custom Show response
glimtors.net/ 39 B
327 B 14ms
13ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://glimtors.net/custom

Requested by

Host: img-yts.uproxy.red
URL: http://img-yts.uproxy.red/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: http://img-yts.uproxy.red/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 029012a55be6f880fac13d5594d62f65
date: Sun, 07 Aug 2022 14:23:42 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: http://img-yts.uproxy.red
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

OPTIONS
H2 200 custom
glimtors.net/ Frame 0
0 12ms
12ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://glimtors.net/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://img-yts.uproxy.red
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: http://img-yts.uproxy.red
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Sun, 07 Aug 2022 14:23:42 GMT
server: nginx

GET
H3

204

matomo.php
matomo.hellohi.me/
Redirect Chain

http://matomo.hellohi.me/matomo.php?action_name=403%20Forbidden&idsite=1&rec=1&r=546718&h=14&m=23&s=39&url=http%3A%2F%2Fimg-yts.uproxy.red%2F&_id=17dde14daf904dec&_idn=0&_refts=0&send_image=0&pdf=1...
https://matomo.hellohi.me/matomo.php?action_name=403%20Forbidden&idsite=1&rec=1&r=546718&h=14&m=23&s=39&url=http%3A%2F%2Fimg-yts.uproxy.red%2F&_id=17dde14daf904dec&_idn=0&_refts=0&send_image=0&pdf=...

0
0

168ms
168ms

Ping
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://matomo.hellohi.me/matomo.php?action_name=403%20Forbidden&idsite=1&rec=1&r=546718&h=14&m=23&s=39&url=http%3A%2F%2Fimg-yts.uproxy.red%2F&_id=17dde14daf904dec&_idn=0&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=ELFStx&pf_net=53&pf_srv=126&pf_tfr=16&pf_dm1=462
Protocol: H3
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://img-yts.uproxy.red/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Redirect headers

Date: Sun, 07 Aug 2022 14:23:43 GMT
Referrer-Policy: origin
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nv73nW1PTrIah9qR4TDA29lNV2xzl3APwq57YxeAhCalwJ4w64Iq89Ut9eQagks3wGA%2BiqhIVCbEvU%2B4Ri774sVHHCpNRPB5pv3elDmm7FYY5%2FFMowfF1UI4%2BpUVIkCqFjdSXOr2OXXxvmsWRs%2F2aA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html
Location: https://matomo.hellohi.me/matomo.php?action_name=403%20Forbidden&idsite=1&rec=1&r=546718&h=14&m=23&s=39&url=http%3A%2F%2Fimg-yts.uproxy.red%2F&_id=17dde14daf904dec&_idn=0&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=ELFStx&pf_net=53&pf_srv=126&pf_tfr=16&pf_dm1=462
X-Content-Type-Options: nosniff
Connection: keep-alive
CF-RAY: 7370abf5efd99268-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
lowlatiasan.com/42	1970-01-20 13:50:18	Name: OAID Value: 0b25f7ff51574670a5483a014c7bd679
lowlatiasan.com/42	1970-01-20 13:50:18	Name: oaidts Value: 1659882221
lowlatiasan.com/	1970-01-20 13:50:18	Name: scm Value: 1
lowlatiasan.com/	1970-01-20 13:50:18	Name: oaidts Value: 1659882221
img-yts.uproxy.red/	1970-01-20 14:30:37	Name: _pk_id.1.0cc1 Value: 17dde14daf904dec.1659882220.
img-yts.uproxy.red/	1970-01-20 05:04:44	Name: _pk_ses.1.0cc1 Value: 1
my.rtmark.net/	1970-01-20 13:50:18	Name: ID Value: 54f3214014734f8dac74bec3d8fd7bb1
.uproxy.red/	1970-01-20 13:50:18	Name: _ym_uid Value: 1659882220284207788
.uproxy.red/	1970-01-20 13:50:18	Name: _ym_d Value: 1659882220
lowlatiasan.com/	1970-01-20 13:50:18	Name: OAID Value: 0717e5b8e7c345029dad44efaeaf6f35
.mc.yandex.com/	1970-01-20 05:04:42	Name: sync_cookie_csrf Value: 519090287fake
.uproxy.red/	1970-01-20 05:05:54	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-20 05:04:42	Name: sync_cookie_csrf Value: 3910413966fake
.yandex.com/	1970-01-20 13:50:18	Name: yandexuid Value: 4206437091659882222
.yandex.com/	1970-01-20 13:50:18	Name: yuidss Value: 4206437091659882222
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 1330978451659882222
.yandex.com/	1970-01-20 14:40:42	Name: i Value: zlysyW+Fb2A8gkxNl2WacY2mphpR5QGvIPXDF+96XZfKlISeRf4NL9vCZp+IQ2SOmrIUnAIx0r6BD1At2P3BwpfGQ0Y=
.yandex.com/	1970-01-20 13:50:18	Name: ymex Value: 1691418222.yrts.1659882222#1691418222.yrtsi.1659882222

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://i.imgur.com/TH5z5DM.png Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://i.imgur.com/TH5z5DM.png Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: http://img-yts.uproxy.red/ Message: Refused to execute script from 'http://inpagepush.com/400/3064505' because its MIME type ('') is not executable, and strict MIME type checking is enabled.
network	error	URL: http://variablesconevening.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
security	error	URL: http://img-yts.uproxy.red/ Message: Refused to execute script from 'http://rndskittytor.com/400/4837723' because its MIME type ('') is not executable, and strict MIME type checking is enabled.
javascript	warning	URL: https://ecma.sidebyz.com/j/m/w2.js.php(Line 1) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
network	error	URL: https://mc.yandex.com/sync_cookie_image_decide?token=9723.bw2UV0GZAxZGqs-sZGX-AAF9CMBaEZgCq92YOH8ku2LMkSHatxDkplYmBZ1SkK7aIDtBKCHqmsb-tdVZXJLLUw%2C%2C.PPgKJW-qRR3g-siO5l1nPyr7aM0%2C Message: Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ecma.sidebyz.com
fonts.googleapis.com
fonts.gstatic.com
glimtors.net
i.imgur.com
img-yts.uproxy.red
inpagepush.com
interstitial-08.com
littlecdn.com
lowlatiasan.com
matomo.hellohi.me
mc.yandex.com
mc.yandex.ru
metrica-yandex.com
my.rtmark.net
rndskittytor.com
unphionetor.com
variablesconevening.com
walkinglive.org
139.45.195.8
139.45.197.151
139.45.197.236
139.45.197.237
139.45.197.238
139.45.197.239
139.45.197.251
192.243.59.20
199.232.16.193
2606:4700:10::6816:1974
2606:4700:3033::6815:21ee
2606:4700:3035::ac43:ba76
2606:4700:3037::6815:1061
2a00:1450:4001:801::2003
2a00:1450:4001:809::200a
2a02:6b8::1:119
2a06:98c1:3121::3
01a91cef52f9849703fb84a945f9fb51b9debf7ac36730043d097c3865550e8c
09daa2689f3dc24c067e51b87c31b5b97958a8208e148dbd291c3aa93e70e270
0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a
1b180241b262c5bd3dc07342b4bff2d11660801a558354699513cbc52cb79280
2ab2d558d4346c9247e434f988e2765f2fab321557bb71b08e95c7fbe4fd631b
3a18b1964d1d209c46d754459b9ef98d4a9a85065e245f8311be727ffee3f960
3a28fe59e4a2af96d8edeeb12d7040c574cf71fa88fccb5cf49e9c0a1d4e4c7a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55c72f42fc6ee2c502a5f86fe215690719ce746f383ec8551af1f1fb66252b2e
58c753f7ffcb584d2ed43470ec9bdd30a4cd4723f368d83de6163413d5555102
5951438dd533bfc072aa250205ad3d618ac9add4b8f609a68d4608c7d3282434
5beae9b0abd280e961ba451a7377c60fc7bb96aeb426090a26a44a67680bab9b
5e31460a6eacabdc5895ad2ad898a4a570ac88f2794c61ddce6b0beee304eb11
66ecc773be4f30365750a079867dcb9b6a904431f534bacac67213a755432a60
6d2847d8eeb8e7f8d608718b3714e86101ce51b1967f7e8587a00a26da62c70c
7b23e3a7155161323573e58616ff1bfdaffd0560483db31315d181f6b394ddd5
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
871975b8040629c7b43de81b1a0878f40991ec2f49caddd6441b5d1f8322aeed
89d93e12a15f6a5d57b5f8aca8bd1e6984dc4c8c5dec7840a8c8e8c8274c1568
8ad53ac7137ac51a91b6863f6fb84e66018f0781011a7826143c3b5880c98156
934573c35cf0d632dc27990836f288feb61d1a33fa9e64037a10ef0f3c7663b2
95e030312604edc9dd87d0f948e1f648a85c9dc36777ecedd4a14e43e20cfb11
ac17f7ee4178a2a23982be1c26c326f4140e3a4cb642abc9b96d4138526adfcf
ad3995ed8857c7c6c71609fb70c4c77bc564d9279424bc5b9945134720730d24
b3e60586dfb02667d6579eff50dcfebc8116245b6d2b0d57c8fcc0e8eb0cf298
be88718a0eb175ebc4385600fe4168853a2ba705d814d2f9887ca7aa8cbd9238
c399fd0f8ff98f04bab0098ab0edca61545a22d54c445a3d8577f74d4e0aaad3
c5db716794a2a7cdb3641b9662c62874fcab1061ff8545a6a8ded86a56fe9ec2
d12ec824a66b6ad652e1cf0952853b6ba3053dd76a84bbcf4bdb3c055e411c78
d1eb8cf889202f439bb6bd1a03049b2e71953c7c0a5aadddde498cbea9bcadac
dc03bc8b63938916a73dd976e186d05559ddc61da2725e1063b7936fa9f0fc33
df3ba57c1234e50c05735a0dedc033f43d5e638a97d5c51583cac8411d2ea34f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f240ce7fa62cd81d92f29081815f2cd2376ea6867887d17d5625009ebdf355b1
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f710c2b11df9cadcb3a6d25a9dc8306172c04ff1d2fa8d96d4019d70833f695d
fe3f5fef5b7d66041199c6d6a8cdc5dd87884bc3aadd10b9c45a74e76aa3fb0a
ff391f38fc73325f58d0626b9415ac121f1461407d74e86ebddefd8180050d76
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

img-yts.uproxy.red Open in urlscan Pro 2606:4700:3035::ac43:ba76 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

58 Requests

69 %HTTPS

47 %IPv6

19 Domains

19 Subdomains

18 IPs

5 Countries

718 kBTransfer

1711 kBSize

18 Cookies

0 Outgoing links

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

img-yts.uproxy.red Open in urlscan Pro
2606:4700:3035::ac43:ba76 Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

69 %
HTTPS

47 %
IPv6

19
Domains

19
Subdomains

18
IPs

5
Countries

718 kB
Transfer

1711 kB
Size

18
Cookies

58 HTTP transactions
1 data transactions