urlscan.io logo urlscan.io
SecurityTrails logo

mas.to Open in urlscan Pro
2a01:4f8:140:22ca::82  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mas.to/web/timelines/home
Effective URL: https://mas.to/auth/sign_in
Submission: On March 31 via manual from RS — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 2a01:4f8:140:22ca::82, located in Germany and belongs to HETZNER-AS, DE. The main domain is mas.to.
TLS certificate: Issued by R3 on March 8th 2022. Valid for: 3 months.
This is the only time mas.to was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 2a01:4f8:140:... 24940 (HETZNER-AS)
7 1
Apex Domain
Subdomains		 Transfer
8 mas.to
mas.to
456 KB
7 1
Domain Requested by
8 mas.to 1 redirects mas.to
7 1

This site contains no links.

Subject Issuer Validity Valid
mas.to
R3		 2022-03-08 -
2022-06-06		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://mas.to/auth/sign_in
Frame ID: EA37AD043334073470A787D46C6E76DD
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Anmelden - mas.to

Page URL History Show full URLs

  1. https://mas.to/web/timelines/home HTTP 302
    https://mas.to/auth/sign_in Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Page Statistics

7
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

454 kB
Transfer

1776 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mas.to/web/timelines/home HTTP 302
    https://mas.to/auth/sign_in Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request sign_in
mas.to/auth/
Redirect Chain
  • https://mas.to/web/timelines/home
  • https://mas.to/auth/sign_in
11 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mas.to/auth/sign_in
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2a01:4f8:140:22ca::82 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Mastodon /
Resource Hash
25ca08c70ccad48c447cfbc104c102cb2f3787a86ff6cb375855a4bd95defb28
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mas.to; img-src 'self' https: data: blob: https://mas.to; style-src 'self' https://mas.to 'nonce-Q5DGchgSjINPwiDS2tOG4g=='; media-src 'self' https: data: https://mas.to; frame-src 'self' https:; manifest-src 'self' https://mas.to; connect-src 'self' data: blob: https://mas.to https://media.mas.to wss://mas.to; script-src 'self' https://mas.to; child-src 'self' blob: https://mas.to; worker-src 'self' blob: https://mas.to
Strict-Transport-Security max-age=63072000; includeSubDomains max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control
max-age=0, private, must-revalidate
content-encoding
gzip
content-security-policy
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mas.to; img-src 'self' https: data: blob: https://mas.to; style-src 'self' https://mas.to 'nonce-Q5DGchgSjINPwiDS2tOG4g=='; media-src 'self' https: data: https://mas.to; frame-src 'self' https:; manifest-src 'self' https://mas.to; connect-src 'self' data: blob: https://mas.to https://media.mas.to wss://mas.to; script-src 'self' https://mas.to; child-src 'self' blob: https://mas.to; worker-src 'self' blob: https://mas.to
content-type
text/html; charset=utf-8
date
Thu, 31 Mar 2022 07:36:27 GMT
etag
W/"c0e8dfde3dc02c6bca0e0009a99d1727"
permissions-policy
interest-cohort=()
server
Mastodon
strict-transport-security
max-age=63072000; includeSubDomains max-age=31536000
vary
Accept-Encoding
x-cached
MISS
x-content-type-options
nosniff
x-frame-options
DENY
x-request-id
a5f841bd-064b-4b00-9035-eb739d737517
x-runtime
0.007150
x-xss-protection
0

Redirect headers

cache-control
no-cache
content-encoding
gzip
content-security-policy
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mas.to; img-src 'self' https: data: blob: https://mas.to; style-src 'self' https://mas.to 'nonce-xYRiCIFSfH3e9Jv2yXKHJg=='; media-src 'self' https: data: https://mas.to; frame-src 'self' https:; manifest-src 'self' https://mas.to; connect-src 'self' data: blob: https://mas.to https://media.mas.to wss://mas.to; script-src 'self' https://mas.to; child-src 'self' blob: https://mas.to; worker-src 'self' blob: https://mas.to
content-type
text/html; charset=utf-8
date
Thu, 31 Mar 2022 07:36:27 GMT
location
https://mas.to/auth/sign_in
permissions-policy
interest-cohort=()
server
Mastodon
strict-transport-security
max-age=63072000; includeSubDomains max-age=31536000
vary
Accept-Encoding
x-cached
MISS
x-content-type-options
nosniff
x-frame-options
DENY
x-request-id
9a736f1b-55ae-4b96-bb7d-38a8d4ec67c8
x-runtime
0.002744
x-xss-protection
0
common-635cf992.css
mas.to/packs/css/ 		29 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mas.to/packs/css/common-635cf992.css
Requested by
Host: mas.to
URL: https://mas.to/auth/sign_in
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2a01:4f8:140:22ca::82 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
46cb80cb670effff329d21a605651346d731f592a783e1b9159b67ae235a1ead
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://mas.to/auth/sign_in
Origin
https://mas.to
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Thu, 31 Mar 2022 07:36:27 GMT
content-encoding
gzip
last-modified
Wed, 30 Mar 2022 18:23:57 GMT
server
nginx/1.14.2
etag
W/"6244a03d-7297"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
strict-transport-security
max-age=31536000
default-07f6055d.chunk.css
mas.to/packs/css/ 		372 KB
75 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mas.to/packs/css/default-07f6055d.chunk.css
Requested by
Host: mas.to
URL: https://mas.to/auth/sign_in
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2a01:4f8:140:22ca::82 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
bc35d9b1a3fa63f274d7886c25991f6d04ade3b86d3ee2cae6eab6cebe9f60f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://mas.to/auth/sign_in
Origin
https://mas.to
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Thu, 31 Mar 2022 07:36:27 GMT
content-encoding
gzip
last-modified
Wed, 30 Mar 2022 18:23:57 GMT
server
nginx/1.14.2
etag
W/"6244a03d-5ce06"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
strict-transport-security
max-age=31536000
common-3dd67761ca9fdf61c4c0.js
mas.to/packs/js/ 		1 MB
351 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mas.to/packs/js/common-3dd67761ca9fdf61c4c0.js
Requested by
Host: mas.to
URL: https://mas.to/auth/sign_in
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2a01:4f8:140:22ca::82 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
f0b2bc9d9eb6504c10502a94649294ad170718f93b3bda8d6c2774df135d9ca6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://mas.to/auth/sign_in
Origin
https://mas.to
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Thu, 31 Mar 2022 07:36:27 GMT
content-encoding
gzip
last-modified
Wed, 30 Mar 2022 18:23:57 GMT
server
nginx/1.14.2
etag
W/"6244a03d-148cc5"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
strict-transport-security
max-age=31536000
locale_de-ff4729b566f6c9cff490.chunk.js
mas.to/packs/js/ 		35 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mas.to/packs/js/locale_de-ff4729b566f6c9cff490.chunk.js
Requested by
Host: mas.to
URL: https://mas.to/auth/sign_in
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2a01:4f8:140:22ca::82 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
2c918e75b51149d2f8018ea322335b5deae846915398daa3c92cb216c7293cd4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://mas.to/auth/sign_in
Origin
https://mas.to
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Thu, 31 Mar 2022 07:36:27 GMT
content-encoding
gzip
last-modified
Wed, 30 Mar 2022 18:23:57 GMT
server
nginx/1.14.2
etag
W/"6244a03d-8daf"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
strict-transport-security
max-age=31536000
inert.css
mas.to/ 		180 B
284 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mas.to/inert.css
Requested by
Host: mas.to
URL: https://mas.to/auth/sign_in
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2a01:4f8:140:22ca::82 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
0fc25792c3f64d06a40835b591de174e650b14b92fcdcdf379fe657ccaf084cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mas.to/auth/sign_in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Thu, 31 Mar 2022 07:36:27 GMT
content-encoding
gzip
last-modified
Wed, 04 Nov 2020 14:30:03 GMT
server
nginx/1.14.2
etag
W/"5fa2baeb-b4"
vary
Accept-Encoding
content-type
text/css
strict-transport-security
max-age=31536000
public-0b29c971637ab9f2db47.chunk.js
mas.to/packs/js/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mas.to/packs/js/public-0b29c971637ab9f2db47.chunk.js
Requested by
Host: mas.to
URL: https://mas.to/auth/sign_in
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2a01:4f8:140:22ca::82 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
502a6afb0c1eda5bfd5efa02fc5aa1227f96faafaadc7c5e1ee4abedb6e913b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://mas.to/auth/sign_in
Origin
https://mas.to
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Thu, 31 Mar 2022 07:36:27 GMT
content-encoding
gzip
last-modified
Wed, 30 Mar 2022 18:23:57 GMT
server
nginx/1.14.2
etag
W/"6244a03d-35f4"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
strict-transport-security
max-age=31536000

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| webpackJsonp boolean| _rails_loaded

1 Cookies

Domain/Path Name / Value
mas.to/ Name: _mastodon_session
Value: nlrKfDr7ZKkeXLVHgP3JlZnzgQaGiL8r7P11JXBPmysNKiw43enMac2O70dbV8xNLjvjVCPAXkqk2quaJL%2FTTRoXh3EFr2uqFe58Py7fL6jo7B2zmsRsszB7hfHrvqMtocsrQmP8DmkEh3uzPz1o1YgJDjnKVz53CSkHPQxr6YU6LH9l63IXQFkxN3XBQJEup8o5sjaZ%2FErxZSvfLmCClhvIGJnSpENkmYXZykEm%2Ff4I9YJxfJS1vBp9Iz4McbdRyFuy0oRbkxg2kEZqFOpl2WZfK3Qqv7MXvvWXZOagmxA1BIXPNs3b1xhidY%2Fj2le6OGvnF2wkX0XtnGqEylVlXKk%2Fs4LxXSIowB67bN8%3D--ntwUfeR%2B1RufXVcJ--LKgcXGnV2qesPyBPKT%2FD5w%3D%3D

1 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mas.to; img-src 'self' https: data: blob: https://mas.to; style-src 'self' https://mas.to 'nonce-Q5DGchgSjINPwiDS2tOG4g=='; media-src 'self' https: data: https://mas.to; frame-src 'self' https:; manifest-src 'self' https://mas.to; connect-src 'self' data: blob: https://mas.to https://media.mas.to wss://mas.to; script-src 'self' https://mas.to; child-src 'self' blob: https://mas.to; worker-src 'self' blob: https://mas.to
Strict-Transport-Security max-age=63072000; includeSubDomains max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0