urlscan.io logo urlscan.io
SecurityTrails logo

emturbovid.com Open in urlscan Pro
2a06:98c1:3121::3  Public Scan

Go To Rescan Add Verdict Report
URL: https://emturbovid.com/t/BPYSXEsiqrz3APOtcDkQ
Submission: On June 15 via manual from ID — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 4 countries across 12 domains to perform 20 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is emturbovid.com. The Cisco Umbrella rank of the primary domain is 841083.
TLS certificate: Issued by E1 on May 23rd 2022. Valid for: 3 months.
This is the only time emturbovid.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:231... 16509 (AMAZON-02)
4 139.45.197.237 9002 (RETN-AS)
1 4 2a02:6b8::1:119 208722 (GLOBAL_DC)
1 139.45.195.8 9002 (RETN-AS)
2 2001:4860:480... 15169 (GOOGLE)
1 139.45.197.236 9002 (RETN-AS)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 139.45.195.254 9002 (RETN-AS)
20 12
1    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
emturbovid.com
3    2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2600:9000:2315:5200:1:a3fa:7cc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.jwplayer.com
4    139.45.197.237 (United Kingdom)

ASN9002 (RETN-AS, GB)
betotodilea.com
4    2a02:6b8::1:119 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)
mc.yandex.ru
1    139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)
my.rtmark.net
2    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    139.45.197.236 (United Kingdom)

ASN9002 (RETN-AS, GB)
cdn.itskiddoan.club
1    2606:4700:3033::6815:16a9 (United States)

ASN13335 (CLOUDFLARENET, US)
tzegilo.com
1    139.45.195.254 (United Kingdom)

ASN9002 (RETN-AS, GB)
fleraprt.com
Apex Domain
Subdomains		 Transfer
4 yandex.ru
mc.yandex.ru — Cisco Umbrella Rank: 3187
72 KB
4 betotodilea.com
betotodilea.com — Cisco Umbrella Rank: 68813
30 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 96
176 KB
2 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 9409
363 B
1 fleraprt.com
fleraprt.com — Cisco Umbrella Rank: 18024
484 B
1 tzegilo.com
tzegilo.com — Cisco Umbrella Rank: 20678
18 KB
1 itskiddoan.club
cdn.itskiddoan.club — Cisco Umbrella Rank: 28736
2 KB
1 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 9968
544 B
1 jwplayer.com
cdn.jwplayer.com — Cisco Umbrella Rank: 2550
40 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 329
31 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 793
21 KB
1 emturbovid.com
emturbovid.com — Cisco Umbrella Rank: 841083
7 KB
20 12
Domain Requested by
4 mc.yandex.ru 1 redirects emturbovid.com
4 betotodilea.com emturbovid.com
betotodilea.com
3 www.googletagmanager.com emturbovid.com
www.googletagmanager.com
2 region1.google-analytics.com www.googletagmanager.com
1 fleraprt.com tzegilo.com
1 tzegilo.com betotodilea.com
1 cdn.itskiddoan.club betotodilea.com
1 my.rtmark.net betotodilea.com
1 cdn.jwplayer.com emturbovid.com
1 ajax.googleapis.com emturbovid.com
1 maxcdn.bootstrapcdn.com emturbovid.com
1 emturbovid.com
20 12

This site contains no links.

Subject Issuer Validity Valid
*.emturbovid.com
E1		 2022-05-23 -
2022-08-21		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-05-30 -
2022-08-22		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-01-29 -
2023-01-29		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-05-30 -
2022-08-22		 3 months crt.sh
jwplayer.com
Amazon		 2021-12-29 -
2023-01-25		 a year crt.sh
betotodilea.com
R3		 2022-05-02 -
2022-07-31		 3 months crt.sh
mc.yandex.ru
GlobalSign ECC OV SSL CA 2018		 2022-05-21 -
2022-10-31		 5 months crt.sh
*.rtmark.net
Sectigo RSA Domain Validation Secure Server CA		 2021-11-20 -
2022-11-26		 a year crt.sh
cdn.itskiddoan.club
Sectigo RSA Domain Validation Secure Server CA		 2021-10-04 -
2022-10-04		 a year crt.sh
fleraprt.com
Sectigo RSA Domain Validation Secure Server CA		 2022-01-14 -
2023-01-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://emturbovid.com/t/BPYSXEsiqrz3APOtcDkQ
Frame ID: 77BA2CBF708D088E53D4963857524018
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

91CM-220墜欲上集-董欣 - 免費高清AV在線看 - AV看到飽

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • mc\.yandex\.ru/metrika/(?:tag|watch)\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

95 %
HTTPS

67 %
IPv6

12
Domains

12
Subdomains

12
IPs

4
Countries

397 kB
Transfer

1156 kB
Size

17
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16
  • https://mc.yandex.ru/watch/83308117?wmode=7&page-url=https%3A%2F%2Femturbovid.com%2Ft%2FBPYSXEsiqrz3APOtcDkQ&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1axv6s0ia38tfbuwalw54%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A815%3Acn%3A1%3Adp%3A0%3Als%3A1581894231764%3Ahid%3A359101925%3Az%3A0%3Ai%3A20220615192240%3Aet%3A1655320961%3Ac%3A1%3Arn%3A834915763%3Arqn%3A1%3Au%3A1655320961974533821%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1655320958645%3Ads%3A14%2C44%2C413%2C2%2C%2C0%2C%2C179%2C0%2C%2C%2C%2C654%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1655320961%3At%3A91CM-220%E5%A2%9C%E6%AC%B2%E4%B8%8A%E9%9B%86-%E8%91%A3%E6%AC%A3%20-%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85AV%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20AV%E7%9C%8B%E5%88%B0%E9%A3%BD&t=gdpr(14)aw(1)rqnt(1)ti(2) HTTP 302
  • https://mc.yandex.ru/watch/83308117/1?wmode=7&page-url=https%3A%2F%2Femturbovid.com%2Ft%2FBPYSXEsiqrz3APOtcDkQ&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1axv6s0ia38tfbuwalw54%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A815%3Acn%3A1%3Adp%3A0%3Als%3A1581894231764%3Ahid%3A359101925%3Az%3A0%3Ai%3A20220615192240%3Aet%3A1655320961%3Ac%3A1%3Arn%3A834915763%3Arqn%3A1%3Au%3A1655320961974533821%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1655320958645%3Ads%3A14%2C44%2C413%2C2%2C%2C0%2C%2C179%2C0%2C%2C%2C%2C654%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1655320961%3At%3A91CM-220%E5%A2%9C%E6%AC%B2%E4%B8%8A%E9%9B%86-%E8%91%A3%E6%AC%A3%20-%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85AV%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20AV%E7%9C%8B%E5%88%B0%E9%A3%BD&t=gdpr%2814%29aw%281%29rqnt%281%29ti%282%29

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request BPYSXEsiqrz3APOtcDkQ
emturbovid.com/t/ 		26 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://emturbovid.com/t/BPYSXEsiqrz3APOtcDkQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.33
Resource Hash
bc66bff561b7d830ec435d41978cbf3970ff1c4be909f88a242e784d564393bd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate no-cache, private
cf-cache-status
DYNAMIC
cf-ray
71bdacf7fa9c912b-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 15 Jun 2022 19:22:39 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hd76kFkYGSXsy5n45kS1kVWj8OXN6Wd5%2B4Vol6amh9mKOSbQh0Spo2G4r9IEVT1bJy1pNtl6HkpT154FVcniAUrNvHYMuWZiAJUSE59i8ceMcKM1JwXnuzb0fzSYUP6TbjYoHMJWMbcw3mQlxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.3.33
js
www.googletagmanager.com/gtag/ 		101 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-173619459-1
Requested by
Host: emturbovid.com
URL: https://emturbovid.com/t/BPYSXEsiqrz3APOtcDkQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9df9acca55e8c1c74a1a295c8aacdbfb971d7d35675412f64bc3041b8a1d6801
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 15 Jun 2022 19:22:39 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39754
x-xss-protection
0
last-modified
Wed, 15 Jun 2022 18:02:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 15 Jun 2022 19:22:39 GMT
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/ 		119 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css
Requested by
Host: emturbovid.com
URL: https://emturbovid.com/t/BPYSXEsiqrz3APOtcDkQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 15 Jun 2022 19:22:39 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
632, 617, 617
age
9603945
cdn-cachedat
2021-06-08 21:08:18
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:00 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
4c13519f64fe01e60388139af66d7ef8
cf-ray
71bdacfaeaf29b3d-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: emturbovid.com
URL: https://emturbovid.com/t/BPYSXEsiqrz3APOtcDkQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Thu, 09 Jun 2022 14:00:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
537750
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 09 Jun 2023 14:00:09 GMT
5Mr0zETT.js
cdn.jwplayer.com/libraries/ 		114 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jwplayer.com/libraries/5Mr0zETT.js
Requested by
Host: emturbovid.com
URL: https://emturbovid.com/t/BPYSXEsiqrz3APOtcDkQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5200:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
2484ae8aaa51ee2db410052e43681fe3a6bcf332fc2b279af07e533ddb6dae74

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 15 Jun 2022 19:22:32 GMT
content-encoding
gzip
server
openresty
age
7
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=150, max-stale=180
x-amz-cf-pop
DUS51-P2
content-length
40927
via
1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
x-amz-cf-id
k9s2HM2-ZbkYy5KEG4fZsX34XmJX_64ma2h1HfWlTcxbtKUCdcBVdA==
expires
Wed, 15 Jun 2022 19:22:32 GMT
js
www.googletagmanager.com/gtag/ 		191 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-RXQM5QPSYX
Requested by
Host: emturbovid.com
URL: https://emturbovid.com/t/BPYSXEsiqrz3APOtcDkQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fa20ccb6441fd98c1cba7eaa5f81af5bb9ceb088ca5564665720878d6145749c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 15 Jun 2022 19:22:39 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
70106
x-xss-protection
0
expires
Wed, 15 Jun 2022 19:22:39 GMT
5043159
betotodilea.com/400/ 		73 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://betotodilea.com/400/5043159
Requested by
Host: emturbovid.com
URL: https://emturbovid.com/t/BPYSXEsiqrz3APOtcDkQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
f497e3ffb50c1590908a6921afe89a7ef916f26b29f26174e58a69ba4469f40c
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-trace-id
1283886a84c2c58ebf755f9cbbc2d0df
pragma
no-cache
date
Wed, 15 Jun 2022 19:22:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Origin
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Link
cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials
true
strict-transport-security
max-age=1
timing-allow-origin
*, *
expires
Tue, 11 Jan 1994 10:00:00 GMT
tag.js
mc.yandex.ru/metrika/ 		203 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/tag.js
Requested by
Host: emturbovid.com
URL: https://emturbovid.com/t/BPYSXEsiqrz3APOtcDkQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),
Reverse DNS
Software
/
Resource Hash
d952713d0bccadda2e02d88419b8656c83f72cbd48dcd810c812f8b6110c0f91
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 15 Jun 2022 19:22:39 GMT
content-encoding
br
last-modified
Tue, 14 Jun 2022 10:42:01 GMT
etag
"62a83bc9-115f9"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
content-length
71161
expires
Wed, 15 Jun 2022 20:22:39 GMT
gid.js
my.rtmark.net/ 		65 B
544 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/gid.js
Requested by
Host: betotodilea.com
URL: https://betotodilea.com/400/5043159
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
01f781bb65a395f0061252beaa9275324c2513dc9142057963f757ea6ecdefce
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 15 Jun 2022 19:22:39 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://emturbovid.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
js
www.googletagmanager.com/gtag/ 		191 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-RXQM5QPSYX&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-173619459-1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1e49d0c48db791bcad299244465dc36085a7551c014854828d2c34c86a50937f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 15 Jun 2022 19:22:39 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69984
x-xss-protection
0
expires
Wed, 15 Jun 2022 19:22:39 GMT
5043159
betotodilea.com/400/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://betotodilea.com/400/5043159?oo=1&oaid=b7fdf874c3d24ccf876b43c649c09e73
Requested by
Host: betotodilea.com
URL: https://betotodilea.com/400/5043159
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
5a841fa90bbf7d684a4d1d4d707ec65e449788155ad065780e05bc5b868aefe8
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-trace-id
09e801274b7143d0a679e2bb2aa133ed
pragma
no-cache
date
Wed, 15 Jun 2022 19:22:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://emturbovid.com
access-control-expose-headers
Link
cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials
true
strict-transport-security
max-age=1
timing-allow-origin
*, *
expires
Tue, 11 Jan 1994 10:00:00 GMT
collect
region1.google-analytics.com/g/ 		0
346 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-RXQM5QPSYX&gtm=2oe6d0&_p=1857023740&_z=ccd.tdB&cid=80249899.1655320959&ul=en-us&sr=1600x1200&_s=1&sid=1655320959&sct=1&seg=0&dl=https%3A%2F%2Femturbovid.com%2Ft%2FBPYSXEsiqrz3APOtcDkQ&dt=91CM-220%E5%A2%9C%E6%AC%B2%E4%B8%8A%E9%9B%86-%E8%91%A3%E6%AC%A3%20-%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85AV%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20AV%E7%9C%8B%E5%88%B0%E9%A3%BD&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RXQM5QPSYX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Jun 2022 19:22:39 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://emturbovid.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
apu.php
cdn.itskiddoan.club/ 		968 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.itskiddoan.club/apu.php?zoneid=5048997
Requested by
Host: betotodilea.com
URL: https://betotodilea.com/400/5043159
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ed72977de9db1cf5dcfa63f88c01d5e4c3db1c65bdf5a85082a0f385a5c457af
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 15 Jun 2022 19:22:39 GMT
x-content-type-options
nosniff
access-control-max-age
86400
content-length
968
x-trace-id
92bbee476231e1c3c1d3d7331352749d
pragma
no-cache
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding
expires
Tue, 11 Jan 1994 10:00:00 GMT
stattag.js
tzegilo.com/ 		49 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tzegilo.com/stattag.js
Requested by
Host: betotodilea.com
URL: https://betotodilea.com/400/5043159
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:16a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3676e16a1358628756bda4274db53b7a9f299e3dfa82ec22301c83ba142ad774

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 15 Jun 2022 19:22:39 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6958
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 09 Jun 2022 09:20:35 GMT
server
cloudflare
etag
W/"62a1bb63-c24f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mpDFhpsYrFTqtTgVmdy8lThEwkiwCPmvNe%2FMsIQyXJHOd5hr%2FjmfTVMuKzW9%2FDoNKZBt6QDtMRtqV3fdEs2VGvwoH%2BPo%2Bs9lfIDFo%2BFng7Pr7kcvFYWNPByA3eAcXMP%2F6%2BCVfXEYBU8jsg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
71bdacfc8bb79122-FRA
link
<https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
5043159
betotodilea.com/500/ 		0
461 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://betotodilea.com/500/5043159?excludes=&oaid=b7fdf874c3d24ccf876b43c649c09e73&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=0&pl=https%3A%2F%2Femturbovid.com%2Ft%2FBPYSXEsiqrz3APOtcDkQ&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
Requested by
Host: betotodilea.com
URL: https://betotodilea.com/400/5043159
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://emturbovid.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
Content-Type
application/json

Response headers

x-trace-id
8c724a9b814a99e131ce833b27155915
pragma
no-cache
date
Wed, 15 Jun 2022 19:22:40 GMT
x-content-type-options
nosniff
server
nginx
vary
Origin
access-control-allow-origin
https://emturbovid.com
access-control-expose-headers
Link
cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials
true
strict-transport-security
max-age=1
timing-allow-origin
*, *
expires
Tue, 11 Jan 1994 10:00:00 GMT
5043159
betotodilea.com/500/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://betotodilea.com/500/5043159?excludes=&oaid=b7fdf874c3d24ccf876b43c649c09e73&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=0&pl=https%3A%2F%2Femturbovid.com%2Ft%2FBPYSXEsiqrz3APOtcDkQ&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://emturbovid.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://emturbovid.com
access-control-max-age
600
allow
GET, OPTIONS
content-length
0
date
Wed, 15 Jun 2022 19:22:40 GMT
server
nginx
strict-transport-security
max-age=1
timing-allow-origin
*
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
add
fleraprt.com/log/ 		12 B
484 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
Requested by
Host: tzegilo.com
URL: https://tzegilo.com/stattag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.254 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx/1.19.10 /
Resource Hash
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e

Request headers

Referer
https://emturbovid.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 15 Jun 2022 19:22:59 GMT
Server
nginx/1.19.10
Access-Control-Allow-Methods
POST, GET, OPTIONS, PUT, DELETE
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://emturbovid.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length
12
1
mc.yandex.ru/watch/83308117/
Redirect Chain
  • https://mc.yandex.ru/watch/83308117?wmode=7&page-url=https%3A%2F%2Femturbovid.com%2Ft%2FBPYSXEsiqrz3APOtcDkQ&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1axv6s0ia38tfbuwalw54%3Afu%3A0%3Aen...
  • https://mc.yandex.ru/watch/83308117/1?wmode=7&page-url=https%3A%2F%2Femturbovid.com%2Ft%2FBPYSXEsiqrz3APOtcDkQ&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1axv6s0ia38tfbuwalw54%3Afu%3A0%3A...
331 B
413 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/83308117/1?wmode=7&page-url=https%3A%2F%2Femturbovid.com%2Ft%2FBPYSXEsiqrz3APOtcDkQ&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1axv6s0ia38tfbuwalw54%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A815%3Acn%3A1%3Adp%3A0%3Als%3A1581894231764%3Ahid%3A359101925%3Az%3A0%3Ai%3A20220615192240%3Aet%3A1655320961%3Ac%3A1%3Arn%3A834915763%3Arqn%3A1%3Au%3A1655320961974533821%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1655320958645%3Ads%3A14%2C44%2C413%2C2%2C%2C0%2C%2C179%2C0%2C%2C%2C%2C654%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1655320961%3At%3A91CM-220%E5%A2%9C%E6%AC%B2%E4%B8%8A%E9%9B%86-%E8%91%A3%E6%AC%A3%20-%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85AV%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20AV%E7%9C%8B%E5%88%B0%E9%A3%BD&t=gdpr%2814%29aw%281%29rqnt%281%29ti%282%29
Requested by
Host: emturbovid.com
URL: https://emturbovid.com/t/BPYSXEsiqrz3APOtcDkQ
Protocol
H2
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),
Reverse DNS
Software
/
Resource Hash
52fdaf753ef88432e86dc614460751d74379728d0ecc8413272b3f59f308adfc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Jun 2022 19:22:40 GMT
x-content-type-options
nosniff
last-modified
Wed, 15-Jun-2022 19:22:40 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://emturbovid.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
331
x-xss-protection
1; mode=block
expires
Wed, 15-Jun-2022 19:22:40 GMT

Redirect headers

pragma
no-cache
date
Wed, 15 Jun 2022 19:22:40 GMT
last-modified
Wed, 15-Jun-2022 19:22:40 GMT
location
/watch/83308117/1?wmode=7&page-url=https%3A%2F%2Femturbovid.com%2Ft%2FBPYSXEsiqrz3APOtcDkQ&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1axv6s0ia38tfbuwalw54%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A815%3Acn%3A1%3Adp%3A0%3Als%3A1581894231764%3Ahid%3A359101925%3Az%3A0%3Ai%3A20220615192240%3Aet%3A1655320961%3Ac%3A1%3Arn%3A834915763%3Arqn%3A1%3Au%3A1655320961974533821%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1655320958645%3Ads%3A14%2C44%2C413%2C2%2C%2C0%2C%2C179%2C0%2C%2C%2C%2C654%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1655320961%3At%3A91CM-220%E5%A2%9C%E6%AC%B2%E4%B8%8A%E9%9B%86-%E8%91%A3%E6%AC%A3%20-%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85AV%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20AV%E7%9C%8B%E5%88%B0%E9%A3%BD&t=gdpr%2814%29aw%281%29rqnt%281%29ti%282%29
strict-transport-security
max-age=31536000
access-control-allow-origin
https://emturbovid.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Wed, 15-Jun-2022 19:22:40 GMT
advert.gif
mc.yandex.ru/metrika/ 		43 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.ru/metrika/advert.gif
Requested by
Host: emturbovid.com
URL: https://emturbovid.com/t/BPYSXEsiqrz3APOtcDkQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 15 Jun 2022 19:22:40 GMT
last-modified
Tue, 14 Jun 2022 10:42:01 GMT
etag
"62a83bc9-2b"
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
content-length
43
expires
Wed, 15 Jun 2022 20:22:40 GMT
collect
region1.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-RXQM5QPSYX&gtm=2oe6d0&_p=1857023740&_z=ccd.tdB&cid=80249899.1655320959&ul=en-us&sr=1600x1200&_s=2&sid=1655320959&sct=1&seg=0&dl=https%3A%2F%2Femturbovid.com%2Ft%2FBPYSXEsiqrz3APOtcDkQ&dt=91CM-220%E5%A2%9C%E6%AC%B2%E4%B8%8A%E9%9B%86-%E8%91%A3%E6%AC%A3%20-%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85AV%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20AV%E7%9C%8B%E5%88%B0%E9%A3%BD&en=scroll&_et=17&epn.percent_scrolled=90
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RXQM5QPSYX
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://emturbovid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Jun 2022 19:22:44 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://emturbovid.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| $ function| jQuery object| jwDefaults object| webpackChunkjwplayer function| jwplayer function| ym function| gtag object| dataLayer object| zfgstorage object| qwovrv4zxom object| zfgformats object| webpushlogs object| syncCallbacks number| t string| sv number| playID string| videoID string| userID string| originVideo string| urlPlay string| checkLogo string| checkPlay string| iframe string| domainEmbed string| typeVideo string| domainIframe string| domainUser string| enablePlay string| premium string| mobile string| checkIP string| comboAds string| checkIframe boolean| iframePlay string| checkSandbox string| logo string| urlLogo string| poster string| urlPoster string| checkTitle string| title string| urlSub boolean| checkDomain undefined| sizeDomain undefined| result function| detectAdBlock function| fastForward function| reWind function| play function| logVideo function| isSandboxedIframe function| makeid function| svgLabel function| qualitySwitch function| watch30s function| watch5p object| google_tag_manager function| onYouTubeIframeAPIReady object| google_tag_data object| gaGlobal boolean| __lwkemfd9q__ string| DEFAULT_FORMATS_PROPERTY object| currentScript object| windows object| __ds3dcV__ number| __qwe33wweq__ object| Ya object| yaCounter83308117

17 Cookies

Domain/Path Name / Value
emturbovid.com/ Name: PHPSESSID
Value: i7nrogj7nlo8ma0d1h7mmcf56v
emturbovid.com/ Name: XSRF-TOKEN
Value: eyJpdiI6ImVzby9DSTBNZUhLbENpc2RkRkdkTFE9PSIsInZhbHVlIjoieWRlK0ptT1lQbWFCSm4wTnd0NWJHQlI3YkxvZXhZVllOalZYZ0VvUXp5eWFYWlhyNGYxWUxvK2tlM29vd0tkaFRLZ2V2SEVicTFITXpBZUc2eXUrUUROSTlJTFBubzJJVnFGVWJCMzVzUEw1ZmVtWmxmUUNsdFIvWk5CdGYyTngiLCJtYWMiOiI2ODljYTY4OGYyMjQ5ZmJiMzYzMTM0ZTJlOWYxZmIwYmE0NTYwMmFiYjU5NGZmMzQwZGI3NTYzNTRmNzg4YjU3In0%3D
emturbovid.com/ Name: laravel_session
Value: eyJpdiI6InM2Nkd1Q1d6Q2c3eUNETi9FZU92SkE9PSIsInZhbHVlIjoieWdPTjVSa3lRa1hLQ0d6dkdtTUZ6U3o3NE5NWmpVQ1BlalY5U3JiMVp1bVUwOForeWkwYVlwTEhTditXRElGdWlMbkdCZHJWRkF2R2lRZkNEVWFZQ3JoU2JHeC82VElESW85cFhRVk1STjgyZDJ4YmNBUDVqWkh4RjFDbmNDQlQiLCJtYWMiOiJmY2Q0MmEzYmIxYmRlNzI1ZjNlZTMzZTBlM2IwYjk2OWM3ZTkzY2VmNjUyZjM4ZjUyNzVmOWRkZDBlYzg1NGM0In0%3D
my.rtmark.net/ Name: ID
Value: b7fdf874c3d24ccf876b43c649c09e73
.emturbovid.com/ Name: _ga_RXQM5QPSYX
Value: GS1.1.1655320959.1.0.1655320959.0
.emturbovid.com/ Name: _ga
Value: GA1.1.80249899.1655320959
betotodilea.com/ Name: OAID
Value: b7fdf874c3d24ccf876b43c649c09e73
cdn.itskiddoan.club/ Name: OAID
Value: 201347918c89458ba2004e27be57005d
cdn.itskiddoan.club/ Name: oaidts
Value: 1655320959
.emturbovid.com/ Name: _ym_uid
Value: 1655320961974533821
.emturbovid.com/ Name: _ym_d
Value: 1655320961
.yandex.ru/ Name: yandexuid
Value: 8922957761655320960
.yandex.ru/ Name: yuidss
Value: 8922957761655320960
mc.yandex.ru/ Name: yabs-sid
Value: 769695291655320960
.yandex.ru/ Name: i
Value: Nq1YbBteqJMkEc2ZmxsioJuxvcyv35Wwah+E6JOQMNsXn20XEa8TI8GP9IdNrFDmhelfh9KIvsrcprIWQbQTjObW5QM=
.yandex.ru/ Name: ymex
Value: 1686856960.yrts.1655320960#1686856960.yrtsi.1655320960
.emturbovid.com/ Name: _ym_isad
Value: 2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
betotodilea.com
cdn.itskiddoan.club
cdn.jwplayer.com
emturbovid.com
fleraprt.com
maxcdn.bootstrapcdn.com
mc.yandex.ru
my.rtmark.net
region1.google-analytics.com
tzegilo.com
www.googletagmanager.com
139.45.195.254
139.45.195.8
139.45.197.236
139.45.197.237
2001:4860:4802:32::36
2600:9000:2315:5200:1:a3fa:7cc0:93a1
2606:4700:3033::6815:16a9
2606:4700::6812:bcf
2a00:1450:4001:80e::2008
2a00:1450:4001:80e::200a
2a02:6b8::1:119
2a06:98c1:3121::3
01f781bb65a395f0061252beaa9275324c2513dc9142057963f757ea6ecdefce
1e49d0c48db791bcad299244465dc36085a7551c014854828d2c34c86a50937f
2484ae8aaa51ee2db410052e43681fe3a6bcf332fc2b279af07e533ddb6dae74
3676e16a1358628756bda4274db53b7a9f299e3dfa82ec22301c83ba142ad774
52fdaf753ef88432e86dc614460751d74379728d0ecc8413272b3f59f308adfc
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
5a841fa90bbf7d684a4d1d4d707ec65e449788155ad065780e05bc5b868aefe8
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
9df9acca55e8c1c74a1a295c8aacdbfb971d7d35675412f64bc3041b8a1d6801
bc66bff561b7d830ec435d41978cbf3970ff1c4be909f88a242e784d564393bd
d952713d0bccadda2e02d88419b8656c83f72cbd48dcd810c812f8b6110c0f91
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed72977de9db1cf5dcfa63f88c01d5e4c3db1c65bdf5a85082a0f385a5c457af
f497e3ffb50c1590908a6921afe89a7ef916f26b29f26174e58a69ba4469f40c
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fa20ccb6441fd98c1cba7eaa5f81af5bb9ceb088ca5564665720878d6145749c