urlscan.io logo urlscan.io
SecurityTrails logo

u.to Open in urlscan Pro
195.216.243.155  Public Scan

Go To Rescan Add Verdict Report
URL: https://u.to/JRcqFw
Submission: On July 21 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 2 countries across 9 domains to perform 21 HTTP transactions. The main IP is 195.216.243.155, located in Moscow, Russian Federation and belongs to DDOS-GUARD, RU. The main domain is u.to.
TLS certificate: Issued by GoGetSSL RSA DV CA on July 15th 2020. Valid for: 3 months.
This is the only time u.to was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 195.216.243.155 57724 (DDOS-GUARD)
1 2a00:1450:400... 15169 (GOOGLE)
2 8 2a02:6b8::90 13238 (YANDEX)
2 4 88.212.201.198 39134 (UNITEDNET)
1 138.201.195.51 24940 (HETZNER-AS)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a02:6b8:20::215 13238 (YANDEX)
1 5 2a02:6b8::1:119 13238 (YANDEX)
1 2a02:6b8::184 13238 (YANDEX)
21 10
1    195.216.243.155 (Moscow, Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: s5.unet.com
u.to
1    2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
8    2a02:6b8::90 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
an.yandex.ru
4    88.212.201.198 (Russian Federation)

ASN39134 (UNITEDNET, RU)
PTR: host198.rax.ru
counter.yadro.ru
1    138.201.195.51 (Germany)

ASN24940 (HETZNER-AS, DE)
report.smartcount.net
2    2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a02:6b8:20::215 (Russian Federation)

ASN13238 (YANDEX, RU)
yastatic.net
5    2a02:6b8::1:119 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
mc.yandex.ru
1    2a02:6b8::184 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
avatars.mds.yandex.net
Domain Requested by
8 an.yandex.ru 2 redirects u.to
an.yandex.ru
5 mc.yandex.ru 1 redirects an.yandex.ru
mc.yandex.ru
4 counter.yadro.ru 2 redirects u.to
2 yastatic.net an.yandex.ru
yastatic.net
2 fonts.gstatic.com u.to
1 avatars.mds.yandex.net u.to
1 report.smartcount.net u.to
1 fonts.googleapis.com u.to
1 u.to
0 www.sedeme.pa.gov.br Failed u.to
21 10

This site contains no links.

Subject Issuer Validity Valid
u.to
GoGetSSL RSA DV CA		 2020-07-15 -
2020-10-13		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-06-30 -
2020-09-22		 3 months crt.sh
bs.yandex.ru
Yandex CA		 2019-09-24 -
2020-09-23		 a year crt.sh
counter.yadro.ru
GoGetSSL ECC DV CA		 2020-02-02 -
2022-05-02		 2 years crt.sh
report.smartcount.net
Let's Encrypt Authority X3		 2020-07-02 -
2020-09-30		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-06-30 -
2020-09-22		 3 months crt.sh
static.yandex.net
Yandex CA		 2019-09-06 -
2020-09-05		 a year crt.sh
mc.yandex.ru
Yandex CA		 2019-09-23 -
2020-09-22		 a year crt.sh
*.avatars.yandex.net
Yandex CA		 2019-10-04 -
2020-10-03		 a year crt.sh

This page contains 2 frames:

Frame: https://www.sedeme.pa.gov.br/wp-content/plugins/wp-cerber/calesta/152.html
Frame ID: 7025C651B6C80534130057541EBAFA25
Requests: 20 HTTP requests in this frame

Frame: https://yastatic.net/safeframe-bundles/0.69/1-1-0/render.html
Frame ID: 61060F45840410BBB06494A1EA7CC339
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

21
Requests

95 %
HTTPS

67 %
IPv6

9
Domains

10
Subdomains

10
IPs

2
Countries

328 kB
Transfer

1559 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://counter.yadro.ru/hit;uto_adv_links?r;s1600*1200*24;uhttps%3A//u.to/JRcqFw;1595359272883 HTTP 302
  • https://counter.yadro.ru/hit;uto_adv_links?q;r;s1600*1200*24;uhttps%3A//u.to/JRcqFw;1595359272883
Request Chain 3
  • https://counter.yadro.ru/hit;uto_adv_links_desktop?r;s1600*1200*24;uhttps%3A//u.to/JRcqFw;1595359272883 HTTP 302
  • https://counter.yadro.ru/hit;uto_adv_links_desktop?q;r;s1600*1200*24;uhttps%3A//u.to/JRcqFw;1595359272883
Request Chain 9
  • https://an.yandex.ru/meta/508703?grab=dFJlZGlyZWN0aW9uCjFSZWRpcmVjdGlvbi4uLiAK&target-ref=https%3A%2F%2Fu.to%2FJRcqFw&charset=utf-8&experiment-id=5458&imp-id=1&enable-flat-highlight=1&test-tag=290271069732866&ss-skip-token-length=9&ad-session-id=3341851595359273090&target-id=64615944&pcode-version=11792&flash-ver=0&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A10%2C%22width%22%3A0%2C%22height%22%3A0%2C%22left%22%3A300%2C%22top%22%3A344%2C%22visible%22%3A1%2C%22ad_no%22%3A0%2C%22req_no%22%3A0%7D&callback=Ya%5B5772789739222%5D HTTP 302
  • https://an.yandex.ru/meta/508703?redir-setuniq=1&grab=dFJlZGlyZWN0aW9uCjFSZWRpcmVjdGlvbi4uLiAK&target-ref=https%3A%2F%2Fu.to%2FJRcqFw&charset=utf-8&experiment-id=5458&imp-id=1&enable-flat-highlight=1&test-tag=290271069732866&ss-skip-token-length=9&ad-session-id=3341851595359273090&target-id=64615944&pcode-version=11792&flash-ver=0&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A10%2C%22width%22%3A0%2C%22height%22%3A0%2C%22left%22%3A300%2C%22top%22%3A344%2C%22visible%22%3A1%2C%22ad_no%22%3A0%2C%22req_no%22%3A0%7D&callback=Ya%5B5772789739222%5D
Request Chain 14
  • https://mc.yandex.ru/watch/508703?wmode=7&cnt-class=1&nohit=1&page-url=https%3A%2F%2Fu.to%2FJRcqFw&charset=utf-8&browser-info=ti%3A10%3Ans%3A1595359272592%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200721212113%3Aet%3A1595359274%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aad%3A1%3Apv%3A1%3Als%3A737115142969%3Arn%3A643619982%3Ahid%3A289106730%3Agdpr%3A14%3Av%3A1890%3Arqnl%3A1%3Ast%3A1595359274%3Au%3A%3At%3ARedirection HTTP 302
  • https://mc.yandex.ru/watch/508703/1?wmode=7&cnt-class=1&nohit=1&page-url=https%3A%2F%2Fu.to%2FJRcqFw&charset=utf-8&browser-info=ti%3A10%3Ans%3A1595359272592%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200721212113%3Aet%3A1595359274%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aad%3A1%3Apv%3A1%3Als%3A737115142969%3Arn%3A643619982%3Ahid%3A289106730%3Agdpr%3A14%3Av%3A1890%3Arqnl%3A1%3Ast%3A1595359274%3Au%3A%3At%3ARedirection
Request Chain 18
  • https://an.yandex.ru/count/WFKejI_zO1u0NGS0z0jaAZuL3eRMgmK07W4GW8200J4fG1TV000003Y-Z3w80W6v0Z_ZImJmIlyky0Bxu8gu0O12y0K1e0RY0hW6m0791YbKtZjE6uyTqGOfw1EpJXkF7G5nOHniEZV6EO0A0OWA3S4ZXvbnOG00Qqp5XlYgy0i6g0_nml6-fUUDupdW3m6G4ERusEBUilY1cG7u417mrTVv4l0I4eWJ0f0JCk0K0V0LmOhsxAEFlFnZoHRmFu4Ng1S9cHW00000003mFmm0BOGm9OObiCnLVTGC6WNLnLcHXy7Npb4EWgFayCSoQ2odue6972A3Um00~1=WTGejI_zO4C1LGu0X1TfCEvkGmAOme-k3O01dz7Q6eW1ZOwQb4wG0PQxzBB4W8200fW1bhlqiaIW0TIwg07KklIoHBW1-Bhtjn_O0RwEqH_W0TRJsmtuuTw-0Q02aDY55vW3m8Gzi0F66uW5YOKNa0NpwHcm1P3y1xW5aFm7m0M6haZ81OUg5j05cD02u0Ltg0RY0hW7W0Ma3_470032YEp5b04PxDVMFyaAu6QyFyJzujaBSM4SR3etnZde2uc55uWCzFRUlW6f37JI2xiXXTM_w0mRc0t9ZX4_e0x0X3s048ZvXXd0e13G486Yhr_W4U-Ktm7e4UoOtC-lYUtZyu0yoq1u2seg7631FvWJ0U0JaFm7Y1J8eBMGXltIxu41e1IG_0Ue5FFf6S0KWCQ6Zup6dXNO5FY-m_O5w1GCq1NuliFs1TWLmOhsxAEFlFnZe1RG_yBu1R0MlGF95j0MzFRUlW615vWNkRAZ3xWN0S0N3TWNm8Gzw1S1cHYW60om6E_0tFW560228es6d5eUAMG1TUXZGvB3bhF5Q_PE325hu5K8n0YeG31G41PzhLm0ry6O6yZ4ZCauHYC62UALa9_d60GOV791AwMp5HGz1aRDh8Dj0Wu0~1?stat-id=1&test-tag=290275691911169&format-type=54&actual-format=40&banner-test-tags=eyI3MjA1NzYwMzIxODExNjI5OSI6IjMyNzY5In0%3D&renderWidth=1000&renderHeight=90&confirmTime=2100000&confirmRatio=1000000&wmode HTTP 302
  • https://an.yandex.ru/count/WFKejI_zO1u0NGS0z0jaAZuLTkdvjmK07W4GmO200J4fG1TV000003Y-Z3w80W6v0Z_ZImJmIlyky0Bxu8gu0O12y0K1e0RY0hW6m0791YbKtZjE6uyTqGOfw1EpJXkF7G5nOHniEZV6EO0A0OWA3S4ZXvbnOG00Qqp5XlYgy0i6g0_nml6-fUUDupdW3m6G4ERusEBUilY1cG7u417mrTVv4l0I4eWJ0f0JCk0K0V0LmOhsxAEFlFnZoHRmFu4Ng1S9cHW00000003mFmm0BOGm9OObiCnLVTGC6WNLnLcHXy7Npb4EWgFayCSoQ2odue6972A3Um00~1=WTaejI_zO4W1VGu0r1TIZR0II08GW8200PZ2ZwuDW06VqTeQY06DZfgKJf01bhlqiiI0W802c06Mk_IoHA01rBge0TIwzB94k07uklUt7zW1lexH7-01rjFR3VZXthu1e0AGs8KNc0F0X3sm0yORY0M9XHUG1VFf6R05aFm7k0MG_0V01OQkICW5XweMq0MOq0BW1NUe1k82k0U01QGFyGS00CA8xCMK0HdirzO_oGhWPhm_nFtYsGjnOHniEZV6EUWBYOKNY0pqzjw-0QaCTD8Bko65rR_e31kO3ScE4J-W3i24FO0GYFc66S2W4D0GWQAlN-0HxvJV0UWHx9ZSpw-9xUFpW3pBG7WBQYeSOC4_c1C1u1EG_0U85CYWjP26_TBlWG6W593y1wWKy-aPm1I0neQFZCQU5TWK-Bx3zWNe50pG5VY-m_O5s1N1YlRieu-y_6EW5j3_mlW5i1Qz0yaMq1Rqzjw-0O4Nc1UvigCFk1S1m1SDs1V0X3te5m6P6A0O3B0Oxy3S-0KO088YZOQSMXufZ05rQ6P3ajUMinLizeuD8GlXLGZE2AX0C6GG5XskN43OmPWRo0IEoJXk8mOnufKGekSO11rySf4hfREr53q6HisiZMrY3W00~1?stat-id=1&test-tag=290275691911169&format-type=54&actual-format=40&banner-test-tags=eyI3MjA1NzYwMzIxODExNjI5OSI6IjMyNzY5In0%3D&renderWidth=1000&renderHeight=90&confirmTime=2100000&confirmRatio=1000000&wmode

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set JRcqFw
u.to/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://u.to/JRcqFw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.216.243.155 Moscow, Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
s5.unet.com
Software
nginx/1.8.0 /
Resource Hash
959616ca97147366f91f66b45e4df385c5239e2bc8efe0a215ed7c78ec7ff26e

Request headers

Host
u.to
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx/1.8.0
Date
Tue, 21 Jul 2020 19:21:12 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=15
Set-Cookie
lng=pt; path=/; expires=Wed, 21-Jul-2021 19:21:12 GMT; domain=.u.to;
Cache-Control
no-cache no-store
Pragma
no-cache
Vary
host
Content-Encoding
gzip
css
fonts.googleapis.com/ 		2 KB
574 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,700,900
Requested by
Host: u.to
URL: https://u.to/JRcqFw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5eecac60daf67e9978b368ef66fe2b25e1f0a61da04d77ee55905ac53d1a1cf9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://u.to/JRcqFw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 21 Jul 2020 19:00:38 GMT
server
ESF
date
Tue, 21 Jul 2020 19:21:12 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 21 Jul 2020 19:21:12 GMT
context.js
an.yandex.ru/system/ 		53 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://an.yandex.ru/system/context.js
Requested by
Host: u.to
URL: https://u.to/JRcqFw
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::90 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
d1a2929258d71283a88e771f4eee430ade3fbe815348438fc01aaf7e10d527ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://u.to/JRcqFw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 21 Jul 2020 19:21:13 GMT
content-encoding
br
server
nginx/1.12.2
status
200
etag
3664347163
x-yandex-req-id
1595359273001546-222454707957290369300155-production-app-host-myt-pcode-34.myt.yp-c.yandex.net
strict-transport-security
max-age=31536000
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=3600
x-robots-tag
noindex, noarchive, nofollow
expires
Tue, 21 Jul 2020 20:21:13 GMT
hit;uto_adv_links
counter.yadro.ru/
Redirect Chain
  • https://counter.yadro.ru/hit;uto_adv_links?r;s1600*1200*24;uhttps%3A//u.to/JRcqFw;1595359272883
  • https://counter.yadro.ru/hit;uto_adv_links?q;r;s1600*1200*24;uhttps%3A//u.to/JRcqFw;1595359272883
43 B
421 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://counter.yadro.ru/hit;uto_adv_links?q;r;s1600*1200*24;uhttps%3A//u.to/JRcqFw;1595359272883
Requested by
Host: u.to
URL: https://u.to/JRcqFw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),
Reverse DNS
host198.rax.ru
Software
nginx/1.17.9 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
https://u.to/JRcqFw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 21 Jul 2020 19:21:13 GMT
Server
nginx/1.17.9
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Cache-control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sun, 21 Jul 2019 21:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 21 Jul 2020 19:21:13 GMT
Server
nginx/1.17.9
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Location
https://counter.yadro.ru/hit;uto_adv_links?q;r;s1600*1200*24;uhttps%3A//u.to/JRcqFw;1595359272883
Cache-control
no-cache
Connection
keep-alive
Content-Type
text/html
Content-Length
32
Expires
Sun, 21 Jul 2019 21:00:00 GMT
hit;uto_adv_links_desktop
counter.yadro.ru/
Redirect Chain
  • https://counter.yadro.ru/hit;uto_adv_links_desktop?r;s1600*1200*24;uhttps%3A//u.to/JRcqFw;1595359272883
  • https://counter.yadro.ru/hit;uto_adv_links_desktop?q;r;s1600*1200*24;uhttps%3A//u.to/JRcqFw;1595359272883
43 B
421 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://counter.yadro.ru/hit;uto_adv_links_desktop?q;r;s1600*1200*24;uhttps%3A//u.to/JRcqFw;1595359272883
Requested by
Host: u.to
URL: https://u.to/JRcqFw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),
Reverse DNS
host198.rax.ru
Software
nginx/1.17.9 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
https://u.to/JRcqFw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 21 Jul 2020 19:21:13 GMT
Server
nginx/1.17.9
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Cache-control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sun, 21 Jul 2019 21:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 21 Jul 2020 19:21:13 GMT
Server
nginx/1.17.9
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Location
https://counter.yadro.ru/hit;uto_adv_links_desktop?q;r;s1600*1200*24;uhttps%3A//u.to/JRcqFw;1595359272883
Cache-control
no-cache
Connection
keep-alive
Content-Type
text/html
Content-Length
32
Expires
Sun, 21 Jul 2019 21:00:00 GMT
rep.php
report.smartcount.net/ 		43 B
518 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report.smartcount.net/rep.php?cid=2106925683&referrer=&in_frame=0&info={%22plugins%22:[],%22platform%22:%22Linux%20x86_64%22,%22hardwareConcurrency%22:12,%22screenWidth%22:1600,%22screenHeight%22:1200,%22innerWidth%22:1600,%22innerHeight%22:1200,%22userAgent%22:%22Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36%22,%22orientation%22:0}
Requested by
Host: u.to
URL: https://u.to/JRcqFw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.195.51 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
https://u.to/JRcqFw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 21 Jul 2020 19:21:13 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
image/gif
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v16/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
Requested by
Host: u.to
URL: https://u.to/JRcqFw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato:400,700,900
Origin
https://u.to

Response headers

date
Sat, 11 Jul 2020 08:20:50 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:45:54 GMT
server
sffe
age
903622
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14176
x-xss-protection
0
expires
Sun, 11 Jul 2021 08:20:50 GMT
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: u.to
URL: https://u.to/JRcqFw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato:400,700,900
Origin
https://u.to

Response headers

date
Wed, 15 Jul 2020 20:02:30 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:45:55 GMT
server
sffe
age
515922
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14044
x-xss-protection
0
expires
Thu, 15 Jul 2021 20:02:30 GMT
77b8c8ce32bba78712ef.js
an.yandex.ru/partner-code-bundles/11792/ 		63 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://an.yandex.ru/partner-code-bundles/11792/77b8c8ce32bba78712ef.js
Requested by
Host: an.yandex.ru
URL: https://an.yandex.ru/system/context.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::90 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
ebac9513fd3d6bb6850d795358f6fc8dea0e8569b6a757d5a30b7af545008efb
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;, max-age=31536000

Request headers

Referer
https://u.to/JRcqFw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 21 Jul 2020 19:21:13 GMT
content-encoding
br
vary
Accept-Encoding
nel
{"report_to": "network-errors", "max_age": 86400, "success_fraction": 0.001, "failure_fraction": 0.1}
status
200
content-length
16516
timing-allow-origin
*
last-modified
Mon, 20 Jul 2020 13:22:29 GMT
server
nginx/1.12.2
etag
"648eb482c978db559e9aa1ef71bf8f80"
strict-transport-security
max-age=43200000; includeSubDomains;, max-age=31536000
report-to
{ "group": "network-errors", "max_age": 86400, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=216013
accept-ranges
bytes
x-robots-tag
noindex, noarchive, nofollow
expires
Thu, 23 Jul 2020 04:57:14 GMT
context_static.js
an.yandex.ru/partner-code-bundles/11792/ 		1 MB
197 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://an.yandex.ru/partner-code-bundles/11792/context_static.js
Requested by
Host: an.yandex.ru
URL: https://an.yandex.ru/system/context.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::90 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
7bfaf757bebbcaaf817ff2fe255207e9f18586d493986d5e9d967b3e422db045
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;, max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://u.to/JRcqFw
Origin
https://u.to

Response headers

date
Tue, 21 Jul 2020 19:21:13 GMT
content-encoding
br
vary
Accept-Encoding
nel
{"report_to": "network-errors", "max_age": 600, "success_fraction": 0.001, "failure_fraction": 0.01}
status
200
content-length
200479
timing-allow-origin
*
last-modified
Mon, 20 Jul 2020 13:22:30 GMT
server
nginx/1.12.2
etag
"e56232c7290ea077693234d375c776b5"
strict-transport-security
max-age=43200000; includeSubDomains;, max-age=31536000
report-to
{ "group": "network-errors", "max_age": 600, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=216013
accept-ranges
bytes
x-robots-tag
noindex, noarchive, nofollow
expires
Thu, 23 Jul 2020 04:57:15 GMT
508703
an.yandex.ru/meta/
Redirect Chain
  • https://an.yandex.ru/meta/508703?grab=dFJlZGlyZWN0aW9uCjFSZWRpcmVjdGlvbi4uLiAK&target-ref=https%3A%2F%2Fu.to%2FJRcqFw&charset=utf-8&experiment-id=5458&imp-id=1&enable-flat-highlight=1&test-tag=2902...
  • https://an.yandex.ru/meta/508703?redir-setuniq=1&grab=dFJlZGlyZWN0aW9uCjFSZWRpcmVjdGlvbi4uLiAK&target-ref=https%3A%2F%2Fu.to%2FJRcqFw&charset=utf-8&experiment-id=5458&imp-id=1&enable-flat-highlight...
14 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://an.yandex.ru/meta/508703?redir-setuniq=1&grab=dFJlZGlyZWN0aW9uCjFSZWRpcmVjdGlvbi4uLiAK&target-ref=https%3A%2F%2Fu.to%2FJRcqFw&charset=utf-8&experiment-id=5458&imp-id=1&enable-flat-highlight=1&test-tag=290271069732866&ss-skip-token-length=9&ad-session-id=3341851595359273090&target-id=64615944&pcode-version=11792&flash-ver=0&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A10%2C%22width%22%3A0%2C%22height%22%3A0%2C%22left%22%3A300%2C%22top%22%3A344%2C%22visible%22%3A1%2C%22ad_no%22%3A0%2C%22req_no%22%3A0%7D&callback=Ya%5B5772789739222%5D
Requested by
Host: u.to
URL: https://u.to/JRcqFw
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::90 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
09ef92d4a595813160930c12d383bd62e78ffb4d1da7493b7fe504af3854657a
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://u.to/JRcqFw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Jul 2020 19:21:13 GMT
content-encoding
gzip
last-modified
Tue, 21 Jul 2020 19:21:13 GMT
server
nginx/1.12.2
timing-allow-origin
*
status
200
p3p
CP="NOI DEVa TAIa OUR BUS UNI STA"
access-control-allow-origin
https://u.to
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-type
application/x-javascript; charset=utf-8
x-xss-protection
1; mode=block
expires
Tue, 21 Jul 2020 19:21:13 GMT

Redirect headers

pragma
no-cache
date
Tue, 21 Jul 2020 19:21:13 GMT
last-modified
Tue, 21 Jul 2020 19:21:13 GMT
server
nginx/1.12.2
status
302
location
https://an.yandex.ru/meta/508703?redir-setuniq=1&grab=dFJlZGlyZWN0aW9uCjFSZWRpcmVjdGlvbi4uLiAK&target-ref=https%3A%2F%2Fu.to%2FJRcqFw&charset=utf-8&experiment-id=5458&imp-id=1&enable-flat-highlight=1&test-tag=290271069732866&ss-skip-token-length=9&ad-session-id=3341851595359273090&target-id=64615944&pcode-version=11792&flash-ver=0&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A10%2C%22width%22%3A0%2C%22height%22%3A0%2C%22left%22%3A300%2C%22top%22%3A344%2C%22visible%22%3A1%2C%22ad_no%22%3A0%2C%22req_no%22%3A0%7D&callback=Ya%5B5772789739222%5D
p3p
CP="NOI DEVa TAIa OUR BUS UNI STA"
access-control-allow-origin
https://u.to
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
content-length
0
x-xss-protection
1; mode=block
expires
Tue, 21 Jul 2020 19:21:13 GMT
host.js
yastatic.net/safeframe-bundles/0.69/ 		29 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/safeframe-bundles/0.69/host.js
Requested by
Host: an.yandex.ru
URL: https://an.yandex.ru/partner-code-bundles/11792/context_static.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
9fa8c2bb49f0e9e391d87f70459663c0e3898f32d4506c81239151b9c0b870d6
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://u.to/JRcqFw
Origin
https://u.to

Response headers

date
Tue, 21 Jul 2020 19:21:13 GMT
content-encoding
br
vary
Accept-Encoding
nel
{"report_to": "network-errors", "max_age": 86400, "success_fraction": 0.001, "failure_fraction": 0.1}
status
200
content-length
8104
timing-allow-origin
*
last-modified
Tue, 20 Aug 2019 11:55:41 GMT
server
nginx/1.17.9
etag
"901e860c36afb614c88b40352db2214f"
strict-transport-security
max-age=43200000; includeSubDomains;
report-to
{ "group": "network-errors", "max_age": 86400, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=216013
accept-ranges
bytes
x-robots-tag
noindex, noarchive, nofollow
expires
Fri, 24 Jul 2020 07:16:55 GMT
watch.js
mc.yandex.ru/metrika/ 		136 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/watch.js
Requested by
Host: an.yandex.ru
URL: https://an.yandex.ru/partner-code-bundles/11792/context_static.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
771616e75e8d56774af7376144432c34f3a36c8925bd8acba2223b7c13edccae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://u.to/JRcqFw
Origin
https://u.to

Response headers

Date
Tue, 21 Jul 2020 19:21:13 GMT
Content-Encoding
br
Last-Modified
Tue, 21 Jul 2020 18:25:00 GMT
Server
nginx/1.14.2
ETag
"5f1732fc-a08d"
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
41101
Expires
Tue, 21 Jul 2020 20:21:13 GMT
wy150
avatars.mds.yandex.net/get-direct/236924/rGGcZW5_UHNAjJO_M206mg/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.mds.yandex.net/get-direct/236924/rGGcZW5_UHNAjJO_M206mg/wy150
Requested by
Host: u.to
URL: https://u.to/JRcqFw
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::184 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx /
Resource Hash
087c342064f75a8bd1f549539f568f16b5ac68599ad5abade9609bd2d8d08551

Request headers

Referer
https://u.to/JRcqFw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 21 Jul 2020 19:21:13 GMT
last-modified
Fri, 18 Oct 2019 10:40:45 GMT
server
nginx
status
200
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=604800,immutable
access-control-allow-credentials
true
timing-allow-origin
*
content-length
8638
x-request-id
9dcfdf834d85066c
render.html
yastatic.net/safeframe-bundles/0.69/1-1-0/ Frame 6106 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/safeframe-bundles/0.69/1-1-0/render.html
Requested by
Host: yastatic.net
URL: https://yastatic.net/safeframe-bundles/0.69/host.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

:method
GET
:authority
yastatic.net
:scheme
https
:path
/safeframe-bundles/0.69/1-1-0/render.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://u.to/JRcqFw
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://u.to/JRcqFw

Response headers

status
200
server
nginx/1.17.9
date
Tue, 21 Jul 2020 19:21:13 GMT
content-type
text/html
content-length
6026
content-encoding
br
x-robots-tag
noindex, noarchive, nofollow
report-to
{ "group": "network-errors", "max_age": 86400, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
access-control-allow-origin
*
cache-control
public, max-age=216013
last-modified
Tue, 20 Aug 2019 11:55:41 GMT
nel
{"report_to": "network-errors", "max_age": 86400, "success_fraction": 0.001, "failure_fraction": 0.1}
vary
Accept-Encoding
etag
"f883bd7781c332870c9968db60e89349"
timing-allow-origin
*
strict-transport-security
max-age=43200000; includeSubDomains;
expires
Fri, 24 Jul 2020 07:17:02 GMT
accept-ranges
bytes
1
mc.yandex.ru/watch/508703/
Redirect Chain
  • https://mc.yandex.ru/watch/508703?wmode=7&cnt-class=1&nohit=1&page-url=https%3A%2F%2Fu.to%2FJRcqFw&charset=utf-8&browser-info=ti%3A10%3Ans%3A1595359272592%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afp...
  • https://mc.yandex.ru/watch/508703/1?wmode=7&cnt-class=1&nohit=1&page-url=https%3A%2F%2Fu.to%2FJRcqFw&charset=utf-8&browser-info=ti%3A10%3Ans%3A1595359272592%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3A...
133 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/508703/1?wmode=7&cnt-class=1&nohit=1&page-url=https%3A%2F%2Fu.to%2FJRcqFw&charset=utf-8&browser-info=ti%3A10%3Ans%3A1595359272592%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200721212113%3Aet%3A1595359274%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aad%3A1%3Apv%3A1%3Als%3A737115142969%3Arn%3A643619982%3Ahid%3A289106730%3Agdpr%3A14%3Av%3A1890%3Arqnl%3A1%3Ast%3A1595359274%3Au%3A%3At%3ARedirection
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
64b326f78dcda573bd172a50150b08643c7dc297b43550fb93be23915a10a9da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://u.to/JRcqFw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 21 Jul 2020 19:21:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 21-Jul-2020 19:21:14 GMT
Server
nginx/1.14.2
Strict-Transport-Security
max-age=31536000
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://u.to
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
133
X-XSS-Protection
1; mode=block
Expires
Tue, 21-Jul-2020 19:21:14 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 21 Jul 2020 19:21:14 GMT
Last-Modified
Tue, 21-Jul-2020 19:21:13 GMT
Server
nginx/1.14.2
Access-Control-Allow-Origin
https://u.to
Strict-Transport-Security
max-age=31536000
Location
/watch/508703/1?wmode=7&cnt-class=1&nohit=1&page-url=https%3A%2F%2Fu.to%2FJRcqFw&charset=utf-8&browser-info=ti%3A10%3Ans%3A1595359272592%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200721212113%3Aet%3A1595359274%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aad%3A1%3Apv%3A1%3Als%3A737115142969%3Arn%3A643619982%3Ahid%3A289106730%3Agdpr%3A14%3Av%3A1890%3Arqnl%3A1%3Ast%3A1595359274%3Au%3A%3At%3ARedirection
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Tue, 21-Jul-2020 19:21:13 GMT
1
mc.yandex.ru/watch/508703/ 		43 B
527 B 		Other
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/508703/1?cnt-class=1&page-url=https%3A%2F%2Fu.to%2FJRcqFw&charset=utf-8&force-urlencoded=1&browser-info=ti%3A1%3Ans%3A1595359272592%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Az%3A120%3Ai%3A20200721212113%3Aet%3A1595359274%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Apa%3A1%3Als%3A737115142969%3Arqn%3A1%3Arn%3A488978872%3Ahid%3A289106730%3Ads%3A1%2C189%2C73%2C1%2C0%2C0%2C0%2C26%2C0%2C%2C%2C%2C293%3Afp%3A326%3Agdpr%3A14%3Av%3A1890%3Arqnl%3A1%3Ast%3A1595359274%3Au%3A%3App%3A3629563401
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://u.to/JRcqFw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Tue, 21 Jul 2020 19:21:14 GMT
Last-Modified
Tue, 21-Jul-2020 19:21:14 GMT
Server
nginx/1.14.2
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Access-Control-Allow-Origin
https://u.to
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Expires
Tue, 21-Jul-2020 19:21:14 GMT
508703
mc.yandex.ru/watch/ 		43 B
527 B 		Other
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/508703?cnt-class=1&page-url=https%3A%2F%2Fu.to%2FJRcqFw&charset=utf-8&force-urlencoded=1&browser-info=ti%3A1%3Ans%3A1595359272592%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200721212113%3Aet%3A1595359274%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Apv%3A1%3Als%3A737115142969%3Arqn%3A2%3Arn%3A962813716%3Ahid%3A289106730%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%3Agdpr%3A14%3Av%3A1890%3Arqnl%3A1%3Ast%3A1595359274%3Au%3A%3App%3A3629563401%3At%3ARedirection
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://u.to/JRcqFw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Tue, 21 Jul 2020 19:21:14 GMT
Last-Modified
Tue, 21-Jul-2020 19:21:14 GMT
Server
nginx/1.14.2
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Access-Control-Allow-Origin
https://u.to
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Expires
Tue, 21-Jul-2020 19:21:14 GMT
1Tlll0yJ0Lu100000000U9nJr0ovP-qdtIzhM9Xu9zpA_9YbfQQ3U3m347Z2H495xRHIOkKFipEaCWB5CmiJPN90ugKWNkr68D7Ac00aPp9McZ60mKB644q8QoLZXm24jH6asW14x6MK3E9bE0gMkSe84hdBo233mF2NSHOJ0yDS9f38KgPJp0mCQvb-WNGoQRuGt...
an.yandex.ru/rtbcount/ 		43 B
318 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://an.yandex.ru/rtbcount/1Tlll0yJ0Lu100000000U9nJr0ovP-qdtIzhM9Xu9zpA_9YbfQQ3U3m347Z2H495xRHIOkKFipEaCWB5CmiJPN90ugKWNkr68D7Ac00aPp9McZ60mKB644q8QoLZXm24jH6asW14x6MK3E9bE0gMkSe84hdBo233mF2NSHOJ0yDS9f38KgPJp0mCQvb-WNGoQRuGtWnov5cc_q3mYabWKRZWYS941eP9Nuwq_LZ5ol2NYGNa36PM8DdB3B9nAZF8cBdCJ21704a5Y2EOcnpAFWOkIT2x2fQ_2oP_CZiuyKCSpf9_oXpCMi7oCsS3otyOODo1n3w0nBx90l7U1_k7BBDcWi1D-xSi8AyjOEK4098sQQi0?confirmTime=2100000&confirmRatio=1000000&test-tag=290271069732866&format-type=54&actual-format=40&rnd=9635293298627&renderWidth=1000&renderHeight=90
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::90 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://u.to/JRcqFw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Jul 2020 19:21:15 GMT
last-modified
Tue, 21 Jul 2020 19:21:15 GMT
server
nginx/1.12.2
timing-allow-origin
*
p3p
CP="NOI DEVa TAIa OUR BUS UNI STA"
status
200
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
content-type
image/gif
content-length
43
x-xss-protection
1; mode=block
expires
Tue, 21 Jul 2020 19:21:15 GMT
WFKejI_zO1u0NGS0z0jaAZuLTkdvjmK07W4GmO200J4fG1TV000003Y-Z3w80W6v0Z_ZImJmIlyky0Bxu8gu0O12y0K1e0RY0hW6m0791YbKtZjE6uyTqGOfw1EpJXkF7G5nOHniEZV6EO0A0OWA3S4ZXvbnOG00Qqp5XlYgy0i6g0_nml6-fUUDupdW3m6G4ERus...
an.yandex.ru/count/
Redirect Chain
  • https://an.yandex.ru/count/WFKejI_zO1u0NGS0z0jaAZuL3eRMgmK07W4GW8200J4fG1TV000003Y-Z3w80W6v0Z_ZImJmIlyky0Bxu8gu0O12y0K1e0RY0hW6m0791YbKtZjE6uyTqGOfw1EpJXkF7G5nOHniEZV6EO0A0OWA3S4ZXvbnOG00Qqp5XlYgy0...
  • https://an.yandex.ru/count/WFKejI_zO1u0NGS0z0jaAZuLTkdvjmK07W4GmO200J4fG1TV000003Y-Z3w80W6v0Z_ZImJmIlyky0Bxu8gu0O12y0K1e0RY0hW6m0791YbKtZjE6uyTqGOfw1EpJXkF7G5nOHniEZV6EO0A0OWA3S4ZXvbnOG00Qqp5XlYgy0...
0
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://an.yandex.ru/count/WFKejI_zO1u0NGS0z0jaAZuLTkdvjmK07W4GmO200J4fG1TV000003Y-Z3w80W6v0Z_ZImJmIlyky0Bxu8gu0O12y0K1e0RY0hW6m0791YbKtZjE6uyTqGOfw1EpJXkF7G5nOHniEZV6EO0A0OWA3S4ZXvbnOG00Qqp5XlYgy0i6g0_nml6-fUUDupdW3m6G4ERusEBUilY1cG7u417mrTVv4l0I4eWJ0f0JCk0K0V0LmOhsxAEFlFnZoHRmFu4Ng1S9cHW00000003mFmm0BOGm9OObiCnLVTGC6WNLnLcHXy7Npb4EWgFayCSoQ2odue6972A3Um00~1=WTaejI_zO4W1VGu0r1TIZR0II08GW8200PZ2ZwuDW06VqTeQY06DZfgKJf01bhlqiiI0W802c06Mk_IoHA01rBge0TIwzB94k07uklUt7zW1lexH7-01rjFR3VZXthu1e0AGs8KNc0F0X3sm0yORY0M9XHUG1VFf6R05aFm7k0MG_0V01OQkICW5XweMq0MOq0BW1NUe1k82k0U01QGFyGS00CA8xCMK0HdirzO_oGhWPhm_nFtYsGjnOHniEZV6EUWBYOKNY0pqzjw-0QaCTD8Bko65rR_e31kO3ScE4J-W3i24FO0GYFc66S2W4D0GWQAlN-0HxvJV0UWHx9ZSpw-9xUFpW3pBG7WBQYeSOC4_c1C1u1EG_0U85CYWjP26_TBlWG6W593y1wWKy-aPm1I0neQFZCQU5TWK-Bx3zWNe50pG5VY-m_O5s1N1YlRieu-y_6EW5j3_mlW5i1Qz0yaMq1Rqzjw-0O4Nc1UvigCFk1S1m1SDs1V0X3te5m6P6A0O3B0Oxy3S-0KO088YZOQSMXufZ05rQ6P3ajUMinLizeuD8GlXLGZE2AX0C6GG5XskN43OmPWRo0IEoJXk8mOnufKGekSO11rySf4hfREr53q6HisiZMrY3W00~1?stat-id=1&test-tag=290275691911169&format-type=54&actual-format=40&banner-test-tags=eyI3MjA1NzYwMzIxODExNjI5OSI6IjMyNzY5In0%3D&renderWidth=1000&renderHeight=90&confirmTime=2100000&confirmRatio=1000000&wmode
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::90 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://u.to/JRcqFw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Jul 2020 19:21:16 GMT
last-modified
Tue, 21 Jul 2020 19:21:16 GMT
server
nginx/1.12.2
p3p
CP="NOI DEVa TAIa OUR BUS UNI STA"
status
200
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
0
x-xss-protection
1; mode=block
expires
Tue, 21 Jul 2020 19:21:16 GMT

Redirect headers

pragma
no-cache
date
Tue, 21 Jul 2020 19:21:16 GMT
last-modified
Tue, 21 Jul 2020 19:21:16 GMT
server
nginx/1.12.2
status
302
p3p
CP="NOI DEVa TAIa OUR BUS UNI STA"
location
https://an.yandex.ru/count/WFKejI_zO1u0NGS0z0jaAZuLTkdvjmK07W4GmO200J4fG1TV000003Y-Z3w80W6v0Z_ZImJmIlyky0Bxu8gu0O12y0K1e0RY0hW6m0791YbKtZjE6uyTqGOfw1EpJXkF7G5nOHniEZV6EO0A0OWA3S4ZXvbnOG00Qqp5XlYgy0i6g0_nml6-fUUDupdW3m6G4ERusEBUilY1cG7u417mrTVv4l0I4eWJ0f0JCk0K0V0LmOhsxAEFlFnZoHRmFu4Ng1S9cHW00000003mFmm0BOGm9OObiCnLVTGC6WNLnLcHXy7Npb4EWgFayCSoQ2odue6972A3Um00~1=WTaejI_zO4W1VGu0r1TIZR0II08GW8200PZ2ZwuDW06VqTeQY06DZfgKJf01bhlqiiI0W802c06Mk_IoHA01rBge0TIwzB94k07uklUt7zW1lexH7-01rjFR3VZXthu1e0AGs8KNc0F0X3sm0yORY0M9XHUG1VFf6R05aFm7k0MG_0V01OQkICW5XweMq0MOq0BW1NUe1k82k0U01QGFyGS00CA8xCMK0HdirzO_oGhWPhm_nFtYsGjnOHniEZV6EUWBYOKNY0pqzjw-0QaCTD8Bko65rR_e31kO3ScE4J-W3i24FO0GYFc66S2W4D0GWQAlN-0HxvJV0UWHx9ZSpw-9xUFpW3pBG7WBQYeSOC4_c1C1u1EG_0U85CYWjP26_TBlWG6W593y1wWKy-aPm1I0neQFZCQU5TWK-Bx3zWNe50pG5VY-m_O5s1N1YlRieu-y_6EW5j3_mlW5i1Qz0yaMq1Rqzjw-0O4Nc1UvigCFk1S1m1SDs1V0X3te5m6P6A0O3B0Oxy3S-0KO088YZOQSMXufZ05rQ6P3ajUMinLizeuD8GlXLGZE2AX0C6GG5XskN43OmPWRo0IEoJXk8mOnufKGekSO11rySf4hfREr53q6HisiZMrY3W00~1?stat-id=1&test-tag=290275691911169&format-type=54&actual-format=40&banner-test-tags=eyI3MjA1NzYwMzIxODExNjI5OSI6IjMyNzY5In0%3D&renderWidth=1000&renderHeight=90&confirmTime=2100000&confirmRatio=1000000&wmode
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
0
x-xss-protection
1; mode=block
expires
Tue, 21 Jul 2020 19:21:16 GMT
152.html
www.sedeme.pa.gov.br/wp-content/plugins/wp-cerber/calesta/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.sedeme.pa.gov.br
URL
https://www.sedeme.pa.gov.br/wp-content/plugins/wp-cerber/calesta/152.html

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

an.yandex.ru
avatars.mds.yandex.net
counter.yadro.ru
fonts.googleapis.com
fonts.gstatic.com
mc.yandex.ru
report.smartcount.net
u.to
www.sedeme.pa.gov.br
yastatic.net
www.sedeme.pa.gov.br
138.201.195.51
195.216.243.155
2a00:1450:4001:819::200a
2a00:1450:4001:81d::2003
2a02:6b8:20::215
2a02:6b8::184
2a02:6b8::1:119
2a02:6b8::90
88.212.201.198
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
087c342064f75a8bd1f549539f568f16b5ac68599ad5abade9609bd2d8d08551
09ef92d4a595813160930c12d383bd62e78ffb4d1da7493b7fe504af3854657a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5eecac60daf67e9978b368ef66fe2b25e1f0a61da04d77ee55905ac53d1a1cf9
64b326f78dcda573bd172a50150b08643c7dc297b43550fb93be23915a10a9da
771616e75e8d56774af7376144432c34f3a36c8925bd8acba2223b7c13edccae
7bfaf757bebbcaaf817ff2fe255207e9f18586d493986d5e9d967b3e422db045
959616ca97147366f91f66b45e4df385c5239e2bc8efe0a215ed7c78ec7ff26e
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
9fa8c2bb49f0e9e391d87f70459663c0e3898f32d4506c81239151b9c0b870d6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
d1a2929258d71283a88e771f4eee430ade3fbe815348438fc01aaf7e10d527ff
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebac9513fd3d6bb6850d795358f6fc8dea0e8569b6a757d5a30b7af545008efb